J'ai un programme qui exécute un exécutable en utilisant Process.Start()
. L'exécutable que j'appelle est un programme tiers qui met à jour un dossier dans ProgramData
. Une fois que le dossier dans le ProgramData
est mis à jour l'ensemble de lignes suivant dans mon programme, essayez de lire les dernières modifications.Impossible de lire les dernières modifications apportées au ProgramData
J'ai remarqué que les dernières modifications ne peuvent pas être lues même après que l'exécutable soit exécuté, cependant quand je réexécute mon programme depuis le début je peux voir les changements lus correctement. Je suppose que cela a quelque chose à voir avec AppDomain
pas en mesure de voir les changements lors de l'exécution.
Y at-il de toute façon des choses qui fonctionnent ici?
Dans le code ci-dessous à l'intérieur de la méthode HSMTransactionHandler
si une exception se produit avec le message HSM_ENCRYPTION_KEY_NOT_FOUND
, alors j'exécute un exe en appel de la méthode UpdateFromRFS
puis invoquez HSMTransactionHandler
récursive. L'exécution de l'exe obtient la ressource requise mais le code ne la lit pas. Si j'exécute un autre programme pendant l'exécution du programme en cours, le deuxième programme lit la ressource sans aucun problème. Ce qui me fait penser si un processus ou un domaine d'application peut voir les changements qui se produisent dans le dossier ProgramData
après qu'il a commencé?
Juste pour que tout le monde sache que j'utilise la bibliothèque PKCS11Interop
qui est un gestionnaire géré .net
construit autour d'une DLL native. Je ne suis pas sûr si l'utilisation d'une DLL native peut causer cela.
Toute aide sera grandement appréciée.
Voici le code:
public sealed class KeyStoreOperations
{
private KeyStoreContext m_keyStoreContext;
private static Pkcs11 m_Pkcs11;
private static readonly object _syncLockPkcs11 = new object();
private static readonly object _syncLockHSMLogin = new object();
public KeyStoreOperations(KeyStoreContext keyStoreContext)
{
m_keyStoreContext = keyStoreContext;
InitializePkcs11Object();
}
public string Encrypt(string keyName, string message)
{
ValidateInputs(message, "Message");
var encryptedMessage = string.Empty;
HSMTransactionHandler((Session session) =>
{
Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS);
var publicKey = GetPublicKey(keyName, session);
if (publicKey == null)
throw new HSMException(ErrorConstant.HSM_ENCRYPTION_KEY_NOT_FOUND);
var originalKeyBytes = EncryptionHelper.Decode(message);
var encryptedKeyBytes = session.Encrypt(mechanism, publicKey, originalKeyBytes);
encryptedMessage = EncryptionHelper.Encode(encryptedKeyBytes);
});
return encryptedMessage;
}
public string Decrypt(string keyName, string cipher)
{
ValidateInputs(cipher, "Cipher");
var decryptedMessage = string.Empty;
HSMTransactionHandler((Session session) =>
{
Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS);
var privateKey = GetPrivateKey(keyName, session);
if (privateKey == null)
throw new HSMException(ErrorConstant.HSM_ENCRYPTION_KEY_NOT_FOUND);
var encryptedSymmetricKeyBytes = EncryptionHelper.Decode(cipher);
var decryptedSymmetricKeyBytes = session.Decrypt(mechanism, privateKey, encryptedSymmetricKeyBytes);
decryptedMessage = EncryptionHelper.Encode(decryptedSymmetricKeyBytes);
});
return decryptedMessage;
}
#region Private methods
#region Validations
private void ValidateInputs(string input, string name)
{
if (string.IsNullOrEmpty(input))
throw new ArgumentNullException(name);
}
#endregion Validations
private void HSMTransactionHandler(Action<Session> action, bool commit = false, int retrialAttempt = 5)
{
Slot hsmSlot = null;
Session hsmSession = null;
bool logggedIn = false;
try
{
hsmSlot = GetSlot(m_NCipherKeyStoreContext.ModuleToken);
hsmSession = hsmSlot.OpenSession(false);
lock (_syncLockHSMLogin)
{
hsmSession.Login(CKU.CKU_USER, m_NCipherKeyStoreContext.SecurityPin);
logggedIn = true;
action(hsmSession);
hsmSession.Logout();
logggedIn = false;
}
if (commit)
CommitToRFS();
}
catch (Pkcs11Exception ex)
{
HandleHSMErrors(ex);
}
catch (HSMException ex)
{
