[rs-commit] r89 - /redwax-tool/trunk/redwax_p11kit.c

rs-commit at redwax.eu rs-commit at redwax.eu
Fri Nov 26 15:43:17 CET 2021


Author: minfrin at redwax.eu
Date: Fri Nov 26 15:43:16 2021
New Revision: 89

Log:
Output the pin-value in pkcs11 URLs, so that the
URLs can be used at their destination.

Modified:
    redwax-tool/trunk/redwax_p11kit.c

Modified: redwax-tool/trunk/redwax_p11kit.c
==============================================================================
--- redwax-tool/trunk/redwax_p11kit.c	(original)
+++ redwax-tool/trunk/redwax_p11kit.c	Fri Nov 26 15:43:16 2021
@@ -736,7 +736,8 @@
 static apr_status_t redwax_p11kit_handle_token_login(redwax_tool_t *r,
         apr_pool_t *pool, P11KitUri *parsed, CK_FUNCTION_LIST *module,
         CK_TOKEN_INFO *tokenInfo, CK_SLOT_ID_PTR slot_id,
-        CK_SESSION_HANDLE session, const char *direction, apr_hash_t *secrets)
+        CK_SESSION_HANDLE session, const char *direction, apr_hash_t *secrets,
+        const char **pin)
 {
     redwax_pkcs11_session_t *s;
 
@@ -749,6 +750,11 @@
     apr_ssize_t userPIN_len = 0;
 
     // urlPIN = "";
+
+    /* until further notice */
+    if (pin) {
+        *pin = NULL;
+    }
 
     /* support a pinpad reader */
     if (tokenInfo->flags & CKF_PROTECTED_AUTHENTICATION_PATH) {
@@ -818,6 +824,9 @@
 
             return APR_EGENERAL;
 
+        }
+        else if (pin) {
+            *pin = apr_pstrndup(pool, (const char *)userPIN, userPIN_len);
         }
 
     }
@@ -861,6 +870,9 @@
                 return APR_EGENERAL;
 
             }
+            else if (pin) {
+                *pin = apr_pstrndup(pool, (const char *)userPIN, userPIN_len);
+            }
 
         }
     }
@@ -933,6 +945,11 @@
 
             ret = module->C_Login(session, CKU_USER, userPIN, userPIN_len);
             if (ret == CKR_OK) {
+
+                if (pin) {
+                    *pin = apr_pstrndup(pool, (const char *)userPIN, userPIN_len);
+                }
+
                 break;
             }
             else if (ret == CKR_PIN_INCORRECT) {
@@ -1023,7 +1040,7 @@
             apr_pool_cleanup_null);
 
     status = redwax_p11kit_handle_token_login(r, pool, parsed,
-            module, tokenInfo, slot_id, session, "pkcs11-out", secrets);
+            module, tokenInfo, slot_id, session, "pkcs11-out", secrets, NULL);
     if (status != APR_SUCCESS) {
         return status;
     }
@@ -1142,7 +1159,8 @@
         CK_FUNCTION_LIST *module, CK_TOKEN_INFO *tokenInfo,
                 CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object,
                 const unsigned char **id_der, apr_size_t *id_len,
-                const char **label, apr_size_t *label_len)
+                const char **label, apr_size_t *label_len,
+                const char *pin)
 {
     P11KitUri *origin_uri;
     CK_TOKEN_INFO_PTR ck_token_info;
@@ -1191,6 +1209,11 @@
 
     /* set type */
     p11_kit_uri_set_attribute(origin_uri, &template[2]);
+
+    /* set pin-value */
+    if (pin) {
+        p11_kit_uri_set_pin_value(origin_uri, pin);
+    }
 
     if (P11_KIT_URI_OK
             == p11_kit_uri_format(origin_uri, P11_KIT_URI_FOR_ANY, &origin)) {
@@ -1214,6 +1237,7 @@
     CK_ULONG n_attrs;
     CK_OBJECT_HANDLE object;
     CK_ULONG object_count;
+    const char *pin;
 
     redwax_pkcs11_session_t *s;
 
@@ -1250,7 +1274,8 @@
         apr_status_t status;
 
         status = redwax_p11kit_handle_token_login(r, pool, parsed,
-                module, tokenInfo, slot_id, session, "pkcs11-in", secrets);
+                module, tokenInfo, slot_id, session, "pkcs11-in", secrets,
+                &pin);
         if (status != APR_SUCCESS) {
 
             apr_pool_destroy(pool);
@@ -1359,7 +1384,7 @@
                             tokenInfo, session, object,
                             cert->x509 ? &cert->x509->id_der : NULL,
                             cert->x509 ? &cert->x509->id_len : NULL, &cert->label,
-                            &cert->label_len);
+                            &cert->label_len, NULL);
 
                     cert->token = redwax_pstrntrim(cert->pool,
                             (const char*) tokenInfo->label,
@@ -1588,7 +1613,8 @@
 
                 key->origin = redwax_p11kit_origin(r, key->pool, module,
                         tokenInfo, session, object, &key->common.id_der,
-                        &key->common.id_len, &key->label, &key->label_len);
+                        &key->common.id_len, &key->label, &key->label_len,
+                        pin);
 
                 key->token = redwax_pstrntrim(key->pool,
                         (const char*) tokenInfo->label,



More information about the rs-commit mailing list