Exemplo n.º 1
0
        public string CreateCSR(IObjectHandle publicKey,
                                string[] dn, IObjectHandle privateKey, string[] attributes, string[] extensions)
        {
            if (this._disposed)
            {
                throw new ObjectDisposedException(this.GetType().FullName);
            }

            IntPtr[] dnPtr   = StringArrayHelpers.ConvertStringArrayToIntPtrArray(dn);
            IntPtr[] extsPtr = StringArrayHelpers.ConvertStringArrayToIntPtrArray(extensions);

            IntPtr      csr;
            NativeULong csrLength;

            CKR rv = ((LowLevelAPI81.RutokenPkcs11Library)_pkcs11Library).C_EX_CreateCSR(_sessionId, (NativeULong)(publicKey.ObjectId),
                                                                                         dnPtr, (NativeULong)dnPtr.Length,
                                                                                         out csr, out csrLength,
                                                                                         (NativeULong)(privateKey.ObjectId),
                                                                                         null, 0,
                                                                                         extsPtr, (NativeULong)extsPtr.Length);

            StringArrayHelpers.FreeUnmanagedIntPtrArray(dnPtr);
            StringArrayHelpers.FreeUnmanagedIntPtrArray(extsPtr);

            if (rv != CKR.CKR_OK)
            {
                throw new Pkcs11Exception("C_EX_CreateCSR", rv);
            }

            try
            {
                var csrString = PKIHelpers.GetBase64CSR(csr, (int)csrLength);
                if (csrString.Length == 0)
                {
                    throw new InvalidOperationException("C_EX_CreateCSR: invalid csr length");
                }

                return(csrString);
            }
            finally
            {
                rv = ((LowLevelAPI81.RutokenPkcs11Library)_pkcs11Library).C_EX_FreeBuffer(csr);
                if (rv != CKR.CKR_OK)
                {
                    throw new Pkcs11Exception("C_EX_FreeBuffer", rv);
                }
            }
        }
Exemplo n.º 2
0
        public void _LL_33_01_CreateCSR_PKCS10Test()
        {
            Helpers.CheckPlatform();

            CKR rv = CKR.CKR_OK;

            using (var pkcs11 = new RutokenPkcs11Library(Settings.Pkcs11LibraryPath))
            {
                // Инициализация библиотеки
                rv = pkcs11.C_Initialize(Settings.InitArgs41);
                if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED))
                {
                    Assert.Fail(rv.ToString());
                }

                // Установление соединения с Рутокен в первом доступном слоте
                NativeULong slotId = Helpers.GetUsableSlot(pkcs11);

                // Открытие RW сессии
                NativeULong session = CK.CK_INVALID_HANDLE;
                rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero,
                                          IntPtr.Zero, ref session);
                if (rv != CKR.CKR_OK)
                {
                    Assert.Fail(rv.ToString());
                }

                // Выполнение аутентификации пользователя
                rv = pkcs11.C_Login(session, CKU.CKU_USER, Settings.NormalUserPinArray, Convert.ToUInt32(Settings.NormalUserPinArray.Length));
                if (rv != CKR.CKR_OK && rv != CKR.CKR_USER_ALREADY_LOGGED_IN)
                {
                    Assert.Fail(rv.ToString());
                }

                // Генерация ключевой пары ГОСТ Р 34.10-2001
                NativeULong pubKeyId  = CK.CK_INVALID_HANDLE;
                NativeULong privKeyId = CK.CK_INVALID_HANDLE;
                Helpers.GenerateGostKeyPair(pkcs11, session, ref pubKeyId, ref privKeyId, Settings.GostKeyPairId1);

                // Создание запроса на сертификат
                string[] dn =
                {
                    "CN",
                    "UTF8String:Иванов",
                    "C",
                    "RU",
                    "2.5.4.5",
                    "12312312312",
                    "1.2.840.113549.1.9.1",
                    "*****@*****.**",
                    "ST",
                    "UTF8String:Москва",
                };

                string[] exts =
                {
                    "keyUsage",
                    "digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment",
                    "extendedKeyUsage",
                    "1.2.643.2.2.34.6,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4",
                    "2.5.29.14",
                    "ASN1:FORMAT:HEX,OCTETSTRING:FE117B93CEC6B5065E1613E155D3A9CA597C0F81",
                    "1.2.643.100.111",
                    "ASN1:UTF8String:СКЗИ \\\"Рутокен ЭЦП 2.0\\\""
                };

                IntPtr[] dnPtr   = StringArrayHelpers.ConvertStringArrayToIntPtrArray(dn);
                IntPtr[] extsPtr = StringArrayHelpers.ConvertStringArrayToIntPtrArray(exts);

                IntPtr      csr;
                NativeULong csrLength;

                rv = pkcs11.C_EX_CreateCSR(session, pubKeyId,
                                           dnPtr, (NativeULong)dnPtr.Length,
                                           out csr, out csrLength,
                                           privKeyId,
                                           null, 0,
                                           extsPtr, (NativeULong)extsPtr.Length);

                StringArrayHelpers.FreeUnmanagedIntPtrArray(dnPtr);
                StringArrayHelpers.FreeUnmanagedIntPtrArray(extsPtr);

                if (rv != CKR.CKR_OK)
                {
                    Assert.Fail(rv.ToString());
                }

                var csrString = PKIHelpers.GetBase64CSR(csr, (int)csrLength);

                Assert.IsTrue(csrString.Length > 0);

                // Очистка памяти, выделенной для полученного буфера
                rv = pkcs11.C_EX_FreeBuffer(csr);
                if (rv != CKR.CKR_OK)
                {
                    Assert.Fail(rv.ToString());
                }

                rv = pkcs11.C_DestroyObject(session, privKeyId);
                if (rv != CKR.CKR_OK)
                {
                    Assert.Fail(rv.ToString());
                }

                rv = pkcs11.C_DestroyObject(session, pubKeyId);
                if (rv != CKR.CKR_OK)
                {
                    Assert.Fail(rv.ToString());
                }

                rv = pkcs11.C_CloseSession(session);
                if (rv != CKR.CKR_OK)
                {
                    Assert.Fail(rv.ToString());
                }

                rv = pkcs11.C_Finalize(IntPtr.Zero);
                if (rv != CKR.CKR_OK)
                {
                    Assert.Fail(rv.ToString());
                }
            }
        }