stabilizaiton work - projects rework for maintenanceability and ui livening
This commit is contained in:
master
@@ -2,3 +2,4 @@ using System.Runtime.CompilerServices;
|
||||
|
||||
[assembly: InternalsVisibleTo("StellaOps.Cryptography.Plugin.CryptoPro")]
|
||||
|
||||
namespace StellaOps.Cryptography.Plugin.Pkcs11Gost;
|
||||
|
||||
@@ -9,23 +9,23 @@ namespace StellaOps.Cryptography.Plugin.Pkcs11Gost;
|
||||
|
||||
public sealed class Pkcs11GostCryptoProvider : ICryptoProvider, ICryptoProviderDiagnostics
|
||||
{
|
||||
private readonly Pkcs11GostProviderCore core;
|
||||
private readonly Pkcs11GostProviderCore _core;
|
||||
|
||||
public Pkcs11GostCryptoProvider(
|
||||
IOptions<Pkcs11GostProviderOptions>? optionsAccessor = null,
|
||||
ILogger<Pkcs11GostCryptoProvider>? logger = null)
|
||||
{
|
||||
var options = optionsAccessor?.Value ?? new Pkcs11GostProviderOptions();
|
||||
core = new Pkcs11GostProviderCore("ru.pkcs11", options.Keys, logger);
|
||||
_core = new Pkcs11GostProviderCore("ru.pkcs11", options.Keys, logger);
|
||||
}
|
||||
|
||||
public string Name => core.ProviderName;
|
||||
public string Name => _core.ProviderName;
|
||||
|
||||
public bool Supports(CryptoCapability capability, string algorithmId)
|
||||
{
|
||||
if (capability is CryptoCapability.Signing or CryptoCapability.Verification)
|
||||
{
|
||||
return core.SupportsAlgorithm(algorithmId);
|
||||
return _core.SupportsAlgorithm(algorithmId);
|
||||
}
|
||||
|
||||
return false;
|
||||
@@ -40,7 +40,7 @@ public sealed class Pkcs11GostCryptoProvider : ICryptoProvider, ICryptoProviderD
|
||||
public ICryptoSigner GetSigner(string algorithmId, CryptoKeyReference keyReference)
|
||||
{
|
||||
ArgumentNullException.ThrowIfNull(keyReference);
|
||||
var entry = core.Resolve(keyReference.KeyId);
|
||||
var entry = _core.Resolve(keyReference.KeyId);
|
||||
if (!string.Equals(entry.AlgorithmId, algorithmId, StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
throw new InvalidOperationException(
|
||||
@@ -59,5 +59,5 @@ public sealed class Pkcs11GostCryptoProvider : ICryptoProvider, ICryptoProviderD
|
||||
=> Array.Empty<CryptoSigningKey>();
|
||||
|
||||
public IEnumerable<CryptoProviderKeyDescriptor> DescribeKeys()
|
||||
=> core.DescribeKeys(Name);
|
||||
=> _core.DescribeKeys(Name);
|
||||
}
|
||||
|
||||
@@ -0,0 +1,35 @@
|
||||
using StellaOps.Cryptography;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
|
||||
namespace StellaOps.Cryptography.Plugin.Pkcs11Gost;
|
||||
|
||||
internal sealed partial class Pkcs11GostProviderCore
|
||||
{
|
||||
public IEnumerable<CryptoProviderKeyDescriptor> DescribeKeys(string provider)
|
||||
{
|
||||
foreach (var entry in _entries.Values)
|
||||
{
|
||||
yield return CreateDescriptor(provider, entry);
|
||||
}
|
||||
}
|
||||
|
||||
private static CryptoProviderKeyDescriptor CreateDescriptor(string providerName, Pkcs11GostKeyEntry entry)
|
||||
{
|
||||
var metadata = new Dictionary<string, string?>(StringComparer.OrdinalIgnoreCase)
|
||||
{
|
||||
["subject"] = entry.Certificate.Subject,
|
||||
["issuer"] = entry.Certificate.Issuer,
|
||||
["thumbprint"] = entry.Certificate.Thumbprint,
|
||||
["library"] = entry.Session.LibraryPath,
|
||||
["slotId"] = entry.Session.SlotId,
|
||||
["tokenLabel"] = entry.Session.TokenLabel,
|
||||
["privateKeyLabel"] = entry.Session.PrivateKeyLabel,
|
||||
["publicKeyLabel"] = entry.Session.PublicKeyLabel,
|
||||
["mechanismId"] = $"0x{entry.SignMechanismId:X}",
|
||||
["bitStrength"] = entry.Is256 ? "256" : "512"
|
||||
};
|
||||
|
||||
return new CryptoProviderKeyDescriptor(providerName, entry.KeyId, entry.AlgorithmId, metadata);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,108 @@
