Function

tCryptography.FindCert

Module

XuDsigS

Last Modified

7/15/2014 3:26:44 PM

Comments

Open a system certificate store and
check each certificates looking for a Certificate
that is Valid and has a given ObjID.
Leaves HCertStore and pCertContext open.


Used to tell if we found the right parts
a pointer the the rgExtension blob

Visibility

Private

Owner

tCryptography

Declaration

function FindCert: boolean;

Calls Hierarchy


tCryptography.FindCert
 ├CertOpenSystemStore
 ├CertEnumCertificatesInStore
 ├CertGetNameString
 ├SerialNum
 ├CertDateTimeStr
 ├tCryptography.SigningCert
 │ └CertGetIntendedKeyUsage
 ├CertVerifyTimeValidity
 ├CertFindExtension
 ├tCryptography.CRLDistPoint
 │ └CryptDecodeObject
 ├Revco
 │ └CertVerifyRevocation
 └tCryptography.CertChainCheck
   ├CertCreateCertificateChainEngine
   ├Memo
   ├tCryptography.RaiseErr
   ├CertGetCertificateChain
   └SetStatus
     └Memo

Called-By Hierarchy


                                              tCryptography.FindCert
                                            tCryptography.SignData┤ 
                                                    getSANFromCard┘ 
                                                          SetSAN┘   
                           TfrmFrame.DigitalSigningSetup1Click┤     
                                             ExecuteSignOrders┤     
                                  TfrmOrders.mnuActSignClick┘ │     
                                         TfrmReview.cmdOKClick┘     
                                               ReviewChanges┘       
                           TfrmFrame.AllowContextChangeAll┤         
                                TfrmFrame.FormCloseQuery┤ │         
                              TfrmFrame.mnuFileNextClick┤ │         
                            TfrmFrame.mnuFileOpenClick┤ │ │         
                                TfrmFrame.UMInitiate┤ │ │ │         
                       TfrmFrame.mnuFileNextClick...┤ │ │ │         
                       TfrmFrame.mnuFileRefreshClick┤ │ │ │         
                       TfrmOrders.CheckOrderStatus┤ │ │ │ │         
                   TfrmOrders.mnuActChgEvntClick┤ │ │ │ │ │         
                      TfrmOrders.mnuActHoldClick┤ │ │ │ │ │         
                    TfrmOrders.mnuActUnholdClick┤ │ │ │ │ │         
                     TfrmOrders.mnuActRenewClick┤ │ │ │ │ │         
                    TfrmOrders.mnuActChangeClick┤ │ │ │ │ │         
                      TfrmOrders.mnuActCopyClick┘ │ │ │ │ │         
                            TfrmMeds.mnuActDCClick┤ │ │ │ │         
                           TfrmMeds.CheckMedStatus┘ │ │ │ │         
                        TfrmMeds.mnuActHoldClick┤   │ │ │ │         
                       TfrmMeds.mnuActRenewClick┤   │ │ │ │         
                      TfrmMeds.mnuActUnholdClick┤   │ │ │ │         
                      TfrmMeds.mnuActChangeClick┤   │ │ │ │         
                        TfrmMeds.mnuActCopyClick┤   │ │ │ │         
                      TfrmMeds.mnuActRefillClick┘   │ │ │ │         
                                  TfrmFrame.ViewInfo┘ │ │ │         
                               TfrmDCSumm.ViewInfo┤   │ │ │         
                             TfrmConsults.ViewInfo┤   │ │ │         
                     TfrmFrame.pnlRemindersMouseUp┤   │ │ │         
                      TfrmFrame.RemindersChanged┘ │   │ │ │         
                          TfrmFrame.FormCreate┘   │   │ │ │         
                            TfrmFrame.pnlCIRNClick┤   │ │ │         
                      TfrmFrame.pnlVistaWebClick┤ │   │ │ │         
                           TfrmFrame.FormKeyDown┘ │   │ │ │         
                         TfrmFrame.pnlPatientClick┤   │ │ │         
                           TfrmFrame.pnlVisitClick┤   │ │ │         
                     TfrmFrame.pnlPrimaryCareClick┤   │ │ │         
                       TfrmFrame.pnlRemindersClick┤   │ │ │         
                        TfrmFrame.pnlPostingsClick┤   │ │ │         
                            TfrmFrame.pnlFlagClick┤   │ │ │         
                              TfrmFrame.laMHVClick┤   │ │ │         
                             TfrmFrame.laVAA2Click┤   │ │ │         
                               TfrmOrders.ViewInfo┤   │ │ │         
                                 TfrmMeds.ViewInfo┤   │ │ │         
                              TfrmSurgery.ViewInfo┤   │ │ │         
                                TfrmNotes.ViewInfo┤   │ │ │         
                             TfrmProblems.ViewInfo┘   │ │ │         
                     TfrmFrame.mnuFileNotifRemoveClick┤ │ │         
                             TfrmFrame.NextButtonClick┘ │ │         
                           TfrmFrame.SetUpNextButton┘   │ │         
                     TfrmFrame.mnuFileOpenClick...┤     │ │         
                              TfrmFrame.FormResize┘     │ │         
                            TfrmFrame.ChangeFont┘       │ │         
