We are using Thales nShield HSM for storing Private keys and the corresponding public key is stored in the Certificate store.
We have written the logic as below:
Search for a valid slot and open a session for that on the first
call and it can serve multiple requests.
It expires after half an
hours. During the time it is not expired, if it gets any request to
serve.
Now even when it is not expired, when we try to check the
sessionInfo it is giving the below message:
Method C_GetSessionInfo returned CKR_CRYPTOKI_NOT_INITIALIZED
Please help. Thanks in Advance.
The below is the addition to the above query.
We created a class, which encapsulated all of the Pkcs11Interop usage and exposed few methods as shown below.
/// <summary>
/// Contains the information about Private key stored in HMS and Certificate to load from File System/Windows Certificates Store/HSM.
/// </summary>
public class HardwareSecureModule
{
/// <summary>
/// CryptoApi reference
/// </summary>
public string CryptoApiPath { get; set; }
/// <summary>
/// Idenfitier of the Private Key
/// </summary>
public string KeyLabel { get; set; }
/// <summary>
/// Idenfitier type of the Private Key
/// </summary>
public string KeyIdentifier { get; set; }
/// <summary>
/// Idenfitier of the Token
/// </summary>
public string TokenLabel { get; set; }
/// <summary>
/// Token Pin
/// </summary>
public string TokenPin { get; set; }
/// <summary>
/// Idenfitier of the Certificate
/// </summary>
public string CertificateLabel { get; set; }
}
public interface IHsmSession : IDisposable
{
/// <summary>
/// Find key encryption algorithm
/// </summary>
/// <returns></returns>
string GetEncryptionAlgorithm();
/// <summary>
/// sign the digest
/// </summary>
/// <param name="digest"></param>
/// <returns></returns>
byte[] Sign(byte[] digest, string encryptionAlgorithm, string hashAlgorithm);
/// <summary>
/// Indicates if thread within the pool is working
/// to avoid disposal of the same
/// </summary>
bool Locked { get; set; }
/// <summary>
/// Unique identifier of the HSM Session
/// </summary>
Guid Id { get; }
}
/// <summary>
/// Class for communicating with HSM
/// </summary>
public class Pkcs11HsmSession : IHsmSession
{
private Pkcs11 _pkcs11;
private Slot _slot;
private Session _session;
private readonly HardwareSecureModule _certificateInformation = null;
public bool Locked { get; set; }
public Guid Id { get; }
/// <summary>
/// Constructor
/// </summary>
/// <param name="certificateInformation"></param>
public Pkcs11HsmSession(HardwareSecureModule certificateInformation)
{
Id = Guid.NewGuid();
_certificateInformation = certificateInformation;
if (_certificateInformation != null)
InitializeVariables();
}
private void InitializeVariables()
{
_pkcs11 = GetPkcs11Instance(_certificateInformation.CryptoApiPath);
if (_pkcs11 == null)
throw new Exception("Unable to create instance of Pkcs11");
_slot = FindSlot(_pkcs11, _certificateInformation.TokenLabel);
if (_slot == null)
throw new Exception("Specified token not found: " + _certificateInformation.TokenLabel);
_session = _slot.OpenSession(true);
if (_session == null)
throw new Exception("Unable to create session for the slot");
SessionLogin();
}
private Pkcs11 GetPkcs11Instance(string hsmCryptoApi)
{
Pkcs11 pkcs11 = null;
try
{
pkcs11 = CreatePkcs11Instance(hsmCryptoApi, true);
}
catch (Pkcs11Exception ex)
{
if (ex.RV == CKR.CKR_CANT_LOCK)
pkcs11 = CreatePkcs11Instance(hsmCryptoApi, false);
else
throw ex;
}
return pkcs11;
}
private Pkcs11 CreatePkcs11Instance(string hsmCryptoApi, bool useOsLocking)
{
return new Pkcs11(hsmCryptoApi, useOsLocking);
}
private Slot FindSlot(Pkcs11 pkcs11, string tokenLabel)
{
if (string.IsNullOrEmpty(tokenLabel))
throw new Exception("Token label is not specified");
