libdigidocpp
digidoc::PKCS11Signer Class Reference

#include <PKCS11Signer.h>

Inheritance diagram for digidoc::PKCS11Signer:
Inheritance graph
Collaboration diagram for digidoc::PKCS11Signer:
Collaboration graph

Classes

struct  PKCS11Cert
struct  PKCS11Token

Public Member Functions

 PKCS11Signer () throw (SignException)
 PKCS11Signer (const std::string &driver) throw (SignException)
virtual ~PKCS11Signer ()
X509 * getCert () const throw (SignException)
void sign (const Digest &digest, Signature &signature) throw (SignException)
void loadDriver () throw (SignException)
void loadDriver (const std::string &driver) throw (SignException)
void unloadDriver ()
virtual std::string getPin (const PKCS11Cert &certificate)=0 throw (SignException)
- Public Member Functions inherited from digidoc::Signer
virtual ~Signer ()
virtual int type () const
void setSignatureProductionPlace (const SignatureProductionPlace &signatureProductionPlace)
SignatureProductionPlace getSignatureProductionPlace () const
void setSignerRole (const SignerRole &signerRole)
SignerRole getSignerRole () const

Protected Member Functions

virtual PKCS11Cert selectSigningCertificate (const std::vector< PKCS11Cert > &certificates) const =0 throw (SignException)

Private Attributes

PKCS11SignerPrivated

Detailed Description

Definition at line 45 of file PKCS11Signer.h.

Constructor & Destructor Documentation

PKCS11Signer::PKCS11Signer ( ) throw (SignException)

Initializes p11 library and loads PKCS #11 driver. Get driver path from configuration.

Exceptions
SignExceptionexception is thrown if the provided PKCS #11 driver loading failed.

Definition at line 156 of file PKCS11Signer.cpp.

References digidoc::Conf::getInstance().

Here is the call graph for this function:

PKCS11Signer::PKCS11Signer ( const std::string &  driver) throw (SignException)

Initializes p11 library and loads PKCS #11 driver.

Parameters
driverfull path to the PKCS #11 driver (e.g. /usr/lib/opensc-pkcs11.so)
Exceptions
SignExceptionexception is thrown if the provided PKCS #11 driver loading failed.

Definition at line 169 of file PKCS11Signer.cpp.

PKCS11Signer::~PKCS11Signer ( )
virtual

Uninitializes p11 library and releases acquired memory.

Definition at line 178 of file PKCS11Signer.cpp.

References DEBUG.

Member Function Documentation

X509 * PKCS11Signer::getCert ( ) const throw (SignException)
virtual

Finds all slots connected with the computer, if the slots have tokens, lists all certificates found in token. If there are more that 1 certificate lets the user application select (by calling the selectSignCertificate callback function) the certificate used for signing.

Returns
returns certificate used for signing.
Exceptions
throwsexception if failed to select the signing certificate. For example no cards found or card has no certificate.

Implements digidoc::Signer.

Definition at line 245 of file PKCS11Signer.cpp.

References digidoc::X509Cert::cert, CKA_VALUE, CKF_SERIAL_SESSION, CKO_CERTIFICATE, CKR_OK, DEBUG, digidoc::X509Cert::handle(), i, digidoc::X509Cert::isValid(), THROW_SIGNEXCEPTION, and value.

Referenced by testX509Verify().

Here is the call graph for this function:

Here is the caller graph for this function:

virtual std::string digidoc::PKCS11Signer::getPin ( const PKCS11Cert certificate) throw (SignException)
pure virtual

Abstract method that returns PIN code for the selected signing certificate. If PIN code is not needed this method is never called. To cancel the login this method should throw an exception.

Parameters
certificatecertificate that is used for signing and needs a PIN for login.
Returns
returns the PIN code to login.
Exceptions
SignExceptionshould throw an exception if the login operation should be canceled.

Implemented in digidoc::EstEIDConsolePinSigner.

void PKCS11Signer::loadDriver ( ) throw (SignException)

Definition at line 229 of file PKCS11Signer.cpp.

References digidoc::Conf::getInstance().

Here is the call graph for this function:

void PKCS11Signer::loadDriver ( const std::string &  driver) throw (SignException)

Initializes p11 library and loads PKCS #11 driver.

Parameters
driverfull path to the PKCS #11 driver (e.g. /usr/lib/opensc-pkcs11.so)
Exceptions
SignExceptionexception is thrown if the provided PKCS #11 driver loading failed.

Definition at line 211 of file PKCS11Signer.cpp.

References CKR_OK, DEBUG, and THROW_SIGNEXCEPTION.

virtual PKCS11Cert digidoc::PKCS11Signer::selectSigningCertificate ( const std::vector< PKCS11Cert > &  certificates) const throw (SignException)
protectedpure virtual

Abstract method for selecting the correct signing certificate. If none of the certificates suit for signing, this method should throw an SignException. This method is always called, when there are at least 1 certificates available.

Parameters
certificatesavailable certificates to choose from.
Returns
returns the certificate used for signing.
Exceptions
SignExceptionshould throw an exception if no suitable certificate is in the list or the operation should be canceled.

Implemented in digidoc::EstEIDSigner.

void PKCS11Signer::sign ( const Digest digest,
Signature signature 
) throw (SignException)
virtual

Signs the digest provided using the selected certificate. If the certificate needs PIN, the PIN is acquired by calling the callback function getPin.

Parameters
digestdigest, which is being signed.
signaturememory for the signature that is created. Struct parameter length is set to the actual signature length.
Exceptions
SignExceptionthrows exception if the signing operation failed.

Implements digidoc::Signer.

Definition at line 336 of file PKCS11Signer.cpp.

References CKF_LOGIN_REQUIRED, CKF_PROTECTED_AUTHENTICATION_PATH, CKF_SERIAL_SESSION, CKM_RSA_PKCS, CKO_PRIVATE_KEY, CKR_CANCEL, CKR_FUNCTION_CANCELED, CKR_OK, CKR_PIN_INCORRECT, CKR_PIN_LOCKED, CKU_USER, DEBUG, e, ck_token_info::flags, getPin(), ck_token_info::label, digidoc::Exception::PINCanceled, digidoc::Exception::PINFailed, digidoc::Exception::PINIncorrect, digidoc::Exception::PINLocked, digidoc::Exception::setCode(), digidoc::PKCS11SignerPrivate::sha1, digidoc::PKCS11SignerPrivate::sha224, digidoc::PKCS11SignerPrivate::sha256, digidoc::PKCS11SignerPrivate::sha384, digidoc::PKCS11SignerPrivate::sha512, and THROW_SIGNEXCEPTION.

Referenced by testPKCS11Signer().

Here is the call graph for this function:

Here is the caller graph for this function:

void PKCS11Signer::unloadDriver ( )

Definition at line 185 of file PKCS11Signer.cpp.

Member Data Documentation

PKCS11SignerPrivate* digidoc::PKCS11Signer::d
private

Definition at line 90 of file PKCS11Signer.h.


The documentation for this class was generated from the following files: