public void TestAccessKeyAndCertificate() { // Specify the path to unmanaged PKCS#11 library provided by the cryptographic device vendor string pkcs11LibraryPath = @"d:\Program Files\SoftHSM2\lib\softhsm2-x64.dll"; Pkcs11InteropFactories factories = new Pkcs11InteropFactories(); using (IPkcs11Library pkcs11Library = factories.Pkcs11LibraryFactory.LoadPkcs11Library(factories, pkcs11LibraryPath, AppType.MultiThreaded)) { ISlot slot = pkcs11Library.GetSlotList(SlotsType.WithTokenPresent).Find(slot => slot.SlotId == 171137967); Assert.IsNotNull(slot, "Slot with ID 171137967 does not exist or does not have token."); using (ISession session = slot.OpenSession(SessionType.ReadWrite)) { // Login as normal user session.Login(CKU.CKU_USER, "5678"); List <IObjectAttribute> attributes = new List <IObjectAttribute>(); ObjectAttributeFactory objectAttributeFactory = new ObjectAttributeFactory(); attributes.Add(objectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY)); List <IObjectHandle> keys = session.FindAllObjects(attributes); Assert.AreEqual(1, keys.Count, "Unexpected number of private keys: {0}", keys.Count); attributes.Clear(); attributes.Add(objectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE)); attributes.Add(objectAttributeFactory.Create(CKA.CKA_CERTIFICATE_TYPE, CKC.CKC_X_509)); List <IObjectHandle> certificates = session.FindAllObjects(attributes); Assert.AreEqual(1, certificates.Count, "Unexpected number of certificates: {0}", certificates.Count); List <CKA> certificateAttributeKeys = new List <CKA>(); certificateAttributeKeys.Add(CKA.CKA_VALUE); certificateAttributeKeys.Add(CKA.CKA_LABEL); List <IObjectAttribute> certificateAttributes = session.GetAttributeValue(certificates[0], certificateAttributeKeys); Assert.AreEqual(2, certificateAttributes.Count, "Unexpected number of certificate attributes: {0}", certificateAttributes.Count); string certificateLabel = certificateAttributes[1].GetValueAsString(); Console.WriteLine("Certificate label: {0}", certificateLabel); byte[] certificateBytes = certificateAttributes[0].GetValueAsByteArray(); X509Certificate2 certificate = new X509Certificate2(certificateBytes); Console.WriteLine("Subject: {0}", certificate.Subject.ToString()); } } }
private void LoadCertPrivateKeyHandle() { //Carga del certificado List <IObjectAttribute> template = new List <IObjectAttribute>(); var f = new ObjectAttributeFactory(); template.Add(f.Create(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE)); template.Add(f.Create(CKA.CKA_CERTIFICATE_TYPE, CKC.CKC_X_509)); List <IObjectHandle> pubKeyObjectHandle = session.FindAllObjects(template); List <CKA> pubKeyAttrsToRead = new List <CKA>(); pubKeyAttrsToRead.Add(CKA.CKA_LABEL); pubKeyAttrsToRead.Add(CKA.CKA_ID); pubKeyAttrsToRead.Add(CKA.CKA_VALUE); //La cédula tiene sólo un certificado List <IObjectAttribute> pubKeyAttributes = session.GetAttributeValue(pubKeyObjectHandle[0], pubKeyAttrsToRead); var certArray = pubKeyAttributes[2].GetValueAsByteArray(); X509CertificateParser _x509CertificateParser = new X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate bcCert = _x509CertificateParser.ReadCertificate(certArray); //El identificador del certificado string ckaLabel = pubKeyAttributes[0].GetValueAsString(); //Recupera el handle a la clave privada utilizando el identificador del certificado template.Clear(); template.Add(f.Create(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY)); template.Add(f.Create(CKA.CKA_KEY_TYPE, CKK.CKK_RSA)); template.Add(f.Create(CKA.CKA_LABEL, ckaLabel)); privatekeyHandle = session.FindAllObjects(template)[0]; certPath = new Org.BouncyCastle.X509.X509Certificate[] { bcCert }; }