List<Slot> slots = pkcs11.GetSlotList(true);
if (slots != null && slots.Count > 0)
{
foreach (Slot slot in slots)
{
TokenInfo tokenInfo = null;
try
{
tokenInfo = slot.GetTokenInfo();
}
catch (Pkcs11Exception ex)
{
if (ex.RV != CKR.CKR_TOKEN_NOT_RECOGNIZED && ex.RV != CKR.CKR_TOKEN_NOT_PRESENT)
throw;
}
if (tokenInfo == null)
continue;
if (!string.IsNullOrEmpty(tokenLabel))
if (0 !=
String.Compare(tokenLabel, tokenInfo.Label, StringComparison.InvariantCultureIgnoreCase))
continue;
return slot;
}
}
return null;
}
/// <summary>
/// HSM Signs the digest using private key
/// </summary>
/// <param name="message"></param>
/// <param name="encryptionAlgorithm"></param>
/// <param name="hashAlgorithm"></param>
/// <returns></returns>
public virtual byte[] Sign(byte[] message, string encryptionAlgorithm, string hashAlgorithm)
{
hashAlgorithm = hashAlgorithm.Replace("-", string.Empty);
CKM signingMechanismType = GetSigningMechanismType(encryptionAlgorithm, hashAlgorithm);
SessionLogin();
ObjectHandle privateKeyHandle = GetPrivateKeyHandle();
if (signingMechanismType == CKM.CKM_ECDSA)
{
message = GetMessageDigest(message, hashAlgorithm);
}
using (Mechanism mechanism = new Mechanism(signingMechanismType))
{
byte[] signedHash = _session.Sign(mechanism, privateKeyHandle, message);
if (signingMechanismType == CKM.CKM_ECDSA)
{
return ConstructEcdsaSigValue(signedHash);
}
return signedHash;
}
}
private byte[] GetMessageDigest(byte[] message, string hashAlgorithm)
{
CKM hashMechanismType = (CKM)Enum.Parse(typeof(CKM), "CKM_" + hashAlgorithm.ToUpper());
using (Mechanism mechanism = new Mechanism(hashMechanismType))
{
return _session.Digest(mechanism, message);
}
}
/// <summary>
/// Construct ECDSA der sequence
/// </summary>
/// <param name="rs"></param>
/// <returns></returns>
/// <exception cref="ArgumentNullException"></exception>
/// <exception cref="ArgumentException"></exception>
public byte[] ConstructEcdsaSigValue(byte[] rs)
{
if (rs == null)
throw new ArgumentNullException("rs is null");
if (rs.Length < 2 || rs.Length % 2 != 0)
throw new ArgumentException("Invalid length of rs byte");
int halfLen = rs.Length / 2;
byte[] half1 = new byte[halfLen];
Array.Copy(rs, 0, half1, 0, halfLen);
var r = new BigInteger(1, half1);
byte[] half2 = new byte[halfLen];
Array.Copy(rs, halfLen, half2, 0, halfLen);
var s = new BigInteger(1, half2);
var derSequence = new Org.BouncyCastle.Asn1.DerSequence(
new Org.BouncyCastle.Asn1.DerInteger(r),
new Org.BouncyCastle.Asn1.DerInteger(s));
return derSequence.GetDerEncoded();
}
/// <summary>
/// GetEncryptionAlgorithm for Interface
/// </summary>
/// <returns></returns>
public string GetEncryptionAlgorithm()
{
SessionLogin();
string objectAttributeValue = GetObjectAttribute().ToString();
switch ((CKK)Enum.Parse(typeof(CKK), objectAttributeValue))
{
case CKK.CKK_RSA:
return "RSA";
case CKK.CKK_ECDSA: //CKK.CKK_EC has same value as CKK.CKK_ECDSA:
return "ECDSA";
default:
throw new Exception("Unknown Encryption Algorithm");
}
}
/// <summary>
/// Get atrributes for object handle
/// </summary>
/// <returns></returns>
private ulong GetObjectAttribute()
{
ObjectHandle objectHandle = GetPrivateKeyHandle();
List<CKA> keyAttributes = new List<CKA>();
keyAttributes.Add(CKA.CKA_KEY_TYPE);
List<ObjectAttribute> keyObjectAttributes = _session.GetAttributeValue(objectHandle, keyAttributes);
return keyObjectAttributes[0].GetValueAsUlong();
}
/// <summary>
/// Extract private key handle from HSM
/// </summary>
/// <returns></returns>
private ObjectHandle GetPrivateKeyHandle()
{
_logger.WriteTrace("Inside GetPrivateKeyHandle()", LogCategory.General);
string keyLabel = _certificateInformation.KeyLabel;
string keyIdentifier = _certificateInformation.KeyIdentifier;
List<ObjectAttribute> searchTemplate = new List<ObjectAttribute>();
