libdigidocpp 4.1.0
Public Member Functions | Protected Member Functions | List of all members
digidoc::PKCS11Signer Class Reference

Implements Signer interface for ID-Cards, which support PKCS#11 protocol. More...

#include <PKCS11Signer.h>

Inherits digidoc::Signer.

Public Member Functions

 PKCS11Signer (const std::string &driver="")
 
 ~PKCS11Signer () override
 
X509Cert cert () const override
 Reimplemented parent class method digidoc::Signer::cert
 
std::string method () const override
 
std::vector< unsigned char > sign (const std::string &method, const std::vector< unsigned char > &digest) const override
 Reimplemented parent class method digidoc::Signer::sign
 
void setPin (const std::string &pin)
 
- Public Member Functions inherited from digidoc::Signer
virtual ~Signer ()
 
std::string profile () const
 
std::string userAgent () const
 
bool usingENProfile () const
 
std::string city () const
 
std::string streetAddress () const
 
std::string stateOrProvince () const
 
std::string postalCode () const
 
std::string countryName () const
 
std::vector< std::string > signerRoles () const
 
void setMethod (const std::string &method)
 
void setProfile (const std::string &profile)
 
void setUserAgent (const std::string &userAgent)
 
void setENProfile (bool enable)
 
void setSignatureProductionPlace (const std::string &city, const std::string &stateOrProvince, const std::string &postalCode, const std::string &countryName)
 
void setSignatureProductionPlaceV2 (const std::string &city, const std::string &streetAddress, const std::string &stateOrProvince, const std::string &postalCode, const std::string &countryName)
 
void setSignerRoles (const std::vector< std::string > &signerRoles)
 

Protected Member Functions

virtual std::string pin (const X509Cert &certificate) const
 
virtual X509Cert selectSigningCertificate (const std::vector< X509Cert > &certificates) const
 
- Protected Member Functions inherited from digidoc::Signer
 Signer ()
 

Detailed Description

Implements Signer interface for ID-Cards, which support PKCS#11 protocol.

Abstract method selectSigningCertificate is called if the signer needs to choose the correct signing certificate. It is called also if there is only one certificate found on ID-Card. Parameter certificates provides list of all certificates found in the ID-Card.

Abstract method pin is called if the selected certificate needs PIN to log in.

See also
selectSigningCertificate
pin

Constructor & Destructor Documentation

◆ PKCS11Signer()

PKCS11Signer::PKCS11Signer ( const std::string &  driver = "")

Loads PKCS#11 driver.

Parameters
driverfull path to the PKCS#11 driver (e.g. /usr/lib/opensc-pkcs11.so)
Exceptions
Exceptionexception is thrown if the provided PKCS#11 driver loading failed.

References digidoc::Conf::instance(), and digidoc::Conf::PKCS11Driver().

◆ ~PKCS11Signer()

PKCS11Signer::~PKCS11Signer ( )
override

Unload PKCS#11 module and releases acquired memory.

Member Function Documentation

◆ cert()

X509Cert PKCS11Signer::cert ( ) const
overridevirtual

Reimplemented parent class method digidoc::Signer::cert

Finds all slots connected with the computer, if the slots have tokens, lists all certificates found in token. If there is more that 1 certificate lets the user application select (by calling the selectSignCertificate callback function) the certificate used for signing.

Exceptions
Exceptionthrows exception if failed to select the signing certificate. For example no cards found or card has no certificate.

Implements digidoc::Signer.

References digidoc::X509Cert::isCA(), digidoc::X509Cert::isValid(), digidoc::X509Cert::keyUsage(), digidoc::X509Cert::NonRepudiation, and selectSigningCertificate().

◆ method()

string PKCS11Signer::method ( ) const
overridevirtual

Gets signature method

Reimplemented from digidoc::Signer.

References digidoc::Signer::method().

Referenced by sign().

◆ pin()

string PKCS11Signer::pin ( const X509Cert certificate) const
protectedvirtual

Abstract method that returns PIN code for the selected signing certificate. If PIN code is not needed this method is never called. To cancel the login this method should throw an exception.

Parameters
certificatecertificate that is used for signing and needs a PIN for login.
Returns
returns the PIN code to login.
Exceptions
Exceptionshould throw an exception if the login operation should be canceled.

Referenced by setPin(), and sign().

◆ selectSigningCertificate()

X509Cert PKCS11Signer::selectSigningCertificate ( const std::vector< X509Cert > &  certificates) const
protectedvirtual

Abstract method for selecting the correct signing certificate. If none of the certificates suit for signing, this method should throw an Exception. This method is always called, when there is at least 1 certificate available.

Parameters
certificatesavailable certificates to choose from.
Returns
returns the certificate used for signing.
Exceptions
Exceptionshould throw an exception if no suitable certificate is in the list or the operation should be cancelled.

Referenced by cert().

◆ setPin()

void PKCS11Signer::setPin ( const std::string &  pin)

If sub class does not want reimplement pin method then it is possible set default pin

Parameters
pin

References pin().

◆ sign()

vector< unsigned char > PKCS11Signer::sign ( const std::string &  method,
const std::vector< unsigned char > &  digest 
) const
overridevirtual

Reimplemented parent class method digidoc::Signer::sign

Signs the digest provided using the selected certificate. If the certificate needs PIN, the PIN is acquired by calling the callback function pin.

Parameters
methoddigest method to be used
digestdigest to sign
Returns
signature signed result
Exceptions
Exceptionthrows exception if the signing operation failed.

Implements digidoc::Signer.

References method(), pin(), digidoc::Exception::PINCanceled, digidoc::Exception::PINFailed, digidoc::Exception::PINIncorrect, digidoc::Exception::PINLocked, and digidoc::Exception::setCode().

The documentation for this class was generated from the following files: