|
public CreateObject ( List |
||
| attributes | List |
Object attributes |
| return | ||
/// <summary>
/// Imports the certificate into the PKCS#11 compatible device and pairs it with the corresponding private key
/// </summary>
/// <param name="session">Session with user logged in</param>
/// <param name="certificate">Certificate that should be imported</param>
/// <returns>Handle of created certificate object</returns>
public static ObjectHandle ImportCertificate(Session session, byte[] certificate)
{
// Parse certificate
X509CertificateParser x509CertificateParser = new X509CertificateParser();
X509Certificate x509Certificate = x509CertificateParser.ReadCertificate(certificate);
// Get public key from certificate
AsymmetricKeyParameter pubKeyParams = x509Certificate.GetPublicKey();
if (!(pubKeyParams is RsaKeyParameters))
throw new NotSupportedException("Currently only RSA keys are supported");
RsaKeyParameters rsaPubKeyParams = (RsaKeyParameters)pubKeyParams;
// Find corresponding private key
List<ObjectAttribute> privKeySearchTemplate = new List<ObjectAttribute>();
privKeySearchTemplate.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY));
privKeySearchTemplate.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_RSA));
privKeySearchTemplate.Add(new ObjectAttribute(CKA.CKA_MODULUS, rsaPubKeyParams.Modulus.ToByteArrayUnsigned()));
privKeySearchTemplate.Add(new ObjectAttribute(CKA.CKA_PUBLIC_EXPONENT, rsaPubKeyParams.Exponent.ToByteArrayUnsigned()));
List<ObjectHandle> foundObjects = session.FindAllObjects(privKeySearchTemplate);
if (foundObjects.Count != 1)
throw new ObjectNotFoundException("Corresponding RSA private key not found");
ObjectHandle privKeyObjectHandle = foundObjects[0];
// Read CKA_LABEL and CKA_ID attributes of private key
List<CKA> privKeyAttrsToRead = new List<CKA>();
privKeyAttrsToRead.Add(CKA.CKA_LABEL);
privKeyAttrsToRead.Add(CKA.CKA_ID);
List<ObjectAttribute> privKeyAttributes = session.GetAttributeValue(privKeyObjectHandle, privKeyAttrsToRead);
// Define attributes of new certificate object
List<ObjectAttribute> certificateAttributes = new List<ObjectAttribute>();
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_MODIFIABLE, true));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, privKeyAttributes[0].GetValueAsString()));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_CERTIFICATE_TYPE, CKC.CKC_X_509));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_TRUSTED, false));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_SUBJECT, x509Certificate.SubjectDN.GetDerEncoded()));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_ID, privKeyAttributes[1].GetValueAsByteArray()));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_ISSUER, x509Certificate.IssuerDN.GetDerEncoded()));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_SERIAL_NUMBER, new DerInteger(x509Certificate.SerialNumber).GetDerEncoded()));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_VALUE, x509Certificate.GetEncoded()));
// Create certificate object
return session.CreateObject(certificateAttributes);
}
/// <summary>
/// Imports trusted certificate into the PKCS#11 compatible device
/// </summary>
/// <param name="session">Session with user logged in</param>
/// <param name="certificate">Certificate that should be imported</param>
/// <param name="ckaLabel">Value of CKA_LABEL attribute</param>
/// <param name="ckaId">Value of CKA_ID attribute</param>
/// <returns>Handle of created certificate object</returns>
public static ObjectHandle ImportTrustedCertificate(Session session, byte[] certificate, string ckaLabel, byte[] ckaId)
{
// Parse certificate
X509CertificateParser x509CertificateParser = new X509CertificateParser();
X509Certificate x509Certificate = x509CertificateParser.ReadCertificate(certificate);
// Define attributes of new certificate object
List<ObjectAttribute> certificateAttributes = new List<ObjectAttribute>();
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_MODIFIABLE, true));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, ckaLabel));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_CERTIFICATE_TYPE, CKC.CKC_X_509));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_TRUSTED, true));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_SUBJECT, x509Certificate.SubjectDN.GetDerEncoded()));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_ISSUER, x509Certificate.IssuerDN.GetDerEncoded()));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_SERIAL_NUMBER, new DerInteger(x509Certificate.SerialNumber).GetDerEncoded()));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_VALUE, x509Certificate.GetEncoded()));
// Create certificate object
return session.CreateObject(certificateAttributes);
}
/// <summary>
/// Creates the data object.
/// </summary>
/// <param name='session'>Read-write session with user logged in</param>
/// <returns>Object handle</returns>
public static ObjectHandle CreateDataObject(Session session)
{
// Prepare attribute template of new data object
List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_DATA));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_APPLICATION, Settings.ApplicationName));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, Settings.ApplicationName));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_VALUE, "Data object content"));
// Create object
return session.CreateObject(objectAttributes);
}