TChilkatCertStore Delphi ActiveX Reference Documentation

TChilkatCertStore

Current Version: 9.5.0.97

Represents a collection of certificates. The certificates may be loaded from a PFX (PKCS#12) or from a Windows-based certificate store.

Many of the methods of this class are only applicable when running on a MS Windows operating system. The methods for opening, creating, and modifying Windows-based certificate stores (registry-based, file-based, and memory-based) are (of course) Windows-only. However, the methods for loading certs from PFX (PKCS#12), are valid on all supported operating systems, including Linux, MAC OS X, Windows, etc.

Importing the Chilkat ActiveX into Delphi

Important: When upgrading to a new version of Chilkat, make sure to re-imported ActiveX DLL into Delphi to regenerate the files described below.

Two things are required to use an ActiveX in Delphi:

  1. The ActiveX DLL needs to be registered via regsvr32 on the system where the Delphi application runs. See How To Register ActiveX DLLs for detailed information.
  2. See also: ActiveX Registration Tutorial
  3. The ActiveX component needs to be "imported". Use the Delphi Import Component Wizard to import the Chilkat type library. This creates the following files: Chilkat_v9_5_0_TLB.pas and Chilkat_v9_5_0_TLB.dcr. The Chilkat_v9_5_0_TLB.pas should be added to your project.

To import the Chilkat type library, do the following:

  1. In the Delphi RAD Studio, select the menu item "Component" --> "Import a Type Library".
  2. Find "Chilkat ActiveX v9.5.0" in the list and select it. This will only appear in the list if the ChilkatAx-9.5.0-win32.dll (or ChilkatAx-9.5.0-x64.dll) has been registered w/ regsvr32.
  3. Check the "Generate Component Wrappers" checkbox.
  4. Select a directory where the unit files (.pas and .dcr) should be generated.
  5. Select "Create Unit" and then "Finish".
  6. Add the .pas to your Delphi project.

To use a Chilkat ActiveX object in your Delphi code, add "Chilkat_v9_5_0_TLB" to the "uses" statement. For example:

uses
  Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
  Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_v9_5_0_TLB;

Object Creation

var
obj: TChilkatCertStore;
...
begin
obj := TChilkatCertStore.Create(Self);
...
// When finished, free the object instance.
obj.Free();

Properties

AvoidWindowsPkAccess
property AvoidWindowsPkAccess: Integer

Applies only when running on a Microsoft Windows operating system. If 1, then any method that returns a certificate will not try to also access the associated private key, assuming one exists. This is useful if the certificate was installed with high-security such that a private key access would trigger the Windows OS to display a security warning dialog. The default value of this property is 0.

top
DebugLogFilePath
property DebugLogFilePath: WideString

If set to a file path, causes each Chilkat method or property call to automatically append it's LastErrorText to the specified log file. The information is appended such that if a hang or crash occurs, it is possible to see the context in which the problem occurred, as well as a history of all Chilkat calls up to the point of the problem. The VerboseLogging property can be set to provide more detailed information.

This property is typically used for debugging the rare cases where a Chilkat method call hangs or generates an exception that halts program execution (i.e. crashes). A hang or crash should generally never happen. The typical causes of a hang are:

  1. a timeout related property was set to 0 to explicitly indicate that an infinite timeout is desired,
  2. the hang is actually a hang within an event callback (i.e. it is a hang within the application code), or
  3. there is an internal problem (bug) in the Chilkat code that causes the hang.

top
LastBinaryResult
property LastBinaryResult: OleVariant readonly

The binary data returned by the last (binary data returning) method called. Only available if Chilkat.Global.KeepBinaryResult is set to 1. This provides a means for obtaining large varbinary results in the SQL Server environment (where limitations exist in getting large amounts of data returned by method calls, but where temp tables can be used for binary properties).

top
LastErrorHtml
property LastErrorHtml: WideString readonly

Provides information in HTML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

top
LastErrorText
property LastErrorText: WideString readonly

Provides information in plain-text format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

top
LastErrorXml
property LastErrorXml: WideString readonly

Provides information in XML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

top
LastMethodSuccess
property LastMethodSuccess: Integer

Indicate whether the last method call succeeded or failed. A value of 1 indicates success, a value of 0 indicates failure. This property is automatically set for method calls. It is not modified by property accesses. The property is automatically set to indicate success for the following types of method calls:

  • Any method that returns a string.
  • Any method returning a Chilkat object, binary bytes, or a date/time.
  • Any method returning a standard boolean status value where success = 1 and failure = 0.
  • Any method returning an integer where failure is defined by a return value less than zero.

