From e8c230ce1b714a0c5a0fffc3bda42ae01130a99c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc=20W=C3=A4ckerlin?= <marc@mrw.sh>
Date: Wed, 22 Jan 2014 15:14:36 +0000
Subject: [PATCH] better interface to get binary certificates; refs #28

---
 doc/examples/suisse-id-demo.cxx | 16 +++-----
 src/cryptoki.hxx                | 71 ++++++++++++++++++++++++++-------
 src/suisseid.hxx                | 23 +++++++++++
 3 files changed, 85 insertions(+), 25 deletions(-)

diff --git a/doc/examples/suisse-id-demo.cxx b/doc/examples/suisse-id-demo.cxx
index ace3514..dfe9d3d 100644
--- a/doc/examples/suisse-id-demo.cxx
+++ b/doc/examples/suisse-id-demo.cxx
@@ -37,17 +37,14 @@ int main(int argc, char** argv) try {
                <<"    SigG:        "<<(*card)->sigGPinRetries()<<std::endl
                <<"    Transport:   "<<(*card)->transportPinRetries()<<std::endl
                <<"    PUK:         "<<(*card)->pukRetries()<<std::endl;
-      cryptoki::Session session((*card)->slot());
-      cryptoki::Session::Info info(session.getsessioninfo());
+      cryptoki::Session::Info info((*card)->sessionInfo());
       std::cout<<"  Session:"<<std::endl
                <<"    Slot:        "<<info.slotID<<std::endl
-               <<"    State:       "<<session.state(info)<<std::endl
-               <<"    Flags:       "<<((info.flags|CKF_RW_SESSION)
+               <<"    State:       "<<info.stateString()<<std::endl
+               <<"    Flags:       "<<(info.readwrite()
                                        ?"read/write":"read only")<<std::endl
                <<"    Device Error: "<<info.ulDeviceError<<std::endl;
-      cryptoki::ObjectList certs
-        (session.find(cryptoki::Attribute(CKA_CLASS)
-                      .from<CK_OBJECT_CLASS>(CKO_CERTIFICATE)));
+      suisseid::Certificates certs((*card)->certificates());
       std::cout<<"  Certificates:   "<<certs.size()<<std::endl;
       std::cout<<"--------------------------------------------------"<<std::endl
                <<"Your Order Sir:"<<std::endl
@@ -81,10 +78,9 @@ int main(int argc, char** argv) try {
           TextualCycle check(*card);
           check.installCerts(true);
         } else if (choice=="z") {
-          for (cryptoki::ObjectList::iterator cert(certs.begin());
+          for (suisseid::Certificates::iterator cert(certs.begin());
                cert!=certs.end(); ++cert) {
-            std::string data(cert->attribute(CKA_VALUE).value);
-            QByteArray der(QByteArray(data.data(), data.size()));
+            QByteArray der(QByteArray(cert->data(), cert->size()));
             QSslCertificate c(der, QSsl::Der);
             std::cout<<"Certificate info: CN="
                      <<QString(c.subjectInfo(QSslCertificate::CommonName)
diff --git a/src/cryptoki.hxx b/src/cryptoki.hxx
index 38d97f6..c9eaa45 100644
--- a/src/cryptoki.hxx
+++ b/src/cryptoki.hxx
@@ -585,7 +585,10 @@ namespace cryptoki {
           firmwareVersion(cInfo.firmwareVersion) {
       }
   };
-  
+
+  struct TokenInfo; // forward declaration
+  std::ostream& operator<<(std::ostream& out, const TokenInfo& ti);
+
   struct TokenInfo {
       FixString<32> label;
       FixString<32> manufacturerID;
@@ -607,6 +610,7 @@ namespace cryptoki {
       FixString<16> utcTime;
 
       TokenInfo() {
+        CRYPTOLOG("log");
       }
       
       //! Convert C-Structure of Token Information Into C++
@@ -629,8 +633,34 @@ namespace cryptoki {
           hardwareVersion(cInfo.hardwareVersion),
           firmwareVersion(cInfo.firmwareVersion),
           utcTime(cInfo.utcTime) {
+        CRYPTOLOG("log *this={"<<std::endl<<*this);//<<std::endl<<'}');
       }
+
   };
+
+  std::ostream& operator<<(std::ostream& out, const TokenInfo& ti) {
+    return out
+      <<"label="<<ti.label<<std::endl
+      <<"manufacturerID="<<ti.manufacturerID<<std::endl
+      <<"model="<<ti.model<<std::endl
+      <<"serialNumber="<<ti.serialNumber<<std::endl
+      <<"flags="<<ti.flags<<std::endl
+      <<"maxSessionCount="<<ti.maxSessionCount<<std::endl
+      <<"sessionCount="<<ti.sessionCount<<std::endl
+      <<"maxRwSessionCount="<<ti.maxRwSessionCount<<std::endl
+      <<"rwSessionCount="<<ti.rwSessionCount<<std::endl
+      <<"maxPinLen="<<ti.maxPinLen<<std::endl
+      <<"minPinLen="<<ti.minPinLen<<std::endl
+      <<"totalPublicMemory="<<ti.totalPublicMemory<<std::endl
+      <<"freePublicMemory="<<ti.freePublicMemory<<std::endl
+      <<"totalPrivateMemory="<<ti.totalPrivateMemory<<std::endl
+      <<"freePrivateMemory="<<ti.freePrivateMemory<<std::endl
+      <<"hardwareVersion="<<ti.hardwareVersion.major<<'.'
+      <<ti.hardwareVersion.minor<<std::endl
+      <<"firmwareVersion="<<ti.firmwareVersion.major<<'.'
+      <<ti.firmwareVersion.minor<<std::endl
+      <<"utcTime="<<ti.utcTime;
+  }
   