searchTemplate.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY));
CKA indentifierType;
bool parseResult = Enum.TryParse(keyIdentifier, out indentifierType);
if (!parseResult)
throw new Exception("Invalid Key Identifier '" + keyIdentifier + "'. Please provide a valid value (CKA_ID, CKA_LABEL etc).");
searchTemplate.Add(new ObjectAttribute(indentifierType, keyLabel));
List<ObjectHandle> foundObjects = _session.FindAllObjects(searchTemplate);
if (foundObjects.Count < 1)
{
throw new Exception(string.Format("Private key with {0} '{1}' was not found", keyIdentifier, keyLabel));
}
else if (foundObjects.Count > 1)
{
throw new Exception(string.Format("More than one private key with {0} '{1}' was found", keyIdentifier, keyLabel));
}
return foundObjects[0];
}
/// <summary>
/// Get MechanismType CKM for Ecdsa
/// </summary>
/// <param name="hashAlgorithm"></param>
/// <returns></returns>
private CKM GetEcdsaMechanismType(string hashAlgorithm)
{
switch (hashAlgorithm)
{
//Currently we don't have direct support for the below mechanism in HSM, however if supported this code can be uncommented and used
//case "SHA1":
// return CKM.CKM_ECDSA_SHA1;
//case "SHA224":
// return CKM.CKM_ECDSA_SHA224;
//case "SHA256":
// return CKM.CKM_ECDSA_SHA256;
//case "SHA384":
// return CKM.CKM_ECDSA_SHA384;
//case "SHA512":
// return CKM.CKM_ECDSA_SHA512;
default:
return CKM.CKM_ECDSA;
}
}
/// <summary>
/// Get CKM based upon hash algorithm
/// </summary>
/// <param name="hashAlgorithm"></param>
/// <returns></returns>
private CKM GetRsaMechanismType(string hashAlgorithm)
{
switch (hashAlgorithm)
{
case "SHA512":
return CKM.CKM_SHA512_RSA_PKCS;
case "SHA256":
default:
return CKM.CKM_SHA256_RSA_PKCS;
}
}
/// <summary>
/// Get CKM based on encryption and hash algorithm
/// </summary>
/// <param name="encryptionAlgorithm"></param>
/// <param name="hashAlgorithm"></param>
/// <returns></returns>
private CKM GetSigningMechanismType(string encryptionAlgorithm, string hashAlgorithm)
{
switch (encryptionAlgorithm)
{
case "EC":
case "ECDSA":
return GetEcdsaMechanismType(hashAlgorithm);
case "RSA":
default:
return GetRsaMechanismType(hashAlgorithm);
}
}
private void CloseSession()
{
if (_session != null)
{
try
{
SessionLogout();
}
catch
{
// Any exceptions can be safely ignored here
}
_session.Dispose();
_session = null;
}
_slot = null;
if (_pkcs11 != null)
{
_pkcs11.Dispose();
_pkcs11 = null;
}
}
public void Dispose()
{
CloseSession();
}
private void SessionLogout()
{
if (_session != null && GetSessionState() == CKS.CKS_RO_USER_FUNCTIONS)
{
ulong sessionId = _session.SessionId;
_session.Logout();
}
}
private void SessionLogin()
{
if (_session != null && GetSessionState() != CKS.CKS_RO_USER_FUNCTIONS)
{
_session.Login(CKU.CKU_USER, _certificateInformation.TokenPin);
}
}
private CKS GetSessionState()
{
try
{
return _session.GetSessionInfo().State;
}
catch (Exception ex)
{
if (_certificateInformation != null)
InitializeVariables();
return _session.GetSessionInfo().State;
}
}
}
PKCS#11 defines an application as a single process with single address space and one or multiple threads of control running in it.
Any application becomes a "Cryptoki application" by initializing PKCS#11 library in one of its threads with a call to C_Initialize function. After the library has been initialized, the application can call other functions of PKCS#11 API. When the application is done using PKCS#11 API, it finalizes PKCS#11 library with a call to C_Finalize function and ceases to be a "Cryptoki application". From application perspective, PKCS#11 library initialization and finalization are global events, so it is crucial to ensure that one thread does not finalize library while other threads are still working with it.
