[pkg-opensc-commit] [pkcs11-helper] 20/253: locate interface removed
Eric Dorland
eric at moszumanska.debian.org
Fri Jan 6 23:39:00 UTC 2017
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository pkcs11-helper.
commit 1dcc9b433d0b43064d459d257bc3dd77881971ba
Author: Alon Bar-Lev <alon.barlev at gmail.com>
Date: Wed Nov 29 18:43:06 2006 +0000
locate interface removed
---
README | 7 +-
config-w32-vc.h.in | 3 -
configure.ac | 11 -
include/pkcs11-helper-1.0/Makefile.am | 5 -
include/pkcs11-helper-1.0/pkcs11h-core.h | 14 +-
include/pkcs11-helper-1.0/pkcs11h-locate.h | 127 ---
lib/Makefile.am | 7 -
lib/Makefile.w32-vc | 3 -
lib/locate.exports | 2 -
lib/pkcs11h-core.c | 3 -
lib/pkcs11h-locate.c | 1162 ----------------------------
11 files changed, 8 insertions(+), 1336 deletions(-)
diff --git a/README b/README
index c732b08..fe1de52 100644
--- a/README
+++ b/README
@@ -11,10 +11,9 @@ ABOUT
FEATURES
pkcs11-helper allows using multiple PKCS#11 providers at the same time, enumerating
- available token certificates, or selecting a certificate directly by id, label or
- subject, handling card removal and card insert events, handling card re-insert
- to a different slot, supporting session expiration, serialization and much more
- all using a simple API.
+ available token certificates, or selecting a certificate directly by serialized id,
+ handling card removal and card insert events, handling card re-insert to a different
+ slot, supporting session expiration and much more all using a simple API.
pkcs11-helper is not designed to manage card content, since object attributes
are usually vendor specific, and 99% of application need to access
diff --git a/config-w32-vc.h.in b/config-w32-vc.h.in
index bc93e16..f448777 100644
--- a/config-w32-vc.h.in
+++ b/config-w32-vc.h.in
@@ -19,9 +19,6 @@
/* Use win32 crypto engine */
#define ENABLE_PKCS11H_ENGINE_WIN32 1
-/* Enable locate interface */
-#define ENABLE_PKCS11H_LOCATE 1
-
/* Enable openssl interface */
/* #undef ENABLE_PKCS11H_OPENSSL */
diff --git a/configure.ac b/configure.ac
index 4a54e97..3d38872 100644
--- a/configure.ac
+++ b/configure.ac
@@ -129,12 +129,6 @@ AC_ARG_ENABLE(certificate,
[ENABLE_PKCS11H_CERTIFICATE="yes"]
)
-AC_ARG_ENABLE(locate,
- [ --disable-locate Disable locate support],
- [ENABLE_PKCS11H_LOCATE="${enableval}"],
- [ENABLE_PKCS11H_LOCATE="yes"]
-)
-
AC_ARG_ENABLE(slotevent,
[ --disable-slotevent Disable slotevent support],
[ENABLE_PKCS11H_SLOTEVENT="${enableval}"],
@@ -341,10 +335,6 @@ if test "${ENABLE_PKCS11H_CERTIFICATE}" = "yes"; then
AC_DEFINE([ENABLE_PKCS11H_CERTIFICATE], 1, [Enable certificate interface])
PKCS11H_FEATURES="${PKCS11H_FEATURES} certificate"
fi
-if test "${ENABLE_PKCS11H_LOCATE}" = "yes"; then
- AC_DEFINE([ENABLE_PKCS11H_LOCATE], 1, [Enable locate interface])
- PKCS11H_FEATURES="${PKCS11H_FEATURES} locate"
-fi
if test "${ENABLE_PKCS11H_SLOTEVENT}" = "yes"; then
AC_DEFINE([ENABLE_PKCS11H_SLOTEVENT], 1, [Enable slotevent interface])
PKCS11H_FEATURES="${PKCS11H_FEATURES} slotevent"
@@ -371,7 +361,6 @@ AM_CONDITIONAL(CYGWIN, test "${CYGWIN}" = "yes")
AM_CONDITIONAL(ENABLE_PKCS11H_TOKEN, test "${ENABLE_PKCS11H_TOKEN}" = "yes")
AM_CONDITIONAL(ENABLE_PKCS11H_DATA, test "${ENABLE_PKCS11H_DATA}" = "yes")
AM_CONDITIONAL(ENABLE_PKCS11H_CERTIFICATE, test "${ENABLE_PKCS11H_CERTIFICATE}" = "yes")
-AM_CONDITIONAL(ENABLE_PKCS11H_LOCATE, test "${ENABLE_PKCS11H_LOCATE}" = "yes")
AM_CONDITIONAL(ENABLE_PKCS11H_SLOTEVENT, test "${ENABLE_PKCS11H_SLOTEVENT}" = "yes")
AM_CONDITIONAL(ENABLE_PKCS11H_OPENSSL, test "${ENABLE_PKCS11H_OPENSSL}" = "yes")
AC_CONFIG_FILES([
diff --git a/include/pkcs11-helper-1.0/Makefile.am b/include/pkcs11-helper-1.0/Makefile.am
index 6383645..903606e 100644
--- a/include/pkcs11-helper-1.0/Makefile.am
+++ b/include/pkcs11-helper-1.0/Makefile.am
@@ -71,11 +71,6 @@ myinc_HEADERS+=pkcs11h-data.h
else
noinst_HEADERS+=pkcs11h-data.h
endif
-if ENABLE_PKCS11H_LOCATE
-myinc_HEADERS+=pkcs11h-locate.h
-else
-noinst_HEADERS+=pkcs11h-locate.h
-endif
if ENABLE_PKCS11H_OPENSSL
myinc_HEADERS+=pkcs11h-openssl.h
else
diff --git a/include/pkcs11-helper-1.0/pkcs11h-core.h b/include/pkcs11-helper-1.0/pkcs11h-core.h
index 5081fdc..c98eb9e 100644
--- a/include/pkcs11-helper-1.0/pkcs11h-core.h
+++ b/include/pkcs11-helper-1.0/pkcs11h-core.h
@@ -62,10 +62,9 @@
* providers for end-user applications.
