/// <summary>
///
/// </summary>
/// <param name="settings"></param>
private void InitializePkcs11(TokenSettings settings)
{
m_pkcs11 = new Pkcs11(settings.Pkcs11LibraryPath, settings.UseOsLocking);
m_slot = Pkcs11Util.FindSlot(m_pkcs11, settings);
if (m_slot == null)
{
throw new HsmInitException(
string.Format(
"Did not find an available slot with TokenLable:{0}",
settings.TokenLabel));
}
}
/// <summary>
/// Finds slot containing the token that matches criteria specified in <see cref="TokenSettings"/> class
/// </summary>
/// <param name='pkcs11'>Initialized PKCS11 wrapper</param>
/// <param name="settings"></param>
/// <returns>Slot containing the token that matches criteria in <see cref="TokenSettings"/></returns>
public static Slot FindSlot(Pkcs11 pkcs11, TokenSettings settings)
{
// Get list of available slots with token present
var slots = pkcs11.GetSlotList(true);
// No criteria, not go.
if (settings.TokenLabel == null)
{
return(null);
}
foreach (var slot in slots)
{
TokenInfo tokenInfo = null;
try
{
tokenInfo = slot.GetTokenInfo();
}
catch (Pkcs11Exception ex)
{
if (ex.RV != CKR.CKR_TOKEN_NOT_RECOGNIZED &&
ex.RV != CKR.CKR_TOKEN_NOT_PRESENT)
{
throw;
}
}
if (tokenInfo == null)
{
continue;
}
if (!String.IsNullOrEmpty(settings.TokenLabel))
{
if (0 != String.Compare(
settings.TokenLabel,
tokenInfo.Label,
StringComparison.Ordinal))
{
continue;
}
}
return(slot);
}
return(null);
}
/// <summary>
/// From PKCS#11 V2.20: CRYPTOGRAPHIC TOKEN INTERFACE STANDARD, section 6.7.4 Session events.
///
/// In Cryptoki, all sessions that an application has with a token must have the same
/// login/logout status(i.e., for a given application and token, one of the following holds: all
/// sessions are public sessions; all sessions are SO sessions; or all sessions are user
/// sessions). When an application’s session logs into a token, all of that application’s
/// sessions with that token become logged in, and when an application’s session logs out of
/// a token, all of that application’s sessions with that token become logged out. Similarly,
/// for example, if an application already has a R/O user session open with a token, and then
/// opens a R/W session with that token, the R/W session is automatically logged in.
/// </summary>
/// <param name="settings"></param>
private void EnsureLoggedInSession(TokenSettings settings)
{
m_sessionApplication = m_slot.OpenSession(true);
var sessionInfo = m_sessionApplication.GetSessionInfo();
//
// If another session has logged in then we should also be logged in.
//
if (sessionInfo.State != CKS.CKS_RO_USER_FUNCTIONS)
{
m_sessionApplication.Login(CKU.CKU_USER, settings.NormalUserPin);
}
m_loggedIn = true;
}
/// <summary>
/// Initializes an instance, specifying the encryption and digest algorithm to use.
/// </summary>
/// <param name="settings"><see cref="TokenSettings"/></param>
public void Init(TokenSettings settings)
{
lock (settings)
{
try
{
m_tokenSettings = settings;
EncryptionAlgorithm = settings.DefaultEncryption;
DigestAlgorithm = settings.DefaultDigest;
IncludeMultipartEpilogueInSignature = true;
IncludeCertChainInSignature = X509IncludeOption.EndCertOnly;
InitializePkcs11(settings);
EnsureLoggedInSession(settings);
}
catch (Exception ex)
{
Error.NotifyEvent(this, ex);
}
}
}
