ANSCENTER/ANSLibs
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
74ad349c0f9da8c31f46c225c2c68868c5b08e20
ANSLibs/chilkat/include/CkPkcs11.h

458 lines
18 KiB
C++
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
// CkPkcs11.h: interface for the CkPkcs11 class.
//
//////////////////////////////////////////////////////////////////////
// This header is generated for Chilkat 11.3.0
#define _CkVersion 11.3.0
#ifndef _CkPkcs11_H
#define _CkPkcs11_H
#include "chilkatDefs.h"
#include "CkString.h"
#include "CkMultiByteBase.h"
class CkJsonObject;
class CkPublicKey;
class CkCert;
class CkPrivateKey;
class CkSshKey;
#if !defined(__sun__) && !defined(__sun)
#pragma pack (push, 8)
#endif
#undef Copy
// CLASS: CkPkcs11
class CK_VISIBLE_PUBLIC CkPkcs11 : public CkMultiByteBase
{
private:
// Don't allow assignment or copying these objects.
CkPkcs11(const CkPkcs11 &);
CkPkcs11 &operator=(const CkPkcs11 &);
public:
CkPkcs11(void);
virtual ~CkPkcs11(void);
static CkPkcs11 *createNew(void);
static CkPkcs11 *createNew2(int progLang);
void CK_VISIBLE_PRIVATE inject(void *impl);
// May be called when finished with the object to free/dispose of any
// internal resources held by the object.
void dispose(void);
// BEGIN PUBLIC INTERFACE
// ----------------------
// Properties
// ----------------------
// The number of certificates contained on the smart card or USB token. This
// property is set when FindAllCerts is called.
int get_NumCerts(void);
// On Windows systems, then should be set to the name of the DLL file (if the DLL
// is located in C:\Windows\System32), or it can be the full path to the DLL.
//
// On Linux, MacOSX, or other non-Windows systems, this can also be either the full
// path to the .so or .dylib, or just the .so or .dylib filename. On these systems,
// Chilkat calls the https://man7.org/linux/man-pages/man3/dlopen.3.html>dlopen
// system function to load the shared library. If just the filename is passed in,
// the directories searched are those indicated in the dlopen function description
// at https://man7.org/linux/man-pages/man3/dlopen.3.html
//
//
// References:
// 1: <code
// 2: https://man7.org/linux/man-pages/man3/dlopen.3.html
void get_SharedLibPath(CkString &str);
// On Windows systems, then should be set to the name of the DLL file (if the DLL
// is located in C:\Windows\System32), or it can be the full path to the DLL.
//
// On Linux, MacOSX, or other non-Windows systems, this can also be either the full
// path to the .so or .dylib, or just the .so or .dylib filename. On these systems,
// Chilkat calls the https://man7.org/linux/man-pages/man3/dlopen.3.html>dlopen
// system function to load the shared library. If just the filename is passed in,
// the directories searched are those indicated in the dlopen function description
// at https://man7.org/linux/man-pages/man3/dlopen.3.html
//
//
// References:
// 1: <code
// 2: https://man7.org/linux/man-pages/man3/dlopen.3.html
const char *sharedLibPath(void);
// On Windows systems, then should be set to the name of the DLL file (if the DLL
// is located in C:\Windows\System32), or it can be the full path to the DLL.
//
// On Linux, MacOSX, or other non-Windows systems, this can also be either the full
// path to the .so or .dylib, or just the .so or .dylib filename. On these systems,
// Chilkat calls the https://man7.org/linux/man-pages/man3/dlopen.3.html>dlopen
// system function to load the shared library. If just the filename is passed in,
// the directories searched are those indicated in the dlopen function description
// at https://man7.org/linux/man-pages/man3/dlopen.3.html
//
//
// References:
// 1: <code
// 2: https://man7.org/linux/man-pages/man3/dlopen.3.html
void put_SharedLibPath(const char *newVal);
// If the smart card or token requires a signature context login within the signing
// operation, then set this property to the context-specific signature PIN. Most
// smart cards do not need this. Don't set this property unless you know for sure
// your smart card needs it.
void get_SigContextPin(CkString &str);
// If the smart card or token requires a signature context login within the signing
// operation, then set this property to the context-specific signature PIN. Most
// smart cards do not need this. Don't set this property unless you know for sure
// your smart card needs it.
const char *sigContextPin(void);
// If the smart card or token requires a signature context login within the signing
// operation, then set this property to the context-specific signature PIN. Most
// smart cards do not need this. Don't set this property unless you know for sure
// your smart card needs it.
void put_SigContextPin(const char *newVal);
// This is a catch-all property to be used for uncommon needs. This property
// defaults to the empty string. It can be set to a list of one or more of the
// following comma separated keywords:
// * Pkcs11DiscoverSkipTokenInfo - Introduced in v9.5.0.99. Applies to the
// Discover method. If this keyword is present, then Discover will only return the
// slot information and will not make potentially time-consuming calls to get
// TokenInfo or information about supported mechanisms.