* @par Features
* pkcs11-helper allows using multiple PKCS#11 providers at the same time, enumerating
- * available token certificates, or selecting a certificate directly by id, label or
- * subject, handling card removal and card insert events, handling card re-insert
- * to a different slot, supporting session expiration, serialization and much more
- * all using a simple API.
+ * available token certificates, or selecting a certificate directly by serialized id,
+ * handling card removal and card insert events, handling card re-insert to a different
+ * slot, supporting session expiration and much more all using a simple API.
* @par
* pkcs11-helper is not designed to manage card content, since object attributes
* are usually vendor specific, and 99% of application need to access
@@ -84,7 +83,6 @@
* - @ref pkcs11h-token.h "Token" - Handle tokens.
* - @ref pkcs11h-certificate.h "Certificate" - Handle certificate objects.
* - @ref pkcs11h-data.h "Data" - Handle data objects.
- * - @ref pkcs11h-locate.h "Locate" - Simplified object locate interface.
* - @ref pkcs11h-openssl.h "OpenSSL" - OpenSSL engine support.
* @page License
* @par pkcs11-helper License
@@ -133,12 +131,10 @@ extern "C" {
#define PKCS11H_FEATURE_MASK_DATA (1<< 5)
/** Certificate interface is enabled, */
#define PKCS11H_FEATURE_MASK_CERTIFICATE (1<< 6)
-/** Locate interface is enabled. */
-#define PKCS11H_FEATURE_MASK_LOCATE (1<< 7)
/** Slotevent interface is enabled. */
-#define PKCS11H_FEATURE_MASK_SLOTEVENT (1<< 8)
+#define PKCS11H_FEATURE_MASK_SLOTEVENT (1<< 7)
/** OpenSSL interface is enabled. */
-#define PKCS11H_FEATURE_MASK_OPENSSL (1<< 9)
+#define PKCS11H_FEATURE_MASK_OPENSSL (1<< 8)
/** @} */
/**
diff --git a/include/pkcs11-helper-1.0/pkcs11h-locate.h b/include/pkcs11-helper-1.0/pkcs11h-locate.h
deleted file mode 100644
index 42fcbc5..0000000
--- a/include/pkcs11-helper-1.0/pkcs11h-locate.h
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Copyright (c) 2005-2006 Alon Bar-Lev <alon.barlev at gmail.com>
- * All rights reserved.
- *
- * This software is available to you under a choice of one of two
- * licenses. You may choose to be licensed under the terms of the GNU
- * General Public License (GPL) Version 2, or the BSD license.
- *
- * GNU General Public License (GPL) Version 2
- * ===========================================
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program (see the file COPYING.GPL included with this
- * distribution); if not, write to the Free Software Foundation, Inc.,
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * BSD License
- * ============
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * o Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * o Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * o Neither the name of the <ORGANIZATION> nor the names of its
- * contributors may be used to endorse or promote products derived from
- * this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * @file pkcs11h-locate.h
- * @brief pkcs11-helper locate interface.
- * @author Alon Bar-Lev <alon.barlev at gmail.com>
- */
-
-#ifndef __PKCS11H_LOCATE_H
-#define __PKCS11H_LOCATE_H
-
-#include <pkcs11-helper-1.0/pkcs11h-core.h>
-#include <pkcs11-helper-1.0/pkcs11h-certificate.h>
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-/**
- * @brief Locate token based on atributes.
- * @param slot_type How to locate slot.
- * @param slot Slot name.
- * @param user_data Optional user data, to be passed to hooks.
- * @param mask_prompt Allow prompt @ref PKCS11H_PROMPT_MASK.
- * @param p_token_id Token object.
- * @note Caller must free result.
- * @see pkcs11h_token_freeTokenId().
- * @remarks
- * Slot:
- * - id - Slot number.
- * - name - Slot name.
- * - label - Available token label.
- */
-CK_RV
-pkcs11h_locate_token (
- IN const char * const slot_type,
- IN const char * const slot,
- IN void * const user_data,
- IN const unsigned mask_prompt,
- OUT pkcs11h_token_id_t * const p_token_id
-);
-
-/**
- * @brief Locate certificate based on atributes.
- * @param slot_type How to locate slot.
- * @param slot Slot name.
- * @param id_type How to locate object.
- * @param id Object name.
- * @param user_data Optional user data, to be passed to hooks.
- * @param mask_prompt Allow prompt @ref PKCS11H_PROMPT_MASK.
- * @param p_certificate_id Certificate object.
- * @note Caller must free result.
- * @see pkcs11h_certificate_freeCertificateId().
- * @remarks
- * Slot:
- * Same as in @ref pkcs11h_locate_token().
- * @remarks
- * Object:
- * - id - Certificate CKA_ID (hex string) (Fastest).
- * - label - Certificate CKA_LABEL (string).
- * - subject - Certificate subject (OpenSSL or GNUTLS DN).
