EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Display a certificate including full chain

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#36543
Posted: 04/21/2016 08:25:33
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170

Hello,

I have this situation: in a small utility, I'm displaying a certificate that I grab from a URL. I have written a small class that connects to said URL, records all certificates in the chain and then uses the TElX509CertificateEx.View method to show the standard windows certificate dialog.

This works just fine with one problem: if any of the certificate in the trust chain is missing from the local store and if Windows is unable to download it directly (which is frequent for intermediate CAs), then the certificate is marked as invalid.

Is there a way to have that dialog box uses the certificate chain I provide (which comes from the server)?
#36544
Posted: 04/21/2016 11:06:25
by Ken Ivanov (EldoS Corp.)

Hi Stephane,

While SecureBlackbox doesn't implement the corresponding functionality officially, you can tweak the code yourself to implement it. This should not be too difficult, at least at first glance.

First, add the Chain : HCERTSTORE parameter to your TElX509Certificate.View() method. You will use this parameter to pass the chain.

Next, modify the following lines of the View() method implementation in the following way:

Code
pCertViewInfo.cStores := 0;
pCertViewInfo.rghStores := nil;


to

Code
if Chain <> nil then
begin
  pCertViewInfo.cStores := 1;
  pCertViewInfo.rghStores := @Chain;
end
else
begin
  pCertViewInfo.cStores := 0;
  pCertViewInfo.rghStores := nil;
end;


View() method should now get use of the chain passed via its Chain parameter.

Next, add the following method to TElWinCertStorage class:

Code
function GetStoreContext(Index: integer): HCERTSTORE;


...and implement it in the following way:

Code
function TElWinCertStorage.GetStoreContext(Index: integer): HCERTSTORE;
begin
  Result := FSystemStoresCtx[Index];
end;


That's all about SBB component modifications. To use the new features, first add all your chain certificates to a brand new TElWinCertStorage object, with its StorageType set to stMemory:

Code
  CS := TElWinCertStorage.Create(nil);
  CS.StorageType := stMemory;
  CS.Add(...);
  CS.Add(...)


Then call the View() method in the following way:

Code
  Cert.View(0, CS.GetStoreContext(0));


This should work.

Ken
#36548
Posted: 04/22/2016 03:04:33
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170

Excellent! Thank you very much

Reply

Statistics

Topic viewed 1480 times

Number of guests: 2, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!