/// <summary> /// Creates new instance of Pkcs11X509Certificate2Context class /// </summary> /// <param name="certificateInfo">Detailed information about X.509 certificate stored on PKCS#11 token</param> /// <param name="certHandle">High level PKCS#11 object handle of certificate object</param> /// <param name="privKeyHandle">High level PKCS#11 object handle of private key object</param> /// <param name="pubKeyHandle">High level PKCS#11 object handle of public key object</param> /// <param name="keyUsageRequiresLogin">Flag indicating whether key usage requires context specific login to be perfromed</param> /// <param name="tokenContext">Internal context for Pkcs11Token class</param> internal Pkcs11X509CertificateContext(Pkcs11X509CertificateInfo certificateInfo, IObjectHandle certHandle, IObjectHandle privKeyHandle, IObjectHandle pubKeyHandle, bool keyUsageRequiresLogin, Pkcs11TokenContext tokenContext) { _certificateInfo = certificateInfo ?? throw new ArgumentNullException(nameof(certificateInfo)); _certHandle = certHandle ?? throw new ArgumentNullException(nameof(certHandle)); _privKeyHandle = privKeyHandle; _pubKeyHandle = pubKeyHandle; _keyUsageRequiresLogin = keyUsageRequiresLogin; _tokenContext = tokenContext ?? throw new ArgumentNullException(nameof(tokenContext)); }
/// <summary> /// Creates new instance of Pkcs11Token class /// </summary> /// <param name="slotContext">Internal context for Pkcs11Slot class</param> internal Pkcs11Token(Pkcs11SlotContext slotContext) { if (slotContext == null) { throw new ArgumentNullException(nameof(slotContext)); } _tokenContext = this.GetTokenContext(slotContext); // Note: _certificates are loaded on first access }
/// <summary> /// Creates new instance of Pkcs11X509Certificate2 class /// </summary> /// <param name="certHandle">High level PKCS#11 object handle of certificate object</param> /// <param name="tokenContext">Internal context for Pkcs11Token class</param> internal Pkcs11X509Certificate(IObjectHandle certHandle, Pkcs11TokenContext tokenContext) { if (certHandle == null) { throw new ArgumentNullException(nameof(certHandle)); } if (tokenContext == null) { throw new ArgumentNullException(nameof(tokenContext)); } _certContext = GetCertificateContext(certHandle, tokenContext); }
/// <summary> /// Disposes object /// </summary> /// <param name="disposing">Flag indicating whether managed resources should be disposed</param> protected virtual void Dispose(bool disposing) { if (!_disposed) { if (disposing) { // Dispose managed objects if (_tokenContext != null) { _tokenContext.Dispose(); _tokenContext = null; } } // Dispose unmanaged objects _disposed = true; } }
/// <summary> /// Requests PIN code for PKCS#11 token /// </summary> /// <param name="tokenContext">Internal context for Pkcs11Token class</param> /// <returns>PIN code</returns> public static byte[] GetTokenPin(Pkcs11TokenContext tokenContext) { IPinProvider pinProvider = tokenContext.SlotContext.StoreContext.PinProvider; Pkcs11X509StoreInfo storeInfo = tokenContext.SlotContext.StoreContext.StoreInfo; Pkcs11SlotInfo slotInfo = tokenContext.SlotContext.SlotInfo; Pkcs11TokenInfo tokenInfo = tokenContext.TokenInfo; GetPinResult getPinResult = pinProvider.GetTokenPin(storeInfo, slotInfo, tokenInfo); if (getPinResult == null) { throw new Exception("Invalid response from IPinProvider"); } if (getPinResult.Cancel) { throw new LoginCancelledException("Login with token pin was cancelled"); } return(getPinResult.Pin); }
/// <summary> /// Constructs internal context for Pkcs11X509Certificate class /// </summary> /// <param name="certHandle">High level PKCS#11 object handle of certificate object</param> /// <param name="tokenContext">Internal context for Pkcs11Token class</param> /// <returns>Internal context for Pkcs11X509Certificate class</returns> private Pkcs11X509CertificateContext GetCertificateContext(IObjectHandle certHandle, Pkcs11TokenContext tokenContext) { using (ISession session = tokenContext.SlotContext.Slot.OpenSession(SessionType.ReadOnly)) { List <IObjectAttribute> objectAttributes = session.GetAttributeValue(certHandle, new List <CKA>() { CKA.CKA_ID, CKA.CKA_LABEL, CKA.CKA_VALUE }); byte[] ckaId = objectAttributes[0].GetValueAsByteArray(); string ckaLabel = objectAttributes[1].GetValueAsString(); byte[] ckaValue = objectAttributes[2].GetValueAsByteArray(); var certInfo = new Pkcs11X509CertificateInfo(ckaId, ckaLabel, ckaValue); IObjectHandle privKeyHandle = FindKey(session, CKO.CKO_PRIVATE_KEY, ckaId, ckaLabel); IObjectHandle pubKeyHandle = FindKey(session, CKO.CKO_PUBLIC_KEY, ckaId, ckaLabel); bool keyUsageRequiresLogin = (privKeyHandle == null) ? false : GetCkaAlwaysAuthenticateValue(session, privKeyHandle); return(new Pkcs11X509CertificateContext(certInfo, certHandle, privKeyHandle, pubKeyHandle, keyUsageRequiresLogin, tokenContext)); } }