- */
-CK_RV
-pkcs11h_locate_certificate (
- IN const char * const slot_type,
- IN const char * const slot,
- IN const char * const id_type,
- IN const char * const id,
- IN void * const user_data,
- IN const unsigned mask_prompt,
- OUT pkcs11h_certificate_id_t * const p_certificate_id
-);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __PKCS11H_LOCATE_H */
diff --git a/lib/Makefile.am b/lib/Makefile.am
index e14e03d..adcb8f0 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -62,7 +62,6 @@ EXTRA_DIST= \
certificate.exports \
core.exports \
data.exports \
- locate.exports \
openssl.exports \
slotevent.exports \
token.exports
@@ -78,7 +77,6 @@ nodist_libpkcs11_helper_la_SOURCES= \
../pkcs11-helper-1.0/pkcs11h-token.h \
../pkcs11-helper-1.0/pkcs11h-certificate.h \
../pkcs11-helper-1.0/pkcs11h-data.h \
- ../pkcs11-helper-1.0/pkcs11h-locate.h \
../pkcs11-helper-1.0/pkcs11h-openssl.h \
$(PKCS11_INCLUDES) \
pkcs11-helper.exports
@@ -94,7 +92,6 @@ libpkcs11_helper_la_SOURCES= \
_pkcs11h-certificate.h pkcs11h-certificate.c \
_pkcs11h-slotevent.h pkcs11h-slotevent.c \
_pkcs11h-core.h pkcs11h-core.c \
- pkcs11h-locate.c \
pkcs11h-data.c \
pkcs11h-serialization.c \
pkcs11h-openssl.c
@@ -109,7 +106,6 @@ pkcs11-helper.exports: \
certificate.exports \
core.exports \
data.exports \
- locate.exports \
openssl.exports \
slotevent.exports \
token.exports
@@ -120,9 +116,6 @@ endif
if ENABLE_PKCS11H_DATA
cat data.exports >> pkcs11-helper.exports
endif
-if ENABLE_PKCS11H_LOCATE
- cat locate.exports >> pkcs11-helper.exports
-endif
if ENABLE_PKCS11H_OPENSSL
cat openssl.exports >> pkcs11-helper.exports
endif
diff --git a/lib/Makefile.w32-vc b/lib/Makefile.w32-vc
index e8a36ad..c6fa0f3 100644
--- a/lib/Makefile.w32-vc
+++ b/lib/Makefile.w32-vc
@@ -109,7 +109,6 @@ HEADERS = \
../include/pkcs11-helper-1.0/pkcs11h-data.h \
../include/pkcs11-helper-1.0/pkcs11h-def.h \
../include/pkcs11-helper-1.0/pkcs11h-engines.h \
- ../include/pkcs11-helper-1.0/pkcs11h-locate.h \
../include/pkcs11-helper-1.0/pkcs11h-openssl.h \
../include/pkcs11-helper-1.0/pkcs11h-token.h
@@ -118,7 +117,6 @@ OBJS = \
pkcs11h-certificate.obj \
pkcs11h-crypto.obj \
pkcs11h-data.obj \
- pkcs11h-locate.obj \
pkcs11h-mem.obj \
pkcs11h-openssl.obj \
pkcs11h-serialization.obj \
@@ -137,7 +135,6 @@ pkcs11-helper-1.dll.def:
type core.exports >> pkcs11-helper-1.dll.def
type certificate.exports >> pkcs11-helper-1.dll.def
type data.exports >> pkcs11-helper-1.dll.def
- type locate.exports >> pkcs11-helper-1.dll.def
type slotevent.exports >> pkcs11-helper-1.dll.def
type token.exports >> pkcs11-helper-1.dll.def
!ifdef OPENSSL
diff --git a/lib/locate.exports b/lib/locate.exports
deleted file mode 100644
index 027174b..0000000
--- a/lib/locate.exports
+++ /dev/null
@@ -1,2 +0,0 @@
-pkcs11h_locate_certificate
-pkcs11h_locate_token
diff --git a/lib/pkcs11h-core.c b/lib/pkcs11h-core.c
index ee4018f..3d683a5 100644
--- a/lib/pkcs11h-core.c
+++ b/lib/pkcs11h-core.c
@@ -254,9 +254,6 @@ pkcs11h_getFeatures (void) {
#if defined(ENABLE_PKCS11H_CERTIFICATE)
PKCS11H_FEATURE_MASK_CERTIFICATE |
#endif
-#if defined(ENABLE_PKCS11H_LOCATE)
- PKCS11H_FEATURE_MASK_LOCATE |
-#endif
#if defined(ENABLE_PKCS11H_SLOTEVENT)
PKCS11H_FEATURE_MASK_SLOTEVENT |
#endif
diff --git a/lib/pkcs11h-locate.c b/lib/pkcs11h-locate.c
deleted file mode 100644
index 94afa90..0000000
--- a/lib/pkcs11h-locate.c
+++ /dev/null
@@ -1,1162 +0,0 @@
-/*
- * Copyright (c) 2005-2006 Alon Bar-Lev <alon.barlev at gmail.com>
- * All rights reserved.
- *
- * This software is available to you under a choice of one of two
- * licenses. You may choose to be licensed under the terms of the GNU
- * General Public License (GPL) Version 2, or the BSD license.