|
||||
using Microsoft.Extensions.Logging;
|
||||
using StellaOps.Cryptography;
|
||||
using System;
|
||||
using System.IO;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
|
||||
namespace StellaOps.Cryptography.Plugin.Pkcs11Gost;
|
||||
|
||||
internal sealed partial class Pkcs11GostProviderCore
|
||||
{
|
||||
private Pkcs11GostKeyEntry BuildEntry(Pkcs11GostKeyOptions options)
|
||||
{
|
||||
if (options is null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(options));
|
||||
}
|
||||
|
||||
if (string.IsNullOrWhiteSpace(options.KeyId))
|
||||
{
|
||||
throw new InvalidOperationException("PKCS#11 key options require a non-empty keyId.");
|
||||
}
|
||||
|
||||
if (string.IsNullOrWhiteSpace(options.LibraryPath))
|
||||
{
|
||||
throw new InvalidOperationException($"PKCS#11 key '{options.KeyId}' requires libraryPath.");
|
||||
}
|
||||
|
||||
var mechanism = options.SignMechanismId ??
|
||||
(string.Equals(options.Algorithm, SignatureAlgorithms.GostR3410_2012_512, StringComparison.OrdinalIgnoreCase)
|
||||
? Pkcs11Mechanisms.DefaultGost12Signature512
|
||||
: Pkcs11Mechanisms.DefaultGost12Signature256);
|
||||
|
||||
var session = new Pkcs11SessionOptions
|
||||
{
|
||||
LibraryPath = options.LibraryPath,
|
||||
SlotId = options.SlotId,
|
||||
TokenLabel = options.TokenLabel,
|
||||
PrivateKeyLabel = options.PrivateKeyLabel,
|
||||
PublicKeyLabel = options.PublicKeyLabel,
|
||||
UserPin = options.UserPin,
|
||||
UserPinEnvironmentVariable = options.UserPinEnvironmentVariable
|
||||
};
|
||||
|
||||
var certificate = LoadCertificate(options);
|
||||
|
||||
_logger?.LogInformation(
|
||||
"PKCS#11 key {KeyId} (algorithm {Algorithm}) registered for provider {Provider}",
|
||||
options.KeyId,
|
||||
options.Algorithm,
|
||||
_providerName);
|
||||
|
||||
return new Pkcs11GostKeyEntry(
|
||||
options.KeyId,
|
||||
options.Algorithm,
|
||||
session,
|
||||
certificate,
|
||||
mechanism);
|
||||
}
|
||||
|
||||
private static X509Certificate2 LoadCertificate(Pkcs11GostKeyOptions options)
|
||||
{
|
||||
if (!string.IsNullOrWhiteSpace(options.CertificatePem))
|
||||
{
|
||||
var rawBytes = Convert.FromBase64String(PemUtilities.ExtractBody(options.CertificatePem));
|
||||
return X509CertificateLoader.LoadCertificate(rawBytes);
|
||||
}
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(options.CertificatePath))
|
||||
{
|
||||
if (!File.Exists(options.CertificatePath))
|
||||
{
|
||||
throw new FileNotFoundException(
|
||||
$"Certificate file '{options.CertificatePath}' was not found.",
|
||||
options.CertificatePath);
|
||||
}
|
||||
|
||||
return X509CertificateLoader.LoadCertificateFromFile(options.CertificatePath);
|
||||
}
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(options.CertificateThumbprint))
|
||||
{
|
||||
var location = Enum.TryParse(options.CertificateStoreLocation, ignoreCase: true, out StoreLocation parsedLocation)
|
||||
? parsedLocation
|
||||
: StoreLocation.CurrentUser;
|
||||
var storeName = Enum.TryParse(options.CertificateStoreName, ignoreCase: true, out StoreName parsedStore)
|
||||
? parsedStore
|
||||
: StoreName.My;
|
||||
using var store = new X509Store(storeName, location);
|
||||
store.Open(OpenFlags.ReadOnly);
|
||||
var thumbprint = options.CertificateThumbprint.Replace(" ", string.Empty, StringComparison.OrdinalIgnoreCase)
|
||||
.ToUpperInvariant();
|
||||
var matches = store.Certificates.Find(
|
||||
X509FindType.FindByThumbprint,
|
||||
thumbprint,
|
||||
validOnly: false);
|
||||
if (matches.Count == 0)
|
||||
{
|
||||
throw new InvalidOperationException(
|
||||
