public void ReadTokens(List <PgpToken> ltTokens)
{
ITokenInfo TokenInfo;
List <ISlot> ltSlots;
PgpToken Token;
if (isWithOpenSc)
{
ltTokens.RemoveAll(t => t.isOnSmartCard);
ltSlots = _Pkcs11Library.GetSlotList(SlotsType.WithTokenPresent);
if (ltSlots != null)
{
foreach (ISlot Slot in ltSlots)
{
TokenInfo = Slot.GetTokenInfo();
Token = ltTokens.Find(t => t.sSerialNumber == TokenInfo.SerialNumber);
if (Token == null)
{
Token = new PgpToken(TokenInfo, this);
ltTokens.Add(Token);
}
AddKeysToToken(Slot, Token);
}
}
}
}
public Pkcs11Signature(string libraryPath, ulong slotId)
{
Pkcs11InteropFactories factories = new Pkcs11InteropFactories();
pkcs11Library = factories.Pkcs11LibraryFactory.LoadPkcs11Library(factories, libraryPath, AppType.MultiThreaded);
slot = pkcs11Library.GetSlotList(SlotsType.WithOrWithoutTokenPresent).Find(slot => slot.SlotId == slotId);
}
private List <Pkcs11Slot> GetPkcs11Slots()
{
List <Pkcs11Slot> slots = new List <Pkcs11Slot>();
foreach (ISlot slot in _pkcs11Library.GetSlotList(SlotsType.WithOrWithoutTokenPresent))
{
slots.Add(new Pkcs11Slot(slot));
}
return(slots);
}
public void _01_SlotListTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Get list of available slots
List <ISlot> slots = pkcs11Library.GetSlotList(SlotsType.WithOrWithoutTokenPresent);
// Do something interesting with slots
Assert.IsNotNull(slots);
Assert.IsTrue(slots.Count > 0);
}
}
/// <summary>
/// Obtains a list of all PKCS#11 URI matching slots
/// </summary>
/// <param name="pkcs11Uri">PKCS#11 URI</param>
/// <param name="pkcs11Library">High level PKCS#11 wrapper</param>
/// <param name="slotsType">Type of slots to be obtained</param>
/// <returns>List of slots matching PKCS#11 URI</returns>
public static List <ISlot> GetMatchingSlotList(Pkcs11Uri pkcs11Uri, IPkcs11Library pkcs11Library, SlotsType slotsType)
{
if (pkcs11Uri == null)
{
throw new ArgumentNullException("pkcs11Uri");
}
if (pkcs11Library == null)
{
throw new ArgumentNullException("pkcs11Library");
}
List <ISlot> matchingSlots = new List <ISlot>();
ILibraryInfo libraryInfo = pkcs11Library.GetInfo();
if (!Matches(pkcs11Uri, libraryInfo))
{
return(matchingSlots);
}
List <ISlot> slots = pkcs11Library.GetSlotList(SlotsType.WithOrWithoutTokenPresent);
if ((slots == null) || (slots.Count == 0))
{
return(matchingSlots);
}
foreach (ISlot slot in slots)
{
ISlotInfo slotInfo = slot.GetSlotInfo();
if (Matches(pkcs11Uri, slotInfo))
{
if (slotInfo.SlotFlags.TokenPresent)
{
ITokenInfo tokenInfo = slot.GetTokenInfo();
if (Matches(pkcs11Uri, tokenInfo))
{
matchingSlots.Add(slot);
}
}
else
{
if (slotsType == SlotsType.WithOrWithoutTokenPresent && Pkcs11UriSharedUtils.Matches(pkcs11Uri, null, null, null, null))
{
matchingSlots.Add(slot);
}
}
}
}
return(matchingSlots);
}
public void TestAccess()
{
// Specify the path to unmanaged PKCS#11 library provided by the cryptographic device vendor
string pkcs11LibraryPath = @"d:\Program Files\SoftHSM2\lib\softhsm2-x64.dll";
// Create factories used by Pkcs11Interop library
Pkcs11InteropFactories factories = new Pkcs11InteropFactories();
// Load unmanaged PKCS#11 library
using (IPkcs11Library pkcs11Library = factories.Pkcs11LibraryFactory.LoadPkcs11Library(factories, pkcs11LibraryPath, AppType.MultiThreaded))
{
// Show general information about loaded library
ILibraryInfo libraryInfo = pkcs11Library.GetInfo();
Console.WriteLine("Library");
Console.WriteLine(" Manufacturer: " + libraryInfo.ManufacturerId);
Console.WriteLine(" Description: " + libraryInfo.LibraryDescription);
Console.WriteLine(" Version: " + libraryInfo.LibraryVersion);
// Get list of all available slots
foreach (ISlot slot in pkcs11Library.GetSlotList(SlotsType.WithOrWithoutTokenPresent))
