I would like to access the certificates stored in Mozilla products (Firefox and Thunderbird) from the Delphi (XE) application. To begin with, I would like to list them, the next time it would be nice to manage them (import, export, delete) and use them (sign). A software token would be sufficient, although using all the tokens supported by mozilla would be great.
So far, I have been trying to use XPCOM with the http://d-gecko.svn.sourceforge.net/viewvc/d-gecko/trunk/ delphi binding. However, there is little documentation around, and I am confused by all the terminology and concepts. The best I could do was:
var ns:nsIX509CertDB; servMgr:nsIServiceManager; p:Pchar; begin GRE_Startup; NS_GetServiceManager(servmgr); servMgr.GetServiceByContractID('@mozilla.org/security/x509certdb;1',NS_IX509CERTDB_IID,ns); ns.FindCertNicknames(nil,1,count,p); GRE_Shutdown; end;
Using this code, I got an instance of the certdb object, and I was able to request it for certificates. However, it seems completely empty (the count from FindCertNicknames is 0), and it also does not respond to an OCSP change (IsOcspOn always returns true). I think I either created a new certstore, or I need to somehow activate the default user profile.
I also tried to access softokn.dll as a PKCS # 11 library. Since this seems to have some PKCS # 11 API, it does not respond well. That is, CKR_BAD_ARGUMENTS in C_Inititialize.
The last and very bad way is to access the certificate files directly, since it should be the "standard" NSS, but I don't like it.