Note: Methods that do not fit the above requirements will always set this property equal to 1. For example, a method that returns no value (such as a "void" in C++) will technically always succeed.

top
LastStringResult
property LastStringResult: WideString readonly

The string return value of the last (string returning) method called. Only available if Chilkat.Global.KeepStringResult is set to 1. This provides a means for obtaining large string results in the SQL Server environment (where limitations exist in getting long strings returned by method calls, but where temp tables can be used for string properties).

top
LastStringResultLen
property LastStringResultLen: Integer readonly

The length, in characters, of the string contained in the LastStringResult property.

top
NumCertificates
property NumCertificates: Integer readonly

The number of certificates held in the certificate store.

top
NumEmailCerts
property NumEmailCerts: Integer readonly

(This property only available on Microsoft Windows operating systems.)
The number of certificates that can be used for sending secure email within this store.

top
SmartCardPin
property SmartCardPin: WideString
Introduced in version 9.5.0.86

Can be set to the PIN value for a certificate / private key stored on a smart card.

top
UncommonOptions
property UncommonOptions: WideString
Introduced in version 9.5.0.87

This is a catch-all property to be used for uncommon needs. This property defaults to the empty string, and should typically remain empty.

top
VerboseLogging
property VerboseLogging: Integer

If set to 1, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is 0. Verbose logging should only be used for debugging. The potentially large quantity of logged information may adversely affect peformance.

top
Version
property Version: WideString readonly

Version of the component/library, such as "9.5.0.94"

More Information and Examples
top

Methods

AddCertificate
function AddCertificate(cert: TChilkatCert): Integer;

(This method only available on Microsoft Windows operating systems.)
Adds a certificate to the store. If the certificate is already in the store, it is updated with the new information.

Returns 1 for success, 0 for failure.

top
CloseCertStore
function CloseCertStore(): Integer;
Introduced in version 9.5.0.94

(This method only available on Microsoft Windows operating systems.)
Closes the certificate store previously opened by one of the Open* methods.

Returns 1 for success, 0 for failure.

top
CreateFileStore
function CreateFileStore(filename: WideString): Integer;

(This method only available on Microsoft Windows operating systems.)
Creates a new file-based certificate store. Certificates may be saved to this store by calling AddCertificate.

Returns 1 for success, 0 for failure.

top
CreateMemoryStore
function CreateMemoryStore(): Integer;

(This method only available on Microsoft Windows operating systems.)
Creates an in-memory certificate store. Certificates may be added by calling AddCertificate.

Returns 1 for success, 0 for failure.

top
CreateRegistryStore
function CreateRegistryStore(regRoot: WideString; regPath: WideString): Integer;

(This method only available on Microsoft Windows operating systems.)
Creates a registry-based certificate store. regRoot must be "CurrentUser" or "LocalMachine". regPath is a registry path such as "Software/MyApplication/Certificates".

Returns 1 for success, 0 for failure.

top
FindCertByKeyContainer
function FindCertByKeyContainer(name: WideString): TChilkatCert;
Introduced in version 9.5.0.77

Finds a certificate by it's key container name.

Returns nil on failure

top
FindCertByRfc822Name
function FindCertByRfc822Name(name: WideString): TChilkatCert;

Locates and returns a certificate by its RFC 822 name.

If multiple certificates match, then non-expired certificates will take precedence over expired certificates. In other words, Chilkat will aways return the non-expired certificate over the expired certificate.

Returns nil on failure

top
FindCertBySerial
function FindCertBySerial(str: WideString): TChilkatCert;

Finds and returns the certificate that has the matching serial number.

Returns nil on failure.

Returns nil on failure

top
FindCertBySha1Thumbprint
function FindCertBySha1Thumbprint(str: WideString): TChilkatCert;

Finds a certificate by it's SHA-1 thumbprint. The thumbprint is a hexidecimal string.

Returns nil on failure.

Returns nil on failure

More Information and Examples
top
FindCertBySubject
function FindCertBySubject(str: WideString): TChilkatCert;

Finds a certificate where one of the Subject properties (SubjectCN, SubjectE, SubjectO, SubjectOU, SubjectL, SubjectST, SubjectC) matches exactly (but case insensitive) with the passed string. A match in SubjectCN will be tried first, followed by SubjectE, and SubjectO. After that, the first match found in SubjectOU, SubjectL, SubjectST, or SubjectC, but in no guaranteed order, is returned. All matches are case insensitive.

Returns nil on failure.

Returns nil on failure

top
FindCertBySubjectCN
function FindCertBySubjectCN(str: WideString): TChilkatCert;

Finds a certificate where the SubjectCN property (common name) matches exactly (but case insensitive) with the passed string

Returns nil on failure.

Returns nil on failure

top
FindCertBySubjectE
function FindCertBySubjectE(str: WideString): TChilkatCert;

Finds a certificate where the SubjectE property (email address) matches exactly (but case insensitive) with the passed string. This function differs from FindCertForEmail in that the certificate does not need to match the ForSecureEmail property.