{
// Show basic information about slot
ISlotInfo slotInfo = slot.GetSlotInfo();
Console.WriteLine();
Console.WriteLine("Slot");
Console.WriteLine(" Manufacturer: " + slotInfo.ManufacturerId);
Console.WriteLine(" Description: " + slotInfo.SlotDescription);
Console.WriteLine(" Token present: " + slotInfo.SlotFlags.TokenPresent);
if (slotInfo.SlotFlags.TokenPresent)
{
// Show basic information about token present in the slot
ITokenInfo tokenInfo = slot.GetTokenInfo();
Console.WriteLine("Token");
Console.WriteLine(" Manufacturer: " + tokenInfo.ManufacturerId);
Console.WriteLine(" Model: " + tokenInfo.Model);
Console.WriteLine(" Serial number: " + tokenInfo.SerialNumber);
Console.WriteLine(" Label: " + tokenInfo.Label);
// Show list of mechanisms (algorithms) supported by the token
Console.WriteLine("Supported mechanisms: ");
foreach (CKM mechanism in slot.GetMechanismList())
{
Console.WriteLine(" " + mechanism);
}
}
}
}
}
public ActionResult GetAllCerts()
{
Pkcs11InteropFactories factories = new Pkcs11InteropFactories();
using (IPkcs11Library pkcs11Library = factories.Pkcs11LibraryFactory.LoadPkcs11Library(factories, DllLibPath, AppType.MultiThreaded))
{
ISlot slot = pkcs11Library.GetSlotList(SlotsType.WithTokenPresent).FirstOrDefault();
if (slot is null)
{
return(Ok("No slots found"));
}
ITokenInfo tokenInfo = slot.GetTokenInfo();
ISlotInfo slotInfo = slot.GetSlotInfo();
using (var session = slot.OpenSession(SessionType.ReadWrite))
{
session.Login(CKU.CKU_USER, Encoding.UTF8.GetBytes(TokenPin));
var certificateSearchAttributes = new List <IObjectAttribute>()
{
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE),
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true),
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CERTIFICATE_TYPE, CKC.CKC_X_509)
};
IObjectHandle certificate = session.FindAllObjects(certificateSearchAttributes).FirstOrDefault();
var certificateValue = session.GetAttributeValue(certificate, new List <CKA>
{
CKA.CKA_VALUE
});
var xcert = new X509Certificate2(certificateValue[0].GetValueAsByteArray());
return(Ok(
new
{
xcert.Thumbprint,
xcert.Subject,
xcert.IssuerName,
hasKeyNull = xcert.PrivateKey is null
}));
public PkcsInteropSigner()
{
Pkcs11InteropFactories factories = new Pkcs11InteropFactories();
pkcs11Library = factories.Pkcs11LibraryFactory.LoadPkcs11Library(factories, pkcs11LibraryPath, AppType.MultiThreaded);
var slots = pkcs11Library.GetSlotList(SlotsType.WithTokenPresent);
if (slots.Count == 0)
{
throw new InstanceCreationException("Por favor, verifique que el lector está conectado y que la cédula fue insertada correctamente.");
}
slot = slots[0];
}
public void _03_SlotInfoMatches()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
List <ISlot> slots = pkcs11Library.GetSlotList(SlotsType.WithTokenPresent);
Assert.IsTrue(slots != null && slots.Count > 0);
ISlotInfo slotInfo = slots[0].GetSlotInfo();
// Empty URI
Pkcs11Uri pkcs11uri = new Pkcs11Uri(@"pkcs11:");
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, slotInfo));
// Unknown path attribute in URI
pkcs11uri = new Pkcs11Uri(@"pkcs11:vendor=foobar");
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, slotInfo));
// All attributes matching
Pkcs11UriBuilder pkcs11UriBuilder = new Pkcs11UriBuilder();
pkcs11UriBuilder.SlotManufacturer = slotInfo.ManufacturerId;
pkcs11UriBuilder.SlotDescription = slotInfo.SlotDescription;
pkcs11UriBuilder.SlotId = slotInfo.SlotId;
pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri();
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, slotInfo));
// Manufacturer nonmatching
pkcs11UriBuilder = new Pkcs11UriBuilder();
pkcs11UriBuilder.SlotManufacturer = "foobar";
