private void AddFileToCollection(string path) { int i; string key; byte[] raw = EstEIDUtils.ReadFile(path); X509Certificate[] chain = X509Utils.LoadCertificate(raw); for (i = 0; i < chain.Length; i++) { key = X509Utils.GetSubjectFields(chain[i], "CN"); // better safe than sorry, who knows what the dir content consists of... if (!certs.Contains(key)) { certs.Add(key, new X509CertStoreEntry(path, chain[i])); } } }
private PKCS11Signer LocateSigner(EstEIDReader estEidReader) { uint slots; uint i, rc; X509Certificate2Collection col = null; Mechanism mech = null; PKCS11Signer signer = null; X509Certificate2 cert = null; ArrayList signers = null; slots = estEidReader.GetSlotCount(1); if (slots == 0) { throw new Exception(Resources.CARD_MISSING); } col = new X509Certificate2Collection(); mech = new Mechanism(Mechanism.CKF_SIGN | Mechanism.CKF_HW); signers = new ArrayList((int)slots); for (i = 0; i < slots; i++) { rc = estEidReader.IsMechanismSupported(i, mech); // can't use this slot mechanism for signing if (rc != EstEIDReader.ESTEID_OK) { // Mechanism not supported ? if (rc == EstEIDReader.ESTEID_ERR) { continue; } throw new PKCS11Exception(rc); } TokenInfo token = new TokenInfo(estEidReader); rc = token.ReadInfo(i); if (rc != EstEIDReader.ESTEID_OK) { throw new PKCS11Exception(rc); } PKCS11Cert pkcs11Cert = new PKCS11Cert(); rc = estEidReader.LocateCertificate(i, pkcs11Cert); if (rc != EstEIDReader.ESTEID_OK) { // did we find a certificate ? if (rc == EstEIDReader.ESTEID_ERR) { continue; } throw new PKCS11Exception(rc); } byte[] raw = pkcs11Cert.CertificateToByteArray(); // can we use this cert for signing ? string s = X509Utils.GetSubjectFields(raw, "OU"); if (!s.Equals("digital signature")) { continue; } cert = new X509Certificate2(raw); col.Add(cert); signer = new PKCS11Signer(i, cert, token); signers.Add(signer); } // no valid certs found ? if (col.Count == 0) { throw new Exception(Resources.CERTS_MISSING); } X509Certificate2Collection sel = X509CertificateUI.SelectFromCollection(col, Resources.UI_CERTIFICATES, Resources.UI_PICK_CERTIFICATE); // user requested Cancel or there are no certs ? if (sel == null || sel.Count == 0) { throw new CancelException(Resources.ACTION_CANCELED); } X509Certificate2Enumerator en = sel.GetEnumerator(); en.MoveNext(); cert = en.Current; byte[] s1 = cert.PublicKey.EncodedKeyValue.RawData; IEnumerator enumerator = signers.GetEnumerator(); while (enumerator.MoveNext()) { signer = (PKCS11Signer)enumerator.Current; byte[] s2 = signer.Cert.PublicKey.EncodedKeyValue.RawData; if (Arrays.AreEqual(s1, s2)) { return(signer); } } // didn't find any match ? // data is being altered in memory ? throw new Exception(Resources.CERT_DONT_MATCH); }