Discuss this help topic in SecureBlackbox Forum

Search for certificates with TElCertificateLookup

TElCertificateLookup class shipped with SecureBlackbox (Base package) provides a flexible and convenient way for looking for a specific certificate by a wide range of criteria.

Assume you have a certificate storage object (let's name it certStorage) of any origin (memory, win32, PKCS#11). To find all certificates matching a particular criteria in certStorage:

  1. Create a TElCertificateLookup object (SBCustomCertStorage namespace). TElCertificateLookup lookup = new TElCertificateLookup();
  2. Set up the component according to your search criteria. Let's look for all certificates with their public keys longer than or equal to 2048 bits, and valid for another two years from today:
    
    lookup.Criteria = SBCustomCertStorage.Unit.lcValidity | SBCustomCertStorage.Unit.lcPublicKeySize;
    lookup.Options = SBCustomCertStorage.Unit.loMatchAll; // the certificates must match both criteria at the same time
    
    // configuring validity date criteria
    lookup.ValidFrom = DateTime.UtcNow();
    lookup.ValidTo = DateTime.UtcNow.AddYears(2);
    lookup.DateLookupOptions = SBCustomCertStorage.Unit.dloBefore | SBCustomCertStorage.Unit.dloBetween | SBCustomCertStorage.Unit.dloAfter;
    
    // configuring key size criteria
    lookup.PublicKeySizeMin = 2048;
    lookup.PublicKeySizeMax = 32768;
    lookup.KeySizeLookupOption = SBCustomCertStorage.TSBKeySizeLookupOption.ksloBetween.
    
  3. Look for the first certificate: int idx = certStorage.FindFirst(lookup); If idx is greater or equal to zero, a matching certificate was found, and idx specifies its index in the certStorage's Certificates[] list. If there are no certificates matching the criteria in the storage, -1 is returned:
    
    if (idx >= 0) {
      cert = certStorage.get_Certificates(idx);
    }
    
  4. Continue looking for subsequent certificates with FindNext() until -1 is returned:
    
    while (idx >= 0) {
      idx = certStorage.FindNext(lookup);
      // The returned idx value specifies the index of the next certificate in certStorage, or is assigned with -1 if no more certificates matching the criteria was found.
      if (idx >= 0) {
        cert = certStorage.get_Certificates(idx);
      }
    }
    
    Once you are finished with the search, dispose of the lookup object with its destructor (or pass it to FreeAndNil() if using Delphi).

How To articles about certificate storages

Discuss this help topic in SecureBlackbox Forum