-
Notifications
You must be signed in to change notification settings - Fork 1
/
SmartCardProject.cpp
189 lines (158 loc) · 6.36 KB
/
SmartCardProject.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
/*
islam turkoz - islam35
These codes show how to get a certificate and key from smart card.
This code blog is used to get the information(public key and certificate) from smart card.
Default password is "00000000"
Two third party dlls are using in SmartCardProject.cpp. "pkcs11engine.dll" and "pkcs11MiddlewareLibrary.dll".
pkcs11engine.dll for the "pkcs11 engine".
pkcs11MiddlewareLibrary.dll for the driver and "pkcs11 engine".
-pkcs11engine.dll is automatically installed in the directory where the program is installed. Embedded pkcs11.dll and External pkcs11.dll are used to get information from the smart card.
-Certificate
-Public Key infos
-pkcs11MiddlewareLibrary.dll may come automatically when the smart card is inserted or it may be distributed by the card issuer. This dll is used to connection to the smart card.
-Serial Number
-Token Infos
-Function Lists etc..
cert_info.certificate_ variable is for smart card certificate
privateKey_ is key infos
*/
EVP_PKEY* privateKey_;
struct CertStruct
{
const char* s_slot_cert_id_;
X509* certificate_;
};
struct CertStruct cert_info;
typedef struct pw_cb_data {
const void* password;
const char* prompt_info;
} PW_CB_DATA;
int getCertificateAndKey()
{
SSL_library_init();
SSL_load_error_strings();
ENGINE_load_dynamic();
ENGINE_register_all_complete();
ENGINE* smartCardEngine = ENGINE_by_id("dynamic");
if (smartCardEngine)
{
int ret = ENGINE_ctrl_cmd_string(smartCardEngine, "SO_PATH", "./pkcs11engine.dll", 0);
if (!ret)
{
Logger::instance().gWrite("getCertificateAndKey: Cannot set Engine SO_PATH.");
ENGINE_free(smartCardEngine);
smartCardEngine = NULL;
return 0;//SmartCardStatus::internalError;
}
ret = ENGINE_ctrl_cmd_string(smartCardEngine, "ID", "pkcs11", 0);
if (!ret)
{
Logger::instance().gWrite("getCertificateAndKey: Cannot set ID.");
ENGINE_free(smartCardEngine);
smartCardEngine = NULL;
return 0;//SmartCardStatus::internalError;
}
ret = ENGINE_ctrl_cmd_string(smartCardEngine, "LIST_ADD", "2", 0);
if (!ret)
{
Logger::instance().gWrite("getCertificateAndKey: Cannot set LIST_ADD.");
ENGINE_free(smartCardEngine);
smartCardEngine = NULL;
return 0;//SmartCardStatus::internalError;
}
ret = ENGINE_ctrl_cmd_string(smartCardEngine, "LOAD", NULL, 0);
if (!ret)
{
Logger::instance().gWrite("getCertificateAndKey: Cannot LOAD Engine.");
ENGINE_free(smartCardEngine);
smartCardEngine = NULL;
return 0;//SmartCardStatus::internalError;
}
ret = ENGINE_ctrl_cmd_string(smartCardEngine, "CLAIM_MODULE_TOKEN_FIPS", 0, 0);
if (!ret)
{
Logger::instance().gWrite("getCertificateAndKey: Cannot set CLAIM_MODULE_TOKEN_FIPS.");
ENGINE_free(smartCardEngine);
smartCardEngine = NULL;
return 0;//SmartCardStatus::internalError;
}
ret = ENGINE_ctrl_cmd_string(smartCardEngine, "MODULE_PATH", "./pkcs11MiddlewareLibrary.dll", 0);
if (!ret)
{
Logger::instance().gWrite("getCertificateAndKey: Cannot load PKCS11 middleware library.");
ENGINE_free(smartCardEngine);
smartCardEngine = NULL;
return 0;//SmartCardStatus::dllNotLoaded;
}
ret = ENGINE_ctrl_cmd_string(smartCardEngine, "PIN", "00000000", 0);
if (!ret)
{
Logger::instance().gWrite("getCertificateAndKey: Cannot set PIN.");
ENGINE_free(smartCardEngine);
smartCardEngine = NULL;
return 0;//SmartCardStatus::passwordNOK;
}
ret = ENGINE_ctrl_cmd_string(smartCardEngine, "FORCE_LOGIN", 0, 0);
if (!ret)
{
Logger::instance().gWrite("getCertificateAndKey: Cannot run FORCE_LOGIN command.");
ENGINE_free(smartCardEngine);
smartCardEngine = NULL;
return 0;//SmartCardStatus::internalError;
}
// Initialize the engine
ret = ENGINE_init(smartCardEngine);
if (!ret)
{
Logger::instance().gWrite("getCertificateAndKey: Cannot Init Engine.");
ENGINE_free(smartCardEngine);
smartCardEngine = NULL;
return 0;//SmartCardStatus::internalError;
}
cert_info.s_slot_cert_id_ = "";
cert_info.certificate_ = NULL;
// Load the certificate
// The first certificate on the smart card will be obtained.
ret = ENGINE_ctrl_cmd(smartCardEngine, "LOAD_CERT_CTRL", 0, &cert_info, NULL, 0);
if (!ret)
{
Logger::instance().gWrite("getCertificateAndKey: Cannot run LOAD_CERT_CTRL command.");
ENGINE_free(smartCardEngine);
smartCardEngine = NULL;
return 0;//SmartCardStatus::NoCert;
}
if (checkCertificate(cert_info.certificate_) == SmartCardStatus::certExpired)
return 0;//SmartCardStatus::certExpired;
}
if (smartCardEngine)
{
if (!ENGINE_set_default(smartCardEngine, ENGINE_METHOD_ALL))
{
Logger::instance().gWrite("getCertificateAndKey: Cannot set default OpenSSL engine.");
ENGINE_free(smartCardEngine);
smartCardEngine = NULL;
return 0;//SmartCardStatus::internalError;
}
}
// Load the associated key.
// The first key on the smart card will be obtained.
PW_CB_DATA cb_data;
privateKey_ = ENGINE_load_private_key(smartCardEngine, NULL, NULL, &cb_data);
if (privateKey_ == NULL)
{
Logger::instance().gWrite("getCertificateAndKey: Cannot get key from Smart Card.");
ENGINE_free(smartCardEngine);
smartCardEngine = NULL;
return 0;//SmartCardStatus::NoKey;
}
ENGINE_free(smartCardEngine);
ENGINE_cleanup();
smartCardEngine = NULL;
return 1;//SmartCardStatus::checkPassed;
}
main()
{
//These codes are used for upload the infos to openssl for Mutual Authentication
SSL_CTX_use_certificate(context->context(), cert_info.certificate_);
SSL_CTX_use_PrivateKey(context->context(), privateKey_);
}