public async Task pinning_UserPinPolicy()
{
var policy = new PinPolicy();
policy.AddOrUpdateRegion("FRA1", 1);
var r = await this.client.Pinning.UserPinPolicyAsync(policy);
}
public CommandHandlerBuilder WithShowExtendedPinPolicy()
{
_prerequisites.Enqueue(_validator.CanUseExtendedPinPolicies);
_commands.Enqueue(() =>
{
try
{
_logger.LogInformation(_logMessageBuilder.WithTokenId(Resources.GetExtendedPinPolicies));
PinPolicy pinPolicy = PinPolicyWorker.GetPinPolicy(_slot);
byte MinPinLength = Math.Max(pinPolicy.MinPinLength.GetValueOrDefault(), Convert.ToByte(_runtimeTokenParams.MinUserPinLenFromToken));
Console.WriteLine(Resources.MinPinLengthDesc, MinPinLength);
Console.WriteLine(Resources.PinHistoryDepthDesc, pinPolicy.PinHistoryDepth);
Console.WriteLine(Resources.AllowDefaultPinUsageDesc, pinPolicy.AllowDefaultPinUsage);
Console.WriteLine(Resources.PinContainsDigitDesc, pinPolicy.PinContainsDigit);
Console.WriteLine(Resources.PinContainsUpperLetterDesc, pinPolicy.PinContainsUpperLetter);
Console.WriteLine(Resources.PinContainsLowerLetterDesc, pinPolicy.PinContainsLowerLetter);
Console.WriteLine(Resources.PinContainsSpecCharDesc, pinPolicy.PinContainsSpecChar);
Console.WriteLine(Resources.RestrictOneCharPinDesc, pinPolicy.RestrictOneCharPin);
Console.WriteLine(Resources.AllowChangePinPolicyDesc, pinPolicy.AllowChangePinPolicy);
Console.WriteLine(Resources.RemovePinPolicyAfterFormatDesc, pinPolicy.RemovePinPolicyAfterFormat);
}
catch
{
_logger.LogError(_logMessageBuilder.WithTokenId(Resources.GetExtendedPinPoliciesFailed));
throw;
}
});
return(this);
}
public CommandLineOptions()
{
GenerateActivationPasswords = new List <string>();
FormatVolumeParams = new List <string>();
ChangeVolumeAttributes = new List <string>();
LoginWithLocalPin = new List <string>();
SetLocalPin = new List <string>();
ExcludedTokens = new List <string>();
PinPolicy = new PinPolicy();
}
public static void SetPinPolicy(IRutokenSlot slot, string adminPin, PinPolicy pinPolicy)
{
var operationParams = new PinPolicyChangeOperationParams
{
LoginType = CKU.CKU_SO,
LoginPin = adminPin,
PinPolicy = pinPolicy
};
new PinPolicyChangeOperation().Invoke(slot, operationParams);
}
public async Task pinning_HashPinPolicy_set()
{
var policy = new PinPolicy();
policy.AddOrUpdateRegion("NYC1", 1);
policy.AddOrUpdateRegion("FRA1", 0);
var hash = "QmR9HwzakHVr67HFzzgJHoRjwzTTt4wtD6KU4NFe2ArYuj";
var r = await this.client.Pinning.HashPinPolicyAsync(hash, policy);
}
public async Task new_user_pin_policy()
{
this.server.RespondWithJsonTestFile();
var policy = new PinPolicy();
policy.AddOrUpdateRegion("FRA1", 1);
var r = await this.client.Pinning.UserPinPolicyAsync(policy);
var expectedBody = @"{""newPinPolicy"":{""regions"":[{""id"":""FRA1"",""desiredReplicationCount"":1}]},""migratePreviousPins"":false}";
this.server.ShouldHaveCalledPath("/pinning/userPinPolicy")
.WithVerb(Put)
.WithExactBody(expectedBody);
await Verify(r);
}
public void _HL_35_03_SetPinPolicy_Test()
{