- *
- * GNU General Public License (GPL) Version 2
- * ===========================================
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program (see the file COPYING.GPL included with this
- * distribution); if not, write to the Free Software Foundation, Inc.,
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * BSD License
- * ============
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * o Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * o Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * o Neither the name of the <ORGANIZATION> nor the names of its
- * contributors may be used to endorse or promote products derived from
- * this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "common.h"
-
-#if defined(ENABLE_PKCS11H_LOCATE)
-
-#include <pkcs11-helper-1.0/pkcs11h-token.h>
-#include <pkcs11-helper-1.0/pkcs11h-locate.h>
-#include "_pkcs11h-mem.h"
-#include "_pkcs11h-crypto.h"
-#include "_pkcs11h-util.h"
-#include "_pkcs11h-session.h"
-#include "_pkcs11h-token.h"
-#include "_pkcs11h-certificate.h"
-
-static
-CK_RV
-_pkcs11h_locate_getTokenIdBySlotId (
- IN const char * const slot,
- OUT pkcs11h_token_id_t * const p_token_id
-);
-
-static
-CK_RV
-_pkcs11h_locate_getTokenIdBySlotName (
- IN const char * const name,
- OUT pkcs11h_token_id_t * const p_token_id
-);
-
-static
-CK_RV
-_pkcs11h_locate_getTokenIdByLabel (
- IN const char * const label,
- OUT pkcs11h_token_id_t * const p_token_id
-);
-
-#if defined(ENABLE_PKCS11H_CERTIFICATE)
-
-static
-CK_RV
-_pkcs11h_locate_getCertificateIdByLabel (
- IN const pkcs11h_session_t session,
- IN OUT const pkcs11h_certificate_id_t certificate_id,
- IN const char * const label
-);
-static
-CK_RV
-_pkcs11h_locate_getCertificateIdBySubject (
- IN const pkcs11h_session_t session,
- IN OUT const pkcs11h_certificate_id_t certificate_id,
- IN const char * const subject
-);
-
-#endif /* ENABLE_PKCS11H_CERTIFICATE */
-#if defined(ENABLE_PKCS11H_TOKEN) || defined(ENABLE_PKCS11H_CERTIFICATE)
-
-static
-CK_RV
-_pkcs11h_locate_getTokenIdBySlotId (
- IN const char * const slot,
- OUT pkcs11h_token_id_t * const p_token_id
-) {
- pkcs11h_provider_t current_provider = NULL;
- char reference[sizeof (((pkcs11h_provider_t)NULL)->reference)];
-
- CK_SLOT_ID selected_slot = PKCS11H_INVALID_SLOT_ID;
- CK_TOKEN_INFO info;
- CK_RV rv = CKR_OK;
-
- PKCS11H_ASSERT (slot!=NULL);
- PKCS11H_ASSERT (p_token_id!=NULL);
-
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: _pkcs11h_locate_getTokenIdBySlotId entry slot='%s', p_token_id=%p",
- slot,
- (void *)p_token_id
- );
-
- *p_token_id = NULL;
-
- if (rv == CKR_OK) {
- if (strchr (slot, ':') == NULL) {
- reference[0] = '\0';
- selected_slot = atol (slot);
- }
- else {
- char *p;
-
- strncpy (reference, slot, sizeof (reference));
- reference[sizeof (reference)-1] = '\0';
-
- p = strchr (reference, ':');
-
- *p = '\0';
- p++;
- selected_slot = atol (p);
- }
- }
-
- if (rv == CKR_OK) {
- current_provider=g_pkcs11h_data->providers;
- while (
- current_provider != NULL &&
- reference[0] != '\0' && /* So first provider will be selected */
- strcmp (current_provider->reference, reference)
- ) {
- current_provider = current_provider->next;
- }
-
- if (
- current_provider == NULL ||
- (
- current_provider != NULL &&
- !current_provider->enabled
- )
- ) {
- rv = CKR_SLOT_ID_INVALID;
- }
- }
-
- if (
- rv == CKR_OK &&
- (rv = current_provider->f->C_GetTokenInfo (selected_slot, &info)) == CKR_OK
- ) {
- rv = _pkcs11h_token_getTokenId (
- &info,
- p_token_id
- );
- }
-
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: _pkcs11h_locate_getTokenIdBySlotId return rv=%ld-'%s', *p_token_id=%p",
- rv,
- pkcs11h_getMessage (rv),
- (void *)*p_token_id
- );
-
- return rv;
-}
-
-static
-CK_RV
-_pkcs11h_locate_getTokenIdBySlotName (
- IN const char * const name,
- OUT pkcs11h_token_id_t * const p_token_id
-) {
- pkcs11h_provider_t current_provider = NULL;
-
- CK_SLOT_ID selected_slot = PKCS11H_INVALID_SLOT_ID;
- CK_TOKEN_INFO info;
- CK_RV rv = CKR_OK;
-
- PKCS11H_BOOL found = FALSE;
-
- PKCS11H_ASSERT (name!=NULL);
- PKCS11H_ASSERT (p_token_id!=NULL);
-
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: _pkcs11h_locate_getTokenIdBySlotName entry name='%s', p_token_id=%p",
- name,
- (void *)p_token_id
- );
-
- *p_token_id = NULL;
-
- current_provider = g_pkcs11h_data->providers;
- while (
- current_provider != NULL &&
- rv == CKR_OK &&
- !found
- ) {
- CK_SLOT_ID_PTR slots = NULL;
- CK_ULONG slotnum;
- CK_SLOT_ID slot_index;
-
- if (!current_provider->enabled) {
- rv = CKR_CRYPTOKI_NOT_INITIALIZED;
- }
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_getSlotList (
- current_provider,
- CK_TRUE,
- &slots,
- &slotnum
- );
- }
-
- for (
- slot_index=0;
- (
- slot_index < slotnum &&
- rv == CKR_OK &&
- !found
- );
- slot_index++
- ) {
- CK_SLOT_INFO info;
-
- if (
- (rv = current_provider->f->C_GetSlotInfo (
- slots[slot_index],
- &info
- )) == CKR_OK
