Access certificates stored in CMS
Access to the certificates stored in a CMS signature is required when, for instance, you need to build a complete chain from the signing certificate up to the root one. As certificates might be spread across different elements and attributes of the CMS, their extraction could be challenging sometimes.
SecureBlackbox provides several easy ways to extract the certificates.
The TElSignedCMSMessage.Certificates property returns a certificate storage containing all certificates stored at the 'root' of the CMS message. This is a typical location where the signer would add all the certificates. However, in some cases certificates may be found in other places inside the signature. The TElSignedCMSMessage.ExtractAllCertificates() method walks through all such locations and puts all the certificates to the provided storage object:
TElMemoryCertStorage storage = new TElMemoryCertStorage(); cms.ExtractAllCertificates(storage); // storage now contains all the certificates located wherever in the CMS