using (var pkcs11 = Settings.Factories.RutokenPkcs11LibraryFactory.LoadRutokenPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
var slot = Helpers.GetUsableSlot(pkcs11);
// Open RO session
using (var session = (IRutokenSession)slot.OpenSession(SessionType.ReadWrite))
{
session.Login(CKU.CKU_SO, Settings.SecurityOfficerPin);
try
{
if (!session.PinPolicySupports(CKU.CKU_USER))
{
Console.WriteLine("Token doesn't support PIN-policies");
return;
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
return;
}
PinPolicy pinPolicy = new PinPolicy();
pinPolicy.MinPinLength = 0;
pinPolicy.PinHistoryDepth = 0;
//pinPolicy.AllowDefaultPinUsage = true;
pinPolicy.PinContainsDigit = false;
pinPolicy.PinContainsUpperLetter = false;
pinPolicy.PinContainsLowerLetter = false;
pinPolicy.PinContainsSpecChar = false;
pinPolicy.RestrictOneCharPin = false;
//pinPolicy.AllowChangePinPolicy = true;
//pinPolicy.RemovePinPolicyAfterFormat = true;
session.SetPinPolicy(pinPolicy, CKU.CKU_USER);
session.Logout();
}
}
}
public void _HL_35_02_GetPinPolicy_Test()
{
using (var pkcs11 = Settings.Factories.RutokenPkcs11LibraryFactory.LoadRutokenPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
var slot = Helpers.GetUsableSlot(pkcs11);
// Open RO session
using (var session = (IRutokenSession)slot.OpenSession(SessionType.ReadOnly))
{
try
{
if (!session.PinPolicySupports(CKU.CKU_USER))
{
Console.WriteLine("Token doesn't support PIN-policies");
return;
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
return;
}
PinPolicy pinPolicy = session.GetPinPolicy(CKU.CKU_USER);
Console.WriteLine("Min PIN Length: " + pinPolicy.MinPinLength);
Console.WriteLine("PIN history depth: " + pinPolicy.PinHistoryDepth);
Console.WriteLine("Allow default PIN-code usage: " + pinPolicy.AllowDefaultPinUsage);
Console.WriteLine("PIN requeres digits: " + pinPolicy.PinContainsDigit);
Console.WriteLine("PIN requeres uppercase chars: " + pinPolicy.PinContainsUpperLetter);
Console.WriteLine("PIN requeres lowercase chars: " + pinPolicy.PinContainsLowerLetter);
Console.WriteLine("PIN requeres spec chars: " + pinPolicy.PinContainsSpecChar);
Console.WriteLine("PIN requeres different char usage: " + pinPolicy.RestrictOneCharPin);
Console.WriteLine("PIN policy is modifiable by Admin: " + pinPolicy.AllowChangePinPolicy);
Console.WriteLine("PIN policy will be deleted after formating: " + pinPolicy.RemovePinPolicyAfterFormat);
}
}
}
public async Task change_hash_pinpolicy()
{
this.server.RespondWith("OK");
var policy = new PinPolicy();
policy.AddOrUpdateRegion("NYC1", 1);
policy.AddOrUpdateRegion("FRA1", 0);
var hash = "QmR9HwzakHVr67HFzzgJHoRjwzTTt4wtD6KU4NFe2ArYuj";
var expectedBody = @"{""ipfsPinHash"":""QmR9HwzakHVr67HFzzgJHoRjwzTTt4wtD6KU4NFe2ArYuj"",""newPinPolicy"":{""regions"":[{""id"":""NYC1"",""desiredReplicationCount"":1},{""id"":""FRA1"",""desiredReplicationCount"":0}]}}";
var r = await this.client.Pinning.HashPinPolicyAsync(hash, policy);
var s = await r.GetStringAsync();
s.Should().Be("OK");
this.server.ShouldHaveCalledPath("/pinning/hashPinPolicy")
.WithVerb(Put)
