sprints completion. new product advisories prepared
This commit is contained in:
master
@@ -1,4 +1,6 @@
|
||||
using Microsoft.Extensions.Configuration;
|
||||
using Net.Pkcs11Interop.Common;
|
||||
using Net.Pkcs11Interop.HighLevelAPI;
|
||||
using StellaOps.Doctor.Models;
|
||||
using StellaOps.Doctor.Plugins;
|
||||
|
||||
@@ -48,6 +50,9 @@ public sealed class HsmConnectivityCheck : IDoctorCheck
|
||||
var pkcs11Library = context.Configuration.GetValue<string>("Cryptography:Hsm:Pkcs11Library")
|
||||
?? context.Configuration.GetValue<string>("Cryptography:Pkcs11:Library");
|
||||
|
||||
var pin = context.Configuration.GetValue<string>("Cryptography:Hsm:Pin")
|
||||
?? context.Configuration.GetValue<string>("Cryptography:Pkcs11:Pin");
|
||||
|
||||
var slotId = context.Configuration.GetValue<int?>("Cryptography:Hsm:SlotId")
|
||||
?? context.Configuration.GetValue<int?>("Cryptography:Pkcs11:SlotId")
|
||||
?? 0;
|
||||
@@ -62,7 +67,7 @@ public sealed class HsmConnectivityCheck : IDoctorCheck
|
||||
switch (hsmType.ToLowerInvariant())
|
||||
{
|
||||
case "pkcs11":
|
||||
CheckPkcs11Hsm(issues, hsmInfo, pkcs11Library);
|
||||
CheckPkcs11Hsm(issues, hsmInfo, pkcs11Library, slotId, pin);
|
||||
break;
|
||||
|
||||
case "softhsm":
|
||||
@@ -126,7 +131,12 @@ public sealed class HsmConnectivityCheck : IDoctorCheck
|
||||
.Build());
|
||||
}
|
||||
|
||||
private static void CheckPkcs11Hsm(List<string> issues, Dictionary<string, string> hsmInfo, string? pkcs11Library)
|
||||
private static void CheckPkcs11Hsm(
|
||||
List<string> issues,
|
||||
Dictionary<string, string> hsmInfo,
|
||||
string? pkcs11Library,
|
||||
int slotId,
|
||||
string? pin)
|
||||
{
|
||||
hsmInfo["Provider"] = "PKCS#11";
|
||||
|
||||
@@ -145,8 +155,53 @@ public sealed class HsmConnectivityCheck : IDoctorCheck
|
||||
return;
|
||||
}
|
||||
|
||||
// Library exists - basic check passed
|
||||
hsmInfo["LibraryExists"] = "true";
|
||||
// Library exists - attempt real PKCS#11 operations
|
||||
try
|
||||
{
|
||||
var factories = new Pkcs11InteropFactories();
|
||||
using var library = factories.Pkcs11LibraryFactory.LoadPkcs11Library(
|
||||
factories,
|
||||
pkcs11Library,
|
||||
AppType.MultiThreaded);
|
||||
|
||||
var slots = library.GetSlotList(SlotsType.WithTokenPresent);
|
||||
if (slots.Count == 0)
|
||||
{
|
||||
issues.Add("No PKCS#11 slots with tokens present");
|
||||
return;
|
||||
}
|
||||
|
||||
hsmInfo["SlotCount"] = slots.Count.ToString();
|
||||
|
||||
var slot = slots.FirstOrDefault(s => s.SlotId == (ulong)slotId);
|
||||
if (slot == null)
|
||||
{
|
||||
issues.Add($"Configured slot {slotId} not found among PKCS#11 slots");
|
||||
return;
|
||||
}
|
||||
|
||||
using var session = slot.OpenSession(SessionType.ReadOnly);
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(pin))
|
||||
{
|
||||
session.Login(CKU.CKU_USER, pin);
|
||||
session.Logout();
|
||||
hsmInfo["Authenticated"] = "true";
|
||||
}
|
||||
else
|
||||
{
|
||||
hsmInfo["Authenticated"] = "false";
|
||||
}
|
||||
|
||||
var tokenInfo = slot.GetTokenInfo();
|
||||
hsmInfo["TokenLabel"] = tokenInfo.Label.Trim();
|
||||
hsmInfo["TokenModel"] = tokenInfo.Model.Trim();
|
||||
hsmInfo["LibraryExists"] = "true";
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
issues.Add($"PKCS#11 operation failed: {ex.Message}");
|
||||
}
|
||||
}
|
||||
|
||||
private static void CheckSoftHsm(List<string> issues, Dictionary<string, string> hsmInfo)
|
||||
|
||||
@@ -15,6 +15,7 @@
|
||||
<PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" />
|
||||
<PackageReference Include="Microsoft.Extensions.Configuration.Binder" />
|
||||
<PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" />
|
||||
<PackageReference Include="Pkcs11Interop" />
|
||||
</ItemGroup>
|
||||
|
||||
</Project>
|
||||
|
||||
Reference in New Issue
Block a user