security
/
tokentool
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
GUI tool to display PKCS#11 crypto token information. Specially designed fot SuisseID.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
1 Branch
0 Tags
11 MiB
 
 
 
 
Tag: Branch: Tree: 928cfd8f8e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '928cfd8f8e'
${ noResults }
tokentool/src/tokentool.hxx

442 lines
17 KiB
Raw Blame History

/*! @file
@id $Id$
*/
// 1 2 3 4 5 6 7 8
// 45678901234567890123456789012345678901234567890123456789012345678901234567890
#ifndef __Tokentool_HXX__
#define __Tokentool_HXX__
#include <QMainWindow>
#include <QMessageBox>
#include <QProgressBar>
#include <QDateTime>
#include <QSslCertificate>
#include <ui_tokentool.hxx>
#include <memory>
#include <QDebug>
#include <cryptoki.hxx>
#if QT_VERSION >= 0x050000
namespace QSsl {
typedef AlternativeNameEntryType AlternateNameEntryType;
}
#endif
inline QString qs(const std::string& s) {
return QString::fromStdString(s);
}
template<std::string::size_type SIZE>
QString qs(const cryptoki::FixString<SIZE>& s) {
return QString::fromStdString(s);
}
class Progress: public QProgressBar {
public:
Progress() {
reset();
}
Progress& steps(int incr) {
setMaximum(maximum()+incr);
setVisible(value()<maximum());
return *this;
}
Progress& operator++() {
setValue(value()+1);
setVisible(value()<maximum());
if (value()>=maximum()) {
setMaximum(0);
setValue(0);
}
return *this;
}
Progress& reset() {
setMinimum(0);
setMaximum(0);
setValue(0);
setVisible(false);
return *this;
}
};
class tokentool: public QMainWindow, protected Ui::tokentool {
Q_OBJECT;
public:
tokentool(std::string lib="libcvP11.so", QWidget* p=0):
QMainWindow(p), _slot(0), _progress(new Progress) {
try {
setupUi(this);
statusBar()->addPermanentWidget(_progress, 2);
show();
_progress->steps(3);
_cryptoki = std::auto_ptr<cryptoki::Library>(new cryptoki::Library(lib));
++*_progress;
_certificates->addAction(actionDeleteSelectedCertificate);
libraryInfo(lib);
++*_progress;
on_actionRescan_triggered();
++*_progress;
} catch (...) {
QMessageBox::critical(this, tr("Initialization Failed"),
tr("SmardCard Initialization Failed"));
}
}
private Q_SLOTS:
void on_actionRescan_triggered() {
qDebug()<<__PRETTY_FUNCTION__;
static bool lock(false);
if (lock) return;
lock = true;
try {
_slot = 0;
_slots->clear();
_slotList = _cryptoki->slotList(false);
_progress->steps(_slotList.size());
for (cryptoki::SlotList::iterator it(_slotList.begin());
it!=_slotList.end(); ++it) {
qDebug()<<"Add Slot";
QAction* a(_slots->addAction(qs(it->slotinfo().slotDescription)));
a->setCheckable(true);
a->setData((qulonglong)&*it);
assert(connect(a, SIGNAL(triggered(bool)), SLOT(chosen(bool))));
if (!_slot) a->trigger();
++*_progress;
}
qDebug()<<"DONE";
} catch (...) {} // ignore
lock = false;
on__certificates_itemSelectionChanged();
}
void on_actionDeleteSelectedCertificate_triggered() {
QList<QTreeWidgetItem*> items(_certificates->selectedItems());
if (items.size()>0) deleteCert(items[0]);
}
void on__certificates_itemSelectionChanged() {
actionDeleteSelectedCertificate
->setEnabled(_certificates->selectedItems().size()
&&!_pin->text().isEmpty());
}
void on__pin_textChanged(const QString&) {
on__certificates_itemSelectionChanged();
}
void chosen(bool) {
_pin->clear();
QAction* a(qobject_cast<QAction*>(sender()));
a->setChecked(true);