- ) {
- char current_name[sizeof (info.slotDescription)+1];
-
- _pkcs11h_util_fixupFixedString (
- current_name,
- (char *)info.slotDescription,
- sizeof (info.slotDescription)
- );
-
- if (!strcmp (current_name, name)) {
- found = TRUE;
- selected_slot = slots[slot_index];
- }
- }
-
- if (rv != CKR_OK) {
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
- "PKCS#11: Cannot get slot information for provider '%s' slot %ld rv=%ld-'%s'",
- current_provider->manufacturerID,
- slots[slot_index],
- rv,
- pkcs11h_getMessage (rv)
- );
-
- /*
- * Ignore error
- */
- rv = CKR_OK;
- }
- }
-
- if (rv != CKR_OK) {
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
- "PKCS#11: Cannot get slot list for provider '%s' rv=%ld-'%s'",
- current_provider->manufacturerID,
- rv,
- pkcs11h_getMessage (rv)
- );
-
- /*
- * Ignore error
- */
- rv = CKR_OK;
- }
-
- if (slots != NULL) {
- _pkcs11h_mem_free ((void *)&slots);
- slots = NULL;
- }
-
- if (!found) {
- current_provider = current_provider->next;
- }
- }
-
- if (rv == CKR_OK && !found) {
- rv = CKR_SLOT_ID_INVALID;
- }
-
- if (
- rv == CKR_OK &&
- (rv = current_provider->f->C_GetTokenInfo (selected_slot, &info)) == CKR_OK
- ) {
- rv = _pkcs11h_token_getTokenId (
- &info,
- p_token_id
- );
- }
-
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: _pkcs11h_locate_getTokenIdBySlotName return rv=%ld-'%s' *p_token_id=%p",
- rv,
- pkcs11h_getMessage (rv),
- (void *)*p_token_id
- );
-
- return rv;
-}
-
-static
-CK_RV
-_pkcs11h_locate_getTokenIdByLabel (
- IN const char * const label,
- OUT pkcs11h_token_id_t * const p_token_id
-) {
- pkcs11h_provider_t current_provider = NULL;
-
- CK_SLOT_ID selected_slot = PKCS11H_INVALID_SLOT_ID;
- CK_TOKEN_INFO info;
- CK_RV rv = CKR_OK;
-
- PKCS11H_BOOL found = FALSE;
-
- PKCS11H_ASSERT (label!=NULL);
- PKCS11H_ASSERT (p_token_id!=NULL);
-
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: _pkcs11h_locate_getTokenIdByLabel entry label='%s', p_token_id=%p",
- label,
- (void *)p_token_id
- );
-
- *p_token_id = NULL;
-
- current_provider = g_pkcs11h_data->providers;
- while (
- current_provider != NULL &&
- rv == CKR_OK &&
- !found
- ) {
- CK_SLOT_ID_PTR slots = NULL;
- CK_ULONG slotnum;
- CK_SLOT_ID slot_index;
-
- if (!current_provider->enabled) {
- rv = CKR_CRYPTOKI_NOT_INITIALIZED;
- }
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_getSlotList (
- current_provider,
- CK_TRUE,
- &slots,
- &slotnum
- );
- }
-
- for (
- slot_index=0;
- (
- slot_index < slotnum &&
- rv == CKR_OK &&
- !found
- );
- slot_index++
- ) {
- CK_TOKEN_INFO info;
-
- if (rv == CKR_OK) {
- rv = current_provider->f->C_GetTokenInfo (
- slots[slot_index],
- &info
- );
- }
-
- if (rv == CKR_OK) {
- char current_label[sizeof (info.label)+1];
-
- _pkcs11h_util_fixupFixedString (
- current_label,
- (char *)info.label,
- sizeof (info.label)
- );
-
- if (!strcmp (current_label, label)) {
- found = TRUE;
- selected_slot = slots[slot_index];
- }
- }
-
- if (rv != CKR_OK) {
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
- "PKCS#11: Cannot get token information for provider '%s' slot %ld rv=%ld-'%s'",
- current_provider->manufacturerID,
- slots[slot_index],
- rv,
- pkcs11h_getMessage (rv)
- );
-
- /*
- * Ignore error
- */
- rv = CKR_OK;
- }
- }
-
- if (rv != CKR_OK) {
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
- "PKCS#11: Cannot get slot list for provider '%s' rv=%ld-'%s'",
- current_provider->manufacturerID,
- rv,
- pkcs11h_getMessage (rv)
- );
-
- /*
- * Ignore error
- */
- rv = CKR_OK;
- }
-
- if (slots != NULL) {
- _pkcs11h_mem_free ((void *)&slots);
- slots = NULL;
- }
-
- if (!found) {
- current_provider = current_provider->next;
- }
- }
-
- if (rv == CKR_OK && !found) {
- rv = CKR_SLOT_ID_INVALID;
- }
-
- if (
- rv == CKR_OK &&
- (rv = current_provider->f->C_GetTokenInfo (selected_slot, &info)) == CKR_OK
- ) {
- rv = _pkcs11h_token_getTokenId (
- &info,
- p_token_id
- );
- }
-
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: _pkcs11h_locate_getTokenIdByLabel return rv=%ld-'%s', *p_token_id=%p",
- rv,
- pkcs11h_getMessage (rv),
- (void *)*p_token_id
- );
-
- return rv;
-}
-
-CK_RV
-pkcs11h_locate_token (
- IN const char * const slot_type,
- IN const char * const slot,
- IN void * const user_data,
- IN const unsigned mask_prompt,
- OUT pkcs11h_token_id_t * const p_token_id
-) {
-#if defined(ENABLE_PKCS11H_THREADING)
- PKCS11H_BOOL mutex_locked = FALSE;
-#endif
-
- pkcs11h_token_id_t dummy_token_id = NULL;
- pkcs11h_token_id_t token_id = NULL;
- PKCS11H_BOOL found = FALSE;
-
- CK_RV rv = CKR_OK;
-
- unsigned nRetry = 0;
-
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (slot_type!=NULL);
- PKCS11H_ASSERT (slot!=NULL);
- /*PKCS11H_ASSERT (user_data) NOT NEEDED */
- PKCS11H_ASSERT (p_token_id!=NULL);
-
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: pkcs11h_locate_token entry slot_type='%s', slot='%s', user_data=%p, p_token_id=%p",
- slot_type,
