I would like to access certificates stored in Mozilla products (Firefox and Thunderbird) from a Delphi (XE) applicaiton. For start I would like to list them, next it would be nice to be able to manage them (import, export, delete) and use them (sign). The software token would be sufficient although using all tokens supported by mozilla would be great.
So far I tried using XPCOM with http://d-gecko.svn.sourceforge.net/viewvc/d-gecko/trunk/ delphi binding. However there is not much documentation around and I am kinda confused with all the terminology and concepts. The best I could manage was:
var ns:nsIX509CertDB;
servMgr:nsIServiceManager;
p:Pchar;
begin
GRE_Startup;
NS_GetServiceManager(servmgr);
servMgr.GetServiceByContractID('@mozilla.org/security/x509certdb;1',NS_IX509CERTDB_IID,ns);
ns.FindCertNicknames(nil,1,count,p);
GRE_Shutdown;
end;
Using this code I did get instance of certdb object and I was able to ask it for certificates. However it seems to be completely empty (count from FindCertNicknames is 0) and it also does not react on changing OCSP (IsOcspOn always returns true). I am thinking that I did either create new certstore or that I need to activate default user profile somehow.
I also tried accessing softokn.dll as a PKCS#11 library. As this seem to have some sort of PKCS#11 API, it is not responding well. I.e. CKR_BAD_ARGUMENTS on C_Inititialize.
The last and really bad way would be accessing certificate files directly as it should be "standard" NSS but I realy do not like this way.
Our SecureBlackbox works with softtokn.dll via PKCS#11 and you can use interfaces provided by SecureBlackbox for handy certificate management.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With