   struct Info {
       CK_VERSION cryptokiVersion;
@@ -916,7 +946,8 @@ namespace cryptoki {
         //! calls @c C_GetSlotInfo
         if (!check(_library->C_GetSlotInfo(_slot, &cInfo),
                    CRYPTOKI_FN_LOG("C_GetSlotInfo")))
-          return SlotInfo(cInfo);
+          return SlotInfo();
+        return SlotInfo(cInfo);
       }
 
       //! Read Token Information
@@ -926,7 +957,8 @@ namespace cryptoki {
         CK_TOKEN_INFO cInfo;
         if (!check(_library->C_GetTokenInfo(_slot, &cInfo),
                    CRYPTOKI_FN_LOG("C_GetTokenInfo")))
-          return TokenInfo(cInfo);
+          return TokenInfo();
+        return TokenInfo(cInfo);
       }
 
       /*! @bug does not compile:
@@ -1266,7 +1298,27 @@ namespace cryptoki {
           - @c ulDeviceError An error code defined by the
             cryptographic device. Used for errors not covered by
           Cryptoki. */
-      typedef CK_SESSION_INFO Info;
+      struct Info: public  CK_SESSION_INFO {
+          Info(const CK_SESSION_INFO& si): CK_SESSION_INFO(si) {
+          }
+          bool readonly() {
+            return !readwrite();
+          }
+          bool readwrite() {
+            return flags|CKF_RW_SESSION;
+          }
+          std::string stateString() {
+            switch (state) {
+              case 0: return "CKS_RO_PUBLIC_SESSION";
+              case 1: return "CKS_RO_USER_FUNCTIONS";
+              case 2: return "CKS_RW_PUBLIC_SESSION ";
+              case 3: return "CKS_RW_USER_FUNCTIONS";
+              case 4: return "CKS_RW_SO_FUNCTIONS";
+              default: return "<UNKNOWN>";
+            }
+          }
+      };
+
           
       /** @return session information */
       Info getsessioninfo() {
@@ -1278,17 +1330,6 @@ namespace cryptoki {
         return info;
       }
 
-      std::string state(const Info& info) {
-        switch (info.state) {
-          case 0: return "CKS_RO_PUBLIC_SESSION";
-          case 1: return "CKS_RO_USER_FUNCTIONS";
-          case 2: return "CKS_RW_PUBLIC_SESSION ";
-          case 3: return "CKS_RW_USER_FUNCTIONS";
-          case 4: return "CKS_RW_SO_FUNCTIONS";
-          default: return "<UNKNOWN>";
-        }
-      }
-
       /*! @todo Not implemented:
           @code
       bool initpin() {
diff --git a/src/suisseid.hxx b/src/suisseid.hxx
index ea2aec0..fb0647a 100644
--- a/src/suisseid.hxx
+++ b/src/suisseid.hxx
@@ -75,6 +75,9 @@ namespace suisseid {
 
       */
 
+  /// List of DER encoded binary certificates
+  typedef std::vector<std::string> Certificates;
+  
   //! Represents a SuisseID Card
   /*! This is the parent class for special classes for the respecive
       SuisseID providers. */
@@ -123,6 +126,26 @@ namespace suisseid {
         return MISSING;
       }
 
+      cryptoki::Session session() {
+        return cryptoki::Session(slot());
+      }
+
+      cryptoki::Session::Info sessionInfo() {
+        return session().getsessioninfo();
+      }
+
+      /// @returns Certificates in DER format.
+      Certificates certificates() {
+        Certificates res;
+        cryptoki::ObjectList certs
+          (session().find(cryptoki::Attribute(CKA_CLASS)
+                          .from<CK_OBJECT_CLASS>(CKO_CERTIFICATE)));
+        for (cryptoki::ObjectList::iterator cert(certs.begin());
+             cert!=certs.end(); ++cert)
+          res.push_back(cert->attribute(CKA_VALUE).value);
+        return res;
+      }
+
     protected:
       
       cryptoki::Library _cryptoki;