QMenu* m(qobject_cast<QMenu*>(a->parent()));
QObjectList actions(m->children());
for (QObjectList::iterator it(actions.begin());it!=actions.end(); ++it)
if (qobject_cast<QAction*>(*it)!=a)
qobject_cast<QAction*>(*it)->setChecked(false);
_slot = (cryptoki::Slot*)a->data().toLongLong();
setup();
}
void setup() {
try {
_progress->steps(3);
slotInfo();
++*_progress;
tokenInfo();
++*_progress;
certificates();
++*_progress;
objects();
} catch (...) {
_progress->reset();
on_actionRescan_triggered();
}
}
void libraryInfo(std::string lib) {
_soname->setText(qs(lib));
cryptoki::Info inf(_cryptoki->info());
_libraryCryptokiVersion->setText(QString("%1.%2")
.arg(inf.cryptokiVersion.major)
.arg(inf.cryptokiVersion.minor));
_libraryManufacturerID->setText(qs(inf.manufacturerID));
_libraryDescription->setText(qs(inf.libraryDescription));
_libraryVersion->setText(QString("%1.%2")
.arg(inf.libraryVersion.major)
.arg(inf.libraryVersion.minor));
}
void slotInfo() {
try {
if (!_slot) return;
_hardware->setTabEnabled(1, true);
cryptoki::SlotInfo slotInfo(_slot->slotinfo());
_slotDescription->setText(qs(slotInfo.slotDescription));
_slotManufacturerID->setText(qs(slotInfo.manufacturerID));
_slotHardwareVersion->setText(QString("%1.%2")
.arg(slotInfo.hardwareVersion.major)
.arg(slotInfo.hardwareVersion.minor));
_slotFirmwareVersion->setText(QString("%1.%2")
.arg(slotInfo.firmwareVersion.major)
.arg(slotInfo.firmwareVersion.minor));
_tokenPresent->setEnabled(slotInfo.flags&CKF_TOKEN_PRESENT);
_removableDevice->setEnabled(slotInfo.flags&CKF_REMOVABLE_DEVICE);
_hwSlot->setEnabled(slotInfo.flags&CKF_HW_SLOT);
} catch (...) {
_hardware->setTabEnabled(1, false);
}
}
void tokenInfo() {
try {
if (!_slot) return;
_hardware->setTabEnabled(2, true);
_hardware->setTabEnabled(3, true);
cryptoki::TokenInfo tokenInfo(_slot->tokeninfo());
_tokenLabel->setText(qs(tokenInfo.label));
_tokenManufacturerID->setText(qs(tokenInfo.manufacturerID));
_tokenModel->setText(qs(tokenInfo.model));
_tokenSerialNumber->setText(qs(tokenInfo.serialNumber));
_tokenSessionCount->setText(QString("%2/%1")
.arg(qs(cryptoki::string
(tokenInfo.maxSessionCount)))
.arg(qs(cryptoki::string
(tokenInfo.sessionCount))));
_tokenRWSessionCount->setText(QString("%2/%1")
.arg(qs(cryptoki::string
(tokenInfo.maxRwSessionCount)))
.arg(qs(cryptoki::string
(tokenInfo.rwSessionCount))));
_tokenPinLen->setText(QString("%2-%1")
.arg(tokenInfo.maxPinLen)
.arg(tokenInfo.minPinLen));
_tokenPublicMemory->setText(QString("%2/%1")
.arg(qs(cryptoki::string
(tokenInfo.totalPublicMemory)))
.arg(qs(cryptoki::string
(tokenInfo.freePublicMemory))));
_tokenPrivateMemory->setText(QString("%2/%1")
.arg(qs(cryptoki::string
(tokenInfo.totalPrivateMemory)))
.arg(qs(cryptoki::string
(tokenInfo.freePrivateMemory))));
_tokenHardwareVersion->setText(QString("%1.%2")
.arg(tokenInfo.hardwareVersion.major)
.arg(tokenInfo.hardwareVersion.minor));
_tokenFirmwareVersion->setText(QString("%1.%2")
.arg(tokenInfo.firmwareVersion.major)
.arg(tokenInfo.firmwareVersion.minor));
_tokenUTCTime->setText(qs(tokenInfo.utcTime));
_tokenUTCTime->setVisible(tokenInfo.flags&CKF_CLOCK_ON_TOKEN);
_rng->setEnabled(tokenInfo.flags&CKF_RNG);
_writeProtected->setEnabled(tokenInfo.flags&CKF_WRITE_PROTECTED);
_loginRequired->setEnabled(tokenInfo.flags&CKF_LOGIN_REQUIRED);
_userPinInitialized->setEnabled
(tokenInfo.flags&CKF_USER_PIN_INITIALIZED);