Returns nil on failure.

Returns nil on failure

top
FindCertBySubjectO
function FindCertBySubjectO(str: WideString): TChilkatCert;

Finds a certificate where the SubjectO property (organization) matches exactly (but case insensitive) with the passed string.

Returns nil on failure.

Returns nil on failure

top
FindCertForEmail
function FindCertForEmail(emailAddress: WideString): TChilkatCert;

(This method only available on Microsoft Windows operating systems.)
Finds a certificate that can be used to send secure email to the passed email address. A certificate matches only if the ForSecureEmail property is TRUE, and the email address matches exactly (but case insensitive) with the SubjectE property. Returns NULL if no matches are found.

Returns nil on failure.

Returns nil on failure

top
GetCertificate
function GetCertificate(index: Integer): TChilkatCert;

Returns the Nth certificate in the store. The first certificate is at index 0.

Returns nil on failure.

Returns nil on failure

top
GetEmailCert
function GetEmailCert(index: Integer): TChilkatCert;

(This method only available on Microsoft Windows operating systems.)
Returns the Nth email certificate in the store. The first certificate is at index 0. Use the NumEmailCertificates property to get the number of email certificates.

Returns nil on failure.

Returns nil on failure

top
LoadPemFile
function LoadPemFile(pemPath: WideString): Integer;

Loads the certificates contained within a PEM formatted file.

Returns 1 for success, 0 for failure.

top
LoadPemStr
function LoadPemStr(pemString: WideString): Integer;

Loads the certificates contained within an in-memory PEM formatted string.

Returns 1 for success, 0 for failure.

top
LoadPfxData
function LoadPfxData(pfxData: OleVariant; password: WideString): Integer;

Loads a PFX from an in-memory image of a PFX file. Once loaded, the certificates within the PFX may be searched via the Find* methods. It is also possible to iterate from 0 to NumCertficates-1, calling GetCertificate for each index, to retrieve each certificate within the PFX.

Returns 1 for success, 0 for failure.

top
LoadPfxFile
function LoadPfxFile(pfxFilename: WideString; password: WideString): Integer;

Loads a PFX file. Once loaded, the certificates within the PFX may be searched via the Find* methods. It is also possible to iterate from 0 to NumCertficates-1, calling GetCertificate for each index, to retrieve each certificate within the PFX.

Note: This method does not import certificates into the Windows certificate stores. The purpose of this method is to load a .pfx/.p12 into this object so that other API methods can be called to explore or search the contents of the PFX. The Chilkat Pfx class also provides similar functionality.

Returns 1 for success, 0 for failure.

top
OpenChilkatStore
function OpenChilkatStore(readOnly: Integer): Integer;

(This method only available on Microsoft Windows operating systems.)
Opens the registry-based local machine certificate store having the path "Software/Chilkat/SystemCertificates". If the certificate store does not exist, it is automatically created. Setting readOnly = 1 causes the certificate store to be opened read-only, and will prevent "permission denied" errors caused by the need for read-write permission.

Once loaded, the certificates within the store may be searched via the Find* methods. An application may also iterate from 0 to NumCertficates-1 and call GetCertificate to access each certificate by index.

Returns 1 for success, 0 for failure.

top
OpenCurrentUserStore
function OpenCurrentUserStore(readOnly: Integer): Integer;

(This method is only available on Microsoft Windows operating systems.)
Opens the registry-based Current-User\Personal certificate store. Set readOnly = 1 if only fetching certificates and not updating the certificate store (i.e. certificates will not be added or removed). Setting readOnly = 1 causes the certificate store to be opened read-only, and will prevent "permission denied" errors caused by the need for read-write permission.

Once loaded, the certificates within the store may be searched via the Find* methods. An application may also iterate from 0 to NumCertficates-1 and call GetCertificate to access each certificate by index.

Returns 1 for success, 0 for failure.

top
OpenFileStore
function OpenFileStore(filename: WideString; readOnly: Integer): Integer;

(This method only available on Microsoft Windows operating systems.)
Opens a file-based certificate store.

Once loaded, the certificates within the store may be searched via the Find* methods. An application may also iterate from 0 to NumCertficates-1 and call GetCertificate to access each certificate by index.

Returns 1 for success, 0 for failure.

top
OpenLocalSystemStore
function OpenLocalSystemStore(readOnly: Integer): Integer;

(This method is only available on Microsoft Windows operating systems.)
Opens the registry-based Local-Computer\Personal certificate store. Set readOnly = 1 if only fetching certificates and not updating the certificate store (i.e. certificates will not be added or removed). Setting readOnly = 1 causes the certificate store to be opened read-only, and will prevent "permission denied" errors caused by the need for read-write permission.