public Pkcs11Signature Select(string alias, string certLabel, string pin) { List <CKA> pkAttributeKeys = new List <CKA>(); pkAttributeKeys.Add(CKA.CKA_KEY_TYPE); pkAttributeKeys.Add(CKA.CKA_LABEL); pkAttributeKeys.Add(CKA.CKA_ID); List <CKA> certAttributeKeys = new List <CKA>(); certAttributeKeys.Add(CKA.CKA_VALUE); certAttributeKeys.Add(CKA.CKA_LABEL); CloseSession(); session = slot.OpenSession(SessionType.ReadWrite); session.Login(CKU.CKU_USER, pin); ObjectAttributeFactory objectAttributeFactory = new ObjectAttributeFactory(); List <IObjectAttribute> attributes = new List <IObjectAttribute>(); attributes.Add(objectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY)); List <IObjectHandle> keys = session.FindAllObjects(attributes); bool found = false; foreach (IObjectHandle key in keys) { List <IObjectAttribute> keyAttributes = session.GetAttributeValue(key, pkAttributeKeys); ulong type = keyAttributes[0].GetValueAsUlong(); string encryptionAlgorithm; switch (type) { case (ulong)CKK.CKK_RSA: encryptionAlgorithm = "RSA"; break; case (ulong)CKK.CKK_DSA: encryptionAlgorithm = "DSA"; break; case (ulong)CKK.CKK_ECDSA: encryptionAlgorithm = "ECDSA"; break; default: continue; } string thisAlias = keyAttributes[1].GetValueAsString(); if (thisAlias == null || thisAlias.Length == 0) { thisAlias = keyAttributes[2].GetValueAsString(); } if (alias != null && !alias.Equals(thisAlias)) { continue; } attributes.Clear(); attributes.Add(objectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE)); attributes.Add(objectAttributeFactory.Create(CKA.CKA_CERTIFICATE_TYPE, CKC.CKC_X_509)); if (certLabel == null && thisAlias != null && thisAlias.Length > 0) { certLabel = thisAlias; } if (certLabel != null) { attributes.Add(objectAttributeFactory.Create(CKA.CKA_LABEL, certLabel)); } List <IObjectHandle> certificates = session.FindAllObjects(attributes); if (certificates.Count != 1) { continue; } IObjectHandle certificate = certificates[0]; List <IObjectAttribute> certificateAttributes = session.GetAttributeValue(certificate, certAttributeKeys); X509Certificate x509Certificate = new X509Certificate(X509CertificateStructure.GetInstance(certificateAttributes[0].GetValueAsByteArray())); List <X509Certificate> x509Certificates = new List <X509Certificate>(); x509Certificates.Add(x509Certificate); attributes.Clear(); attributes.Add(objectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE)); attributes.Add(objectAttributeFactory.Create(CKA.CKA_CERTIFICATE_TYPE, CKC.CKC_X_509)); List <IObjectHandle> otherCertificates = session.FindAllObjects(attributes); foreach (IObjectHandle otherCertificate in otherCertificates) { if (!certificate.ObjectId.Equals(otherCertificate.ObjectId)) { certificateAttributes = session.GetAttributeValue(otherCertificate, certAttributeKeys); X509Certificate otherX509Certificate = new X509Certificate(X509CertificateStructure.GetInstance(certificateAttributes[0].GetValueAsByteArray())); x509Certificates.Add(otherX509Certificate); } } found = true; this.alias = thisAlias; this.encryptionAlgorithm = encryptionAlgorithm; this.privateKeyHandle = key; this.chain = x509Certificates.ToArray(); break; } if (!found) { this.alias = null; this.encryptionAlgorithm = null; this.privateKeyHandle = null; this.chain = null; } return(this); }