                    TfrmFrame.LoadSizesForUser┤         │ │         
               TfrmFrame.LoadUserPreferences┘ │         │ │         
                      TfrmFrame.UMInitiate┘   │         │ │         
                    TfrmFrame.mnuFontSizeClick┘         │ │         
                           TfrmFrame.mnuFileOpenClick...┤ │         
                           TfrmFrame.ctxContextorPending┤ │         
                          TfrmFrame.StartCCOWContextor┘ │ │         
                                TfrmFrame.FormCreate┘   │ │         
                         TfrmFrame.ctxContextorCommitted┤ │         
                       TfrmFrame.StartCCOWContextor...┘ │ │         
                  TfrmFrame.mnuFileResumeContextGetClick┤ │         
                  TfrmFrame.mnuFileResumeContextSetClick┘ │         
                                  TfrmFrame.FormCloseQuery┤         
                              TfrmFrame.mnuFileReviewClick┤         
                                           UpdateEncounter┘         
                         TfrmFrame.mnuFileEncounterClick┤           
                                 TfrmFrame.ViewInfo...┤ │           
                    TfrmODMedIV.SetValuesFromResponses┤ │           
                             TfrmODMedIV.SetupDialog┤ │ │           
                   TfrmODMedIV.cboSolutionMouseClick┘ │ │           
                       TfrmODMedIV.cboSolutionExit┘   │ │           
                  TfrmODMedIV.cboSolutionMouseClick...┤ │           
                     TfrmODMedIV.cboAdditiveMouseClick┤ │           
                         TfrmODMedIV.cboAdditiveExit┘ │ │           
                                TfrmODAuto.SetupDialog┤ │           
                                   ActivateOrderDialog┤ │           
                           TfrmRemDlg.btnFinishClick┤ │ │           
           TfrmConsults.mnuActNewConsultRequestClick┤ │ │           
                   TfrmConsults.cmdNewConsultClick┘ │ │ │           
                TfrmConsults.mnuActNewProcedureClick┤ │ │           
                      TfrmConsults.cmdNewProcClick┘ │ │ │           
                                        ChangeOrders┤ │ │           
                      TfrmOrders.mnuActChangeClick┤ │ │ │           
                        TfrmMeds.mnuActChangeClick┘ │ │ │           
                                     ChangeOrdersEvt┤ │ │           
                                          CopyOrders┤ │ │           
                        TfrmOrders.mnuActCopyClick┤ │ │ │           
                          TfrmMeds.mnuActCopyClick┤ │ │ │           
                           TfrmODActive.btnOKClick┘ │ │ │           
                                      TransferOrders┤ │ │           
                        TfrmOrders.mnuActCopyClick┤ │ │ │           
                          TfrmMeds.mnuActCopyClick┤ │ │ │           
                           TfrmODActive.btnOKClick┘ │ │ │           
                            TfrmOrders.lstWriteClick┤ │ │           
               TfrmOrders.PlaceOrderForDefaultDialog┤ │ │           
                  TfrmOrders.DisplayDefaultDlgList┤ │ │ │           
                       TfrmOrders.ResetOrderPage┘ │ │ │ │           
               TfrmOrders.btnDelayedOrderClick┘   │ │ │ │           
                                 DisplayEvntDialog┤ │ │ │           
                             SetDelayEventForMed┘ │ │ │ │           
                      TfrmMeds.mnuActCopyClick┘   │ │ │ │           
                                 DisplayEvntDialog┤ │ │ │           
                                  SetViewForCopy┘ │ │ │ │           
                    TfrmOrders.mnuActCopyClick┘   │ │ │ │           
                                 DisplayEvntDialog┘ │ │ │           
                                ExecuteChangeEvt┘   │ │ │           
                 TfrmOrders.mnuActChgEvntClick┘     │ │ │           
                             TfrmMeds.mnuActNewClick┤ │ │           
                           TfrmOMNavA.ActivateDialog┤ │ │           
                         TfrmOMNavA.grdMenuKeyDown┤ │ │ │           
                         TfrmOMNavA.grdMenuMouseUp┘ │ │ │           
                                TfrmOMSet.DoNextItem┘ │ │           
                              TfrmOMSet.InsertList┤   │ │           
                               ActivateOrderList┘ │   │ │           
                     TfrmRemDlg.btnFinishClick┤   │   │ │           
                             ActivateOrderHTML┤   │   │ │           
                    TfrmOrders.lstWriteClick┤ │   │   │ │           
    TfrmOrders.PlaceOrderForDefaultDialog...┘ │   │   │ │           
                              ActivateOrderSet┤   │   │ │           
                   TfrmRemDlg.btnFinishClick┤ │   │   │ │           
TfrmConsults.mnuActNewConsultRequestClick...┤ │   │   │ │           
     TfrmConsults.mnuActNewProcedureClick...┤ │   │   │ │           
