libdigidocpp
4.0.0
|
Implements Signer
interface for ID-Cards, which support PKCS#11 protocol.
More...
#include <PKCS11Signer.h>
Public Member Functions | |
PKCS11Signer (const std::string &driver="") | |
~PKCS11Signer () override | |
X509Cert | cert () const override |
Reimplemented parent class method digidoc::Signer::cert More... | |
std::string | method () const override |
std::vector< unsigned char > | sign (const std::string &method, const std::vector< unsigned char > &digest) const override |
Reimplemented parent class method digidoc::Signer::sign More... | |
void | setPin (const std::string &pin) |
Public Member Functions inherited from digidoc::Signer | |
virtual | ~Signer () |
std::string | profile () const |
bool | usingENProfile () const |
std::string | city () const |
std::string | streetAddress () const |
std::string | stateOrProvince () const |
std::string | postalCode () const |
std::string | countryName () const |
std::vector< std::string > | signerRoles () const |
void | setMethod (const std::string &method) |
void | setProfile (const std::string &profile) |
void | setENProfile (bool enable) |
void | setSignatureProductionPlace (const std::string &city, const std::string &stateOrProvince, const std::string &postalCode, const std::string &countryName) |
void | setSignatureProductionPlaceV2 (const std::string &city, const std::string &streetAddress, const std::string &stateOrProvince, const std::string &postalCode, const std::string &countryName) |
void | setSignerRoles (const std::vector< std::string > &signerRoles) |
Protected Member Functions | |
virtual std::string | pin (const X509Cert &certificate) const |
virtual X509Cert | selectSigningCertificate (const std::vector< X509Cert > &certificates) const |
Protected Member Functions inherited from digidoc::Signer | |
Signer () | |
Implements Signer
interface for ID-Cards, which support PKCS#11 protocol.
Abstract method selectSigningCertificate
is called if the signer needs to choose the correct signing certificate. It is called also if there is only one certificate found on ID-Card. Parameter certificates
provides list of all certificates found in the ID-Card.
Abstract method pin
is called if the selected certificate needs PIN to log in.
PKCS11Signer::PKCS11Signer | ( | const std::string & | driver = "" | ) |
Loads PKCS#11 driver.
driver | full path to the PKCS#11 driver (e.g. /usr/lib/opensc-pkcs11.so) |
Exception | exception is thrown if the provided PKCS#11 driver loading failed. |
References digidoc::Conf::instance(), and digidoc::Conf::PKCS11Driver().
|
override |
Unload PKCS#11 module and releases acquired memory.
|
overridevirtual |
Reimplemented parent class method digidoc::Signer::cert
Finds all slots connected with the computer, if the slots have tokens, lists all certificates found in token. If there is more that 1 certificate lets the user application select (by calling the selectSignCertificate
callback function) the certificate used for signing.
Exception | throws exception if failed to select the signing certificate. For example no cards found or card has no certificate. |
Implements digidoc::Signer.
References digidoc::X509Cert::isCA(), digidoc::X509Cert::isValid(), digidoc::X509Cert::keyUsage(), digidoc::X509Cert::NonRepudiation, and selectSigningCertificate().
|
overridevirtual |
Gets signature method
Reimplemented from digidoc::Signer.
References digidoc::Signer::method().
Referenced by sign().
|
protectedvirtual |
Abstract method that returns PIN code for the selected signing certificate. If PIN code is not needed this method is never called. To cancel the login this method should throw an exception.
certificate | certificate that is used for signing and needs a PIN for login. |
Exception | should throw an exception if the login operation should be canceled. |
|
protectedvirtual |
Abstract method for selecting the correct signing certificate. If none of the certificates suit for signing, this method should throw an Exception. This method is always called, when there is at least 1 certificate available.
certificates | available certificates to choose from. |
Exception | should throw an exception if no suitable certificate is in the list or the operation should be cancelled. |
Referenced by cert().
void PKCS11Signer::setPin | ( | const std::string & | pin | ) |
If sub class does not want reimplement pin
method then it is possible set default pin
pin |
References pin().
|
overridevirtual |
Reimplemented parent class method digidoc::Signer::sign
Signs the digest provided using the selected certificate. If the certificate needs PIN, the PIN is acquired by calling the callback function pin
.
method | digest method to be used |
digest | digest to sign |
Exception | throws exception if the signing operation failed. |
Implements digidoc::Signer.
References method(), pin(), digidoc::Exception::PINCanceled, digidoc::Exception::PINFailed, digidoc::Exception::PINIncorrect, digidoc::Exception::PINLocked, and digidoc::Exception::setCode().