pkcs11UriBuilder.SlotDescription = slotInfo.SlotDescription;
pkcs11UriBuilder.SlotId = slotInfo.SlotId;
pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri();
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, slotInfo));
// Description nonmatching
pkcs11UriBuilder = new Pkcs11UriBuilder();
pkcs11UriBuilder.SlotManufacturer = slotInfo.ManufacturerId;
pkcs11UriBuilder.SlotDescription = "foobar";
pkcs11UriBuilder.SlotId = slotInfo.SlotId;
pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri();
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, slotInfo));
// Slot id nonmatching
pkcs11UriBuilder = new Pkcs11UriBuilder();
pkcs11UriBuilder.SlotManufacturer = slotInfo.ManufacturerId;
pkcs11UriBuilder.SlotDescription = slotInfo.SlotDescription;
pkcs11UriBuilder.SlotId = slotInfo.SlotId + 1;
pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri();
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, slotInfo));
}
}
public void _06_GetMatchingSlotList()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Get all slots
List <ISlot> allSlots = pkcs11Library.GetSlotList(SlotsType.WithTokenPresent);
Assert.IsTrue(allSlots != null && allSlots.Count > 0);
// Empty URI
Pkcs11Uri pkcs11uri = new Pkcs11Uri(@"pkcs11:");
List <ISlot> matchedSlots = Pkcs11UriUtils.GetMatchingSlotList(pkcs11uri, pkcs11Library, SlotsType.WithTokenPresent);
Assert.IsTrue(matchedSlots.Count == allSlots.Count);
// Unknown path attribute in URI
pkcs11uri = new Pkcs11Uri(@"pkcs11:vendor=foobar");
matchedSlots = Pkcs11UriUtils.GetMatchingSlotList(pkcs11uri, pkcs11Library, SlotsType.WithTokenPresent);
Assert.IsTrue(matchedSlots.Count == 0);
// All attributes matching one slot
ILibraryInfo libraryInfo = pkcs11Library.GetInfo();
ISlotInfo slotInfo = allSlots[0].GetSlotInfo();
ITokenInfo tokenInfo = allSlots[0].GetTokenInfo();
Pkcs11UriBuilder pkcs11UriBuilder = new Pkcs11UriBuilder();
pkcs11UriBuilder.LibraryManufacturer = libraryInfo.ManufacturerId;
pkcs11UriBuilder.LibraryDescription = libraryInfo.LibraryDescription;
pkcs11UriBuilder.LibraryVersion = libraryInfo.LibraryVersion;
pkcs11UriBuilder.SlotManufacturer = slotInfo.ManufacturerId;
pkcs11UriBuilder.SlotDescription = slotInfo.SlotDescription;
pkcs11UriBuilder.SlotId = slotInfo.SlotId;
pkcs11UriBuilder.Token = tokenInfo.Label;
pkcs11UriBuilder.Manufacturer = tokenInfo.ManufacturerId;
pkcs11UriBuilder.Serial = tokenInfo.SerialNumber;
pkcs11UriBuilder.Model = tokenInfo.Model;
pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri();
matchedSlots = Pkcs11UriUtils.GetMatchingSlotList(pkcs11uri, pkcs11Library, SlotsType.WithTokenPresent);
Assert.IsTrue(matchedSlots.Count == 1);
// One attribute nonmatching
pkcs11UriBuilder.Serial = "foobar";
pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri();
matchedSlots = Pkcs11UriUtils.GetMatchingSlotList(pkcs11uri, pkcs11Library, SlotsType.WithTokenPresent);
Assert.IsTrue(matchedSlots.Count == 0);
}
}
public void _02_BasicSlotListAndInfoTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Get list of available slots
List <ISlot> slots = pkcs11Library.GetSlotList(SlotsType.WithOrWithoutTokenPresent);
// Do something interesting with slots
Assert.IsNotNull(slots);
Assert.IsTrue(slots.Count > 0);
// Analyze first slot
ISlotInfo slotInfo = slots[0].GetSlotInfo();
// Do something interesting with slot info
Assert.IsNotNull(slotInfo.ManufacturerId);
}
}
public void TestAccessKeyAndCertificate()
{
// Specify the path to unmanaged PKCS#11 library provided by the cryptographic device vendor
string pkcs11LibraryPath = @"d:\Program Files\SoftHSM2\lib\softhsm2-x64.dll";
Pkcs11InteropFactories factories = new Pkcs11InteropFactories();
using (IPkcs11Library pkcs11Library = factories.Pkcs11LibraryFactory.LoadPkcs11Library(factories, pkcs11LibraryPath, AppType.MultiThreaded))
{
ISlot slot = pkcs11Library.GetSlotList(SlotsType.WithTokenPresent).Find(slot => slot.SlotId == 171137967);
Assert.IsNotNull(slot, "Slot with ID 171137967 does not exist or does not have token.");
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, "5678");
List <IObjectAttribute> attributes = new List <IObjectAttribute>();
ObjectAttributeFactory objectAttributeFactory = new ObjectAttributeFactory();
attributes.Add(objectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY));
List <IObjectHandle> keys = session.FindAllObjects(attributes);
Assert.AreEqual(1, keys.Count, "Unexpected number of private keys: {0}", keys.Count);
attributes.Clear();
attributes.Add(objectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE));
attributes.Add(objectAttributeFactory.Create(CKA.CKA_CERTIFICATE_TYPE, CKC.CKC_X_509));
List <IObjectHandle> certificates = session.FindAllObjects(attributes);
Assert.AreEqual(1, certificates.Count, "Unexpected number of certificates: {0}", certificates.Count);
List <CKA> certificateAttributeKeys = new List <CKA>();
certificateAttributeKeys.Add(CKA.CKA_VALUE);
certificateAttributeKeys.Add(CKA.CKA_LABEL);
List <IObjectAttribute> certificateAttributes = session.GetAttributeValue(certificates[0], certificateAttributeKeys);
Assert.AreEqual(2, certificateAttributes.Count, "Unexpected number of certificate attributes: {0}", certificateAttributes.Count);
string certificateLabel = certificateAttributes[1].GetValueAsString();
Console.WriteLine("Certificate label: {0}", certificateLabel);
byte[] certificateBytes = certificateAttributes[0].GetValueAsByteArray();
X509Certificate2 certificate = new X509Certificate2(certificateBytes);
Console.WriteLine("Subject: {0}", certificate.Subject.ToString());
}
}
}
public static ISlot GetUsableSlot(IPkcs11Library pkcs11Library)
{
// Get list of available slots with token present
List <ISlot> slots = pkcs11Library.GetSlotList(SlotsType.WithTokenPresent);
// First slot with token present is OK...
ISlot matchingSlot = slots[0];
// ...unless there are matching criteria specified in Settings class
{
matchingSlot = null;
foreach (ISlot slot in slots)
{
ITokenInfo tokenInfo = null;
try
{
tokenInfo = slot.GetTokenInfo();
}
catch (Pkcs11Exception ex)
{
if (ex.RV != CKR.CKR_TOKEN_NOT_RECOGNIZED && ex.RV != CKR.CKR_TOKEN_NOT_PRESENT)
{
throw;
}
}
if (tokenInfo == null)
{
continue;
}
matchingSlot = slot;
break;
}
}
return(matchingSlot);
}
public ActionResult GetAllTokenDetails()
{
Pkcs11InteropFactories factories = new Pkcs11InteropFactories();
List <ITokenInfo> tokens = new List <ITokenInfo>();
List <ISlotInfo> slots = new List <ISlotInfo>();
using (IPkcs11Library pkcs11Library = factories.Pkcs11LibraryFactory.LoadPkcs11Library(factories, DllLibPath, AppType.MultiThreaded))
{
var slotList = pkcs11Library.GetSlotList(SlotsType.WithTokenPresent).ToList();
slotList.ForEach(item =>
{
tokens.Add(item.GetTokenInfo());
slots.Add(item.GetSlotInfo());
});
return(Ok(new
{
tokens,
slots
}));
}
}
/// <summary>
/// Finds slot containing the token that matches criteria specified in Settings class
/// </summary>
/// <param name='pkcs11Library'>Initialized PKCS11 wrapper</param>
/// <returns>Slot containing the token that matches criteria</returns>
public static ISlot GetUsableSlot(IPkcs11Library pkcs11Library)
{
// Get list of available slots with token present
List <ISlot> slots = pkcs11Library.GetSlotList(SlotsType.WithTokenPresent);
Assert.IsNotNull(slots);
Assert.IsTrue(slots.Count > 0);
// First slot with token present is OK...
