search

Pkcs11Interop / Pkcs11Interop.X509Store

Easy to use PKCS#11 based X.509 certificate store
Apache License 2.0
33 stars 18 forks source link

Fails to load tokens when there are unrecognized ones #33

Closed dalmohub closed 7 months ago

dalmohub commented 2 years ago

After configuring Windows Hello for business, a certificate was created in my PC which is somehow identified as a token by Bit4Id (PKCS#11 library).

image

Since then I'm unable to access my actual PKCS#11 USB Token because Pkcs11X509Store.Slots throws an exception due to the bogus Windows Hello token. The error happens in Pkcs11Token.GetTokenContext when calling Slot.GetTokenInfo() which throws a Pkcs11Exception exception => CKR_TOKEN_NOT_RECOGNIZED.

The error handling below allows "good" tokens to be loaded regardless of the presence of "invalid" ones.

private List<Pkcs11Slot> GetSlots()
{
    var slots = new List<Pkcs11Slot>();

    foreach (ISlot slot in _storeContext.Pkcs11Library.GetSlotList(SlotsType.WithTokenPresent))
    {
        try
        {
            var pkcs11Slot = new Pkcs11Slot(slot, _storeContext);
            slots.Add(pkcs11Slot);
        }
        catch (Pkcs11Exception ex)
        {
            if (ex.RV != CKR.CKR_TOKEN_NOT_RECOGNIZED && ex.RV != CKR.CKR_TOKEN_NOT_PRESENT)
            {
                throw;
            }
        }
    }

    return slots;
}
lucaquaglio commented 1 year ago

Up

lucaquaglio commented 1 year ago

Created PR for the issue https://github.com/Pkcs11Interop/Pkcs11Interop.X509Store/pull/35

jariq commented 7 months ago

@dalmohub thanks for reporting. Fix will be included in Pkcs11Interop.X509Store 0.5.0.