// * Pkcs11DiscoverSkipMechanisms - Introduced in v9.5.0.99. Applies to the
// Discover method. If this keyword is present, then Discover will get slot and
// token info, but will not make potentially time-consuming calls to get
// information about supported mechanisms.
void get_UncommonOptions(CkString &str);
// This is a catch-all property to be used for uncommon needs. This property
// defaults to the empty string. It can be set to a list of one or more of the
// following comma separated keywords:
// * Pkcs11DiscoverSkipTokenInfo - Introduced in v9.5.0.99. Applies to the
// Discover method. If this keyword is present, then Discover will only return the
// slot information and will not make potentially time-consuming calls to get
// TokenInfo or information about supported mechanisms.
// * Pkcs11DiscoverSkipMechanisms - Introduced in v9.5.0.99. Applies to the
// Discover method. If this keyword is present, then Discover will get slot and
// token info, but will not make potentially time-consuming calls to get
// information about supported mechanisms.
const char *uncommonOptions(void);
// This is a catch-all property to be used for uncommon needs. This property
// defaults to the empty string. It can be set to a list of one or more of the
// following comma separated keywords:
// * Pkcs11DiscoverSkipTokenInfo - Introduced in v9.5.0.99. Applies to the
// Discover method. If this keyword is present, then Discover will only return the
// slot information and will not make potentially time-consuming calls to get
// TokenInfo or information about supported mechanisms.
// * Pkcs11DiscoverSkipMechanisms - Introduced in v9.5.0.99. Applies to the
// Discover method. If this keyword is present, then Discover will get slot and
// token info, but will not make potentially time-consuming calls to get
// information about supported mechanisms.
void put_UncommonOptions(const char *newVal);
// ----------------------
// Methods
// ----------------------
// Closes the session on the token (i.e. smart card).
//
// Note: Memory leaks can occur if the session is not properly closed.
//
bool CloseSession(void);
// Creates an object and returns the handle. The attrs specifies the attributes that
// define the object to be created. See the linked examples below for more
// information.
unsigned long CreatePkcs11Object(CkJsonObject &attrs);
// Destroys an object (deletes it from the HSM). hObject is the object's handle.
bool DestroyObject(unsigned long hObject);
// Discovers the readers, smart cards, and USB tokens accessible via PKCS11 on the
// computer (using the DLL/shared lib specified by SharedLibPath). The onlyTokensPresent
// specifies if only slots (readers) with tokens (smart cards) present should be
// returned. The information is written to the json. (For details, see the example
// below.)
bool Discover(bool onlyTokensPresent, CkJsonObject &json);
// Export a public key given a public or private key handle. The pubKey is loaded
// with the exported public key.
//
// See the example linked below for more details.
//
bool ExportPublicKey(unsigned long keyHandle, CkPublicKey &pubKey);
// Finds all certificates contained on the smart card (or USB token). This sets the
// NumCerts property. Each certificate can be obtained by calling GetCert(index)
// where the 1st cert is at index 0.
//
// Important: Private keys will not be seen unless the PKCS11 session is
// authenticated. To authenticate, your application must call Login after calling
// OpenSession.
//
bool FindAllCerts(void);
// Finds all keys contained on the smart card (or USB token). The keyClass indicates
// the kind of keys to return, and can be one of the following:
// * public
// * private
// * secret
// * otp
//
// Information about the keys is returned in json.
//
// Important: Private keys will not be seen unless the PKCS11 session is
// authenticated. To authenticate, your application must call Login after calling
// OpenSession.
//
bool FindAllKeys(const char *keyClass, CkJsonObject &json);
// Finds the certificate where the given certPart equals the partValue. Possible values for
// certPart are: privateKey , subjectDN , subjectDN_withTags , subjectCN , serial , or
// serial:issuerCN . If certPart equals privateKey , then pass an empty string in partValue.