ISlot matchingSlot = slots[0];
// ...unless there are matching criteria specified in Settings class
if (Settings.TokenSerial != null || Settings.TokenLabel != null)
{
matchingSlot = null;
foreach (ISlot slot in slots)
{
ITokenInfo tokenInfo = null;
try
{
tokenInfo = slot.GetTokenInfo();
}
catch (Pkcs11Exception ex)
{
if (ex.RV != CKR.CKR_TOKEN_NOT_RECOGNIZED && ex.RV != CKR.CKR_TOKEN_NOT_PRESENT)
{
throw;
}
}
if (tokenInfo == null)
{
continue;
}
if (!string.IsNullOrEmpty(Settings.TokenSerial))
{
if (0 != string.Compare(Settings.TokenSerial, tokenInfo.SerialNumber, StringComparison.Ordinal))
{
continue;
}
}
if (!string.IsNullOrEmpty(Settings.TokenLabel))
{
if (0 != string.Compare(Settings.TokenLabel, tokenInfo.Label, StringComparison.Ordinal))
{
continue;
}
}
matchingSlot = slot;
break;
}
}
Assert.IsTrue(matchingSlot != null, "Token matching criteria specified in Settings class is not present");
return(matchingSlot);
}
private static void InitializeTokens()
{
Pkcs11InteropFactories factories = new Pkcs11InteropFactories();
// Initialize tokens and import objects
using (IPkcs11Library pkcs11Library = factories.Pkcs11LibraryFactory.LoadPkcs11Library(factories, LibraryPath, AppType.MultiThreaded))
{
// Initialize first token
List <ISlot> slots = pkcs11Library.GetSlotList(SlotsType.WithOrWithoutTokenPresent);
if (slots.Count != 1)
{
return; // Already initialized
}
else
{
InitializeToken(slots[0], Token1Label, Token1SoPin, Token1UserPin);
}
// Initialize second token
slots = pkcs11Library.GetSlotList(SlotsType.WithOrWithoutTokenPresent);
if (slots.Count != 2)
{
throw new Exception("Unexpected number of slots");
}
else
{
InitializeToken(slots[1], Token2Label, Token2SoPin, Token2UserPin);
}
// Import objects to first token
using (ISession session = slots[0].OpenSession(SessionType.ReadWrite))
{
session.Login(CKU.CKU_USER, Token1UserPin);
// Import CA cert without private key
session.CreateObject(CryptoObjects.GetTestCaCertAttributes(session, Token1TestCaLabel));
// Import user cert with RSA private and public keys
session.CreateObject(CryptoObjects.GetTestUserRsaCertAttributes(session, Token1TestUserRsaLabel));
session.CreateObject(CryptoObjects.GetTestUserRsaPrivKeyAttributes(session, Token1TestUserRsaLabel, false));
session.CreateObject(CryptoObjects.GetTestUserRsaPubKeyAttributes(session, Token1TestUserRsaLabel));
// Import user cert with ECDSA private and public keys
session.CreateObject(CryptoObjects.GetTestUserEcdsaCertAttributes(session, Token1TestUserEcdsaLabel));
session.CreateObject(CryptoObjects.GetTestUserEcdsaPrivKeyAttributes(session, Token1TestUserEcdsaLabel, false));
session.CreateObject(CryptoObjects.GetTestUserEcdsaPubKeyAttributes(session, Token1TestUserEcdsaLabel));
}
// Import objects to second token
using (ISession session = slots[1].OpenSession(SessionType.ReadWrite))
{
session.Login(CKU.CKU_USER, Token2UserPin);
// Import CA cert without private key
session.CreateObject(CryptoObjects.GetTestCaCertAttributes(session, Token1TestCaLabel));
// Import user cert with RSA private and public keys
session.CreateObject(CryptoObjects.GetTestUserRsaCertAttributes(session, Token2TestUserRsaLabel));
session.CreateObject(CryptoObjects.GetTestUserRsaPrivKeyAttributes(session, Token2TestUserRsaLabel, true));
session.CreateObject(CryptoObjects.GetTestUserRsaPubKeyAttributes(session, Token2TestUserRsaLabel));
// Import user cert with ECDSA private and public keys
session.CreateObject(CryptoObjects.GetTestUserEcdsaCertAttributes(session, Token2TestUserEcdsaLabel));
session.CreateObject(CryptoObjects.GetTestUserEcdsaPrivKeyAttributes(session, Token2TestUserEcdsaLabel, true));
session.CreateObject(CryptoObjects.GetTestUserEcdsaPubKeyAttributes(session, Token2TestUserEcdsaLabel));
}
}
}
public string SignWithCMS(String serializedJson)
{
byte[] data = Encoding.UTF8.GetBytes(serializedJson);
Pkcs11InteropFactories factories = new Pkcs11InteropFactories();
using (IPkcs11Library pkcs11Library = factories.Pkcs11LibraryFactory.LoadPkcs11Library(factories, DllLibPath, AppType.MultiThreaded))
{
ISlot slot = pkcs11Library.GetSlotList(SlotsType.WithTokenPresent).FirstOrDefault();
