This library provides a simple and nice C++ wrapper around these libraries, so that programmers can concentrate on functionality. It offers general support for PCSC-lite, OpenSSL, PKCS#11, plus specific functionality for the SuisseID.
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
200 lines
5.4 KiB
200 lines
5.4 KiB
/*! @file |
|
|
|
@id $Id$ |
|
*/ |
|
// 1 2 3 4 5 6 7 8 |
|
// 45678901234567890123456789012345678901234567890123456789012345678901234567890 |
|
|
|
#ifndef __SUISSEID_HXX__ |
|
#define __SUISSEID_HXX__ |
|
|
|
#include <cardos.hxx> |
|
#include <cryptoki.hxx> |
|
#include <pcsc.hxx> |
|
#include <mrw/vector.hxx> |
|
#include <mrw/shared.hxx> |
|
|
|
/*! @defgroup gsuisseid C+ Wrapper to access SuisseID smart cards |
|
|
|
This library allows access to the Swiss digital identity cards |
|
(SuisseID). |
|
|
|
You need to include @ref suisseid.hxx, then start with class @ref |
|
suisseid::Scanner to scan for a list of SuisseID cards on the system. |
|
|
|
@see http://www.suisseid.ch |
|
@see http://postsuisseid.ch */ |
|
//@{ |
|
namespace suisseid { |
|
|
|
//! Represents a SuisseID Card |
|
/*! This is the parent class for special classes for the respecive |
|
SuisseID providers. */ |
|
class Card: public cardos::Commands { |
|
|
|
public: |
|
|
|
enum Status { |
|
TRANSPORT |
|
}; |
|
|
|
public: |
|
|
|
Card(mrw::Shared<pcsc::Connection::Reader> reader, |
|
mrw::Shared<cryptoki::Slot> slot): |
|
cardos::Commands(reader), |
|
_slot(slot) { |
|
} |
|
virtual ~Card() {} |
|
|
|
virtual unsigned int minimalPinLength() = 0; |
|
virtual unsigned int maximalPinLength() = 0; |
|
|
|
//! Name of the token/slot |
|
const std::string& name() { |
|
return _reader->name; |
|
} |
|
|
|
/// Version of the card |
|
virtual std::string version() { |
|
return "<unknown>"; |
|
} |
|
|
|
private: |
|
|
|
mrw::Shared<cryptoki::Slot> _slot; |
|
|
|
}; |
|
|
|
//! Instance of a Post SuisseID smartcard. |
|
/*! A SuisseID card issued by Swiss Post. |
|
@see http://postsuisseid.ch */ |
|
class PostSuisseID: public Card { |
|
|
|
public: |
|
|
|
PostSuisseID(mrw::Shared<pcsc::Connection::Reader> reader, |
|
mrw::Shared<cryptoki::Slot> slot): |
|
Card(reader, slot), _minPinLen(0), _maxPinLen(-1) { |
|
} |
|
|
|
virtual unsigned int minimalPinLength() { |
|
if (_minPinLen==0) evaluatePinLengths(); |
|
return _minPinLen; |
|
} |
|
|
|
virtual unsigned int maximalPinLength() { |
|
if (_maxPinLen==-1) evaluatePinLengths(); |
|
return _maxPinLen; |
|
} |
|
|
|
std::string version() { |
|
if (_version.size()) return _version; // cache the version |
|
pcsc::Connection::Reader::Transaction lock(_reader); |
|
try { |
|
selectMfFile("5649"); |
|
return _version = cardos::BerValue(readBinary())[0].value(); |
|
} catch (...) { |
|
return _version = "<unknown>"; |
|
} |
|
} |
|
|
|
private: |
|
|
|
void evaluatePinLengths() { |
|
pcsc::Connection::Reader::Transaction lock(_reader); |
|
selectPkcs15File("4408"); |
|
cardos::BerValues res(readBerFile()); |
|
for (cardos::BerValues::iterator it(res.begin()); it!=res.end(); ++it) |
|
if ((*it)[0][0].value()=="PIN" || |
|
(*it)[0][0].value()=="Digital Signature PIN") { |
|
if ((*it)[2][0][2].toULong()>_minPinLen) |
|
_minPinLen = (*it)[2][0][2].toULong(); |
|
if ((*it)[2][0][4].toULong()<_maxPinLen) |
|
_maxPinLen = (*it)[2][0][4].toULong(); |
|
} |
|
} |
|
|
|
private: |
|
|
|
std::string _version; // version is cached |
|
unsigned int _minPinLen; // minimal PIN length is cached |
|
unsigned int _maxPinLen; // maximal PIN length is cached |
|
}; |
|
|
|
//! List of cards, returned by @ref suisseid::Scanner::scan. |
|
typedef std::vector<mrw::Shared<Card> > Cards; |
|
|
|
//! Auxiliary SuisseID card manager. |
|
/** Use this manager to scan your system for SuisseID cards. |
|
|
|
Usage Example: |
|
|
|
@code |
|
#include <suisseid.hxx> |
|
#include <iostream> |
|
|
|
[...] |
|
|
|
try { |
|
suisseid::Cards cards(suisseid::Scanner().scan()); |
|
for (auto card(cards.begin()); card!=cards.end(); ++card) |
|
std::cout<<"Found SuisseID: "<<(*card)->name()<<std::endl; |
|
return 0; |
|
} catch (std::exception& x) { |
|
std::cerr<<"**** ERROR in "<<*argv<<": "<<x.what()<<std::endl; |
|
return 1; |
|
} |
|
@endcode */ |
|
class Scanner { |
|
|
|
public: |
|
|
|
Scanner(const std::string& lib="libcvP11.so"): |
|
_cryptoki(lib) { |
|
} |
|
|
|
Scanner(const pcsc::Connection& pcsc, |
|
const std::string& lib="libcvP11.so"): |
|
_pcsc(pcsc), |
|
_cryptoki(lib) { |
|
} |
|
|
|
Scanner(const cryptoki::Library& cryptoki): |
|
_cryptoki(cryptoki) { |
|
} |
|
|
|
Scanner(const pcsc::Connection& pcsc, |
|
const cryptoki::Library& cryptoki): |
|
_pcsc(pcsc), |
|
_cryptoki(cryptoki) { |
|
} |
|
|
|
/// Scan for available known SuisseID cards on the system. |
|
/** @return List of detected SuisseID smart cards. */ |
|
Cards scan() { |
|
Cards res; |
|
// By now, scan only for PostSuisseID; in future use factory pattern |
|
pcsc::Connection::Strings readers |
|
(_pcsc.getReadersWithAtr("4b53776973735369676e")); |
|
for (pcsc::Connection::Strings::iterator reader(readers.begin()); |
|
reader!=readers.end(); ++reader) { |
|
cryptoki::SlotList slots(_cryptoki.slotList(true, *reader)); |
|
if (slots.size()==1) |
|
res.push_back(dynamic_cast<Card*> |
|
(new PostSuisseID(_pcsc.reader(*reader), slots[0]))); |
|
} |
|
return res; |
|
} |
|
|
|
private: |
|
|
|
pcsc::Connection _pcsc; |
|
cryptoki::Library _cryptoki; |
|
|
|
}; |
|
|
|
} |
|
//@} |
|
|
|
#endif
|
|
|