PKCS#11 function C_Initialize is called in constructor of HighLevelAPI.Pkcs11 class and C_Finalize function is called when instance of HighLevelAPI.Pkcs11 class is disposed. It is crucial to ensure that two instances of this class working with same PKCS#11 library do not overlap each other. My guess is that you are using more than one instance and you dispose it while you are still trying to use the other.
In my NinjectDependencyresolver I have this:
public NinjectDependencyResolver(IKernel kernelParam)
{
this.kernel = kernelParam;
AddBindings();
}
private void AddBindings()
{
kernel.Bind<IProductsRepository>().To<EFProductRepository>();
}
and then in my controller class I have this:
public class ProductController : Controller
{
private IProductsRepository repository;
public int PageSize = 4;
public ProductController()
{
}
public ProductController(IProductsRepository productRepository)
{
this.repository = productRepository;
}
The problem is that the repository is null
Also If I add a break point to the AddBinsings() method, it doesn't get hit before going to the controller, controller gets hit but AddBindings() does not.
So does it mean it is a problem with my Ninject?
ALSO: I added the parameter less constructor of ProductController after getting this error:
No parameterless constructor defined for this object
I don't think I need that constructor, but if I remove it I get that error.
I would start by removing the constructor to ProductController that has no parameters. This will force ninject to use the constructor with IProductsRepository.
As for the binding part, we have the binding taking place inside the NinjectWebCommon.cs file. Here is our sample:
public static class NinjectWebCommon
{
private static readonly Bootstrapper Bootstrapper = new Bootstrapper();
/// <summary>
/// Starts the application
/// </summary>
public static void Start()
{
DynamicModuleUtility.RegisterModule(typeof (OnePerRequestHttpModule));
DynamicModuleUtility.RegisterModule(typeof (NinjectHttpModule));
Bootstrapper.Initialize(CreateKernel);
}
/// <summary>
/// Stops the application.
/// </summary>
public static void Stop()
{
Bootstrapper.ShutDown();
}
/// <summary>
/// Creates the kernel that will manage your application.
/// </summary>
/// <returns>The created kernel.</returns>
private static IKernel CreateKernel()
{
var kernel = new StandardKernel(new VBNinjectModule());
kernel.Bind<Func<IKernel>>().ToMethod(ctx => () => new Bootstrapper().Kernel);
kernel.Bind<IHttpModule>().To<HttpApplicationInitializationHttpModule>();
BindWebSpecificServices(kernel);
GlobalConfiguration.Configuration.DependencyResolver = new VBNinjectDependencyResolver(kernel);
return kernel;
}
public static void BindWebSpecificServices(IKernel kernel)
{
kernel.Bind<IUserHelper>()
.To<UserHelper>()
.InRequestScope();
kernel.Bind<IRoleWebService>()
.To<RoleWebService>()
.InRequestScope();
}
Should have also called it in Gloabal.ashx.cs file
I need to create a tree view in asp.net mvc5 framework for the recursive outputs.
This is my model class
public class ProcSearchModel
{
/// <summary>
///
/// </summary>
public string TableName { get; set; }
/// <summary>
///
/// </summary>
public string DirectoryPath { get; set; }
/// <summary>
///
/// </summary>
public List<string> ProceduresName { get; set; }
// public List<ProcSearchModel> =
}
That stores the list of result in ProceduresName list.
Now for each Procedure name in the list there is another list of names in it. Which I need to populate as tree view..