.WithExactBody(expectedBody);
}
public void SetPinPolicy(PinPolicy pinPolicy, CKU userType)
{
if (this._disposed)
{
throw new ObjectDisposedException(this.GetType().FullName);
}
CKR rv;
IObjectHandle pinPolicyObj = GetPinPolicyObject(userType);
CK_ATTRIBUTE[] pinPolicyTemplate = new CK_ATTRIBUTE[10];
NativeULong len = 0;
if (pinPolicy.MinPinLength != null)
{
pinPolicyTemplate[len++] = CkaUtils.CreateAttribute((CKA)Extended_CKA.CKA_VENDOR_PIN_POLICY_MIN_LENGTH, new byte[] { Convert.ToByte(pinPolicy.MinPinLength) });
}
if (pinPolicy.PinHistoryDepth != null)
{
pinPolicyTemplate[len++] = CkaUtils.CreateAttribute((CKA)Extended_CKA.CKA_VENDOR_PIN_POLICY_HISTORY_DEPTH, new byte[] { Convert.ToByte(pinPolicy.PinHistoryDepth) });
}
if (pinPolicy.AllowDefaultPinUsage != null)
{
pinPolicyTemplate[len++] = CkaUtils.CreateAttribute((CKA)Extended_CKA.CKA_VENDOR_PIN_POLICY_ALLOW_DEFAULT_PIN_USAGE, new byte[] { Convert.ToByte(pinPolicy.AllowDefaultPinUsage) });
}
if (pinPolicy.PinContainsDigit != null)
{
pinPolicyTemplate[len++] = CkaUtils.CreateAttribute((CKA)Extended_CKA.CKA_VENDOR_PIN_POLICY_DIGIT_REQUIRED, new byte[] { Convert.ToByte(pinPolicy.PinContainsDigit) });
}
if (pinPolicy.PinContainsUpperLetter != null)
{
pinPolicyTemplate[len++] = CkaUtils.CreateAttribute((CKA)Extended_CKA.CKA_VENDOR_PIN_POLICY_UPPERCASE_REQUIRED, new byte[] { Convert.ToByte(pinPolicy.PinContainsUpperLetter) });
}
if (pinPolicy.PinContainsLowerLetter != null)
{
pinPolicyTemplate[len++] = CkaUtils.CreateAttribute((CKA)Extended_CKA.CKA_VENDOR_PIN_POLICY_LOWERCASE_REQUIRED, new byte[] { Convert.ToByte(pinPolicy.PinContainsLowerLetter) });
}
if (pinPolicy.PinContainsSpecChar != null)
{
pinPolicyTemplate[len++] = CkaUtils.CreateAttribute((CKA)Extended_CKA.CKA_VENDOR_PIN_POLICY_SPEC_CHAR_REQUIRED, new byte[] { Convert.ToByte(pinPolicy.PinContainsSpecChar) });
}
if (pinPolicy.RestrictOneCharPin != null)
{
pinPolicyTemplate[len++] = CkaUtils.CreateAttribute((CKA)Extended_CKA.CKA_VENDOR_PIN_POLICY_DIFF_CHARS_REQUIRED, new byte[] { Convert.ToByte(pinPolicy.RestrictOneCharPin) });
}
if (pinPolicy.AllowChangePinPolicy != null)
{
pinPolicyTemplate[len++] = CkaUtils.CreateAttribute(CKA.CKA_MODIFIABLE, Convert.ToBoolean(pinPolicy.AllowChangePinPolicy));
}
if (pinPolicy.RemovePinPolicyAfterFormat != null)
{
pinPolicyTemplate[len++] = CkaUtils.CreateAttribute((CKA)Extended_CKA.CKA_VENDOR_PIN_POLICIES_DELETABLE, Convert.ToBoolean(pinPolicy.RemovePinPolicyAfterFormat));
}
rv = ((LowLevelAPI81.RutokenPkcs11Library)_pkcs11Library).C_SetAttributeValue(_sessionId, (NativeULong)(pinPolicyObj.ObjectId), pinPolicyTemplate, len);
if (rv != CKR.CKR_OK)
{
throw new Pkcs11Exception("C_GetAttributeValue", rv);
}
}
public PinPolicy GetPinPolicy(CKU userType)
{
if (this._disposed)
{
throw new ObjectDisposedException(this.GetType().FullName);
}
CKR rv;
PinPolicy pinPolicy = new PinPolicy();
IObjectHandle pinPolicyObj = GetPinPolicyObject(userType);
CK_ATTRIBUTE[] pinPolicyTemplate = new CK_ATTRIBUTE[10];