$"Certificate with thumbprint '{thumbprint}' was not found in {location}/{storeName}.");
|
||||
}
|
||||
|
||||
return X509CertificateLoader.LoadCertificate(matches[0].RawData);
|
||||
}
|
||||
|
||||
throw new InvalidOperationException(
|
||||
$"PKCS#11 key '{options.KeyId}' requires either certificatePath, certificatePem, or certificateThumbprint.");
|
||||
}
|
||||
}
|
||||
@@ -1,32 +1,28 @@
|
||||
|
||||
using Microsoft.Extensions.Logging;
|
||||
using StellaOps.Cryptography;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
|
||||
namespace StellaOps.Cryptography.Plugin.Pkcs11Gost;
|
||||
|
||||
internal sealed class Pkcs11GostProviderCore
|
||||
internal sealed partial class Pkcs11GostProviderCore
|
||||
{
|
||||
private readonly Dictionary<string, Pkcs11GostKeyEntry> entries;
|
||||
private readonly ILogger? logger;
|
||||
private readonly string providerName;
|
||||
private readonly Dictionary<string, Pkcs11GostKeyEntry> _entries;
|
||||
private readonly ILogger? _logger;
|
||||
private readonly string _providerName;
|
||||
|
||||
public Pkcs11GostProviderCore(
|
||||
string providerName,
|
||||
IEnumerable<Pkcs11GostKeyOptions> options,
|
||||
ILogger? logger = null)
|
||||
{
|
||||
this.providerName = providerName;
|
||||
this.logger = logger;
|
||||
entries = new Dictionary<string, Pkcs11GostKeyEntry>(StringComparer.Ordinal);
|
||||
_providerName = providerName;
|
||||
_logger = logger;
|
||||
_entries = new Dictionary<string, Pkcs11GostKeyEntry>(StringComparer.Ordinal);
|
||||
|
||||
foreach (var keyOptions in options ?? Array.Empty<Pkcs11GostKeyOptions>())
|
||||
{
|
||||
var entry = BuildEntry(keyOptions);
|
||||
if (!entries.TryAdd(entry.KeyId, entry))
|
||||
if (!_entries.TryAdd(entry.KeyId, entry))
|
||||
{
|
||||
throw new InvalidOperationException(
|
||||
$"Duplicate PKCS#11 key identifier '{entry.KeyId}' configured for provider '{providerName}'.");
|
||||
@@ -34,13 +30,13 @@ internal sealed class Pkcs11GostProviderCore
|
||||
}
|
||||
}
|
||||
|
||||
public string ProviderName => providerName;
|
||||
public string ProviderName => _providerName;
|
||||
|
||||
public IReadOnlyDictionary<string, Pkcs11GostKeyEntry> Entries => entries;
|
||||
public IReadOnlyDictionary<string, Pkcs11GostKeyEntry> Entries => _entries;
|
||||
|
||||
public bool SupportsAlgorithm(string algorithmId)
|
||||
{
|
||||
foreach (var entry in entries.Values)
|
||||
foreach (var entry in _entries.Values)
|
||||
{
|
||||
if (string.Equals(entry.AlgorithmId, algorithmId, StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
@@ -53,135 +49,12 @@ internal sealed class Pkcs11GostProviderCore
|
||||
|
||||
public Pkcs11GostKeyEntry Resolve(string keyId)
|
||||
{
|
||||
if (!entries.TryGetValue(keyId, out var entry))
|
||||
if (!_entries.TryGetValue(keyId, out var entry))
|
||||
{
|
||||
throw new KeyNotFoundException(
|
||||
$"Signing key '{keyId}' is not registered with provider '{providerName}'.");
|
||||
$"Signing key '{keyId}' is not registered with provider '{_providerName}'.");
|
||||
}
|
||||
|
||||
return entry;
|
||||
}
|
||||
|
||||
private Pkcs11GostKeyEntry BuildEntry(Pkcs11GostKeyOptions options)
|
||||
{
|
||||
if (options is null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(options));
|
||||
}
|
||||
|
||||
if (string.IsNullOrWhiteSpace(options.KeyId))
|
||||
{
|
||||
throw new InvalidOperationException("PKCS#11 key options require a non-empty keyId.");
|
||||
}
|
||||
|
||||
if (string.IsNullOrWhiteSpace(options.LibraryPath))
|
||||
{
|
||||
throw new InvalidOperationException($"PKCS#11 key '{options.KeyId}' requires libraryPath.");
|
||||
}
|
||||
|
||||
var mechanism = options.SignMechanismId ??