if (ex.Message == EncryptionKeyStoreErrorConstant.HSM_ENCRYPTION_KEY_NOT_FOUND && retrialAttempt > 0)
{
if (logggedIn)
{
hsmSession.Logout();
logggedIn = false;
}
if (!(hsmSession == null))
hsmSession.CloseSession();
UpdateFromRFS();
Thread.Sleep(1000);
HSMTransactionHandler(action, retrialAttempt: retrialAttempt - 1);
}
else
throw ex;
}
finally
{
if (logggedIn)
hsmSession.Logout();
if (!(hsmSession == null))
hsmSession.CloseSession();
}
}
private void UpdateFromRFS()
{
using (var rfsSyncProcess = GetRfsSyncProcess("--update"))
{
ExecuteRFSSyncProcess(rfsSyncProcess);
}
}
private Process GetRfsSyncProcess(string args)
{
Process rfsSyncProcess = new Process();
rfsSyncProcess.StartInfo.FileName = "C:\\Program Files (x86)\\nCipher\\nfast\\bin\\rfs-sync.exe";
rfsSyncProcess.StartInfo.Arguments = args;
return rfsSyncProcess;
}
private void ExecuteRFSSyncProcess(Process rfsSyncProcess)
{
rfsSyncProcess.Start();
rfsSyncProcess.WaitForExit();
}
private ObjectHandle GetPrivateKey(string keyName, Session session)
{
ObjectHandle privateKey = null;
List<ObjectHandle> foundObjects = null;
List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
objectAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, keyName));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, true));
foundObjects = session.FindAllObjects(objectAttributes);
if (foundObjects != null && foundObjects.Count > 0)
{
privateKey = foundObjects[0];
}
return privateKey;
}
private ObjectHandle GetPublicKey(string keyName, Session session)
{
ObjectHandle publicKey = null;
List<ObjectHandle> foundObjects = null;
List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
objectAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, keyName));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false));
foundObjects = session.FindAllObjects(objectAttributes);
if (foundObjects != null && foundObjects.Count > 0)
{
publicKey = foundObjects[0];
}
return publicKey;
}
private List<ObjectAttribute> CreatePublicKeyTemplate(string keyName, byte[] ckaId)
{
List<ObjectAttribute> publicKeyAttributes = new List<ObjectAttribute>();
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, keyName));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ENCRYPT, true));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY, true));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY_RECOVER, true));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_WRAP, true));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_MODULUS_BITS, Convert.ToUInt64(m_keyStoreContext.KeySize)));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PUBLIC_EXPONENT, new byte[] { 0x01, 0x00, 0x01 }));
return publicKeyAttributes;
}
private List<ObjectAttribute> CreatePrivateKeyTemplate(string keyName, byte[] ckaId)
{
List<ObjectAttribute> privateKeyAttributes = new List<ObjectAttribute>();
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, true));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, keyName));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SENSITIVE, true));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_DECRYPT, true));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SIGN, true));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SIGN_RECOVER, true));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_UNWRAP, true));
return privateKeyAttributes;
}
private Slot GetSlot(string tokenLabel)
{
Slot matchingSlot = null;
List<Slot> slots = m_Pkcs11.GetSlotList(true);
matchingSlot = slots[0];
if (tokenLabel != null)
{
matchingSlot = null;
foreach (Slot slot in slots)
{
TokenInfo tokenInfo = null;
try
{
tokenInfo = slot.GetTokenInfo();
}
catch (Pkcs11Exception ex)
{
if (ex.RV != CKR.CKR_TOKEN_NOT_RECOGNIZED && ex.RV != CKR.CKR_TOKEN_NOT_PRESENT)
throw;
}
if (tokenInfo == null)
continue;
if (!string.IsNullOrEmpty(m_keyStoreContext.ModuleToken))
if (0 != string.Compare(m_keyStoreContext.ModuleToken, tokenInfo.Label, StringComparison.Ordinal))
continue;
matchingSlot = slot;
break;
}
if (matchingSlot == null)
throw new HSMException(string.Format(ErrorConstant.HSM_CONFIGURATION_ERROR_INCORRECT_SLOT, tokenLabel));
