Verify and validate

Question

Hello

In my app's UI I'll need to get a pfx certificate from user and pass it to a 3rd party sdk later.

Since all user input must be checked (I have to) to verify and validate the selected pfx, I wrote this:

There's no cert.Dispose in .net 4.0, no EphemeralKeySet so I thought X509Certificate2Collection is safer way.

Don't wanna save files and just make/verify in memory, is my method safe?

Dim VerifyCert As Boolean
Dim Temp509Collection As New X509Certificate2Collection
Try
    Temp509Collection.Import(FileTextBox.Text, PassTextBox.Text, X509KeyStorageFlags.UserKeySet)
    VerifyCert = True
Catch Exception As Exception
    VerifyCert = False
End Try
If Temp509Collection.Count > 0 AndAlso Temp509Collection.Item(0).HasPrivateKey = False Then
    'Some other check
End If
Temp509Collection.Clear()

Answer 1

Hi @Peter Volz ,

You could catch CryptographicException for certificate-related issues.

Using the following code to dispose the resources.

    For Each cert As X509Certificate2 In Temp509Collection
        cert.Reset()
    Next
    Temp509Collection.Clear()

Best Regards.

Jiachen Li

---

If the answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.