Xceed .NET Libraries Documentation
How To Handle a PKCS #7 Formatted Client Certificate
Welcome to Xceed .NET, .NET Standard and Xamarin Libraries! > Task-Based Help > FTP capabilities > Making Secure Connections > How To Handle a PKCS #7 Formatted Client Certificate

Here is an example on how to handle a PKCS #7 formatted client certificate when making an SSL connection.

static void ClientCertificateExample()

{

  try

  {

    // Load the certificate file into a byte array

    byte[] certificateBytes = File.ReadAllBytes( @"D:\Xceed\PKCS7Certificates.p7b" );



    // Create an object that can decode the certificate data

    System.Security.Cryptography.Pkcs.SignedCms cms = new System.Security.Cryptography.Pkcs.SignedCms();

    

    // Decode the certificates

    cms.Decode( certificateBytes );



    FtpClient ftp = new FtpClient();

    //ftp.TraceWriter = Console.Out;



    string host = "localhost";

    int port = 990;



    // Pick an authentication method

    AuthenticationMethod authenticationMethod = AuthenticationMethod.Ssl;



    // Pick verification flags. If unsure, pick 'None'.

    VerificationFlags verificationFlags = VerificationFlags.None;



    // The client certificate to submit to the server

    Certificate clientCertificate = null;



    // Subscribe to the CertificateReceived event

    ftp.CertificateReceived += new CertificateReceivedEventHandler( OnCertificateReceived );



    /* A PKCS #7 file can contain more than one certificate. The certificates are in the collection

     * specified in the cms.Certificates property.

     * 

     * If you know which certificate the FTP server is waiting for, simply supply it to

     * the Connect() method. If you do not know which is the correct one, you can try to connect

     * using each one in turn until the server accepts one. */

     

    // Go through each certificate in the collection

    foreach( System.Security.Cryptography.X509Certificates.X509Certificate2 x509certificate in cms.Certificates )

    {

      // Create a client certificate out of the current x509 certificate

      clientCertificate = new Certificate( x509certificate );



      try

      {

        // Connect implicitly to the server using encryption.

        // This form always enables encryption for the data channel (for file transfers)

        ftp.Connect( host, port, authenticationMethod, verificationFlags, clientCertificate );

      }

      catch( FtpSslException )

      {

        // An FtpSslException exception will be thrown if the client certificate is rejected

      }



      // If we connected successfully to the server

      if( ftp.Connected )

      {

        // No need to try again

        break;

      }

    }



    try

    {

      // Login. The exchanged information will be encrypted

      ftp.Login( "username", "password" );



      /* Perform your file transfers */

    }

    finally

    {

      // Make sure we always disconnect

      ftp.Disconnect();



      ftp.CertificateReceived -= new CertificateReceivedEventHandler( OnCertificateReceived );

    }

  }

  catch( Exception exception )

  {

    // Output some information about it

    Console.WriteLine( "-->{0}: {1}\n{2}", exception.GetType().Name, exception.Message, exception.StackTrace );



    // Fetch the inner exception

    exception = exception.InnerException;



    // While there is an exception

    while( exception != null )

    {

      // Output some information about it

      Console.WriteLine( "-->Inner exception: {0}: {1}\n{2}", exception.GetType().Name, exception.Message, exception.StackTrace );



      // Fetch the inner exception

      exception = exception.InnerException;

    }

  }

}



static void OnCertificateReceived( object sender, CertificateReceivedEventArgs e )

{

  // Always accept the certificate

  e.Action = VerificationAction.Accept;

}
    Private Shared Sub ClientCertificateExample()

      Try

        ' Load the certificate file into a byte array

        Dim certificateBytes() As Byte = File.ReadAllBytes("D:\Xceed\PKCS7Certificates.p7b")



        ' Create an object that can decode the certificate data

        Dim cms As New System.Security.Cryptography.Pkcs.SignedCms()



        ' Decode the certificates

        cms.Decode(certificateBytes)



        Dim ftp As New FtpClient()

        'ftp.TraceWriter = Console.Out;



        Dim host As String = "localhost"

        Dim port As Integer = 990



        ' Pick an authentication method

        Dim authenticationMethod As AuthenticationMethod = AuthenticationMethod.Ssl



        ' Pick verification flags. If unsure, pick 'None'.

        Dim verificationFlags As VerificationFlags = VerificationFlags.None



        ' The client certificate to submit to the server

        Dim clientCertificate As Certificate = Nothing



        ' Subscribe to the CertificateReceived event

        AddHandler ftp.CertificateReceived, AddressOf OnCertificateReceived



'         A PKCS #7 file can contain more than one certificate. The certificates are in the collection

'         * specified in the cms.Certificates property.

'         * 

'         * If you know which certificate the FTP server is waiting for, simply supply it to

'         * the Connect() method. If you do not know which is the correct one, you can try to connect

'         * using each one in turn until the server accepts one. 



        ' Go through each certificate in the collection

        For Each x509certificate As System.Security.Cryptography.X509Certificates.X509Certificate2 In cms.Certificates

          ' Create a client certificate out of the current x509 certificate

          clientCertificate = New Certificate(x509certificate)



          Try

            ' Connect implicitly to the server using encryption.

            ' This form always enables encryption for the data channel (for file transfers)

            ftp.Connect(host, port, authenticationMethod, verificationFlags, clientCertificate)

          Catch e1 As FtpSslException

            ' An FtpSslException exception will be thrown if the client certificate is rejected

          End Try



          ' If we connected successfully to the server

          If ftp.Connected Then

            ' No need to try again

            Exit For

          End If

        Next x509certificate



        Try

          ' Login. The exchanged information will be encrypted

          ftp.Login("username", "password")



          ' Perform your file transfers 

        Finally

          ' Make sure we always disconnect

          ftp.Disconnect()



          RemoveHandler ftp.CertificateReceived, AddressOf OnCertificateReceived

        End Try

      Catch exception As Exception

        ' Output some information about it

        Console.WriteLine("-->{0}: {1}" & Constants.vbLf & "{2}", exception.GetType().Name, exception.Message, exception.StackTrace)



        ' Fetch the inner exception

        exception = exception.InnerException



        ' While there is an exception

        Do While exception IsNot Nothing

          ' Output some information about it

          Console.WriteLine("-->Inner exception: {0}: {1}" & Constants.vbLf & "{2}", exception.GetType().Name, exception.Message, exception.StackTrace)



          ' Fetch the inner exception

          exception = exception.InnerException

        Loop

      End Try

    End Sub



    Private Shared Sub OnCertificateReceived(ByVal sender As Object, ByVal e As CertificateReceivedEventArgs)

      ' Always accept the certificate

      e.Action = VerificationAction.Accept

    End Sub
See Also
Secure FTP (SSL/TLS)

 

 

Copyright Xceed Software Inc

Send Feedback