Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(SQL Server) PKCS11 Certificate ChainSee more PKCS11 ExamplesDemonstrates how to make CA certs available for the certificate chain to be included when creating a signature (using a PKCS11 compatible smart card / USB token) such as for PDF, XMLDSig, etc. Note: This example requires Chilkat v9.5.0.88 or later.
// Important: See this note about string length limitations for strings returned by sp_OAMethod calls. // CREATE PROCEDURE ChilkatSample AS BEGIN DECLARE @hr int DECLARE @iTmp0 int DECLARE @sTmp0 nvarchar(4000) -- This example requires the Chilkat API to have been previously unlocked. -- See Global Unlock Sample for sample code. -- Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems. DECLARE @pkcs11 int EXEC @hr = sp_OACreate 'Chilkat_9_5_0.Pkcs11', @pkcs11 OUT IF @hr <> 0 BEGIN PRINT 'Failed to create ActiveX component' RETURN END -- You will use the DLL (or shared lib) provided by your smart card vendor, or a DLL compatible with your smart card. -- On Windows, if the DLL is located in C:\Windows\System32, specify only the filename. -- Otherwise provide the full path. EXEC sp_OASetProperty @pkcs11, 'SharedLibPath', 'bit4xpki.dll' DECLARE @success int EXEC sp_OAMethod @pkcs11, 'Initialize', @success OUT IF @success = 0 BEGIN EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @pkcs11 RETURN END -- We need to call Discover to get the slot ID. DECLARE @onlyTokensPresent int SELECT @onlyTokensPresent = 1 DECLARE @jsonPkcs11 int EXEC @hr = sp_OACreate 'Chilkat_9_5_0.JsonObject', @jsonPkcs11 OUT EXEC sp_OAMethod @pkcs11, 'Discover', @success OUT, @onlyTokensPresent, @jsonPkcs11 IF @success = 0 BEGIN EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @jsonPkcs11 RETURN END -- Make sure we have at least one slot. EXEC sp_OAMethod @jsonPkcs11, 'SizeOfArray', @iTmp0 OUT, 'slot' IF @iTmp0 <= 0 BEGIN PRINT 'No occuplied slots.' EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @jsonPkcs11 RETURN END -- Get the ID of the 1st slot DECLARE @slotID int EXEC sp_OAMethod @jsonPkcs11, 'IntOf', @slotID OUT, 'slot[0].id' -- Open a session. DECLARE @readWrite int SELECT @readWrite = 1 EXEC sp_OAMethod @pkcs11, 'OpenSession', @success OUT, @slotID, @readWrite IF @success = 0 BEGIN EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @jsonPkcs11 RETURN END -- Make it an authenticated session by calling Login. DECLARE @userType int SELECT @userType = 1 -- Make sure to use the correct PIN for your smart card.. DECLARE @pin nvarchar(4000) SELECT @pin = '0000' EXEC sp_OAMethod @pkcs11, 'Login', @success OUT, @userType, @pin IF @success = 0 BEGIN EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC sp_OAMethod @pkcs11, 'CloseSession', @success OUT EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @jsonPkcs11 RETURN END -- Get the certificate (on the smart card) that has a private key. DECLARE @cert int EXEC @hr = sp_OACreate 'Chilkat_9_5_0.Cert', @cert OUT EXEC sp_OAMethod @pkcs11, 'FindCert', @success OUT, 'privateKey', '', @cert IF @success = 1 BEGIN EXEC sp_OAGetProperty @cert, 'SubjectCN', @sTmp0 OUT PRINT 'Cert with private key: ' + @sTmp0 END ELSE BEGIN PRINT 'No certificates having a private key were found.' EXEC sp_OAMethod @pkcs11, 'CloseSession', @success OUT EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @jsonPkcs11 EXEC @hr = sp_OADestroy @cert RETURN END -- If the certificates in the chain of authentication were contained on the smart card, -- then Chilkat would already have them (via the FindCert function) and the certs in the chain will be automatically used -- as needed when signing occurs. -- If you have CA certs located elsewhere, such as in .cer files, you can make them available to Chilkat in the following way: DECLARE @certVault int EXEC @hr = sp_OACreate 'Chilkat_9_5_0.XmlCertVault', @certVault OUT -- Please review the methods available in the XML certificate vault class. Different methods exist for adding certificates -- from various sources, such as PEM, PFX, or in-memory sources.. EXEC sp_OAMethod @certVault, 'AddCertFile', @success OUT, 'someDir/caIntermediateCert.cer' -- ... EXEC sp_OAMethod @certVault, 'AddCertFile', @success OUT, 'someDir/caCert.cer' -- (Your code should check the return value to make sure it succeeded.) EXEC sp_OAMethod @cert, 'UseCertVault', @success OUT, @certVault IF @success = 0 BEGIN EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC sp_OAMethod @pkcs11, 'CloseSession', @success OUT EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @jsonPkcs11 EXEC @hr = sp_OADestroy @cert EXEC @hr = sp_OADestroy @certVault RETURN END -- -------------------------------------------------------------------------- -- At this point, we have the cert (and certs in the chain of authentication) to be used for signing. -- The code for using the certificate in creating the digital signature, such as for a PDF, XML, etc., go here... -- -------------------------------------------------------------------------- -- Revert to an unauthenticated session by calling Logout. EXEC sp_OAMethod @pkcs11, 'Logout', @success OUT IF @success = 0 BEGIN EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC sp_OAMethod @pkcs11, 'CloseSession', @success OUT EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @jsonPkcs11 EXEC @hr = sp_OADestroy @cert EXEC @hr = sp_OADestroy @certVault RETURN END -- When finished, close the session. -- It is important to close the session (memory leaks will occur if the session is not properly closed). EXEC sp_OAMethod @pkcs11, 'CloseSession', @success OUT IF @success = 0 BEGIN EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @jsonPkcs11 EXEC @hr = sp_OADestroy @cert EXEC @hr = sp_OADestroy @certVault RETURN END PRINT 'Success.' EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @jsonPkcs11 EXEC @hr = sp_OADestroy @cert EXEC @hr = sp_OADestroy @certVault END GO |
© 2000-2023 Chilkat Software, Inc. All Rights Reserved.