}
return matchingSlot;
}
private void InitializePkcs11Object()
{
if (m_Pkcs11 == null)
{
lock (_syncLockPkcs11)
{
m_Pkcs11 = new Pkcs11(m_keyStoreContext.PKCS11LibraryPath, true);
}
}
}
private void HandleHSMErrors(Pkcs11Exception ex)
{
if (ex.RV == CKR.CKR_PIN_INCORRECT)
{
throw new HSMException(ErrorConstant.HSM_CONFIGURATION_ERROR_PIN_INCORRECT, ex);
}
else
{
throw new HSMException(ErrorConstant.HSM_CONFIGURATION_ERROR_GENERIC, ex);
}
}
#endregion
}
Edit 1: Voici le code modifié qui a fonctionné pour moi et s'il vous plaît noter que la chose la plus importante est de définir la variable CKNFAST_ASSUME_SINGLE_PROCESS
ici à 0 dans cknfastrc
fichier
public sealed class KeyStoreOperations
{
private KeyStoreContext m_keyStoreContext;
private static Pkcs11 m_Pkcs11;
private static readonly object _syncLockPkcs11 = new object();
private static readonly object _syncLockHSMLogin = new object();
public KeyStoreOperations(KeyStoreContext keyStoreContext)
{
m_keyStoreContext = keyStoreContext;
InitializePkcs11Object();
}
public string Encrypt(string keyName, string message)
{
ValidateInputs(message, "Message");
var encryptedMessage = string.Empty;
HSMTransactionHandler((Session session) =>
{
Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS);
var publicKey = GetPublicKey(keyName, session);
if (publicKey == null)
throw new HSMException(ErrorConstant.HSM_ENCRYPTION_KEY_NOT_FOUND);
var originalKeyBytes = EncryptionHelper.Decode(message);
var encryptedKeyBytes = session.Encrypt(mechanism, publicKey, originalKeyBytes);
encryptedMessage = EncryptionHelper.Encode(encryptedKeyBytes);
});
return encryptedMessage;
}
public string Decrypt(string keyName, string cipher)
{
ValidateInputs(cipher, "Cipher");
var decryptedMessage = string.Empty;
HSMTransactionHandler((Session session) =>
{
Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS);
var privateKey = GetPrivateKey(keyName, session);
if (privateKey == null)
throw new HSMException(ErrorConstant.HSM_ENCRYPTION_KEY_NOT_FOUND);
var encryptedSymmetricKeyBytes = EncryptionHelper.Decode(cipher);
var decryptedSymmetricKeyBytes = session.Decrypt(mechanism, privateKey, encryptedSymmetricKeyBytes);
decryptedMessage = EncryptionHelper.Encode(decryptedSymmetricKeyBytes);
});
return decryptedMessage;
}
#region Private methods
#region Validations
private void ValidateInputs(string input, string name)
{
if (string.IsNullOrEmpty(input))
throw new ArgumentNullException(name);
}
#endregion Validations
private void HSMTransactionHandler(Action<Session> action, bool commit = false, int retrialAttempt = 5)
{
Slot hsmSlot = null;
Session hsmSession = null;
bool logggedIn = false;
try
{
hsmSlot = GetSlot(m_NCipherKeyStoreContext.ModuleToken);
hsmSession = hsmSlot.OpenSession(false);
lock (_syncLockHSMLogin)
{
hsmSession.Login(CKU.CKU_USER, m_NCipherKeyStoreContext.SecurityPin);
logggedIn = true;
action(hsmSession);
hsmSession.Logout();
logggedIn = false;
}
if (commit)
CommitToRFS();
}
catch (Pkcs11Exception ex)
{
HandleHSMErrors(ex);
}
catch (HSMException ex)
{
if (ex.Message == EncryptionKeyStoreErrorConstant.HSM_ENCRYPTION_KEY_NOT_FOUND && retrialAttempt > 0)
{
if (logggedIn)
{
hsmSession.Logout();
logggedIn = false;
}
if (!(hsmSession == null))
{
hsmSession.CloseSession();
hsmSession = null;
}
UpdateFromRFS();
Thread.Sleep(1000);
if (!m_Pkcs11.Disposed)
{
m_Pkcs11.Dispose();
m_Pkcs11 = null;
}
HSMTransactionHandler(action, retrialAttempt: retrialAttempt - 1);
}
else
throw ex;
}
finally
{
if (logggedIn)
hsmSession.Logout();
if (!(hsmSession == null))
hsmSession.CloseSession();
}
}
private void UpdateFromRFS()
{
using (var rfsSyncProcess = GetRfsSyncProcess("--update"))
{
ExecuteRFSSyncProcess(rfsSyncProcess);
}
}
private Process GetRfsSyncProcess(string args)
{
Process rfsSyncProcess = new Process();
rfsSyncProcess.StartInfo.FileName = "C:\\Program Files (x86)\\nCipher\\nfast\\bin\\rfs-sync.exe";
rfsSyncProcess.StartInfo.Arguments = args;
return rfsSyncProcess;
}
private void ExecuteRFSSyncProcess(Process rfsSyncProcess)
{
rfsSyncProcess.Start();
rfsSyncProcess.WaitForExit();