                    TfrmOrders.lstWriteClick┤ │   │   │ │           
    TfrmOrders.PlaceOrderForDefaultDialog...┤ │   │   │ │           
                     TfrmMeds.mnuActNewClick┤ │   │   │ │           
                TfrmOMNavA.ActivateDialog...┤ │   │   │ │           
                     TfrmOMSet.DoNextItem...┘ │   │   │ │           
                       TfrmOMNavA.DoSelectList┘   │   │ │           
                     TfrmOMNavA.grdMenuKeyUp┤     │   │ │           
                   TfrmOMNavA.grdMenuMouseUp┘     │   │ │           
                                        SkipToNext┤   │ │           
                         TfrmOMSet.DoNextItem...┘ │   │ │           
                            TfrmOMSet.UMDelayEvent┘   │ │           
                               TfrmOMSet.InsertList...┤ │           
                                TfrmODMeds.SetupDialog┤ │           
                             TfrmODMeds.btnSelectClick┤ │           
                             TfrmODMeds.UMDelayClick┘ │ │           
                                    ExecuteRenewOrders┘ │           
                         TfrmOrders.mnuActRenewClick┤   │           
                           TfrmMeds.mnuActRenewClick┘   │           
                                        EncounterPresent┤           
                                      ReadyForNewOrder┤ │           
                           TfrmRemDlg.btnFinishClick┤ │ │           
        TfrmConsults.mnuActNewConsultRequestClick...┤ │ │           
             TfrmConsults.mnuActNewProcedureClick...┤ │ │           
                                     ChangeOrders...┤ │ │           
                                     ChangeOrdersEvt┤ │ │           
                                       CopyOrders...┤ │ │           
                                   TransferOrders...┤ │ │           
                            TfrmOrders.lstWriteClick┤ │ │           
                             TfrmMeds.mnuActNewClick┘ │ │           
                                     ReadyForNewOrder1┤ │           
            TfrmOrders.PlaceOrderForDefaultDialog...┘ │ │           
                              TfrmOrders.mnuActDCClick┤ │           
                             TfrmOrders.mnuActRelClick┤ │           
                            TfrmOrders.mnuActHoldClick┤ │           
                          TfrmOrders.mnuActUnholdClick┤ │           
                           TfrmOrders.mnuActRenewClick┤ │           
                         TfrmOrders.mnuActReleaseClick┤ │           
                         TfrmOrders.mnuActOnChartClick┤ │           
                            TfrmOrders.mnuActSignClick┤ │           
                                TfrmMeds.mnuActDCClick┤ │           
                              TfrmMeds.mnuActHoldClick┤ │           
                             TfrmMeds.mnuActRenewClick┤ │           
                            TfrmMeds.mnuActUnholdClick┤ │           
                              TfrmMeds.mnuActCopyClick┤ │           
                            TfrmMeds.mnuActRefillClick┘ │           
                                     EncounterPresentEDO┤           
                                   ReadyForNewOrder...┤ │           
                         TfrmOrders.mnuActChgEvntClick┤ │           
                          TfrmOrders.mnuActChangeClick┤ │           
                            TfrmOrders.mnuActCopyClick┤ │           
                       TfrmOrders.btnDelayedOrderClick┤ │           
                            TfrmMeds.mnuActChangeClick┤ │           
                              TfrmMeds.mnuActCopyClick┘ │           
                                             UpdateVisit┤           
                                           EditPCEData┤ │           
                             TfrmSurgery.cmdPCEClick┤ │ │           
                                 UpdateEncounterInfo┘ │ │           
                             TfrmNotes.cmdPCEClick┘   │ │           
                        TfrmVitals.btnEnterVitalsClick┘ │           
                                             UpdateVisit┤           
                                        EncounterPresent┘           
                         TfrmProblems.lstProbActsClick┘             
                     TfrmProblems.wgProbDataDblClick┤               
                           TfrmProblems.lstViewClick┘               
                   TfrmProblems.HighlightDuplicate┘                 
                         TfrmProblems.AddProblem┤                   
              TfrmProblems.lstProbActsClick...┤ │                   
                 TfrmProblems.lstProbPickClick┤ │                   
              TfrmProblems.lstProbPickDblClick┤ │                   
              TfrmProblems.edProbEntKeyPress┘ │ │                   
                      TfrmProblems.UMPLLexicon┘ │                   
                   TfrmdlgProb.bbChangeProbClick┘                   

