|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Tcl) Import a PFX/P12 into the Windows Certificate StoresDemonstrates how to import the certificates contained in a .pfx/.p12 to the Windows certificate stores.
load ./chilkat.dll set primaryCert [new_CkCert] # Load a PFX file into a certificate object. # The cert object will contain the certificate from the PFX that has a private key. # The certs in the chain of authentication (if contained in the PFX) are also loaded, # and can be accessed by getting the certificate chain (see below). # If the PFX did not include the issuer certs in the chain of authentication, then Chilkat will # automatically try to construct the issuer chain from the CA and intermedicate CA certs # already installed on the Windows system. set pfxPassword "myPfxPassword" set success [CkCert_LoadPfxFile $primaryCert "qa_data/pfx/somePfx.p12" $pfxPassword] if {$success == 0} then { puts [CkCert_lastErrorText $primaryCert] delete_CkCert $primaryCert exit } # certChain is a CkCertChain set certChain [CkCert_GetCertChain $primaryCert] if {[CkCert_get_LastMethodSuccess $primaryCert] == 0} then { puts [CkCert_lastErrorText $primaryCert] delete_CkCert $primaryCert exit } # If the certificate chain reaches the root CA cert, then the last cert in the chain # is the root CA cert. set chainReachesRoot [CkCertChain_get_ReachesRoot $certChain] if {$chainReachesRoot == 1} then { puts "The certificate chain reaches the root CA cert." } # cert is a CkCert set i 0 set numCerts [CkCertChain_get_NumCerts $certChain] while {$i < $numCerts} { set cert [CkCertChain_GetCert $certChain $i] puts "SubjectDN $i: [CkCert_subjectDN $cert]" puts "IssuerDN $i: [CkCert_issuerDN $cert]" puts "--" delete_CkCert $cert set i [expr $i + 1] } # The primary cert having the private key will be imported into the Current User "My" certificate store. # Any intermediate root certificates will be imported into certificate store for intermediate certificate authorities. # The root CA cert will be imported into the Root CA cert store. # Let's open each of these 3 certificate stores.. set certStoreCU [new_CkCertStore] set certStoreCA [new_CkCertStore] set certStoreRootCA [new_CkCertStore] set readOnlyFlag 0 # "CurrentUser" and "My" are the exact keywords to select your user account's certificate store. set success [CkCertStore_OpenWindowsStore $certStoreCU "CurrentUser" "My" $readOnlyFlag] if {$success == 0} then { puts "Failed to open the CurrentUser/My certificate store for read/write." delete_CkCertChain $certChain delete_CkCert $primaryCert delete_CkCertStore $certStoreCU delete_CkCertStore $certStoreCA delete_CkCertStore $certStoreRootCA exit } # Certificate store for intermediate certification authorities (CAs). set success [CkCertStore_OpenWindowsStore $certStoreCA "CurrentUser" "CertificationAuthority" $readOnlyFlag] if {$success == 0} then { puts "Failed to open the CurrentUser/CertificationAuthority certificate store for read/write." delete_CkCertChain $certChain delete_CkCert $primaryCert delete_CkCertStore $certStoreCU delete_CkCertStore $certStoreCA delete_CkCertStore $certStoreRootCA exit } # Certificate store for trusted root certification authorities (CAs). set success [CkCertStore_OpenWindowsStore $certStoreRootCA "CurrentUser" "Root" $readOnlyFlag] if {$success == 0} then { puts "Failed to open the CurrentUser/Root certificate store for read/write." delete_CkCertChain $certChain delete_CkCert $primaryCert delete_CkCertStore $certStoreCU delete_CkCertStore $certStoreCA delete_CkCertStore $certStoreRootCA exit } # Iterate over the certs in the chain and import each into the desired certificate store. set allSuccess 1 set i 0 while {$i < $numCerts} { set cert [CkCertChain_GetCert $certChain $i] if {$i == 0} then { # Import the primary certificate into the CurrentUser/My certificate store. set success [CkCertStore_AddCertificate $certStoreCU $cert] if {$success == 0} then { puts [CkCertStore_lastErrorText $certStoreCU] set allSuccess 0 } } else { if {expr [$i == [expr $numCerts - 1]] && [$chainReachesRoot == 1]} then { # Add the root CA certificate to the CurrentUser/Root certificate store. # (Your application can obviously choose whether this should be done or not. Perhaps you prompt the user.) # Note: If the root CA cert is already present in the Windows certificate store, Windows will display # a dialog to ask if it should be deleted. Chilkat does not explicitly display dialogs. set success [CkCertStore_AddCertificate $certStoreRootCA $cert] if {$success == 0} then { puts [CkCertStore_lastErrorText $certStoreRootCA] set allSuccess 0 } } else { # This is an intermediate CA certificate. set success [CkCertStore_AddCertificate $certStoreCA $cert] if {$success == 0} then { puts [CkCertStore_lastErrorText $certStoreCA] set allSuccess 0 } } } if {$success == 0} then { puts "Failed to import certificate." } delete_CkCert $cert set i [expr $i + 1] } delete_CkCertChain $certChain puts "allSuccess = $allSuccess" delete_CkCert $primaryCert delete_CkCertStore $certStoreCU delete_CkCertStore $certStoreCA delete_CkCertStore $certStoreRootCA |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.