if (slot is null)
{
return("No slots found");
}
ITokenInfo tokenInfo = slot.GetTokenInfo();
ISlotInfo slotInfo = slot.GetSlotInfo();
using (var session = slot.OpenSession(SessionType.ReadWrite))
{
session.Login(CKU.CKU_USER, Encoding.UTF8.GetBytes(TokenPin));
var certificateSearchAttributes = new List <IObjectAttribute>()
{
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE),
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true),
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CERTIFICATE_TYPE, CKC.CKC_X_509)
};
IObjectHandle certificate = session.FindAllObjects(certificateSearchAttributes).FirstOrDefault();
if (certificate is null)
{
return("Certificate not found");
}
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.MaxAllowed);
// find cert by thumbprint
var foundCerts = store.Certificates.Find(X509FindType.FindByIssuerName, TokenCertificate, false);
//var foundCerts = store.Certificates.Find(X509FindType.FindBySerialNumber, "2b1cdda84ace68813284519b5fb540c2", true);
if (foundCerts.Count == 0)
{
return("no device detected");
}
var certForSigning = foundCerts[0];
store.Close();
ContentInfo content = new ContentInfo(new Oid("1.2.840.113549.1.7.5"), data);
SignedCms cms = new SignedCms(content, true);
EssCertIDv2 bouncyCertificate = new EssCertIDv2(new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier(new DerObjectIdentifier("1.2.840.113549.1.9.16.2.47")), this.HashBytes(certForSigning.RawData));
SigningCertificateV2 signerCertificateV2 = new SigningCertificateV2(new EssCertIDv2[] { bouncyCertificate });
CmsSigner signer = new CmsSigner(certForSigning);
signer.DigestAlgorithm = new Oid("2.16.840.1.101.3.4.2.1");
signer.SignedAttributes.Add(new Pkcs9SigningTime(DateTime.UtcNow));
signer.SignedAttributes.Add(new AsnEncodedData(new Oid("1.2.840.113549.1.9.16.2.47"), signerCertificateV2.GetEncoded()));
cms.ComputeSignature(signer);
var output = cms.Encode();
return(Convert.ToBase64String(output));
}
}
}
public void ListForTreeview()
{
try
{
Node Tree = new Node();
// Show general information about loaded library
ILibraryInfo libraryInfo = PKCS11Library.GetInfo();
Node Library = new Node()
{
Header = "PKCS11 Library " + libraryInfo.LibraryDescription, IconURI = "resm:PKCS11Explorer.Assets.baseline_layers_grey_18dp.png"
};
Library.Children.Add(new Node()
{
Header = "Filepath: " + LibraryFilePath, IconURI = "resm:PKCS11Explorer.Assets.baseline_info_blue_18dp.png"
});
Library.Children.Add(new Node()
{
Header = "Manufacturer: " + libraryInfo.ManufacturerId, IconURI = "resm:PKCS11Explorer.Assets.baseline_info_blue_18dp.png"
});
Library.Children.Add(new Node()
{
Header = "Description: " + libraryInfo.LibraryDescription, IconURI = "resm:PKCS11Explorer.Assets.baseline_info_blue_18dp.png"
});
Library.Children.Add(new Node()
{
Header = "Version: " + libraryInfo.LibraryVersion, IconURI = "resm:PKCS11Explorer.Assets.baseline_info_blue_18dp.png"
});
var assets = AvaloniaLocator.Current.GetService <IAssetLoader>();
Tree.Children.Add(Library);
// Get list of all available slots
foreach (ISlot slot in PKCS11Library.GetSlotList(SlotsType.WithOrWithoutTokenPresent))
{
// Show basic information about slot
ISlotInfo slotInfo = slot.GetSlotInfo();
Node Slot;
if (slotInfo.SlotFlags.TokenPresent)
{
Slot = new Node()
{
Header = "Slot " + slot.GetSlotInfo().SlotId, IconURI = "resm:PKCS11Explorer.Assets.baseline_scanner_green_18dp.png"
}
}
;
else
{
Slot = new Node()
{
Header = "Slot " + slot.GetSlotInfo().SlotId, IconURI = "resm:PKCS11Explorer.Assets.baseline_scanner_red_18dp.png"
}
};
Slot.Children.Add(new Node()
{
Header = "Manufacturer: " + slotInfo.ManufacturerId, IconURI = "resm:PKCS11Explorer.Assets.baseline_info_blue_18dp.png"
});
Slot.Children.Add(new Node()
{
Header = "Description: " + slotInfo.SlotDescription, IconURI = "resm:PKCS11Explorer.Assets.baseline_info_blue_18dp.png"
});
Slot.Children.Add(new Node()
{
Header = "Token present: " + slotInfo.SlotFlags.TokenPresent, IconURI = "resm:PKCS11Explorer.Assets.baseline_info_blue_18dp.png"
});
if (slotInfo.SlotFlags.TokenPresent)
{
// Show basic information about token present in the slot