Calls

Name Declaration Comments
tCryptography.CertChainCheck function CertChainCheck(pCertContext: PCCERT_CONTEXT): boolean; -
CertDateTimeStr function CertDateTimeStr(CertTime: FileTime): string; -
CertEnumCertificatesInStore function CertEnumCertificatesInStore(hCertStore :HCERTSTORE; pPrevCertContext :PCCERT_CONTEXT ):PCCERT_CONTEXT ; stdcall; -
CertFindExtension function CertFindExtension(pszObjId :LPCSTR; cExtensions :DWORD; rgExtensions :PPVOID -
CertGetNameString function CertGetNameString(pCertContext: PCCERT_CONTEXT; dwType: DWORD; dwFlags: DWORD; pvTypePara: DWORD; pNameString: PChar; cchNameString: DWORD): BOOL; stdcall; -
CertOpenSystemStore function CertOpenSystemStore(hProv :HCRYPTPROV; szSubsystemProtocol :LPAWSTR):HCERTSTORE ; stdcall; -
CertVerifyTimeValidity function CertVerifyTimeValidity(pTimeToVerify :PFILETIME; pCertInfo :PCERT_INFO):LONG ; stdcall; -
tCryptography.CRLDistPoint function CRLDistPoint(pbData: pointer; cbData: integer): string; -
Revco function Revco(): boolean; -
SerialNum function SerialNum(pbdata: pbytearray; len: DWORD): string; -
tCryptography.SigningCert function SigningCert(pCertCtx: PCCERT_CONTEXT): Integer; -

Called-By

Name Declaration Comments
getSANFromCard function getSANFromCard(InputForm: TComponent; crypto: tCryptography): String; -
tCryptography.SignData function SignData: boolean; -


