|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(PureBasic) HTTPS Client Certificate using Smartcard or TokenSee more HTTP ExamplesExplains how to use a client certificate for HTTP TLS mutual authentication where the certificate and private key exists on an HSM (Smartcard or USB Token).
IncludeFile "CkCert.pb" IncludeFile "CkHttp.pb" Procedure ChilkatExample() http.i = CkHttp::ckCreate() If http.i = 0 Debug "Failed to create object." ProcedureReturn EndIf ; To do HTTPS mutual authentication where the certificate and private key are stored ; on a smartcard or token, first load the Chilkat certificate object from the smartcard/token, ; and then pass the certificate object to the Http object's SetSslClientCert method. ; Doing HTTP mutual authentication is the same regardless of the source of the cert + private key. ; The steps are to first load the certificate from the source, then pass the cert object to the HTTP object. ; Chilkat provides methods for loading the certificate from a variety of sources, such as smartcards, tokens, ; .pfx/.p12 files, Windows registry-based certificate stores, PEM files, or other file formats. cert.i = CkCert::ckCreate() If cert.i = 0 Debug "Failed to create object." ProcedureReturn EndIf ; The easiest way to load a certificate from an HSM is to call cert.LoadFromSmartcard with ; an empty string argument. Chilkat will detect the HSM and will choose the most appropriate ; underlying means for accessing and loading the default certificate + key from the HSM. ; The underlying means could be PKCS11, ScMinidriver, or MSCNG, depending on the HSM what it ; supports. ; For example: ; If you know the smart card PIN, it's good to set it prior to loading from the smartcard/USB token. CkCert::setCkSmartCardPin(cert, "12345678") ; To let Chilkat discover what smartcard or token is connected, pass an empty string to LoadFromSmartcard. ; When testing in this way, it's best to have only a single smartcard or token connected to the system. success.i = CkCert::ckLoadFromSmartcard(cert,"") If success = 0 Debug CkCert::ckLastErrorText(cert) Debug "Certificate not loaded." CkHttp::ckDispose(http) CkCert::ckDispose(cert) ProcedureReturn EndIf ; If there are multiple certificates stored on the smartcard/token, then ; you can be more specific. See these examples: ; Load a Certificate from an HSM by Common Name ; Load a Certificate from an HSM by Serial Number ; It may be that you need to code at a lower level with a specific ; supported interface, such as PKCS11. ; See these examples: ; Use PKCS11 to Find a Specific Certificate ; Use PKCS11 to Find a Certificate with a Specified Key Usage ; Once you have the desired certificate, pass it to SetSslClientCert. ; Set the certificate to be used for mutual TLS authentication ; (i.e. sets the client-side certificate for two-way TLS authentication) success = CkHttp::ckSetSslClientCert(http,cert) If success <> 1 Debug CkHttp::ckLastErrorText(http) CkHttp::ckDispose(http) CkCert::ckDispose(cert) ProcedureReturn EndIf ; At this point, the HTTP object instance is setup with the client-side cert, and any SSL/TLS ; connection will automatically use it if the server demands a client-side cert. CkHttp::ckDispose(http) CkCert::ckDispose(cert) ProcedureReturn EndProcedure |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.