pinPolicyTemplate[0] = CkaUtils.CreateAttribute((CKA)Extended_CKA.CKA_VENDOR_PIN_POLICY_MIN_LENGTH, new byte[1]);
pinPolicyTemplate[1] = CkaUtils.CreateAttribute((CKA)Extended_CKA.CKA_VENDOR_PIN_POLICY_HISTORY_DEPTH, new byte[1]);
pinPolicyTemplate[2] = CkaUtils.CreateAttribute((CKA)Extended_CKA.CKA_VENDOR_PIN_POLICY_ALLOW_DEFAULT_PIN_USAGE, new byte[1]);
pinPolicyTemplate[3] = CkaUtils.CreateAttribute((CKA)Extended_CKA.CKA_VENDOR_PIN_POLICY_DIGIT_REQUIRED, new byte[1]);
pinPolicyTemplate[4] = CkaUtils.CreateAttribute((CKA)Extended_CKA.CKA_VENDOR_PIN_POLICY_UPPERCASE_REQUIRED, new byte[1]);
pinPolicyTemplate[5] = CkaUtils.CreateAttribute((CKA)Extended_CKA.CKA_VENDOR_PIN_POLICY_LOWERCASE_REQUIRED, new byte[1]);
pinPolicyTemplate[6] = CkaUtils.CreateAttribute((CKA)Extended_CKA.CKA_VENDOR_PIN_POLICY_SPEC_CHAR_REQUIRED, new byte[1]);
pinPolicyTemplate[7] = CkaUtils.CreateAttribute((CKA)Extended_CKA.CKA_VENDOR_PIN_POLICY_DIFF_CHARS_REQUIRED, new byte[1]);
pinPolicyTemplate[8] = CkaUtils.CreateAttribute(CKA.CKA_MODIFIABLE, new bool());
pinPolicyTemplate[9] = CkaUtils.CreateAttribute((CKA)Extended_CKA.CKA_VENDOR_PIN_POLICIES_DELETABLE, new bool());
rv = ((LowLevelAPI81.RutokenPkcs11Library)_pkcs11Library).C_GetAttributeValue(_sessionId, (NativeULong)(pinPolicyObj.ObjectId), pinPolicyTemplate, (NativeULong)(pinPolicyTemplate.Length));
if (rv != CKR.CKR_OK)
{
throw new Pkcs11Exception("C_GetAttributeValue", rv);
}
byte[] minPolicyLength;
CkaUtils.ConvertValue(ref pinPolicyTemplate[0], out minPolicyLength);
pinPolicy.MinPinLength = minPolicyLength[0];
byte[] pinHistoryDepth;
CkaUtils.ConvertValue(ref pinPolicyTemplate[1], out pinHistoryDepth);
pinPolicy.PinHistoryDepth = pinHistoryDepth[0];
byte[] allowDefaultPinUsage;
CkaUtils.ConvertValue(ref pinPolicyTemplate[2], out allowDefaultPinUsage);
pinPolicy.AllowDefaultPinUsage = allowDefaultPinUsage[0] != 0;
byte[] pinContainsDigit;
CkaUtils.ConvertValue(ref pinPolicyTemplate[3], out pinContainsDigit);
pinPolicy.PinContainsDigit = pinContainsDigit[0] != 0;
byte[] pinContainsUpperLetter;
CkaUtils.ConvertValue(ref pinPolicyTemplate[4], out pinContainsUpperLetter);
pinPolicy.PinContainsUpperLetter = pinContainsUpperLetter[0] != 0;
byte[] pinContainsLowerLetter;
CkaUtils.ConvertValue(ref pinPolicyTemplate[5], out pinContainsLowerLetter);
pinPolicy.PinContainsLowerLetter = pinContainsLowerLetter[0] != 0;
byte[] pinContainsSpecChar;
CkaUtils.ConvertValue(ref pinPolicyTemplate[6], out pinContainsSpecChar);
pinPolicy.PinContainsSpecChar = pinContainsSpecChar[0] != 0;
byte[] restrictOneCharPin;
CkaUtils.ConvertValue(ref pinPolicyTemplate[7], out restrictOneCharPin);
pinPolicy.RestrictOneCharPin = restrictOneCharPin[0] != 0;
bool allowChangePinPolicy;
CkaUtils.ConvertValue(ref pinPolicyTemplate[8], out allowChangePinPolicy);
pinPolicy.AllowChangePinPolicy = allowChangePinPolicy;
bool removePinPolicyAfterFormat;
CkaUtils.ConvertValue(ref pinPolicyTemplate[9], out removePinPolicyAfterFormat);
pinPolicy.RemovePinPolicyAfterFormat = removePinPolicyAfterFormat;
return(pinPolicy);
}