Source

462   function Tcryptography.FindCert: Boolean;
463   const
464     buffsize = 1024;
465   var
466     //Used to tell if we found the right parts
467     DateValid, Status, Signing: boolean;
468     dwData{, ValLen}: DWORD;
469     pbarray: pbytearray;
470     str2, NameString: string;
471     kpiData: CRYPT_KEY_PROV_INFO;
472     ContainerName, CSProviderName: widestring;
473     sContainerName, sCSProviderName: String;
474     //a pointer the the rgExtension blob
475     rgExtension: PCERT_EXTENSION;
476     cExtension: DWORD;
477     pce: PCERT_EXTENSION;
478     prgp: PPVOID;
479     str: String;
480     isDisplayNameCorrect: Boolean;  // JLI 120619
481     isAltNameMatched: Boolean;  // JLI 120619
482     SigningVal: Integer;
483     pTime: TFileTime;
484     NotAfterDate: String;     // JLI 120919
485     CertDisplayName: String;  // JLI 120919
486     DateValidValue: Integer;
487     InvalidDateLine: String;
488     RevocationReason: String;
489     RevocationStatusOK: Boolean;
490   
491     function Revco(): boolean;
492     var
493       //var's for Revocation checking
494       RevStatus: CERT_REVOCATION_STATUS;
495       pRevStatus: PCERT_REVOCATION_STATUS;
496       RevPara: CERT_REVOCATION_PARA;
497       rgpvContext: array[0..3] of pointer;
498       i: integer;
499       cContext: DWORD;
500     begin
501        //This takes a long time
502        RevPara.cbSize := sizeof(RevPara);
503        RevStatus.cbSize := sizeof(RevStatus);
504        RevStatus.dwIndex := 0;
505        RevStatus.dwError := 0;
506        pRevStatus := @RevStatus;
507        for i := 0 to 3 do
508          rgpvContext[i] := nil;
509        rgpvContext[0] := pCertContext;
510        cContext := 1;
511        prgp := @(rgpvContext[0]);
512        Result := CertVerifyRevocation( c_ENCODING_TYPE,
513                                CERT_CONTEXT_REVOCATION_TYPE,
514                                cContext,
515                                prgp,
516                                CERT_VERIFY_REV_SERVER_OCSP_FLAG,  // was CERT_VERIFY_REV_CHAIN_FLAG,
517                                nil,
518                                pRevStatus);
519        //Now to check the status
520        if Result = false then
521        begin
522          LastErr := GetLastError;
523          str2 := SysErrorMessage(LastErr);
524          RevocationReason := 'Revocation failed - error: '+IntToStr(LastErr)+' - '+Str2;
525          TrackingMsg.Add('  '+RevocationReason);
526        end;  //if
527     end;  //nested function
528     //End Nested functions
529   begin
530     Status := False;
531     Result := False;
532     //The system maps the current users Cert's to the MY store.
533     //So, Open the MY Store
534     if hCertStore = 0 then
535     begin
536       hCertStore := CertOpenSystemStore(0, PChar('MY'));
537     end;
538     if pCertContext <> nil then
539     begin
540         //If we can recheck we could skip the search.
541     end;
542     pCertContext := nil;
543     Reason := 'Could not open the Cert Store';
544     //if hCertStore is 0 the open didn't work
545     if hCertStore = 0 then
546     begin
547       TrackingMsg.Add('Unable to open a Certificate Store.');
548   //  SaveLog(); // 121214 remove saving of log to PKISignError
549       exit;
550     end;
551     //Set the size of some strings
552     Setlength(ContainerName, 255);
553     Setlength(CSProviderName, 255);
554     Setlength(NameString, 255);
555     //put some data in kpiData
556     kpiData.pwszContainerName := @ContainerName;
557     kpiData.pwszProvName := @CSProviderName;
558     kpiData.dwKeySpec := 0;
559     //Set a fail reason
560     Reason := 'Did not find a Cert.';
561     //Now Get the first certificates.
562     pCertContext := CertEnumCertificatesInStore(hCertStore, nil);
563     sCSProviderName := CSProviderName;
564     sContainerName := ContainerName;
565     Str := sCSProviderName + sContainerName;
566     //The loop
567     while (pCertContext <> nil) and (STATUS = False) do
568     begin
569       //INIT flags
570       TrackingMsg.Add(' ');
571   
572       //Get user display name