|
||||
(string.Equals(options.Algorithm, SignatureAlgorithms.GostR3410_2012_512, StringComparison.OrdinalIgnoreCase)
|
||||
? Pkcs11Mechanisms.DefaultGost12_512Signature
|
||||
: Pkcs11Mechanisms.DefaultGost12_256Signature);
|
||||
|
||||
var session = new Pkcs11SessionOptions
|
||||
{
|
||||
LibraryPath = options.LibraryPath,
|
||||
SlotId = options.SlotId,
|
||||
TokenLabel = options.TokenLabel,
|
||||
PrivateKeyLabel = options.PrivateKeyLabel,
|
||||
PublicKeyLabel = options.PublicKeyLabel,
|
||||
UserPin = options.UserPin,
|
||||
UserPinEnvironmentVariable = options.UserPinEnvironmentVariable
|
||||
};
|
||||
|
||||
var certificate = LoadCertificate(options);
|
||||
|
||||
logger?.LogInformation(
|
||||
"PKCS#11 key {KeyId} (algorithm {Algorithm}) registered for provider {Provider}",
|
||||
options.KeyId,
|
||||
options.Algorithm,
|
||||
providerName);
|
||||
|
||||
return new Pkcs11GostKeyEntry(
|
||||
options.KeyId,
|
||||
options.Algorithm,
|
||||
session,
|
||||
certificate,
|
||||
mechanism);
|
||||
}
|
||||
|
||||
private static X509Certificate2 LoadCertificate(Pkcs11GostKeyOptions options)
|
||||
{
|
||||
if (!string.IsNullOrWhiteSpace(options.CertificatePem))
|
||||
{
|
||||
var rawBytes = Convert.FromBase64String(PemUtilities.ExtractBody(options.CertificatePem));
|
||||
return X509CertificateLoader.LoadCertificate(rawBytes);
|
||||
}
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(options.CertificatePath))
|
||||
{
|
||||
if (!File.Exists(options.CertificatePath))
|
||||
{
|
||||
throw new FileNotFoundException($"Certificate file '{options.CertificatePath}' was not found.", options.CertificatePath);
|
||||
}
|
||||
|
||||
return X509CertificateLoader.LoadCertificateFromFile(options.CertificatePath);
|
||||
}
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(options.CertificateThumbprint))
|
||||
{
|
||||
var location = Enum.TryParse(options.CertificateStoreLocation, ignoreCase: true, out StoreLocation parsedLocation)
|
||||
? parsedLocation
|
||||
: StoreLocation.CurrentUser;
|
||||
var storeName = Enum.TryParse(options.CertificateStoreName, ignoreCase: true, out StoreName parsedStore)
|
||||
? parsedStore
|
||||
: StoreName.My;
|
||||
using var store = new X509Store(storeName, location);
|
||||
store.Open(OpenFlags.ReadOnly);
|
||||
var thumbprint = options.CertificateThumbprint.Replace(" ", string.Empty, StringComparison.OrdinalIgnoreCase)
|
||||
.ToUpperInvariant();
|
||||
var matches = store.Certificates.Find(
|
||||
X509FindType.FindByThumbprint,
|
||||
thumbprint,
|
||||
validOnly: false);
|
||||
if (matches.Count == 0)
|
||||
{
|
||||
throw new InvalidOperationException(
|
||||
$"Certificate with thumbprint '{thumbprint}' was not found in {location}/{storeName}.");
|
||||
}
|
||||
|
||||
return X509CertificateLoader.LoadCertificate(matches[0].RawData);
|
||||
}
|
||||
|
||||
throw new InvalidOperationException(
|
||||
$"PKCS#11 key '{options.KeyId}' requires either certificatePath, certificatePem, or certificateThumbprint.");
|
||||
}
|
||||
|
||||
public IEnumerable<CryptoProviderKeyDescriptor> DescribeKeys(string provider)
|
||||
{
|
||||
foreach (var entry in entries.Values)
|
||||
{
|
||||
yield return CreateDescriptor(provider, entry);
|
||||
}
|
||||
}
|
||||
|
||||
private static CryptoProviderKeyDescriptor CreateDescriptor(string providerName, Pkcs11GostKeyEntry entry)
|
||||
{
|
||||
var metadata = new Dictionary<string, string?>(StringComparer.OrdinalIgnoreCase)
|
||||
{
|
||||
["subject"] = entry.Certificate.Subject,
|
||||
["issuer"] = entry.Certificate.Issuer,