_restoreKeyNotNeeded->setEnabled
(tokenInfo.flags&CKF_RESTORE_KEY_NOT_NEEDED);
_clockOnToken->setEnabled(tokenInfo.flags&CKF_CLOCK_ON_TOKEN);
_protectedAuthenticationPath->setEnabled
(tokenInfo.flags&CKF_PROTECTED_AUTHENTICATION_PATH);
_dualCryptoOperations->setEnabled
(tokenInfo.flags&CKF_DUAL_CRYPTO_OPERATIONS);
_tokenInitialized->setEnabled(tokenInfo.flags&CKF_TOKEN_INITIALIZED);
_secondaryAuthentication->setEnabled
(tokenInfo.flags&CKF_SECONDARY_AUTHENTICATION);
_userPinCountLow->setEnabled(tokenInfo.flags&CKF_USER_PIN_COUNT_LOW);
_userPinFinalTry->setEnabled(tokenInfo.flags&CKF_USER_PIN_FINAL_TRY);
_userPinLocked->setEnabled(tokenInfo.flags&CKF_USER_PIN_LOCKED);
_userPinToBeChanged->setEnabled
(tokenInfo.flags&CKF_USER_PIN_TO_BE_CHANGED);
_soPinCountLow->setEnabled(tokenInfo.flags&CKF_SO_PIN_COUNT_LOW);
_soPinFinalTry->setEnabled(tokenInfo.flags&CKF_SO_PIN_FINAL_TRY);
_soPinLocked->setEnabled(tokenInfo.flags&CKF_SO_PIN_LOCKED);
_soPinToBeChanged->setEnabled(tokenInfo.flags&CKF_SO_PIN_TO_BE_CHANGED);
} catch (...) {
_hardware->setTabEnabled(2, false);
_hardware->setTabEnabled(3, false);
}
}
void certificates() {
try {
_certificates->clear();
if (!_slot) return;
_certificates->setEnabled(true);
cryptoki::Session session(*_slot);
cryptoki::ObjectList certs
(session.find(cryptoki::Attribute(CKA_CLASS)
.from<CK_OBJECT_CLASS>(CKO_CERTIFICATE)));
_progress->steps(certs.size());
for (cryptoki::ObjectList::iterator cert(certs.begin());
cert!=certs.end(); ++cert) {
std::string data(cert->attribute(CKA_VALUE).value);
QByteArray der(QByteArray(data.data(), data.size()));
QSslCertificate c(der, QSsl::Der);
addCertificate(cert->attribute(CKA_LABEL).value,
crypto::hex(cert->attribute(CKA_ID).value), c);
++*_progress;
}
} catch (...) {
_certificates->setEnabled(false);
}
}
void objects() {
try {
_objects->clear();
if (!_slot) return;
_objects->setEnabled(true);
cryptoki::Session session(*_slot);
cryptoki::ObjectList objs(session.find());
_progress->steps(objs.size());
for (cryptoki::ObjectList::iterator obj(objs.begin());
obj!=objs.end(); ++obj) {
_objects->addTopLevelItem
(new QTreeWidgetItem
(QStringList()
<<qs(obj->attribute(CKA_LABEL).value)
<<qs(crypto::hex(obj->attribute(CKA_ID).value))));
++*_progress;
}
_objects->resizeColumnToContents(0);
_objects->resizeColumnToContents(1);
} catch (...) {
_objects->setEnabled(false);
}
}
void addCertificate(const std::string& label, const std::string& id,
const QSslCertificate& cert) {
if (cert.isNull()) return;
QTreeWidgetItem* c(new QTreeWidgetItem(QStringList()<<qs(label)));
c->setData(0, Qt::UserRole, qs(id));
_certificates->addTopLevelItem(c);
c->addChild
((new QTreeWidgetItem
(QStringList()<<tr("Valid Since")
<<cert.effectiveDate().toString(Qt::SystemLocaleLongDate))));
c->addChild
((new QTreeWidgetItem
(QStringList()<<tr("Valid Until")
<<cert.expiryDate().toString(Qt::SystemLocaleLongDate))));
c->addChild
((new QTreeWidgetItem
(QStringList()<<tr("Certificate Serial Number")
<<cert.serialNumber())));
QTreeWidgetItem *it(0);
c->addChild
((it = new QTreeWidgetItem(QStringList()<<tr("Subject Info")<<"")));
for (QSslCertificate::SubjectInfo
si(QSslCertificate::StateOrProvinceName);
si>=QSslCertificate::Organization;
si=(QSslCertificate::SubjectInfo)((int)si-1))
if (!cert.subjectInfo(si).isEmpty()) {
it->addChild
((new QTreeWidgetItem(subjectInfo(si)
<<utfConv(cert.subjectInfo(si)))));
