better interface to get binary certificates; refs #28

2014-01-22 15:14:36 +00:00
parent d8f6abe3ce
commit e8c230ce1b
3 changed files with 85 additions and 25 deletions
--- a/doc/examples/suisse-id-demo.cxx
+++ b/doc/examples/suisse-id-demo.cxx
@@ -37,17 +37,14 @@ int main(int argc, char** argv) try {
               <<"    SigG:        "<<(*card)->sigGPinRetries()<<std::endl
               <<"    Transport:   "<<(*card)->transportPinRetries()<<std::endl
               <<"    PUK:         "<<(*card)->pukRetries()<<std::endl;
-      cryptoki::Session session((*card)->slot());
-      cryptoki::Session::Info info(session.getsessioninfo());
+      cryptoki::Session::Info info((*card)->sessionInfo());
      std::cout<<"  Session:"<<std::endl
               <<"    Slot:        "<<info.slotID<<std::endl
-               <<"    State:       "<<session.state(info)<<std::endl
-               <<"    Flags:       "<<((info.flags|CKF_RW_SESSION)
+               <<"    State:       "<<info.stateString()<<std::endl
+               <<"    Flags:       "<<(info.readwrite()
                                       ?"read/write":"read only")<<std::endl
               <<"    Device Error: "<<info.ulDeviceError<<std::endl;
-      cryptoki::ObjectList certs
-        (session.find(cryptoki::Attribute(CKA_CLASS)
-                      .from<CK_OBJECT_CLASS>(CKO_CERTIFICATE)));
+      suisseid::Certificates certs((*card)->certificates());
      std::cout<<"  Certificates:   "<<certs.size()<<std::endl;
      std::cout<<"--------------------------------------------------"<<std::endl
               <<"Your Order Sir:"<<std::endl
@@ -81,10 +78,9 @@ int main(int argc, char** argv) try {
          TextualCycle check(*card);
          check.installCerts(true);
        } else if (choice=="z") {
-          for (cryptoki::ObjectList::iterator cert(certs.begin());
+          for (suisseid::Certificates::iterator cert(certs.begin());
               cert!=certs.end(); ++cert) {
-            std::string data(cert->attribute(CKA_VALUE).value);
-            QByteArray der(QByteArray(data.data(), data.size()));
+            QByteArray der(QByteArray(cert->data(), cert->size()));
            QSslCertificate c(der, QSsl::Der);
            std::cout<<"Certificate info: CN="
                     <<QString(c.subjectInfo(QSslCertificate::CommonName)
--- a/src/cryptoki.hxx
+++ b/src/cryptoki.hxx
@@ -586,6 +586,9 @@ namespace cryptoki {
      }
  };

+  struct TokenInfo; // forward declaration
+  std::ostream& operator<<(std::ostream& out, const TokenInfo& ti);
+
  struct TokenInfo {
      FixString<32> label;
      FixString<32> manufacturerID;
@@ -607,6 +610,7 @@ namespace cryptoki {
      FixString<16> utcTime;

      TokenInfo() {
+        CRYPTOLOG("log");
      }
      
      //! Convert C-Structure of Token Information Into C++
@@ -629,9 +633,35 @@ namespace cryptoki {
          hardwareVersion(cInfo.hardwareVersion),
          firmwareVersion(cInfo.firmwareVersion),
          utcTime(cInfo.utcTime) {
+        CRYPTOLOG("log *this={"<<std::endl<<*this);//<<std::endl<<'}');
      }
+
  };