573       CertDisplayName := '';
574       if (CertGetNameString(pCertContext,
575           CERT_NAME_SIMPLE_DISPLAY_TYPE,
576           0,
577           0,
578           PChar(NameString),  //SetLength done at start
579           128)) then
580                CertDisplayName := StrPas(PChar(NameString));
581   
582       // expected CertDisplayName is ALPHA NUMERIC
583       // check first for alpha and last for digit
584       isDisplayNameCorrect := false;
585       str := UpperCase(Copy(CertDisplayName,1,1));
586       if (Pos(str,'ABCDEFGHIJKLMNOPQRSTUVWXYZ') > 0) then
587       begin
588         str := IntToStr(length(certDisplayName));
589         str := copy(certDisplayName,length(certDisplayName),1);
590         if (Pos(str,'0123456789)') > 0) then
591         begin
592           isDisplayNameCorrect := true;
593           if (UsrAltName = '') then     //121213 JLI insert for checking for valid UsrAltName
594           begin
595             if not (Pos(UpperCase(Piece(VistaUserName,',')),UpperCase(certDisplayName)) > 0) then
596               isDisplayNameCorrect := false;
597           end;
598         end;
599       end;
600   
601       //Get the Cert serialNumber
602       dwdata := pCertContext.pCertInfo.SerialNumber.cbData;
603       pbarray := pbytearray(pCertContext.pCertInfo.SerialNumber.pbData);
604       //Now convert the Serial number to HEX
605       CertSerialNum := XuDsigU.SerialNum(pbarray, dwdata);
606   
607       ptime := pCertContext.pCertinfo.NotAfter;
608       NotAfterDate := CertDateTimeStr(pTime);
609   
610       //Check that it has a Signature key
611       SigningVal := SigningCert(pCertContext);
612       Signing := false;
613   // JLI 121120    if (SigningVal div $80) > 0 then
614       if (SigningVal div $C0) > 0 then // JLI 121120
615         Signing := true;
616       //****************************
617   
618       SANFromCard := '';
619       CertName := '';
620       isAltNameMatched := false;
621       if (CertGetNameString(pCertContext,8,0,0,
622           PChar(NameString),   //SetLength done at start
623           128)) then
624       begin
625         CertName := StrPas(PChar(NameString));  // 120507 JLI Make change in regular
626       end;
627       if CertName = '' then
628       begin
629         if CertGetNameString(pCertContext,1,0,0,
630            PChar(NameString),   //SetLength done at start
631            128) then
632         begin
633           CertName := StrPas(PChar(NameString));
634         end;
635       end;
636       if not (UsrAltName = '') then    // UsrAltName = '' if to get value from card
637       begin
638         if UpperCase(UsrAltName) = UpperCase(CertName) then  // 120619 JLI make non case sensitive
639         begin
640           isAltNameMatched := true;
641         end
642         else
643         begin
644           CertName := '';
645           if CertGetNameString(pCertContext,1,0,0,
646              PChar(NameString),   //SetLength done at start
647              128) then
648           begin
649             CertName := StrPas(PChar(NameString));
650           end;
651           if (UpperCase(UsrAltName) = UpperCase(CertName)) then
652           begin
653             isAltNameMatched := true;
654           end;
655         end;
656       end;
657   
658       DateValid := True;
659       //Check that the time is valid - use current time
660       DateValidValue := CertVerifyTimeValidity(nil, pCertContext.pCertinfo);   // Pointer to CERT_INFO.
661       case DateValidValue of
662         -1: DateValid := False;   //Before the not before time
663          1: DateValid := False;   //After the not after time
664          0: DateValid := True;
665       end;
666       //******************i*********
667   
668   //    TrackingMsg.Add('Checking Cert:');
669   //    TrackingMsg.Add('  CertDisplayName: '+CertDisplayName);
670   //    if isDisplayNameCorrect then
671   //      TrackingMsg.Add('  CertDisplayName is Valid')
672   //    else
673   //      TrackingMsg.Add('  CertDisplayName is NOT Valid');
674   //    TrackingMsg.Add('  Cert Serial Number: '+CertSerialNum);