// Specifying privateKey means to return the first certificate having a private
// key.
//
// The cert is loaded with the certificate if successful.
//
// Important: Private keys will not be seen unless the PKCS11 session is
// authenticated. To authenticate, your application must call Login after calling
// OpenSession.
//
// Note: If successful, the cert will be linked internally with this PKCS11 session
// such that certificate can be used for signing on the smart card when used in
// other Chilkat classes such as XmlDSigGen, Pdf, Crypt2, Mime, MailMan, etc.
//
bool FindCert(const char *certPart, const char *partValue, CkCert &cert);
// General function for finding an object such as a private key. Returns the handle
// of the first matching object, or 0 if not found.
unsigned long FindObject(CkJsonObject &jsonTemplate);
// Generate an EC key pair suitable for signing data and verifying signatures. The
// private key is created on the HSM (smart card or token), and the public key is
// returned in pubKey. The publicAttrs and privateAttrs contain attributes for the public and
// private keys respectively. The PKCS11 public and private key handles are
// returned in jsonOut. Handles are used to reference a PKCS11 object, such as a
// public or private key, and are valid during the PKCS11 session. To use the key
// in future PKCS11 sessions, your application would need to find the object to get
// a new handle.
//
// See the example linked below for more details.
//
bool GenEcKey(CkJsonObject &publicAttrs, CkJsonObject &privateAttrs, CkJsonObject &jsonOut, CkPublicKey &pubKey);
// Generate an RSA key pair suitable for signing data and verifying signatures. The
// private key is created on the HSM (smart card or token), and the public key is
// returned in pubKey. The publicAttrs and privateAttrs contain attributes for the public and
// private keys respectively. The PKCS11 public and private key handles are
// returned in jsonOut. Handles are used to reference a PKCS11 object, such as a
// public or private key, and are valid during the PKCS11 session. To use the key
// in future PKCS11 sessions, your application would need to find the object to get
// a new handle.
//
// See the example linked below for more details.
//
bool GenRsaKey(CkJsonObject &publicAttrs, CkJsonObject &privateAttrs, CkJsonObject &jsonOut, CkPublicKey &pubKey);
// Generates a symmetric encryption key. The keyType is the key type, which can be one
// of the following values:
// * AES
// * AES XTS
// * Blowfish
// * Twofish
// * ChaCha20
//
// The jsonTemplate is a template that specifies attributes about the key to be generated.
// See the example at the link below.
//
// The handle to the generated key is returned. A value of 0 is returned on
// failure.
//
unsigned long GenSecretKey(const char *keyType, CkJsonObject &jsonTemplate);
// Loads cert with the Nth certificate indicated by index. The 1st certificate is at
// index 0. The FindAllCerts method must be called beforehand to load the certs
// from the smart card into this object. After calling FindAllCerts, the NumCerts
// property is set and each certificate can be retrieved by calling GetCert.
bool GetCert(int index, CkCert &cert);
// Imports a private key onto the HSM. Returns the handle of the unwrapped key, or
// 0 if failed. See the linked example below for more details.
unsigned long ImportPrivateKey(CkPrivateKey &privKey, CkJsonObject &jsonTemplate);
// Imports an SSH private key onto the HSM. Returns the handle of the unwrapped
// key, or 0 if failed.
unsigned long ImportSshKey(CkSshKey &sshKey, CkJsonObject &jsonTemplate);
// Initializes the PKCS#11 library. Should be called after specifying the
// SharedLibPath. The DLL (or .so/.dylib) is dynamically loaded and the PKCS#11 lib
// is initialized.
bool Initialize(void);
// Initializes the normal user's PIN. This must be called from the security
// officer's (SO) logged-in session.
//
// Note: To unblock a smart card, login to the SO (Security Officer) session using
// the PUK, and then call this with the new user PIN.
//
bool InitPin(const char *pin);
// Initializes a token. slotId is the slot ID of the token's slot.
//
// If the token has not been initialized (i.e. new from the factory), then the pPin
// parameter becomes the initial value of the SO (Security Officer) PIN. If the
// token is being reinitialized, the pin parameter is checked against the existing
// SO PIN to authorize the initialization operation.
//
// When a token is initialized, all objects that can be destroyed are destroyed
// (i.e., all except for “indestructible” objects such as keys built into the
// token). Also, access by the normal user is disabled until the SO sets the normal
// users PIN. Depending on the token, some “default” objects may be created, and
// attributes of some objects may be set to default values.