- slot,
- user_data,
- (void *)p_token_id
- );
-
- *p_token_id = NULL;
-
-#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&g_pkcs11h_data->mutexes.global)) == CKR_OK
- ) {
- mutex_locked = TRUE;
- }
-#endif
-
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_token_newTokenId (&dummy_token_id)) == CKR_OK
- ) {
- /*
- * Temperary slot id
- */
- strcpy (dummy_token_id->display, "SLOT(");
- strncat (dummy_token_id->display, slot_type, sizeof (dummy_token_id->display)-1-strlen (dummy_token_id->display));
- strncat (dummy_token_id->display, "=", sizeof (dummy_token_id->display)-1-strlen (dummy_token_id->display));
- strncat (dummy_token_id->display, slot, sizeof (dummy_token_id->display)-1-strlen (dummy_token_id->display));
- strncat (dummy_token_id->display, ")", sizeof (dummy_token_id->display)-1-strlen (dummy_token_id->display));
- dummy_token_id->display[sizeof (dummy_token_id->display)-1] = 0;
- }
-
- while (rv == CKR_OK && !found) {
- if (!strcmp (slot_type, "id")) {
- rv = _pkcs11h_locate_getTokenIdBySlotId (
- slot,
- &token_id
- );
- }
- else if (!strcmp (slot_type, "name")) {
- rv = _pkcs11h_locate_getTokenIdBySlotName (
- slot,
- &token_id
- );
- }
- else if (!strcmp (slot_type, "label")) {
- rv = _pkcs11h_locate_getTokenIdByLabel (
- slot,
- &token_id
- );
- }
- else {
- rv = CKR_ARGUMENTS_BAD;
- }
-
- if (rv == CKR_OK) {
- found = TRUE;
- }
-
- /*
- * Ignore error, since we have what we
- * want in found.
- */
- if (rv != CKR_OK && rv != CKR_ARGUMENTS_BAD) {
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
- "PKCS#11: pkcs11h_locate_token failed rv=%ld-'%s'",
- rv,
- pkcs11h_getMessage (rv)
- );
-
- rv = CKR_OK;
- }
-
- if (rv == CKR_OK && !found && (mask_prompt & PKCS11H_PROMPT_MASK_ALLOW_TOKEN_PROMPT) == 0) {
- rv = CKR_TOKEN_NOT_PRESENT;
- }
-
- if (rv == CKR_OK && !found) {
-
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
- "PKCS#11: Calling token_prompt hook for '%s'",
- dummy_token_id->display
- );
-
- if (
- !g_pkcs11h_data->hooks.token_prompt (
- g_pkcs11h_data->hooks.token_prompt_data,
- user_data,
- dummy_token_id,
- nRetry++
- )
- ) {
- rv = CKR_CANCEL;
- }
-
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
- "PKCS#11: token_prompt returned %ld",
- rv
- );
- }
- }
-
- if (rv == CKR_OK && !found) {
- rv = CKR_SLOT_ID_INVALID;
- }
-
- if (rv == CKR_OK) {
- *p_token_id = token_id;
- token_id = NULL;
- }
-
- if (dummy_token_id != NULL) {
- pkcs11h_token_freeTokenId (dummy_token_id);
- dummy_token_id = NULL;
- }
-
-#if defined(ENABLE_PKCS11H_THREADING)
- if (mutex_locked) {
- _pkcs11h_threading_mutexRelease (&g_pkcs11h_data->mutexes.global);
- mutex_locked = FALSE;
- }
-#endif
-
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: pkcs11h_locate_token return rv=%ld-'%s', *p_token_id=%p",
- rv,
- pkcs11h_getMessage (rv),
- (void *)*p_token_id
- );
-
- return rv;
-}
-
-#endif /* ENABLE_PKCS11H_TOKEN || ENABLE_PKCS11H_CERTIFICATE */
-
-#if defined(ENABLE_PKCS11H_CERTIFICATE)
-
-static
-CK_RV
-_pkcs11h_locate_getCertificateIdByLabel (
- IN const pkcs11h_session_t session,
- IN OUT const pkcs11h_certificate_id_t certificate_id,
- IN const char * const label
-) {
-#if defined(ENABLE_PKCS11H_THREADING)
- PKCS11H_BOOL mutex_locked = FALSE;
-#endif
- CK_OBJECT_CLASS cert_filter_class = CKO_CERTIFICATE;
- CK_ATTRIBUTE cert_filter[] = {
- {CKA_CLASS, &cert_filter_class, sizeof (cert_filter_class)},
- {CKA_LABEL, (CK_BYTE_PTR)label, strlen (label)}
- };
-
- CK_OBJECT_HANDLE *objects = NULL;
- CK_ULONG objects_found = 0;
- CK_RV rv = CKR_OK;
-
- CK_ULONG i;
-
- PKCS11H_ASSERT (session!=NULL);
- PKCS11H_ASSERT (certificate_id!=NULL);
- PKCS11H_ASSERT (label!=NULL);
-
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: _pkcs11h_locate_getCertificateIdByLabel entry session=%p, certificate_id=%p, label='%s'",
- (void *)session,
- (void *)certificate_id,
- label
- );
-
-#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&session->mutex)) == CKR_OK
- ) {
- mutex_locked = TRUE;
- }
-#endif
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_validate (session);
- }
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_findObjects (
- session,
- cert_filter,
- sizeof (cert_filter) / sizeof (CK_ATTRIBUTE),
- &objects,
- &objects_found
- );
- }
-
- for (i=0;rv == CKR_OK && i < objects_found;i++) {
- CK_ATTRIBUTE attrs[] = {
- {CKA_ID, NULL, 0},
- {CKA_VALUE, NULL, 0}
- };
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_getObjectAttributes (
- session,
- objects[i],
- attrs,
- sizeof (attrs) / sizeof (CK_ATTRIBUTE)
- );
- }
-
- if (
- rv == CKR_OK &&
- _pkcs11h_certificate_isBetterCertificate (
- certificate_id->certificate_blob,
- certificate_id->certificate_blob_size,
- attrs[1].pValue,
- attrs[1].ulValueLen
- )
- ) {
- if (certificate_id->attrCKA_ID != NULL) {
- _pkcs11h_mem_free ((void *)&certificate_id->attrCKA_ID);
- }
- if (certificate_id->certificate_blob != NULL) {
