better interface to get binary certificates; refs #28

master
Marc Wäckerlin 11 years ago
parent d8f6abe3ce
commit e8c230ce1b
  1. 16
      doc/examples/suisse-id-demo.cxx
  2. 69
      src/cryptoki.hxx
  3. 23
      src/suisseid.hxx

@ -37,17 +37,14 @@ int main(int argc, char** argv) try {
<<" SigG: "<<(*card)->sigGPinRetries()<<std::endl
<<" Transport: "<<(*card)->transportPinRetries()<<std::endl
<<" PUK: "<<(*card)->pukRetries()<<std::endl;
cryptoki::Session session((*card)->slot());
cryptoki::Session::Info info(session.getsessioninfo());
cryptoki::Session::Info info((*card)->sessionInfo());
std::cout<<" Session:"<<std::endl
<<" Slot: "<<info.slotID<<std::endl
<<" State: "<<session.state(info)<<std::endl
<<" Flags: "<<((info.flags|CKF_RW_SESSION)
<<" State: "<<info.stateString()<<std::endl
<<" Flags: "<<(info.readwrite()
?"read/write":"read only")<<std::endl
<<" Device Error: "<<info.ulDeviceError<<std::endl;
cryptoki::ObjectList certs
(session.find(cryptoki::Attribute(CKA_CLASS)
.from<CK_OBJECT_CLASS>(CKO_CERTIFICATE)));
suisseid::Certificates certs((*card)->certificates());
std::cout<<" Certificates: "<<certs.size()<<std::endl;
std::cout<<"--------------------------------------------------"<<std::endl
<<"Your Order Sir:"<<std::endl
@ -81,10 +78,9 @@ int main(int argc, char** argv) try {
TextualCycle check(*card);
check.installCerts(true);
} else if (choice=="z") {
for (cryptoki::ObjectList::iterator cert(certs.begin());
for (suisseid::Certificates::iterator cert(certs.begin());
cert!=certs.end(); ++cert) {
std::string data(cert->attribute(CKA_VALUE).value);
QByteArray der(QByteArray(data.data(), data.size()));
QByteArray der(QByteArray(cert->data(), cert->size()));
QSslCertificate c(der, QSsl::Der);
std::cout<<"Certificate info: CN="
<<QString(c.subjectInfo(QSslCertificate::CommonName)