675   //    TrackingMsg.Add('  Not After Date: '+NotAfterDate);
676   //    if Signing then
677   //      TrackingMsg.Add('  Is Signing Cert: true')
678   //    else
679   //      TrackingMsg.Add('  Is Signing Cert: false');
680   //    TrackingMsg.Add('  CertName: '+CertName);
681       if not (UsrAltName = '') then
682       begin
683         if isAltNameMatched then
684           TrackingMsg.Add('  User SAN is Matched')
685         else
686           TrackingMsg.Add('  User SAN is NOT Matched');
687       end
688       else if isDisplayNameCorrect and signing and dateValid and not (CertName = '') then
689       begin
690         SANFromCard := CertName;
691         Result := true;
692         exit
693       end;
694   
695       if DateValidValue = -1 then
696         TrackingMsg.Add('  Certificate is not valid yet')
697       else if DateValidValue = 1 then
698         TrackingMsg.Add('  Certificate has expired');
699   
700       InvalidDateLine := '';
701       if not IgnoreDates then
702       begin
703         if isDisplayNameCorrect and signing and isAltNameMatched then  // JLI 120619 only display if matches criteria
704         begin
705           if DateValidValue = -1 then
706             InvalidDateLine := 'Certificate is not valid yet'
707           else if DateValidValue = 1 then
708             InvalidDateLine := 'Certificate has expired';
709         end;
710       end; // not ignoreDates
711   
712       RevocationStatusOK := true;
713       if isAltNameMatched then
714           if isDisplayNameCorrect then
715             if Signing then
716               if DateValid then
717               begin
718                 rgExtension := pCertContext.pCertInfo.rgExtension;
719                 cExtension := pCertContext.pCertInfo.cExtension;
720                 // see if we get the CRL dist point
721                 pce := CertFindExtension(PChar('2.5.29.31'), cExtension, rgExtension);
722                 if pce <> nil then
723                   CRLURL := CRLDistPoint(pce.Value.pbData, pce.Value.cbData);
724                 RevocationStatusOK := true;
725                 if not IgnoreRevoked then
726                 begin
727                   RevocationStatusOK := Revco;  //Check Revocation Status
728                 end;  // not IgnoreRevoked
729                 if DateValid then
730                   MasterDateValid := True;
731       end; //if FoundObjID and Signing and DateValid then
732   
733       //Set Status, Did we find a good one.
734       Status := DateValid and isAltNameMatched
735                 and Signing and RevocationStatusOK
736                 and isDisplayNameCorrect;
737   
738       if (not Status) and isAltNameMatched and Signing and isDisplayNameCorrect then
739       begin
740         Reason := '';
741         if not DateValid then
742           Reason := InvalidDateLine
743         else if not RevocationStatusOK then
744           Reason := RevocationReason;
745       end;    
746   
747       if CertName = '' then Status := False;
748   
749       //Only get the next Cert if Status is false.
750       if Status = False then  //--- Get the next certificate
751           pCertContext := CertEnumCertificatesInStore(hCertStore, pCertContext);
752     end; // while (pCertContext <> nil) and (STATUS = False) do
753     //*******************************************************************
754     if Status = True then
755     begin  //We found a Cert, get more data on it.
756       MasterCertChain := true;
757       if not fIgnoreMasterChain then
758       begin
759         //Need to look at which properties we need.
760         MasterCertChain := CertChainCheck(pCertContext);
761         if not MasterCertChain then
762         begin
763           Reason := 'Problems with verifying certificate chain of authority';
764           TrackingMsg.Add('MasterCertChain returned False');
765         end;
766       end; // if not fIgnoreMasterChain
767     end; //end if status
768   
769     if (not Status) and (not (InvalidDateLine = '')) then
770       ShowMessage(InvalidDateLine);
771     Result := Status and MasterCertChain;
772   end;