}
it->setExpanded(true);
QMultiMap<QSsl::AlternateNameEntryType, QString>
#if QT_VERSION <0x050000
asns(cert.alternateSubjectNames())
#else
asns(cert.subjectAlternativeNames())
#endif
;
for (QMultiMap<QSsl::AlternateNameEntryType, QString>::iterator
asn(asns.begin()); asn!=asns.end(); ++asn)
it->addChild
((new QTreeWidgetItem
(QStringList()<<alternateName(asn.key())<<asn.value())));
c->addChild
((it = new QTreeWidgetItem(QStringList()<<tr("Issuer Info")<<"")));
for (QSslCertificate::SubjectInfo
si(QSslCertificate::StateOrProvinceName);
si>=QSslCertificate::Organization;
si=(QSslCertificate::SubjectInfo)((int)si-1))
if (!cert.issuerInfo(si).isEmpty())
it->addChild
((new QTreeWidgetItem(subjectInfo(si)
<<utfConv(cert.issuerInfo(si)))));
it->setExpanded(true);
_certificates->resizeColumnToContents(0);
_certificates->resizeColumnToContents(1);
}
private:
void deleteCert(QTreeWidgetItem* item) {
if (!_slot) return;
if (_pin->text().isEmpty()) {
QMessageBox::critical(this, tr("PIN required"), tr("Please enter PIN"));
return;
}
if (item->parent()) return deleteCert(item->parent());
QByteArray qid(QByteArray::fromHex(item->data(0, Qt::UserRole)
.toByteArray()));
std::string id(qid.data(), qid.size());
cryptoki::Session session(*_slot, true);
try {
session.login(_pin->text().toStdString());
} catch (...) {
QMessageBox::critical(this, tr("Login Failed"), tr("Wrong PIN"));
return;
}
cryptoki::ObjectList objs
(session.find(cryptoki::AttributeList()
<<cryptoki::Attribute(CKA_CLASS)
.from<CK_OBJECT_CLASS>(CKO_CERTIFICATE)
<<cryptoki::Attribute(CKA_ID, id)));
for (cryptoki::ObjectList::iterator obj(objs.begin());
obj!=objs.end(); ++obj) try {
obj->destroy();
} catch (const std::exception& e) {
QMessageBox::critical(this, tr("Delete Failed"),
tr("Certificate Deletion Failes"));
}
setup();
}
QString alternateName(QSsl::AlternateNameEntryType an) {
switch (an) {
case QSsl::EmailEntry: return tr("E-Mail");
case QSsl::DnsEntry: return tr("URL");
}
return tr("error", "unknown certificate subject alternate name");
}
QStringList subjectInfo(QSslCertificate::SubjectInfo si) {
QStringList res;
switch (si) {
case QSslCertificate::Organization:
res<<tr("Organization"); break;
case QSslCertificate::CommonName:
res<<tr("Common Name"); break;
case QSslCertificate::LocalityName:
res<<tr("Locality"); break;
case QSslCertificate::OrganizationalUnitName:
res<<tr("Organizational Unit"); break;
case QSslCertificate::CountryName:
res<<tr("Country"); break;
case QSslCertificate::StateOrProvinceName:
res<<tr("State or Province"); break;
default:
res<<tr("error", "unknown certificate subject info"); break;
}
return res;
}
QString utfConv(const QString& txt) {
QByteArray value(txt.toLatin1());
for (int i(-1); (i=value.indexOf("\\x"))!=-1 && i+3<value.size();)
value.replace(i, 4, QByteArray::fromHex(value.mid(i+2, 2)));
return QString::fromUtf8(value.data(), value.size());
}
QStringList utfConv(const QStringList& txts) {
QStringList res;
Q_FOREACH(QString txt, txts) {
QByteArray value(txt.toLatin1());
for (int i(-1); (i=value.indexOf("\\x"))!=-1 && i+3<value.size();) {
value.replace(i, 4, QByteArray::fromHex(value.mid(i+2, 2)));
res<<QString::fromUtf8(value.data(), value.size());
}
}
return res;
}
private:
std::auto_ptr<cryptoki::Library> _cryptoki;
cryptoki::SlotList _slotList;
cryptoki::Slot* _slot;
Progress* _progress;
};
#endif