+  std::ostream& operator<<(std::ostream& out, const TokenInfo& ti) {
+    return out
+      <<"label="<<ti.label<<std::endl
+      <<"manufacturerID="<<ti.manufacturerID<<std::endl
+      <<"model="<<ti.model<<std::endl
+      <<"serialNumber="<<ti.serialNumber<<std::endl
+      <<"flags="<<ti.flags<<std::endl
+      <<"maxSessionCount="<<ti.maxSessionCount<<std::endl
+      <<"sessionCount="<<ti.sessionCount<<std::endl
+      <<"maxRwSessionCount="<<ti.maxRwSessionCount<<std::endl
+      <<"rwSessionCount="<<ti.rwSessionCount<<std::endl
+      <<"maxPinLen="<<ti.maxPinLen<<std::endl
+      <<"minPinLen="<<ti.minPinLen<<std::endl
+      <<"totalPublicMemory="<<ti.totalPublicMemory<<std::endl
+      <<"freePublicMemory="<<ti.freePublicMemory<<std::endl
+      <<"totalPrivateMemory="<<ti.totalPrivateMemory<<std::endl
+      <<"freePrivateMemory="<<ti.freePrivateMemory<<std::endl
+      <<"hardwareVersion="<<ti.hardwareVersion.major<<'.'
+      <<ti.hardwareVersion.minor<<std::endl
+      <<"firmwareVersion="<<ti.firmwareVersion.major<<'.'
+      <<ti.firmwareVersion.minor<<std::endl
+      <<"utcTime="<<ti.utcTime;
+  }
+  
  struct Info {
      CK_VERSION cryptokiVersion;
      FixString<32> manufacturerID;
@@ -916,7 +946,8 @@ namespace cryptoki {
        //! calls @c C_GetSlotInfo
        if (!check(_library->C_GetSlotInfo(_slot, &cInfo),
                   CRYPTOKI_FN_LOG("C_GetSlotInfo")))
-          return SlotInfo(cInfo);
+          return SlotInfo();
+        return SlotInfo(cInfo);
      }

      //! Read Token Information
@@ -926,7 +957,8 @@ namespace cryptoki {
        CK_TOKEN_INFO cInfo;
        if (!check(_library->C_GetTokenInfo(_slot, &cInfo),
                   CRYPTOKI_FN_LOG("C_GetTokenInfo")))
-          return TokenInfo(cInfo);
+          return TokenInfo();
+        return TokenInfo(cInfo);
      }

      /*! @bug does not compile:
@@ -1266,7 +1298,27 @@ namespace cryptoki {
          - @c ulDeviceError An error code defined by the
            cryptographic device. Used for errors not covered by
          Cryptoki. */
-      typedef CK_SESSION_INFO Info;
+      struct Info: public  CK_SESSION_INFO {
+          Info(const CK_SESSION_INFO& si): CK_SESSION_INFO(si) {
+          }
+          bool readonly() {
+            return !readwrite();
+          }
+          bool readwrite() {
+            return flags|CKF_RW_SESSION;
+          }
+          std::string stateString() {
+            switch (state) {
+              case 0: return "CKS_RO_PUBLIC_SESSION";
+              case 1: return "CKS_RO_USER_FUNCTIONS";
+              case 2: return "CKS_RW_PUBLIC_SESSION ";
+              case 3: return "CKS_RW_USER_FUNCTIONS";
+              case 4: return "CKS_RW_SO_FUNCTIONS";
+              default: return "<UNKNOWN>";
+            }
+          }
+      };
+
          
      /** @return session information */
      Info getsessioninfo() {
@@ -1278,17 +1330,6 @@ namespace cryptoki {
        return info;
      }

-      std::string state(const Info& info) {
-        switch (info.state) {
-          case 0: return "CKS_RO_PUBLIC_SESSION";
-          case 1: return "CKS_RO_USER_FUNCTIONS";
-          case 2: return "CKS_RW_PUBLIC_SESSION ";
-          case 3: return "CKS_RW_USER_FUNCTIONS";
-          case 4: return "CKS_RW_SO_FUNCTIONS";
-          default: return "<UNKNOWN>";
-        }
-      }
-
      /*! @todo Not implemented:
          @code
      bool initpin() {
--- a/src/suisseid.hxx
+++ b/src/suisseid.hxx
@@ -75,6 +75,9 @@ namespace suisseid {

      */

+  /// List of DER encoded binary certificates
+  typedef std::vector<std::string> Certificates;
+  
  //! Represents a SuisseID Card
  /*! This is the parent class for special classes for the respecive
      SuisseID providers. */
@@ -123,6 +126,26 @@ namespace suisseid {
        return MISSING;
      }

+      cryptoki::Session session() {
+        return cryptoki::Session(slot());
+      }
+
+      cryptoki::Session::Info sessionInfo() {
+        return session().getsessioninfo();
+      }
+
+      /// @returns Certificates in DER format.
+      Certificates certificates() {
+        Certificates res;
+        cryptoki::ObjectList certs
+          (session().find(cryptoki::Attribute(CKA_CLASS)
+                          .from<CK_OBJECT_CLASS>(CKO_CERTIFICATE)));
+        for (cryptoki::ObjectList::iterator cert(certs.begin());
+             cert!=certs.end(); ++cert)
+          res.push_back(cert->attribute(CKA_VALUE).value);
+        return res;
+      }
+
    protected:
      
      cryptoki::Library _cryptoki;