@ -586,6 +586,9 @@ namespace cryptoki {
}
};
struct TokenInfo; // forward declaration
std::ostream& operator<<(std::ostream& out, const TokenInfo& ti);
struct TokenInfo {
FixString<32> label;
FixString<32> manufacturerID;
@ -607,6 +610,7 @@ namespace cryptoki {
FixString<16> utcTime;
TokenInfo() {
CRYPTOLOG("log");
}
//! Convert C-Structure of Token Information Into C++
@ -629,9 +633,35 @@ namespace cryptoki {
hardwareVersion(cInfo.hardwareVersion),
firmwareVersion(cInfo.firmwareVersion),
utcTime(cInfo.utcTime) {
CRYPTOLOG("log *this={"<<std::endl<<*this);//<<std::endl<<'}');
}
};
std::ostream& operator<<(std::ostream& out, const TokenInfo& ti) {
return out
<<"label="<<ti.label<<std::endl
<<"manufacturerID="<<ti.manufacturerID<<std::endl
<<"model="<<ti.model<<std::endl
<<"serialNumber="<<ti.serialNumber<<std::endl
<<"flags="<<ti.flags<<std::endl
<<"maxSessionCount="<<ti.maxSessionCount<<std::endl
<<"sessionCount="<<ti.sessionCount<<std::endl
<<"maxRwSessionCount="<<ti.maxRwSessionCount<<std::endl
<<"rwSessionCount="<<ti.rwSessionCount<<std::endl
<<"maxPinLen="<<ti.maxPinLen<<std::endl
<<"minPinLen="<<ti.minPinLen<<std::endl
<<"totalPublicMemory="<<ti.totalPublicMemory<<std::endl
<<"freePublicMemory="<<ti.freePublicMemory<<std::endl
<<"totalPrivateMemory="<<ti.totalPrivateMemory<<std::endl
<<"freePrivateMemory="<<ti.freePrivateMemory<<std::endl
<<"hardwareVersion="<<ti.hardwareVersion.major<<'.'
<<ti.hardwareVersion.minor<<std::endl
<<"firmwareVersion="<<ti.firmwareVersion.major<<'.'
<<ti.firmwareVersion.minor<<std::endl
<<"utcTime="<<ti.utcTime;
}
struct Info {
CK_VERSION cryptokiVersion;
FixString<32> manufacturerID;
@ -916,7 +946,8 @@ namespace cryptoki {
//! calls @c C_GetSlotInfo
if (!check(_library->C_GetSlotInfo(_slot, &cInfo),
CRYPTOKI_FN_LOG("C_GetSlotInfo")))
return SlotInfo(cInfo);
return SlotInfo();
return SlotInfo(cInfo);
}
//! Read Token Information
@ -926,7 +957,8 @@ namespace cryptoki {
CK_TOKEN_INFO cInfo;
if (!check(_library->C_GetTokenInfo(_slot, &cInfo),
CRYPTOKI_FN_LOG("C_GetTokenInfo")))
return TokenInfo(cInfo);
return TokenInfo();
return TokenInfo(cInfo);
}
/*! @bug does not compile:
@ -1266,7 +1298,27 @@ namespace cryptoki {
- @c ulDeviceError An error code defined by the
cryptographic device. Used for errors not covered by
Cryptoki. */
typedef CK_SESSION_INFO Info;
struct Info: public CK_SESSION_INFO {
Info(const CK_SESSION_INFO& si): CK_SESSION_INFO(si) {
}
bool readonly() {
return !readwrite();
}
bool readwrite() {
return flags|CKF_RW_SESSION;
}
std::string stateString() {
switch (state) {
case 0: return "CKS_RO_PUBLIC_SESSION";
case 1: return "CKS_RO_USER_FUNCTIONS";
case 2: return "CKS_RW_PUBLIC_SESSION ";
case 3: return "CKS_RW_USER_FUNCTIONS";
case 4: return "CKS_RW_SO_FUNCTIONS";
default: return "<UNKNOWN>";
}
}
};
/** @return session information */
Info getsessioninfo() {
@ -1278,17 +1330,6 @@ namespace cryptoki {
return info;
}
std::string state(const Info& info) {
switch (info.state) {
case 0: return "CKS_RO_PUBLIC_SESSION";
case 1: return "CKS_RO_USER_FUNCTIONS";
case 2: return "CKS_RW_PUBLIC_SESSION ";
case 3: return "CKS_RW_USER_FUNCTIONS";
case 4: return "CKS_RW_SO_FUNCTIONS";
default: return "<UNKNOWN>";
}
}
/*! @todo Not implemented:
@code
bool initpin() {

@ -75,6 +75,9 @@ namespace suisseid {
*/
/// List of DER encoded binary certificates
typedef std::vector<std::string> Certificates;
//! Represents a SuisseID Card
/*! This is the parent class for special classes for the respecive
SuisseID providers. */
@ -123,6 +126,26 @@ namespace suisseid {
return MISSING;
}
cryptoki::Session session() {
return cryptoki::Session(slot());
}
cryptoki::Session::Info sessionInfo() {
return session().getsessioninfo();
}
/// @returns Certificates in DER format.
Certificates certificates() {
Certificates res;
cryptoki::ObjectList certs
(session().find(cryptoki::Attribute(CKA_CLASS)
.from<CK_OBJECT_CLASS>(CKO_CERTIFICATE)));
for (cryptoki::ObjectList::iterator cert(certs.begin());
cert!=certs.end(); ++cert)
res.push_back(cert->attribute(CKA_VALUE).value);
return res;
}
protected:
cryptoki::Library _cryptoki;

Loading…
Cancel
Save