Presently this is my controller function:
public ActionResult SearchProcedure(ProcSearchModel procSearchModel)
{
List<string> lstString = new List<string>();
//if (procSearchModel != null)
//{
try
{
var txtFiles = Directory.EnumerateFiles(procSearchModel.DirectoryPath, "*.sql", SearchOption.AllDirectories);
// pattern to capture the Stored procedue name
// string cpattern = #"(CREATE PROCEDURE|ALTER PROCEDURE)\s*(?<proc_name>(\w|_|\[|\]|\.)*)(.|\n)*" + procSearchModel.TableName;
string cPattern = #"(CREATE PROCEDURE|ALTER PROCEDURE)\s*(?<proc_name>(\w|_|\[|\]|\.)*)";
string tPattern = procSearchModel.TableName;
foreach (string currentFile in txtFiles)
{
string content = System.IO.File.ReadAllText(currentFile);
if(Regex.IsMatch(content,tPattern,RegexOptions.IgnoreCase) && Regex.IsMatch(content,cPattern,RegexOptions.IgnoreCase))
{
Match match = Regex.Match(content, cPattern, RegexOptions.IgnoreCase);
lstString.Add(match.Groups["proc_name"].Value);
}
}
procSearchModel.ProceduresName = lstString;
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
//}
return View(procSearchModel);
}
Now plz help me how to populate the tree view by usnig nested list with jstree plugin
Create a recursive node structure of the nodes (or objects) as you need in the hierarchy and link them as in a tree. Then pass that object in a tree
class dummyObject{
int num;
String data;
List<dummyObject> d = new List<dummyObject>();
}
Use this type of class object to create hierarchy structure and then pass them into jstree (http://www.jstree.com/) plugin call..... Rest will be done the plugin.
I created a simple service with service stack.
namespace BE.Source.Listener.Services
{
public class StatusService : Service
{
private ILog Logger
{
get
{
return LogManager.GetLogger(GetType()); ;
}
}
public object Get(KilnListenerStatusRequest request)
{
var result = new KilnListenerStatusResponse();
result.LastPushRequest = DateTime.Now;
return result;
}
}
}
The service returns a dto named "StatusResult" which has the ResponseSTatus property.
The Request and the result dtos are in the same name space but not in the one the serivce is,
Or is StatusREsult only filled when a error occurs ?
namespace BE.Source.ServiceModel
{
/// <summary>
/// Request for Service Status
/// </summary>
public sealed class StatusRequest : IReturn<StatusResult>
{
}
}
namespace BE.Source.ServiceModel
{
/// <summary>
///
/// </summary>
public sealed class StatusResult
{
/// <summary>
/// Status of the response
/// </summary>
public ResponseStatus ResponseStatus { get; set; } //Automatic exception handling
}
But when firing the get with the jsonservice cleint the property is null.
To the best of my knowledge the ResponseStatus property will be null when no error has occured.
From one of the many tests in the ServiceStack GitHub repo:
[Test, TestCaseSource(typeof(CustomerServiceValidationTests), "ServiceClients")]
public void Post_ValidRequest_succeeds(Func<IServiceClient> factory)
{
var client = factory();
var response = client.Send<CustomersResponse>(validRequest);
Assert.That(response.ResponseStatus, Is.Null);
}
There is a custom data type for business object properties in one of my projects. This custom type is a wrapper for the basic Data Types in .NET.
When I try and get the value from the property, the below is displayed if the syntax is:
company.Name
Interfaces.Model.CustomType`1[System.String]
It is expecting:
company.Name.Value
I would like to avoid the need to use the .value; am I looking to overload an operation, or implicit/explicit methods?
Any help would be great.
Here is the general outline of the CustomType:
public class CustomType<t>
{
#region Implicit Casting
/// <summary>
///
/// </summary>
/// <param name="obj"></param>
/// <returns></returns>
public static implicit operator t(CustomType<t> obj)
{
if (obj == null)
return new CustomType<t>().Value;
return obj.Value;
}
/// <summary>
///
/// </summary>
/// <param name="obj"></param>
/// <returns></returns>
public static implicit operator CustomType<t>(t obj)
{
return new CustomType<t>(obj);
}
#endregion Implicit Casting
/// <summary>
/// Gets or sets the value.
/// </summary>
/// <value>The value.</value>
public t Value
{
get
{
return _value;
}
set
{
_value = value;
}
}
/// <summary>
/// Sets the value.
/// </summary>
/// <param name="value">The value.</param>
/// <returns></returns>
public CustomType<t> setValue(t value)
{
try
{
Value = value;
}
catch (InvalidCastException e)
{
throw new InvalidCastException("CustomType invalid property cast ", e.InnerException);
}
return this;
}
}
If I understand correctly you need to override ToString.
public class CustomType<T>
{
public override string ToString()
{
return Value.ToString(); //I assume Value is of type T.
}
}
I've done a certain amount of guessing here, perhaps you could show the code for your custom type and the all that's giving you the type.