|
||||
["thumbprint"] = entry.Certificate.Thumbprint,
|
||||
["library"] = entry.Session.LibraryPath,
|
||||
["slotId"] = entry.Session.SlotId,
|
||||
["tokenLabel"] = entry.Session.TokenLabel,
|
||||
["privateKeyLabel"] = entry.Session.PrivateKeyLabel,
|
||||
["publicKeyLabel"] = entry.Session.PublicKeyLabel,
|
||||
["mechanismId"] = $"0x{entry.SignMechanismId:X}",
|
||||
["bitStrength"] = entry.Is256 ? "256" : "512"
|
||||
};
|
||||
|
||||
return new CryptoProviderKeyDescriptor(providerName, entry.KeyId, entry.AlgorithmId, metadata);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -7,17 +7,17 @@ namespace StellaOps.Cryptography.Plugin.Pkcs11Gost;
|
||||
/// </summary>
|
||||
public sealed class Pkcs11GostProviderOptions
|
||||
{
|
||||
private readonly IList<Pkcs11GostKeyOptions> keys = new List<Pkcs11GostKeyOptions>();
|
||||
private readonly IList<Pkcs11GostKeyOptions> _keys = new List<Pkcs11GostKeyOptions>();
|
||||
|
||||
/// <summary>
|
||||
/// Key descriptors managed by the provider.
|
||||
/// </summary>
|
||||
public IList<Pkcs11GostKeyOptions> Keys => keys;
|
||||
public IList<Pkcs11GostKeyOptions> Keys => _keys;
|
||||
|
||||
public Pkcs11GostProviderOptions Clone()
|
||||
{
|
||||
var clone = new Pkcs11GostProviderOptions();
|
||||
foreach (var key in keys)
|
||||
foreach (var key in _keys)
|
||||
{
|
||||
clone.Keys.Add(key.Clone());
|
||||
}
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
using Org.BouncyCastle.Crypto.Signers;
|
||||
using Org.BouncyCastle.Security;
|
||||
@@ -11,24 +10,23 @@ namespace StellaOps.Cryptography.Plugin.Pkcs11Gost;
|
||||
|
||||
internal sealed class Pkcs11GostSigner : ICryptoSigner
|
||||
{
|
||||
private static readonly string[] DefaultKeyOps = { "sign", "verify" };
|
||||
|
||||
private readonly Pkcs11GostKeyEntry entry;
|
||||
private static readonly string[] _defaultKeyOps = { "sign", "verify" };
|
||||
private readonly Pkcs11GostKeyEntry _entry;
|
||||
|
||||
public Pkcs11GostSigner(Pkcs11GostKeyEntry entry)
|
||||
{
|
||||
this.entry = entry ?? throw new ArgumentNullException(nameof(entry));
|
||||
_entry = entry ?? throw new ArgumentNullException(nameof(entry));
|
||||
}
|
||||
|
||||
public string KeyId => entry.KeyId;
|
||||
public string KeyId => _entry.KeyId;
|
||||
|
||||
public string AlgorithmId => entry.AlgorithmId;
|
||||
public string AlgorithmId => _entry.AlgorithmId;
|
||||
|
||||
public ValueTask<byte[]> SignAsync(ReadOnlyMemory<byte> data, CancellationToken cancellationToken = default)
|
||||
{
|
||||
cancellationToken.ThrowIfCancellationRequested();
|
||||
var digest = GostDigestUtilities.ComputeDigest(data.Span, entry.Is256);
|
||||
var signature = Pkcs11SignerUtilities.SignDigest(entry, digest);
|
||||
var digest = GostDigestUtilities.ComputeDigest(data.Span, _entry.Is256);
|
||||
var signature = Pkcs11SignerUtilities.SignDigest(_entry, digest);
|
||||
return ValueTask.FromResult(signature);
|
||||
}
|
||||
|
||||
@@ -41,8 +39,8 @@ internal sealed class Pkcs11GostSigner : ICryptoSigner
|
||||
|
||||
var digestSigner = new Gost3410DigestSigner(
|
||||
new Gost3410Signer(),
|
||||
GostDigestUtilities.CreateDigest(entry.Is256));
|
||||
digestSigner.Init(false, entry.PublicKeyParameters);
|
||||
GostDigestUtilities.CreateDigest(_entry.Is256));
|
||||
digestSigner.Init(false, _entry.PublicKeyParameters);
|
||||
var buffer = data.ToArray();
|
||||
digestSigner.BlockUpdate(buffer, 0, buffer.Length);
|
||||
var verified = digestSigner.VerifySignature(signature.ToArray());
|
||||
