And*_*dky 5 wcf smartcard wcf-security
我正在使用证书来保护客户端和服务器之间的通信(没有代码,只是端点配置)。证书目前存储在 ACOS5 智能卡中。除了每次 WCF 创建新通道访问服务器时,ACOS5 驱动程序要求用户输入“用户 PIN”,一切都运行良好。不幸的是,它经常发生。
有没有办法配置驱动程序来缓存用户已经在当前进程中输入的 PIN 至少一段时间,或者我如何缓存 pin 并在同一会话中每次以编程方式提供它?
我在这篇文章中发现了一些有用的东西:
这是因为在以前版本的 Windows 中,每个 CSP 都会缓存您输入的 PIN,但 Windows 7 实际上会将 PIN 转换为安全令牌并缓存它。不幸的是,只有一个全局令牌缓存,但 CSP 不能使用其他人生成的令牌,所以首先智能卡 CSP 提示您并缓存一个令牌,然后 SSL 提示您并缓存它自己的令牌(覆盖第一个),然后智能卡系统再次提示您(因为其缓存的令牌已消失)。
但是我不能使用作者提出的解决方案。所以我该怎么做?
这是我们多年来在主要应用程序中发现并使用的一种方法:
static class X509Certificate2Extension
{
public static void SetPinForPrivateKey(this X509Certificate2 certificate, string pin)
{
if (certificate == null) throw new ArgumentNullException("certificate");
var key = (RSACryptoServiceProvider)certificate.PrivateKey;
var providerHandle = IntPtr.Zero;
var pinBuffer = Encoding.ASCII.GetBytes(pin);
// provider handle is implicitly released when the certificate handle is released.
SafeNativeMethods.Execute(() => SafeNativeMethods.CryptAcquireContext(ref providerHandle,
key.CspKeyContainerInfo.KeyContainerName,
key.CspKeyContainerInfo.ProviderName,
key.CspKeyContainerInfo.ProviderType,
SafeNativeMethods.CryptContextFlags.Silent));
SafeNativeMethods.Execute(() => SafeNativeMethods.CryptSetProvParam(providerHandle,
SafeNativeMethods.CryptParameter.KeyExchangePin,
pinBuffer, 0));
SafeNativeMethods.Execute(() => SafeNativeMethods.CertSetCertificateContextProperty(
certificate.Handle,
SafeNativeMethods.CertificateProperty.CryptoProviderHandle,
0, providerHandle));
}
}
internal static class SafeNativeMethods
{
internal enum CryptContextFlags
{
None = 0,
Silent = 0x40
}
internal enum CertificateProperty
{
None = 0,
CryptoProviderHandle = 0x1
}
internal enum CryptParameter
{
None = 0,
KeyExchangePin = 0x20
}
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool CryptAcquireContext(
ref IntPtr hProv,
string containerName,
string providerName,
int providerType,
CryptContextFlags flags
);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Auto)]
public static extern bool CryptSetProvParam(
IntPtr hProv,
CryptParameter dwParam,
[In] byte[] pbData,
uint dwFlags);
[DllImport("CRYPT32.DLL", SetLastError = true)]
internal static extern bool CertSetCertificateContextProperty(
IntPtr pCertContext,
CertificateProperty propertyId,
uint dwFlags,
IntPtr pvData
);
public static void Execute(Func<bool> action)
{
if (!action())
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
}
完整的帖子和作者在这里: http://www.infinitec.de/post/2010/11/22/Setting-the-PIN-of-a-smartcard-programmatically.aspx