- _pkcs11h_mem_free ((void *)&certificate_id->certificate_blob);
- }
- rv = _pkcs11h_mem_duplicate (
- (void *)&certificate_id->attrCKA_ID,
- &certificate_id->attrCKA_ID_size,
- attrs[0].pValue,
- attrs[0].ulValueLen
- );
- rv = _pkcs11h_mem_duplicate (
- (void *)&certificate_id->certificate_blob,
- &certificate_id->certificate_blob_size,
- attrs[1].pValue,
- attrs[1].ulValueLen
- );
- }
-
- if (rv != CKR_OK) {
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
- "PKCS#11: Cannot get object attribute for provider '%s' object %ld rv=%ld-'%s'",
- session->provider->manufacturerID,
- objects[i],
- rv,
- pkcs11h_getMessage (rv)
- );
-
- /*
- * Ignore error
- */
- rv = CKR_OK;
- }
-
- _pkcs11h_session_freeObjectAttributes (
- attrs,
- sizeof (attrs) / sizeof (CK_ATTRIBUTE)
- );
- }
-
- if (
- rv == CKR_OK &&
- certificate_id->certificate_blob == NULL
- ) {
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
- }
-
- if (objects != NULL) {
- _pkcs11h_mem_free ((void *)&objects);
- }
-
-#if defined(ENABLE_PKCS11H_THREADING)
- if (mutex_locked) {
- _pkcs11h_threading_mutexRelease (&session->mutex);
- mutex_locked = FALSE;
- }
-#endif
-
- /*
- * No need to free allocated objects
- * on error, since the certificate_id
- * should be free by caller.
- */
-
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: _pkcs11h_locate_getCertificateIdByLabel return rv=%ld-'%s'",
- rv,
- pkcs11h_getMessage (rv)
- );
-
- return rv;
-}
-
-static
-CK_RV
-_pkcs11h_locate_getCertificateIdBySubject (
- IN const pkcs11h_session_t session,
- IN OUT const pkcs11h_certificate_id_t certificate_id,
- IN const char * const subject
-) {
-#if defined(ENABLE_PKCS11H_THREADING)
- PKCS11H_BOOL mutex_locked = FALSE;
-#endif
- CK_OBJECT_CLASS cert_filter_class = CKO_CERTIFICATE;
- CK_ATTRIBUTE cert_filter[] = {
- {CKA_CLASS, &cert_filter_class, sizeof (cert_filter_class)}
- };
-
- CK_OBJECT_HANDLE *objects = NULL;
- CK_ULONG objects_found = 0;
- CK_RV rv = CKR_OK;
-
- CK_ULONG i;
-
- PKCS11H_ASSERT (session!=NULL);
- PKCS11H_ASSERT (certificate_id!=NULL);
- PKCS11H_ASSERT (subject!=NULL);
-
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: _pkcs11h_locate_getCertificateIdBySubject entry session=%p, certificate_id=%p, subject='%s'",
- (void *)session,
- (void *)certificate_id,
- subject
- );
-
-#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&session->mutex)) == CKR_OK
- ) {
- mutex_locked = TRUE;
- }
-#endif
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_validate (session);
- }
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_findObjects (
- session,
- cert_filter,
- sizeof (cert_filter) / sizeof (CK_ATTRIBUTE),
- &objects,
- &objects_found
- );
- }
-
-#if defined(ENABLE_PKCS11H_THREADING)
- if (mutex_locked) {
- _pkcs11h_threading_mutexRelease (&session->mutex);
- mutex_locked = FALSE;
- }
-#endif
-
- for (i=0;rv == CKR_OK && i < objects_found;i++) {
- CK_ATTRIBUTE attrs[] = {
- {CKA_ID, NULL, 0},
- {CKA_VALUE, NULL, 0}
- };
- char current_subject[1024];
- current_subject[0] = '\0';
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_getObjectAttributes (
- session,
- objects[i],
- attrs,
- sizeof (attrs) / sizeof (CK_ATTRIBUTE)
- );
- }
-
- if (
- rv == CKR_OK &&
- !g_pkcs11h_crypto_engine.certificate_get_dn (
- g_pkcs11h_crypto_engine.global_data,
- attrs[1].pValue,
- attrs[1].ulValueLen,
- current_subject,
- sizeof (current_subject)
- )
- ) {
- rv = CKR_FUNCTION_FAILED;
- }
-
- if (
- rv == CKR_OK &&
- !strcmp (subject, current_subject) &&
- _pkcs11h_certificate_isBetterCertificate (
- certificate_id->certificate_blob,
- certificate_id->certificate_blob_size,
- attrs[1].pValue,
- attrs[1].ulValueLen
- )
- ) {
- if (certificate_id->attrCKA_ID != NULL) {
- _pkcs11h_mem_free ((void *)&certificate_id->attrCKA_ID);
- }
- if (certificate_id->certificate_blob != NULL) {
- _pkcs11h_mem_free ((void *)&certificate_id->certificate_blob);
- }
- rv = _pkcs11h_mem_duplicate (
- (void *)&certificate_id->attrCKA_ID,
- &certificate_id->attrCKA_ID_size,
- attrs[0].pValue,
- attrs[0].ulValueLen
- );
- rv = _pkcs11h_mem_duplicate (
- (void *)&certificate_id->certificate_blob,
- &certificate_id->certificate_blob_size,
- attrs[1].pValue,
- attrs[1].ulValueLen
- );
- }
-
- if (rv != CKR_OK) {
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
- "PKCS#11: Cannot get object attribute for provider '%s' object %ld rv=%ld-'%s'",
- session->provider->manufacturerID,
- objects[i],
- rv,
- pkcs11h_getMessage (rv)
- );
-
- /*
- * Ignore error
- */
- rv = CKR_OK;
- }
-
- _pkcs11h_session_freeObjectAttributes (
- attrs,
- sizeof (attrs) / sizeof (CK_ATTRIBUTE)
- );
- }
-
- if (
- rv == CKR_OK &&
- certificate_id->certificate_blob == NULL
- ) {
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
- }
-
- if (objects != NULL) {
- _pkcs11h_mem_free ((void *)&objects);
- }
-
- /*
- * No need to free allocated objects
- * on error, since the certificate_id
- * should be free by caller.
