private void AddFileToCollection(string path)
{
int i;
string key;
byte[] raw = EstEIDUtils.ReadFile(path);
X509Certificate[] chain = X509Utils.LoadCertificate(raw);
for (i = 0; i < chain.Length; i++)
{
key = X509Utils.GetSubjectFields(chain[i], "CN");
// better safe than sorry, who knows what the dir content consists of...
if (!certs.Contains(key))
{
certs.Add(key, new X509CertStoreEntry(path, chain[i]));
}
}
}
private PKCS11Signer LocateSigner(EstEIDReader estEidReader)
{
uint slots;
uint i, rc;
X509Certificate2Collection col = null;
Mechanism mech = null;
PKCS11Signer signer = null;
X509Certificate2 cert = null;
ArrayList signers = null;
slots = estEidReader.GetSlotCount(1);
if (slots == 0)
{
throw new Exception(Resources.CARD_MISSING);
}
col = new X509Certificate2Collection();
mech = new Mechanism(Mechanism.CKF_SIGN | Mechanism.CKF_HW);
signers = new ArrayList((int)slots);
for (i = 0; i < slots; i++)
{
rc = estEidReader.IsMechanismSupported(i, mech);
// can't use this slot mechanism for signing
if (rc != EstEIDReader.ESTEID_OK)
{
// Mechanism not supported ?
if (rc == EstEIDReader.ESTEID_ERR)
{
continue;
}
throw new PKCS11Exception(rc);
}
TokenInfo token = new TokenInfo(estEidReader);
rc = token.ReadInfo(i);
if (rc != EstEIDReader.ESTEID_OK)
{
throw new PKCS11Exception(rc);
}
PKCS11Cert pkcs11Cert = new PKCS11Cert();
rc = estEidReader.LocateCertificate(i, pkcs11Cert);
if (rc != EstEIDReader.ESTEID_OK)
{
// did we find a certificate ?
if (rc == EstEIDReader.ESTEID_ERR)
{
continue;
}
throw new PKCS11Exception(rc);
}
byte[] raw = pkcs11Cert.CertificateToByteArray();
// can we use this cert for signing ?
string s = X509Utils.GetSubjectFields(raw, "OU");
if (!s.Equals("digital signature"))
{
continue;
}
cert = new X509Certificate2(raw);
col.Add(cert);
signer = new PKCS11Signer(i, cert, token);
signers.Add(signer);
}
// no valid certs found ?
if (col.Count == 0)
{
throw new Exception(Resources.CERTS_MISSING);
}
X509Certificate2Collection sel = X509CertificateUI.SelectFromCollection(col,
Resources.UI_CERTIFICATES, Resources.UI_PICK_CERTIFICATE);
// user requested Cancel or there are no certs ?
if (sel == null || sel.Count == 0)
{
throw new CancelException(Resources.ACTION_CANCELED);
}
X509Certificate2Enumerator en = sel.GetEnumerator();
en.MoveNext();
cert = en.Current;
byte[] s1 = cert.PublicKey.EncodedKeyValue.RawData;
IEnumerator enumerator = signers.GetEnumerator();
while (enumerator.MoveNext())
{
signer = (PKCS11Signer)enumerator.Current;
byte[] s2 = signer.Cert.PublicKey.EncodedKeyValue.RawData;
if (Arrays.AreEqual(s1, s2))
{
return(signer);
}
}
// didn't find any match ?
// data is being altered in memory ?
throw new Exception(Resources.CERT_DONT_MATCH);
}