ITokenInfo tokenInfo = slot.GetTokenInfo();
Node Token = new Node()
{
Header = "Token " + tokenInfo.SerialNumber, IconURI = "resm:PKCS11Explorer.Assets.baseline_sim_card_green_18dp.png"
};
Token.Children.Add(new Node()
{
Header = "Manufacturer: " + tokenInfo.ManufacturerId, IconURI = "resm:PKCS11Explorer.Assets.baseline_info_blue_18dp.png"
});
Token.Children.Add(new Node()
{
Header = "Model: " + tokenInfo.Model, IconURI = "resm:PKCS11Explorer.Assets.baseline_info_blue_18dp.png"
});
Token.Children.Add(new Node()
{
Header = "Serial number: " + tokenInfo.SerialNumber, IconURI = "resm:PKCS11Explorer.Assets.baseline_info_blue_18dp.png"
});
Token.Children.Add(new Node()
{
Header = "Label: " + tokenInfo.Label, IconURI = "resm:PKCS11Explorer.Assets.baseline_info_blue_18dp.png"
});
/*
* if (tokenInfo.FreePublicMemory != uint.MaxValue)
* Token.Children.Add(new Node() { Header = "Available public objects memory: " + tokenInfo.FreePublicMemory + " / " + tokenInfo.TotalPublicMemory, IconURI = "resm:PKCS11Explorer.Assets.baseline_memory_black_18dp.png" });
* if (tokenInfo.TotalPrivateMemory != uint.MaxValue)
* Token.Children.Add(new Node() { Header = "Available private objects memory: " + tokenInfo.FreePrivateMemory + " / " + tokenInfo.TotalPrivateMemory, IconURI = "resm:PKCS11Explorer.Assets.baseline_memory_black_18dp.png" });
*/
// Show public keys name
Node pubkeyNode = new Node()
{
Header = "Public keys", IconURI = "resm:PKCS11Explorer.Assets.baseline_search_grey_18dp.png"
};
using (ISession session = slot.OpenSession(SessionType.ReadOnly))
{
// Do something interesting in RO session
var attrList = new List <IObjectAttribute>();
attrList.Add(Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_PUBLIC_KEY));
attrList.Add(Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true));
var objects = session.FindAllObjects(attrList);
foreach (var obj in objects)
{
if (obj.ObjectId != CK.CK_INVALID_HANDLE)
{
var objectHandle = Factories.ObjectHandleFactory.Create(obj.ObjectId);
List <CKA> attributes = new List <CKA>();
attributes.Add(CKA.CKA_LABEL);
List <IObjectAttribute> objectAttributes = session.GetAttributeValue(objectHandle, attributes);
pubkeyNode.Children.Add(new Node()
{
Header = objectAttributes[0].GetValueAsString(), IconURI = "resm:PKCS11Explorer.Assets.baseline_vpn_key_green_18dp.png"
});
Console.WriteLine("Found: " + objectAttributes[0].GetValueAsString());
}
}
session.CloseSession();
}
Token.Children.Add(pubkeyNode);
// Show private keys name
/*Node privkeyNode = new Node() { Header = "Private keys", IconURI = "resm:PKCS11Explorer.Assets.baseline_search_black_18dp.png" };
* using (ISession session = slot.OpenSession(SessionType.ReadOnly))
* {
* session.Login(CKU.CKU_USER, "");
* // Do something interesting in RO session
* var attrList = new List<IObjectAttribute>();
* attrList.Add(factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY));
* attrList.Add(factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true));
* var objects = session.FindAllObjects(attrList);
* foreach (var obj in objects)
* {
* if (obj.ObjectId != CK.CK_INVALID_HANDLE)
* {
* var objectHandle = factories.ObjectHandleFactory.Create(obj.ObjectId);
* List<CKA> attributes = new List<CKA>();
* attributes.Add(CKA.CKA_LABEL);
* List<IObjectAttribute> objectAttributes = session.GetAttributeValue(objectHandle, attributes);
* privkeyNode.Children.Add(new Node() { Header = objectAttributes[0].GetValueAsString(), IconURI = "resm:PKCS11Explorer.Assets.baseline_vpn_key_black_18dp.png" });
* Console.WriteLine("Found: " + objectAttributes[0].GetValueAsString());
* }
* }
* session.Logout();
* session.CloseSession();
* }
* Token.Children.Add(privkeyNode);
*/
// Show certs name
Node certsNode = new Node()
{
Header = "Certificates", IconURI = "resm:PKCS11Explorer.Assets.baseline_search_grey_18dp.png"
};
using (ISession session = slot.OpenSession(SessionType.ReadOnly))
{
// Do something interesting in RO session
var attrList = new List <IObjectAttribute>();
attrList.Add(Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE));
attrList.Add(Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true));
