/// <summary> /// Click handler for the 'ChangeAdminKey' button. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private async void ChangeAdminKey_Click(object sender, RoutedEventArgs e) { if (!rootPage.ValidateTPMSmartCard()) { rootPage.NotifyUser( "Use Scenario One to create a TPM virtual smart card.", NotifyType.ErrorMessage); return; } Button b = sender as Button; b.IsEnabled = false; try { IBuffer newadminkey = CryptographicBuffer.GenerateRandom( MainPage.ADMIN_KEY_LENGTH_IN_BYTES); SmartCard card = await rootPage.GetSmartCard(); SmartCardProvisioning provisioning = await SmartCardProvisioning.FromSmartCardAsync(card); rootPage.NotifyUser("Changing smart card admin key...", NotifyType.StatusMessage); using (SmartCardChallengeContext context = await provisioning.GetChallengeContextAsync()) { IBuffer response = ChallengeResponseAlgorithm.CalculateResponse( context.Challenge, rootPage.AdminKey); await context.ChangeAdministrativeKeyAsync(response, newadminkey); rootPage.AdminKey = newadminkey; } rootPage.NotifyUser( "Smart card change admin key operation completed.", NotifyType.StatusMessage); } catch (Exception ex) { rootPage.NotifyUser( "Changing smart card admin key operation failed " + "with exception: " + ex.ToString(), NotifyType.ErrorMessage); } finally { b.IsEnabled = true; } }
/// <summary> /// Click handler for the 'VerifyResponse' button. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private async void VerifyResponse_Click(object sender, RoutedEventArgs e) { if (!rootPage.ValidateTPMSmartCard()) { rootPage.NotifyUser( "Use Scenario One to create a TPM virtual smart card.", NotifyType.ErrorMessage); return; } Button b = sender as Button; b.IsEnabled = false; try { bool verifyResult = false; SmartCard card = await rootPage.GetSmartCard(); SmartCardProvisioning provisioning = await SmartCardProvisioning.FromSmartCardAsync(card); rootPage.NotifyUser("Verifying smart card response...", NotifyType.StatusMessage); using (SmartCardChallengeContext context = await provisioning.GetChallengeContextAsync()) { IBuffer response = ChallengeResponseAlgorithm.CalculateResponse( context.Challenge, rootPage.AdminKey); verifyResult = await context.VerifyResponseAsync(response); } rootPage.NotifyUser( "Smart card response verification completed. Result: " + verifyResult.ToString(), NotifyType.StatusMessage); } catch (Exception ex) { rootPage.NotifyUser( "Verifying smart card response operation failed " + "with exception: " + ex.ToString(), NotifyType.ErrorMessage); } finally { b.IsEnabled = true; } }
/// <summary> /// Click handler for the 'create' button. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private async void Create_Click(object sender, RoutedEventArgs e) { Button b = sender as Button; b.IsEnabled = false; rootPage.NotifyUser("Creating TPM virtual smart card...", NotifyType.StatusMessage); try { SmartCardPinPolicy pinPolicy = ParsePinPolicy(); IBuffer adminkey = CryptographicBuffer.GenerateRandom( MainPage.ADMIN_KEY_LENGTH_IN_BYTES); SmartCardProvisioning provisioning = await SmartCardProvisioning.RequestVirtualSmartCardCreationAsync( FriendlyNameText.Text, adminkey, pinPolicy); // If card creation is cancelled by the user, // RequestVirtualSmartCard will return null instead of a // SmartCardProvisioning object. if (null == provisioning) { rootPage.NotifyUser( "TPM virtual smart card creation was canceled by " + "the user.", NotifyType.StatusMessage); b.IsEnabled = true; return; } // The following two lines are not directly related to TPM virtual // smart card creation, but are used to demonstrate how to handle // CardAdded events by registering an event handler with a // SmartCardReader object. Since we are using a TPM virtual smart // card in this case, the card cannot actually be added to or // removed from the reader, but a CardAdded event will fire as // soon as the event handler is added, since the card is already // inserted. // // We must retain a reference to the SmartCardReader object to // which we are adding the event handler. Hence we assign the // reader object associated with the SmartCardProvisioning we // received from RequestVirtualSmartCardCreationAsync to the // class's "reader" member. Then, we use += to add the // HandleCardAdded method as an event handler. The function // will be automatically boxed in a TypedEventHandler, but // the function signature match the template arguments for // the specific event - in this case, // <SmartCardReader, CardAddedEventArgs> reader = provisioning.SmartCard.Reader; reader.CardAdded += HandleCardAdded; // Store the reader's device ID and admin key to enable the // following scenarios in the sample. rootPage.SmartCardReaderDeviceId = provisioning.SmartCard.Reader.DeviceId; rootPage.AdminKey = adminkey; // Once RequestVirtualSmartCardCreationAsync has returned, the card // is already provisioned and ready to use. Therefore, the steps // in this using block are not actually necessary at this point. // However, should you want to re-provision the card in the future, // you would follow this sequence: acquire a challenge context, // calculate a response, and then call ProvisionAsync on the // challenge context with the calculated response. using (var context = await provisioning.GetChallengeContextAsync()) { IBuffer response = ChallengeResponseAlgorithm.CalculateResponse( context.Challenge, adminkey); await context.ProvisionAsync(response, true); } rootPage.NotifyUser( "TPM virtual smart card is provisioned and ready for use.", NotifyType.StatusMessage); } catch (Exception ex) { // Two potentially common error scenarios when creating a TPM // virtual smart card are that the user's machine may not have // a TPM, or the TPM may not be ready for use. It is important // to explicitly check for these scenarios by checking the // HResult of any exceptions thrown by // RequestVirtualSmartCardCreationAsync and gracefully // providing a suitable message to the user. if(NTE_DEVICE_NOT_FOUND == ex.HResult) { rootPage.NotifyUser( "We were unable to find a Trusted Platform Module on " + "your machine. A TPM is required to use a TPM Virtual " + "Smart Card.", NotifyType.ErrorMessage); } else if (NTE_DEVICE_NOT_READY == ex.HResult) { rootPage.NotifyUser( "Your Trusted Platform Module is not ready for use. " + "Please contact your administrator for assistance with " + "initializing your TPM.", NotifyType.ErrorMessage); } else { rootPage.NotifyUser( "TPM virtual smart card creation failed with exception: " + ex.ToString(), NotifyType.ErrorMessage); } } finally { b.IsEnabled = true; } }
/// <summary> /// Click handler for the 'ResetPin' button. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private async void ResetPin_Click(object sender, RoutedEventArgs e) { if (!rootPage.ValidateTPMSmartCard()) { rootPage.NotifyUser( "Use Scenario One to create a TPM virtual smart card.", NotifyType.ErrorMessage); return; } Button b = sender as Button; b.IsEnabled = false; try { SmartCard card = await rootPage.GetSmartCard(); SmartCardProvisioning provisioning = await SmartCardProvisioning.FromSmartCardAsync(card); rootPage.NotifyUser("Resetting smart card PIN...", NotifyType.StatusMessage); // When requesting a PIN reset, a SmartCardPinResetHandler must be // provided as an argument. This handler must use the challenge // it receives and the card's admin key to calculate and set the // response. bool result = await provisioning.RequestPinResetAsync( (pinResetSender, request) => { SmartCardPinResetDeferral deferral = request.GetDeferral(); try { IBuffer response = ChallengeResponseAlgorithm.CalculateResponse( request.Challenge, rootPage.AdminKey); request.SetResponse(response); } finally { deferral.Complete(); } }); if (result) { rootPage.NotifyUser( "Smart card PIN reset operation completed.", NotifyType.StatusMessage); } else { rootPage.NotifyUser( "Smart card PIN reset operation was canceled by " + "the user.", NotifyType.StatusMessage); } } catch (Exception ex) { rootPage.NotifyUser( "Resetting smart card PIN failed with exception: " + ex.ToString(), NotifyType.ErrorMessage); } finally { b.IsEnabled = true; } }