Once loaded, the certificates within the store may be searched via the Find* methods. An application may also iterate from 0 to NumCertficates-1 and call GetCertificate to access each certificate by index.

Returns 1 for success, 0 for failure.

top
OpenOutlookStore
function OpenOutlookStore(readOnly: Integer): Integer;

(This method is only available on Microsoft Windows operating systems.)
Opens the registry-based Current-User\Other People certificate store. This is the certificate store use by Microsot Outlook. Set readOnly = 1 if only fetching certificates and not updating the certificate store (i.e. certificates will not be added or removed). Setting readOnly = 1 causes the certificate store to be opened read-only, and will prevent "permission denied" errors caused by the need for read-write permission.

Once loaded, the certificates within the store may be searched via the Find* methods. An application may also iterate from 0 to NumCertficates-1 and call GetCertificate to access each certificate by index.

Returns 1 for success, 0 for failure.

top
OpenRegistryStore
function OpenRegistryStore(regRoot: WideString; regPath: WideString; readOnly: Integer): Integer;

(This method only available on Microsoft Windows operating systems.)
Opens an arbitrary registry-based certificate store. regRoot must be "CurrentUser" or "LocalMachine". regPath is a registry path such as "Software/MyApplication/Certificates".

Setting readOnly = 1 causes the certificate store to be opened read-only, and will prevent "permission denied" errors caused by the need for read-write permission.

Once loaded, the certificates within the store may be searched via the Find* methods. An application may also iterate from 0 to NumCertficates-1 and call GetCertificate to access each certificate by index.

Returns 1 for success, 0 for failure.

top
OpenSmartcard
function OpenSmartcard(csp: WideString): Integer;
Introduced in version 9.5.0.80

Opens the certificate store on the smartcard currently in the reader or USB token.

The csp can be set to the name of the CSP (Cryptographic Service Provider) that should be used. If csp is an empty string, then the 1st CSP found matching one of the following names will be used:

  • Microsoft Smart Card Key Storage Provider
  • Microsoft Base Smart Card Crypto Provider
  • Bit4id Universal Middleware Provider
  • YubiHSM Key Storage Provider (starting in v9.5.0.83)
  • eToken Base Cryptographic Provider
  • FTSafe ePass1000 RSA Cryptographic Service Provider
  • SecureStoreCSP
  • EnterSafe ePass2003 CSP v2.0
  • Gemalto Classic Card CSP
  • PROXKey CSP India V1.0
  • PROXKey CSP India V2.0
  • TRUST KEY CSP V1.0
  • Watchdata Brazil CSP V1.0
  • Luna Cryptographic Services for Microsoft Windows
  • Luna SChannel Cryptographic Services for Microsoft Windows
  • Safenet RSA Full Cryptographic Provider
  • nCipher Enhanced Cryptographic Provider
  • SafeSign Standard Cryptographic Service Provider
  • SafeSign Standard RSA and AES Cryptographic Service Provider
  • MySmartLogon NFC CSP
  • NFC Connector Enterprise
  • ActivClient Cryptographic Service Provider
  • EnterSafe ePass2003 CSP v1.0
  • Oberthur Card Systems Cryptographic Provider
  • Athena ASECard Crypto CSP"

(This method is only available on Microsoft Windows operating systems.)

Returns 1 for success, 0 for failure.

top
OpenWindowsStore
function OpenWindowsStore(storeLocation: WideString; storeName: WideString; readOnly: Integer): Integer;
Introduced in version 9.5.0.49

(This method only available on Microsoft Windows operating systems.)
Opens a Microsoft Windows certificate store. storeLocation must be "CurrentUser" or "LocalMachine". storeName is the name of the certificate store to open. It may be any of the following:

  • AddressBook: Certificate store for other users.
  • AuthRoot: Certificate store for third-party certification authorities (CAs).
  • CertificationAuthority: Certificate store for intermediate certification authorities (CAs).
  • Disallowed: Certificate store for revoked certificates.
  • My: Certificate store for personal certificates.
  • Root: Certificate store for trusted root certification authorities (CAs).
  • TrustedPeople: Certificate store for directly trusted people and resources.
  • TrustedPublisher: Certificate store for directly trusted publishers.

Setting readOnly = 1 causes the certificate store to be opened read-only, and will prevent "permission denied" errors caused by the need for read-write permission.

Once loaded, the certificates within the store may be searched via the Find* methods. An application may also iterate from 0 to NumCertficates-1 and call GetCertificate to access each certificate by index.

Returns 1 for success, 0 for failure.

top
RemoveCertificate
function RemoveCertificate(cert: TChilkatCert): Integer;

(This method only available on Microsoft Windows operating systems.)
Removes the passed certificate from the store. The certificate object passed as the argument can no longer be used once removed.

Returns 1 for success, 0 for failure.

top