EldoS | Feel safer!

Software components for data protection, secure storage and transfer

LoadFromStreamPKCS7 doesn't load certificates

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
Posted: 04/01/2015 03:44:54
by Sohel Shekha (Basic support level)
Joined: 03/02/2015
Posts: 9

I have exported Root and intermediate certificates in PKCS7 file and trying to use LoadFromStreamPKCS7 method of TElCustomCertStorage to read those certificates but it executes with zero certificates actually. Below is my code, what am i doing wrong?

public class ConcreteTElCustomCertStorage : TElCustomCertStorage
            public override void Remove(int Index)
                // nothing for now.

            public override void Add(TElX509Certificate Certificate, bool CopyPrivateKey = true)
                // nothing for now.

        private void OnSecureClientCertificateValidate(Object sender, SBX509.TElX509Certificate certificate, ref bool validate)
            string msg;
            TElX509Certificate cert;
            cert = certificate;
            int Reason = 0;
            TSBCertificateValidity certValidity = new TSBCertificateValidity();

            TElX509CertificateValidator CertificateValidator = new TElX509CertificateValidator();
            CertificateValidator.OfflineMode = true;
            CertificateValidator.MandatoryCRLCheck = false;
            CertificateValidator.MandatoryRevocationCheck = false;
            CertificateValidator.MandatoryOCSPCheck = false;

            CertificateValidator.CheckCRL = false;
            CertificateValidator.CheckOCSP = false;
            CertificateValidator.IgnoreCAKeyUsage = true;

            // Add Windows store Root certificates
            TElCustomCertStorage CustomCertStorage = new ConcreteTElCustomCertStorage();
            System.IO.FileStream fileStream = new System.IO.FileStream("/sdcard/Download/MS_Root_Certs.p7b", System.IO.FileMode.Open);
            CustomCertStorage.LoadFromStreamPKCS7(fileStream, 0);

            // Add Windows store Intermediate certificates
            CustomCertStorage = new ConcreteTElCustomCertStorage();
            fileStream = new System.IO.FileStream("/sdcard/Download/MS_Int_Certs.p7b", System.IO.FileMode.Open);
            CustomCertStorage.LoadFromStreamPKCS7(fileStream, 10);

            msg = "ServerCert.CommonName = " + certificate.SubjectName.CommonName + "\r\n";
            RunOnUiThread(() => Dialog_TextBox.Append(msg));

            CertificateValidator.Validate(certificate, ref certValidity, ref Reason);
            msg = "ServerCert.Validity = " + certValidity + "\r\n";
            RunOnUiThread(() => Dialog_TextBox.Append(msg));

            validate = (certValidity == TSBCertificateValidity.cvOk);

            if (certValidity != 0)
                msg = "Validity failure reason = " + Reason + "\r\n";
                RunOnUiThread(() => Dialog_TextBox.Append(msg));
Posted: 04/01/2015 04:17:00
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

Do you really need to write TElCustomCertStorage descendant? Your descendant is not complete, so most likely this is the reason of 0 certificates returned. You can use TElMemoryCertStortage to keep loaded certificates in memory.

I’ve noticed there is no license ticket linked to your user account on EldoS site. Technical Support is provided to customers with the linked license tickets. You will find your license ticket together with all the details about how to use it in the registration e-mail that we’ve sent to you upon the purchase.

If you are evaluating the product and don't have a license yet, please let us know and then you can get support Basic support level. Basic support level includes answering basic technical questions that appear during product evaluation period.
Posted: 04/07/2015 03:18:43
by Sohel Shekha (Basic support level)
Joined: 03/02/2015
Posts: 9

Hi there,

Thanks for your reply.

License will be purchased shortly, but anyway currently am trying to load root and intermediate certificates from exported file, what would be recommended method to do so?
Posted: 04/07/2015 03:25:52
by Vsevolod Ievgiienko (Team)

The right approach is to use TElMemoryCertStortage class and its LoadFrom* methods. In your case LoadFromStreamPKCS7 method is the right choise.
Posted: 04/07/2015 04:07:27
by Sohel Shekha (Basic support level)
Joined: 03/02/2015
Posts: 9

OK, here is what I want to accomplish.

I have private certificate heirarchy e.g., 'XYZ' so,

XYZ Root Certificate
XYR Intermediate Certificate
XYZ Server/Client Certificate

Now, am writing an app for Android using Xamarin and Xamarin.Android SBB.

I don't have Intermediate and Root certificates of XYZ installed on Android device (I can do that but it gives weird message to user saying your network is being monitored).

So, If i use TElMemoryCertStortage then,
when i try to validate client/server certificate using TElMemoryCertStortage using Validate function of TElMemoryCertStortage class it validates the certificate successfully. How can it validate that? I have not added root and intermediate certificate to object of TElMemoryCertStortage class then how does it returns TSBCertificateValidity == 0 ?
Posted: 04/07/2015 04:13:05
by Vsevolod Ievgiienko (Team)

You should use TElX509CertificateValidator to validate certificates as you do in the code snippet above. TElMemoryCertStorage is just a storage for certificates that can be passed to TElX509CertificateValidator, so it will "know" about certificates stored in TElMemoryCertStorage instance.

So your code is correct except you don't need to create a descendant of TElCustomCertStorage, but use TElMemoryCertStorage instead.
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.



Topic viewed 933 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!