@@ -56,17 +54,16 @@ internal sealed class Pkcs11GostSigner : ICryptoSigner
|
||||
Kid = KeyId,
|
||||
Alg = AlgorithmId,
|
||||
Kty = "EC",
|
||||
Crv = entry.Is256 ? "GOST3410-2012-256" : "GOST3410-2012-512",
|
||||
Crv = _entry.Is256 ? "GOST3410-2012-256" : "GOST3410-2012-512",
|
||||
Use = JsonWebKeyUseNames.Sig
|
||||
};
|
||||
|
||||
foreach (var op in DefaultKeyOps)
|
||||
foreach (var op in _defaultKeyOps)
|
||||
{
|
||||
jwk.KeyOps.Add(op);
|
||||
}
|
||||
|
||||
jwk.X5c.Add(Convert.ToBase64String(entry.Certificate.RawData));
|
||||
jwk.X5c.Add(Convert.ToBase64String(_entry.Certificate.RawData));
|
||||
return jwk;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -3,7 +3,6 @@ namespace StellaOps.Cryptography.Plugin.Pkcs11Gost;
|
||||
internal static class Pkcs11Mechanisms
|
||||
{
|
||||
// Default values sourced from PKCS#11 v2.40 (TC26 extensions). Deployments can override via configuration.
|
||||
public const uint DefaultGost12_256Signature = 0x00001255;
|
||||
public const uint DefaultGost12_512Signature = 0x00001256;
|
||||
public const uint DefaultGost12Signature256 = 0x00001255;
|
||||
public const uint DefaultGost12Signature512 = 0x00001256;
|
||||
}
|
||||
|
||||
|
||||
@@ -11,11 +11,11 @@ namespace StellaOps.Cryptography.Plugin.Pkcs11Gost;
|
||||
|
||||
internal static class Pkcs11SignerUtilities
|
||||
{
|
||||
private static readonly Pkcs11InteropFactories Factories = new();
|
||||
private static readonly Pkcs11InteropFactories _factories = new();
|
||||
|
||||
public static byte[] SignDigest(Pkcs11GostKeyEntry entry, ReadOnlySpan<byte> digest)
|
||||
{
|
||||
using var pkcs11 = Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Factories, entry.Session.LibraryPath, AppType.MultiThreaded);
|
||||
using var pkcs11 = _factories.Pkcs11LibraryFactory.LoadPkcs11Library(_factories, entry.Session.LibraryPath, AppType.MultiThreaded);
|
||||
var slot = ResolveSlot(pkcs11, entry.Session);
|
||||
if (slot is null)
|
||||
{
|
||||
@@ -39,7 +39,7 @@ internal static class Pkcs11SignerUtilities
|
||||
throw new InvalidOperationException($"Private key with label '{entry.Session.PrivateKeyLabel}' was not found.");
|
||||
}
|
||||
|
||||
using var mechanism = Factories.MechanismFactory.Create(entry.SignMechanismId);
|
||||
using var mechanism = _factories.MechanismFactory.Create(entry.SignMechanismId);
|
||||
return session.Sign(mechanism, privateHandle, digest.ToArray());
|
||||
}
|
||||
finally
|
||||
@@ -81,12 +81,12 @@ internal static class Pkcs11SignerUtilities
|
||||
{
|
||||
var template = new List<IObjectAttribute>
|
||||
{
|
||||
Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, (uint)objectClass)
|
||||
_factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, (uint)objectClass)
|
||||
};
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(label))
|
||||
{
|
||||
template.Add(Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, label));
|
||||
template.Add(_factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, label));
|
||||
}
|
||||
|
||||
var handles = session.FindAllObjects(template);
|
||||
|
||||
@@ -9,3 +9,4 @@ Source of truth: `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229
|
||||
| AUDIT-0060-T | DONE | Revalidated 2026-01-08; open findings tracked in audit report. |
|
||||
| AUDIT-0060-A | TODO | Revalidated 2026-01-08 (open findings). |
|
||||
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |
|
||||
| REMED-08 | DONE | Split provider core; renamed fields/consts; added PKCS11 provider tests. |
|
||||
|
||||
Reference in New Issue
Block a user