- */
-
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: _pkcs11h_locate_getCertificateIdBySubject return rv=%ld-'%s'",
- rv,
- pkcs11h_getMessage (rv)
- );
-
- return rv;
-}
-
-CK_RV
-pkcs11h_locate_certificate (
- IN const char * const slot_type,
- IN const char * const slot,
- IN const char * const id_type,
- IN const char * const id,
- IN void * const user_data,
- IN const unsigned mask_prompt,
- OUT pkcs11h_certificate_id_t * const p_certificate_id
-) {
-#if defined(ENABLE_PKCS11H_THREADING)
- PKCS11H_BOOL mutex_locked = FALSE;
-#endif
- pkcs11h_certificate_id_t certificate_id = NULL;
- pkcs11h_session_t session = NULL;
- PKCS11H_BOOL op_succeed = FALSE;
- PKCS11H_BOOL login_retry = FALSE;
-
- CK_RV rv = CKR_OK;
-
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (slot_type!=NULL);
- PKCS11H_ASSERT (slot!=NULL);
- PKCS11H_ASSERT (id_type!=NULL);
- PKCS11H_ASSERT (id!=NULL);
- /*PKCS11H_ASSERT (user_data) NOT NEEDED */
- PKCS11H_ASSERT (p_certificate_id!=NULL);
-
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: pkcs11h_locateCertificate entry slot_type='%s', slot='%s', id_type='%s', id='%s', user_data=%p, mask_prompt=%08x, p_certificate_id=%p",
- slot_type,
- slot,
- id_type,
- id,
- user_data,
- mask_prompt,
- (void *)p_certificate_id
- );
-
- *p_certificate_id = NULL;
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_certificate_newCertificateId (&certificate_id);
- }
-
- if (rv == CKR_OK) {
- rv = pkcs11h_locate_token (
- slot_type,
- slot,
- user_data,
- mask_prompt,
- &certificate_id->token_id
- );
- }
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_getSessionByTokenId (
- certificate_id->token_id,
- &session
- );
- }
-
-#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&g_pkcs11h_data->mutexes.global)) == CKR_OK
- ) {
- mutex_locked = TRUE;
- }
-#endif
-
- while (rv == CKR_OK && !op_succeed) {
- if (!strcmp (id_type, "id")) {
- certificate_id->attrCKA_ID_size = strlen (id)/2;
-
- if (certificate_id->attrCKA_ID_size == 0) {
- rv = CKR_FUNCTION_FAILED;
- }
-
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_mem_malloc (
- (void*)&certificate_id->attrCKA_ID,
- certificate_id->attrCKA_ID_size
- )) == CKR_OK
- ) {
- _pkcs11h_util_hexToBinary (
- certificate_id->attrCKA_ID,
- id,
- &certificate_id->attrCKA_ID_size
- );
- }
- }
- else if (!strcmp (id_type, "label")) {
- rv = _pkcs11h_locate_getCertificateIdByLabel (
- session,
- certificate_id,
- id
- );
- }
- else if (!strcmp (id_type, "subject")) {
- rv = _pkcs11h_locate_getCertificateIdBySubject (
- session,
- certificate_id,
- id
- );
- }
- else {
- rv = CKR_ARGUMENTS_BAD;
- }
-
- if (rv == CKR_OK) {
- op_succeed = TRUE;
- }
- else {
- if (!login_retry) {
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
- "PKCS#11: Get certificate failed: %ld:'%s'",
- rv,
- pkcs11h_getMessage (rv)
- );
-
- rv = _pkcs11h_session_login (
- session,
- TRUE,
- TRUE,
- user_data,
- mask_prompt
- );
-
- login_retry = TRUE;
- }
- }
- }
-
-#if defined(ENABLE_PKCS11H_THREADING)
- if (mutex_locked) {
- _pkcs11h_threading_mutexRelease (&g_pkcs11h_data->mutexes.global);
- mutex_locked = FALSE;
- }
-#endif
-
- if (rv == CKR_OK) {
- *p_certificate_id = certificate_id;
- certificate_id = NULL;
- }
-
- if (certificate_id != NULL) {
- pkcs11h_certificate_freeCertificateId (certificate_id);
- certificate_id = NULL;
- }
-
- if (session != NULL) {
- _pkcs11h_session_release (session);
- session = NULL;
- }
-
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: pkcs11h_locateCertificate return rv=%ld-'%s' *p_certificate_id=%p",
- rv,
- pkcs11h_getMessage (rv),
- (void *)*p_certificate_id
- );
-
- return rv;
-}
-
-#endif /* ENABLE_PKCS11H_CERTIFICATE */
-
-#endif /* ENABLE_PKCS11H_LOCATE */
-
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/pkcs11-helper.git
More information about the pkg-opensc-commit
mailing list