Discuss this help topic in SecureBlackbox Forum
Search for certificates with TElCertificateLookup
TElCertificateLookup class shipped with SecureBlackbox (Base package) provides a flexible and convenient way for looking for a specific certificate by a wide range of criteria.
Assume you have a certificate storage object (let's name it certStorage) of any origin (memory, win32, PKCS#11). To find all certificates matching a particular criteria in certStorage:
TElCertificateLookup lookup = new TElCertificateLookup();
lookup.Criteria = SBCustomCertStorage.Unit.lcValidity | SBCustomCertStorage.Unit.lcPublicKeySize;
lookup.Options = SBCustomCertStorage.Unit.loMatchAll; // the certificates must match both criteria at the same time
// configuring validity date criteria
lookup.ValidFrom = DateTime.UtcNow();
lookup.ValidTo = DateTime.UtcNow.AddYears(2);
lookup.DateLookupOptions = SBCustomCertStorage.Unit.dloBefore | SBCustomCertStorage.Unit.dloBetween | SBCustomCertStorage.Unit.dloAfter;
// configuring key size criteria
lookup.PublicKeySizeMin = 2048;
lookup.PublicKeySizeMax = 32768;
lookup.KeySizeLookupOption = SBCustomCertStorage.TSBKeySizeLookupOption.ksloBetween.
int idx = certStorage.FindFirst(lookup);
If idx is greater or equal to zero, a matching certificate was found, and idx specifies its index in the certStorage's Certificates[] list.
If there are no certificates matching the criteria in the storage, -1 is returned:
if (idx >= 0) {
cert = certStorage.get_Certificates(idx);
}
while (idx >= 0) {
idx = certStorage.FindNext(lookup);
// The returned idx value specifies the index of the next certificate in certStorage, or is assigned with -1 if no more certificates matching the criteria was found.
if (idx >= 0) {
cert = certStorage.get_Certificates(idx);
}
}
Once you are finished with the search, dispose of the lookup object with its destructor (or pass it to FreeAndNil() if using Delphi).