var objects = session.FindAllObjects(attrList);
foreach (var obj in objects)
{
if (obj.ObjectId != CK.CK_INVALID_HANDLE)
{
var objectHandle = Factories.ObjectHandleFactory.Create(obj.ObjectId);
List <CKA> attributes = new List <CKA>();
attributes.Add(CKA.CKA_LABEL);
List <IObjectAttribute> objectAttributes = session.GetAttributeValue(objectHandle, attributes);
certsNode.Children.Add(new Node()
{
Header = objectAttributes[0].GetValueAsString(), IconURI = "resm:PKCS11Explorer.Assets.baseline_list_alt_green_18dp.png"
});
Console.WriteLine("Found: " + objectAttributes[0].GetValueAsString());
}
}
session.CloseSession();
}
Token.Children.Add(certsNode);
// Show list of mechanisms (algorithms) supported by the token
Node SupportedMechanisms = new Node()
{
Header = "Supported mechanisms", IconURI = "resm:PKCS11Explorer.Assets.baseline_memory_grey_18dp.png"
};
foreach (CKM mechanism in slot.GetMechanismList())
{
SupportedMechanisms.Children.Add(new Node()
{
Header = mechanism.ToString(), IconURI = "resm:PKCS11Explorer.Assets.baseline_check_circle_green_18dp.png"
});
}
Token.Children.Add(SupportedMechanisms);
Slot.Children.Add(Token);
}
Assert.AssertTrue(slot.GetTokenInfo().RwSessionCount == 0);
Assert.AssertTrue(slot.GetTokenInfo().SessionCount == 0);
Tree.Children.Add(Slot);
}
ListForTreeviewFinished?.Invoke(Tree, new ListForTreeviewEventArgs()
{
MainNode = Tree, Success = true
});
}
catch (Net.Pkcs11Interop.Common.UnmanagedException exception)
{
ListForTreeviewFinished?.Invoke(exception, new ListForTreeviewEventArgs()
{
UnmanagedException = exception, Success = false
});
}
catch (Net.Pkcs11Interop.Common.Pkcs11Exception exception)
{
ListForTreeviewFinished?.Invoke(exception, new ListForTreeviewEventArgs()
{
Pkcs11Exception = exception, Success = false
});
}
return;
}
public void _04_TokenInfoMatches()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
List <ISlot> slots = pkcs11Library.GetSlotList(SlotsType.WithTokenPresent);
Assert.IsTrue(slots != null && slots.Count > 0);
ITokenInfo tokenInfo = slots[0].GetTokenInfo();
// Empty URI
Pkcs11Uri pkcs11uri = new Pkcs11Uri(@"pkcs11:");
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
// Unknown path attribute in URI
pkcs11uri = new Pkcs11Uri(@"pkcs11:vendor=foobar");
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
// All attributes matching
Pkcs11UriBuilder pkcs11UriBuilder = new Pkcs11UriBuilder();
pkcs11UriBuilder.Token = tokenInfo.Label;
pkcs11UriBuilder.Manufacturer = tokenInfo.ManufacturerId;
pkcs11UriBuilder.Serial = tokenInfo.SerialNumber;
pkcs11UriBuilder.Model = tokenInfo.Model;
pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri();
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
// Token nonmatching
pkcs11UriBuilder = new Pkcs11UriBuilder();
pkcs11UriBuilder.Token = "foobar";
pkcs11UriBuilder.Manufacturer = tokenInfo.ManufacturerId;
pkcs11UriBuilder.Serial = tokenInfo.SerialNumber;
pkcs11UriBuilder.Model = tokenInfo.Model;
pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri();
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
// Manufacturer nonmatching
pkcs11UriBuilder = new Pkcs11UriBuilder();
pkcs11UriBuilder.Token = tokenInfo.Label;
pkcs11UriBuilder.Manufacturer = "foobar";
pkcs11UriBuilder.Serial = tokenInfo.SerialNumber;
pkcs11UriBuilder.Model = tokenInfo.Model;
pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri();
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
// Serial nonmatching
pkcs11UriBuilder = new Pkcs11UriBuilder();
pkcs11UriBuilder.Token = tokenInfo.Label;
pkcs11UriBuilder.Manufacturer = tokenInfo.ManufacturerId;
pkcs11UriBuilder.Serial = "foobar";
pkcs11UriBuilder.Model = tokenInfo.Model;
pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri();
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
// Model nonmatching
pkcs11UriBuilder = new Pkcs11UriBuilder();
pkcs11UriBuilder.Token = tokenInfo.Label;
pkcs11UriBuilder.Manufacturer = tokenInfo.ManufacturerId;
pkcs11UriBuilder.Serial = tokenInfo.SerialNumber;
pkcs11UriBuilder.Model = "foobar";
pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri();
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
}
}