I am trying to import certificate in safenet dongle using swift and safenet's sdk. I have used encoder and decoder from the below linked code https://github.com/filom/ASN1Decoder. My swift side code is like below :-
let subjectDistinguishedNameDER = ASN1DEREncoder.encodeSequence(content: cert!.subjectDistinguishedNameDER)
let issuerDistinguishedNameDER = ASN1DEREncoder.encodeSequence(content: cert!.issuerDistinguishedNameDER)
dongle.importCertificate(password:donglePin, enrollmentId: id, subject: (subjectDistinguishedNameDER as CFData) as Data, issuer: (issuerDistinguishedNameDER as CFData) as Data, serialNumber: cert!.serialNumber!, value: (encodedData as CFData) as Data)
In the wrapper, I am doing below transformations
- (void) importCertificate:(NSString *) password enrollmentId:(NSString*)enrollmentId subject:(NSData*)subject issuer:(NSData*)issuer serialNumber:(NSData*)serialNumber value:(NSData*)value {
Dongle* d = (Dongle*)****;
char * eId = strdup([enrollmentId UTF8String]);
char * pass = strdup([password UTF8String]);
//char *signData = (char *)[data bytes];
unsigned char * sub = (unsigned char *)[subject bytes];
unsigned char * iss = (unsigned char *)[issuer bytes];
unsigned char * ser = (unsigned char *)[serialNumber bytes];
unsigned char * val = (unsigned char *)[value bytes];
NSUInteger valSize = [value length] / sizeof(unsigned char);
NSUInteger serSize = [serialNumber length] / sizeof(unsigned char);
NSUInteger issSize = [issuer length] / sizeof(unsigned char);
NSUInteger subSize = [subject length] / sizeof(unsigned char);
std::cout << "size size: \n";
//std::cout << size;
std::cout << "value print: \n";
d->importCertificate(pass, eId, sub, iss, ser, val, (int) subSize, (int) issSize, (int) serSize, (int) valSize);
}
in native side my methos is like :-
void Dongle::importCertificate(char *password, char* enrollmentId, unsigned char * subject, unsigned char * issuer, unsigned char * serialNumber, unsigned char * value, int subLength, int issLength, int serLength, int valLength) {
CK_RV rv = CKR_OK;
CK_BBOOL bFalse = CK_FALSE;
CK_BBOOL bTrue = CK_TRUE;
CK_KEY_TYPE keyType = CKK_RSA;
CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE;
LoadCryptoki(pkcs11_path);
rv = GetFirstSlotId(&slotId);
rv = C_OpenSession(slotId, (CKF_SERIAL_SESSION | CKF_RW_SESSION), NULL_PTR, NULL_PTR, &hSession);
// We can also use Dongle::generateKeyPairUtil
CK_OBJECT_HANDLE hPrivateKey = Dongle::getPrivateKeyHandle(hSession, password, enrollmentId);
CK_OBJECT_HANDLE hObject;
std::string labelPriv = std::string("private") + enrollmentId;
CK_UTF8CHAR * labelPrivate = convertToCK_UTF8CHAR(labelPriv); //Label of private key.
//std::string idPriv = std::string(enrollmentId);
//CK_UTF8CHAR * idPrivate = convertToCK_UTF8CHAR(idPriv);
CK_OBJECT_CLASS classCertificate = CKO_CERTIFICATE;
CK_OBJECT_CLASS typeCertificate = CKC_X_509;
CK_ATTRIBUTE certificateTemplate[] =
{
{ CKA_CLASS, &classCertificate, sizeof(classCertificate) },
{ CKA_TOKEN, &bTrue, sizeof(bTrue) },
{ CKA_PRIVATE, &bFalse, sizeof(bFalse) },
{ CKA_MODIFIABLE, &bTrue, sizeof(bTrue) },
{ CKA_LABEL, &labelPrivate, strlen((char *)labelPrivate) },
{ CKA_CERTIFICATE_TYPE, &typeCertificate, sizeof(typeCertificate) },
{ CKA_TRUSTED, &bFalse, sizeof(bFalse) },
{ CKA_SUBJECT, (CK_BYTE_PTR)&subject, (unsigned long)subLength },
{ CKA_ID, enrollmentId, strlen(enrollmentId) },
{ CKA_ISSUER, &issuer, strlen((char*) issuer) },
{ CKA_SERIAL_NUMBER, &serialNumber, strlen((char*) serialNumber) },
{ CKA_VALUE, (CK_BYTE_PTR)&value, (unsigned long)valLength }
};
std::cout << "length of subject \n";
std::cout << (unsigned long)subLength;
std::cout << "length of value \n";
std::cout << (unsigned long)valLength;
//CK_OBJECT_HANDLE hObject;
rv = C_CreateObject( hSession,
certificateTemplate,
DIM(certificateTemplate),
&hObject );
std::cout << "object handle code: \n";
std::cout << rv;
if (rv == CKR_OK) {
std::cout<< "Created object handle"<< hObject<< std::endl;
}
if (hSession) {
C_CloseSession(hSession);
UnloadCryptoki();
}
}
For certificate import, CKA_ISSUER and CKA_SERIAL_NUMBER are not necessary, I have also tried by removing them.
In Both case, I am getting CKA_TEMPLATE_INCONSISTENT code.
Is there any way I can get rid of this issue?