//
bool InitToken(int slotId, const char *pin, const char *tokenLabel);
// Authenticates a session with a PIN. The userType can be one of the following integer
// values:
// 1. 0>
// 2. Security Officer (0)
// 3. Normal User (1)
// 4. Context Specific (2)
//
// Except for special circumstances, you'll always login as the Normal User.
//
bool Login(int userType, const char *pin);
// Logs out from a token (smart card).
bool Logout(void);
// Opens a session on the token (i.e. smart card). The slotId is the ID of the slot
// (not the index). Set slotId equal to -1 to choose the first available non-empty
// slot. The readWrite indicates whether the session should be read-only or read-write.
//
// The PKCS11 terminology is confusing:
//
// * A slot corresponds to a connected smart card reader or USB hardware token,
// such as a Feitian ePass3003Auto token.
// * A token corresponds to the smart card inserted into the reader. If we have
// a USB hardware token, such as the epass3003Auto (or many others), then
// technically there is always a smart card inserted, because the USB hardware
// token is effectively both the reader and smart card wrapped in one inseparable
// device.
// * The PKCS11 DLL (or .so shared lib, or .dylib) is the vendor supplied
// PKCS11 implementation (driver) that provides the low-level C PKCS11
// functions (called by Chilkat internally).
// * Generally, the number of slots will equal the number of connected smart
// cards or tokens belonging to the vendor of the DLL, or compatible with the DLL.
// In most cases you'll have your single reader with a single smart card inserted,
// and therefore only one slot exists.
// * Some PKCS11 DLLs are provided by a 3rd party and support many smart cards.
// For example, A.E.T. Europe B.V.'s SafeSign Identity Client Standard Version
// 3.5 DLL is aetpkss1.dll . It supports the following tokens:
// * Defensiepas
// * Defensiepas 2
// * G&D Convego Join 4.01 40k/80k
// * G&D SkySIM Hercules
// * G&D SkySIM Scorpius
// * G&D Sm@rtCafé Expert 3.2
// * G&D Sm@rtCafé Expert 4.0
// * G&D Sm@rtCafé Expert 5.0
// * G&D Sm@rtCafé Expert 6.0
// * G&D Sm@rtCafé Expert 7.0
// * G&D Sm@rtCafé Expert 64
// * Gemalto Desineo ICP D72 FXR1 Java
// * Gemalto IDCore 30
// * Gemalto MultiApp ID v2.1
// * Gemalto Optelio D72 FR1
// * Gemalto TOP DL v2
// * Infineon Oracle JCOS Ed.1
// * JCOP21 v2.3
// * Morpho IDealCitiz v2.1
// * Morpho JMV ProCL V3.0
// * NXP J2A080 / J2A081 (JCOP 2.4.1 R3)
// * NXP JD081 (JCOP 2.4.1 R3)
// * NXP J3A080 (JCOP 2.4.1 R3)
// * NXP JCOP 2.4.2 R3
// * NXP JCOP 3 SecID P60
// * Oberthur IDOne Cosmo v7.0
// * RDW ABR kaart
// * Rijkspas
// * Rijkspas 2
// * Sagem YpsID s2
// * Sagem YpsID s3
// * StarSign Crypto USB Token S
// * Swissbit PS-100u SE
// * UZI-pas
// * UZI-pas 2
bool OpenSession(int slotId, bool readWrite);
// Quickly establishes a session on the 1st unempty slot, with or without login. If
// the pin is the empty string, then no login will take place. The userType can be one
// of the following integer values:
// 1. 0>
// 2. Security Officer (0)
// 3. Normal User (1)
// 4. Context Specific (2)
//
// Except for special circumstances, you should always select Normal User. If pin
// is the empty string, then no login takes place and userType is ignored.
//
// Calling this method takes the place of making separate calls to Initialize,
// OpenSession, and Login.
//
bool QuickSession(int userType, const char *pin);
// Modifies the PIN of the user that is currently logged in, or the Normal User PIN
// if the session is not logged in.
bool SetPin(const char *oldPin, const char *newPin);
// END PUBLIC INTERFACE
};
#if !defined(__sun__) && !defined(__sun)
#pragma pack (pop)
#endif
#endif
Reference in New Issue View Git Blame Copy Permalink