Ncryptokiエラー208/209（証明書のインポート）

Question

NCryptokiでAlladin eTokenに証明書をインポートする際に問題があります。

X509Certificate2 cert = new X509Certificate2(test.cer); 
byte[] id = Encoding.ASCII.GetBytes("MyKeyPairID"); 
CryptokiCollection template = new CryptokiCollection(); 
template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_CERTIFICATE)); 
template.Add(new ObjectAttribute(ObjectAttribute.CKA_CERTIFICATE_TYPE, Certificate.CKC_X_509)); 
template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true)); 
template.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, false)); 
template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "MyLabel")); 
template.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, id)); 
template.Add(new ObjectAttribute(ObjectAttribute.CKA_SUBJECT, cert.SubjectName.RawData)); 
template.Add(new ObjectAttribute(ObjectAttribute.CKA_ISSUER, cert.Issuer)); 
template.Add(new ObjectAttribute(ObjectAttribute.CKA_SERIAL_NUMBER, cert.GetRawCertData())); 
template.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE, cert.RawData)); 
CryptokiObject certificate = session.Objects.Create(template); 

エラー209（0xD1）CKR_TEMPLATE_INCONSISTENTが表示されます。私はこの行を削除した場合：

template.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE, cert.RawData)); 

を私はエラー208（0xD0）CKR_TEMPLATE_INCOMPLETEを取得します。

Answer 1

CKA_SUBJECT、CKA_ISSUER、CKA_SERIAL_NUMBER属性に間違った値が設定されているようです。 Pkcs11InteropとBouncyCastleライブラリとコードに続いて

は、通常、私のために働いている：

/// <summary> 
/// Imports certificate into the PKCS#11 compatible device 
/// </summary> 
/// <param name="session">Session with user logged in</param> 
/// <param name="certificate">Certificate that should be imported</param> 
/// <param name="ckaLabel">Value of CKA_LABEL attribute</param> 
/// <param name="ckaId">Value of CKA_ID attribute</param> 
/// <returns>Handle of created certificate object</returns> 
public static ObjectHandle ImportCertificate(Session session, byte[] certificate, string ckaLabel, byte[] ckaId) 
{ 
    // Parse certificate 
    X509CertificateParser x509CertificateParser = new X509CertificateParser(); 
    X509Certificate x509Certificate = x509CertificateParser.ReadCertificate(certificate); 

    // Define attributes of new certificate object 
    List<ObjectAttribute> certificateAttributes = new List<ObjectAttribute>(); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE)); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true)); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false)); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_MODIFIABLE, true)); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, ckaLabel)); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_CERTIFICATE_TYPE, CKC.CKC_X_509)); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_TRUSTED, false)); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_SUBJECT, x509Certificate.SubjectDN.GetDerEncoded())); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId)); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_ISSUER, x509Certificate.IssuerDN.GetDerEncoded())); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_SERIAL_NUMBER, new DerInteger(x509Certificate.SerialNumber).GetDerEncoded())); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_VALUE, x509Certificate.GetEncoded())); 

    // Create certificate object 
    return session.CreateObject(certificateAttributes); 
}