}
private ObjectHandle GetPrivateKey(string keyName, Session session)
{
ObjectHandle privateKey = null;
List<ObjectHandle> foundObjects = null;
List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
objectAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, keyName));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, true));
foundObjects = session.FindAllObjects(objectAttributes);
if (foundObjects != null && foundObjects.Count > 0)
{
privateKey = foundObjects[0];
}
return privateKey;
}
private ObjectHandle GetPublicKey(string keyName, Session session)
{
ObjectHandle publicKey = null;
List<ObjectHandle> foundObjects = null;
List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
objectAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, keyName));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false));
foundObjects = session.FindAllObjects(objectAttributes);
if (foundObjects != null && foundObjects.Count > 0)
{
publicKey = foundObjects[0];
}
return publicKey;
}
private List<ObjectAttribute> CreatePublicKeyTemplate(string keyName, byte[] ckaId)
{
List<ObjectAttribute> publicKeyAttributes = new List<ObjectAttribute>();
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, keyName));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ENCRYPT, true));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY, true));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY_RECOVER, true));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_WRAP, true));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_MODULUS_BITS, Convert.ToUInt64(m_keyStoreContext.KeySize)));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PUBLIC_EXPONENT, new byte[] { 0x01, 0x00, 0x01 }));
return publicKeyAttributes;
}
private List<ObjectAttribute> CreatePrivateKeyTemplate(string keyName, byte[] ckaId)
{
List<ObjectAttribute> privateKeyAttributes = new List<ObjectAttribute>();
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, true));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, keyName));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SENSITIVE, true));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_DECRYPT, true));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SIGN, true));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SIGN_RECOVER, true));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_UNWRAP, true));
return privateKeyAttributes;
}
private Slot GetSlot(string tokenLabel)
{
Slot matchingSlot = null;
List<Slot> slots = m_Pkcs11.GetSlotList(true);
matchingSlot = slots[0];
if (tokenLabel != null)
{
matchingSlot = null;
foreach (Slot slot in slots)
{
TokenInfo tokenInfo = null;
try
{
tokenInfo = slot.GetTokenInfo();
}
catch (Pkcs11Exception ex)
{
if (ex.RV != CKR.CKR_TOKEN_NOT_RECOGNIZED && ex.RV != CKR.CKR_TOKEN_NOT_PRESENT)
throw;
}
if (tokenInfo == null)
continue;
if (!string.IsNullOrEmpty(m_keyStoreContext.ModuleToken))
if (0 != string.Compare(m_keyStoreContext.ModuleToken, tokenInfo.Label, StringComparison.Ordinal))
continue;
matchingSlot = slot;
break;
}
if (matchingSlot == null)
throw new HSMException(string.Format(ErrorConstant.HSM_CONFIGURATION_ERROR_INCORRECT_SLOT, tokenLabel));
}
return matchingSlot;
}
private void InitializePkcs11Object()
{
if (m_Pkcs11 == null)
{
lock (_syncLockPkcs11)
{
m_Pkcs11 = new Pkcs11(m_keyStoreContext.PKCS11LibraryPath, true);
}
}
}
private void HandleHSMErrors(Pkcs11Exception ex)
{
if (ex.RV == CKR.CKR_PIN_INCORRECT)
{
throw new HSMException(ErrorConstant.HSM_CONFIGURATION_ERROR_PIN_INCORRECT, ex);
}
else
{
throw new HSMException(ErrorConstant.HSM_CONFIGURATION_ERROR_GENERIC, ex);
}
}
#endregion
}
Edit 2: J'ai vérifié et constaté que son fonctionnement sans même CKNFAST_ASSUME_SINGLE_PROCESS
à 0, donc peut tout ce qui est nécessaire est de disposer l'objet pkcs11 et ré-initialiser
J'ai marqué les appels de fonction et les noms de répertoires avec des marqueurs de code en ligne ('\' ') pour faciliter la lecture. S'il vous plaît [modifier] votre question et ajoutez votre code afin que nous puissions voir exactement ce que vous faites. – Chris