L<<Logger::Error<< msg << endl;
}
}
+
public:
Pkcs11Slot(CK_FUNCTION_LIST* functions, const CK_SLOT_ID& slot) {
CK_TOKEN_INFO tokenInfo;
pthread_mutex_t *m() { return &d_m; }
- static std::shared_ptr<Pkcs11Slot> GetSlot(const std::string& module, const CK_SLOT_ID& slotId);
+ static std::shared_ptr<Pkcs11Slot> GetSlot(const std::string& module, const string& tokenId);
+ static CK_RV HuntSlot(const string& tokenId, CK_SLOT_ID &slotId, _CK_SLOT_INFO* info, CK_FUNCTION_LIST* functions);
};
class Pkcs11Token {
return d_bits;
}
- static std::shared_ptr<Pkcs11Token> GetToken(const std::string& module, const CK_SLOT_ID& slotId, const std::string& label);
+ static std::shared_ptr<Pkcs11Token> GetToken(const std::string& module, const string& tokenId, const std::string& label);
};
static std::map<std::string, std::shared_ptr<Pkcs11Slot> > pkcs11_slots;
static std::map<std::string, std::shared_ptr<Pkcs11Token> > pkcs11_tokens;
-std::shared_ptr<Pkcs11Slot> Pkcs11Slot::GetSlot(const std::string& module, const CK_SLOT_ID& slotId) {
+CK_RV Pkcs11Slot::HuntSlot(const string& tokenId, CK_SLOT_ID &slotId, _CK_SLOT_INFO* info, CK_FUNCTION_LIST* functions)
+{
+ CK_RV err;
+ unsigned long slots;
+ _CK_TOKEN_INFO tinfo;
+
+ // go thru all slots
+ // this is required by certain tokens, otherwise C_GetSlotInfo will not return a token
+ err = functions->C_GetSlotList(CK_FALSE, NULL_PTR, &slots);
+ if (err) {
+ L<<Logger::Warning<<"C_GetSlotList(CK_FALSE, NULL_PTR, &slots) = " << err << std::endl;
+ return err;
+ }
+
+ // iterate all slots
+ for(slotId=0;slotId<slots;slotId++) {
+ if ((err = functions->C_GetSlotInfo(slotId, info))) {
+ L<<Logger::Warning<<"C_GetSlotList("<<slotId<<", info) = " << err << std::endl;
+ return err;
+ }
+ if ((err = functions->C_GetTokenInfo(slotId, &tinfo))) {
+ L<<Logger::Warning<<"C_GetSlotList("<<slotId<<", &tinfo) = " << err << std::endl;
+ return err;
+ }
+ std::string slotName;
+ slotName.assign(reinterpret_cast<char*>(tinfo.label), 32);
+ // trim it
+ boost::trim(slotName);
+ if (boost::iequals(slotName, tokenId)) {
+ return 0;
+ }
+ }
+
+ // see if we can find it with slotId
+ try {
+ slotId = boost::lexical_cast<int>(tokenId);
+ if ((err = functions->C_GetSlotInfo(slotId, info))) {
+ L<<Logger::Warning<<"C_GetSlotList("<<slotId<<", info) = " << err << std::endl;
+ return err;
+ }
+ L<<Logger::Warning<<"Specifying PKCS#11 token by SLOT ID is deprecated and should not be used"<<std::endl;
+ return 0;
+ } catch (...) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
+ return CK_UNAVAILABLE_INFORMATION;
+}
+
+std::shared_ptr<Pkcs11Slot> Pkcs11Slot::GetSlot(const std::string& module, const string& tokenId) {
// see if we can find module
std::string sidx = module;
sidx.append("|");
- sidx.append(boost::lexical_cast<std::string>(slotId));
+ sidx.append(tokenId);
std::map<std::string, std::shared_ptr<Pkcs11Slot> >::iterator slotIter;
CK_RV err;
CK_FUNCTION_LIST* functions;
// try to locate a slot
_CK_SLOT_INFO info;
- unsigned long slots;
-
- // this is required by certain tokens, otherwise C_GetSlotInfo will not return a token
- err = functions->C_GetSlotList(CK_FALSE, NULL_PTR, &slots);
- if (err)
- L<<Logger::Warning<<"C_GetSlotList(CK_FALSE, NULL_PTR, &slots) = " << err << std::endl;
+ CK_SLOT_ID slotId;
- if ((err = functions->C_GetSlotInfo(slotId, &info))) {
- throw PDNSException(std::string("Cannot find PKCS#11 slot ") + boost::lexical_cast<std::string>(slotId) + std::string(" on module ") + module + std::string(": error code ") + boost::lexical_cast<std::string>(err));
+ if ((err = Pkcs11Slot::HuntSlot(tokenId, slotId, &info, functions))) {
+ throw PDNSException(std::string("Cannot find PKCS#11 token ") + tokenId + std::string(" on module ") + module + std::string(": error code ") + boost::lexical_cast<std::string>(err));
}
// store slot
return pkcs11_slots[sidx];
}
-std::shared_ptr<Pkcs11Token> Pkcs11Token::GetToken(const std::string& module, const CK_SLOT_ID& slotId, const std::string& label) {
+std::shared_ptr<Pkcs11Token> Pkcs11Token::GetToken(const std::string& module, const string& tokenId, const std::string& label) {
// see if we can find module
std::string tidx = module;
tidx.append("|");
- tidx.append(boost::lexical_cast<std::string>(slotId));
+ tidx.append(boost::lexical_cast<std::string>(tokenId));
tidx.append("|");
tidx.append(label);
std::map<std::string, std::shared_ptr<Pkcs11Token> >::iterator tokenIter;
if ((tokenIter = pkcs11_tokens.find(tidx)) != pkcs11_tokens.end()) return tokenIter->second;
- std::shared_ptr<Pkcs11Slot> slot = Pkcs11Slot::GetSlot(module, slotId);
+ std::shared_ptr<Pkcs11Slot> slot = Pkcs11Slot::GetSlot(module, tokenId);
pkcs11_tokens[tidx] = std::make_shared<Pkcs11Token>(slot, label);
return pkcs11_tokens[tidx];
}
Pkcs11Token::~Pkcs11Token() {
}
-bool PKCS11ModuleSlotLogin(const std::string& module, int slotId, const std::string& pin)
+bool PKCS11ModuleSlotLogin(const std::string& module, const string& tokenId, const std::string& pin)
{
std::shared_ptr<Pkcs11Slot> slot;
- slot = Pkcs11Slot::GetSlot(module, slotId);
+ slot = Pkcs11Slot::GetSlot(module, tokenId);
if (slot->LoggedIn()) return true; // no point failing
return slot->Login(pin);
}
void PKCS11DNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, stormap_t& stormap) {
drc.d_algorithm = atoi(stormap["algorithm"].c_str());
d_module = stormap["engine"];
- d_slot_id = atoi(stormap["slot"].c_str());
+ d_slot_id = stormap["slot"];
+ boost::trim(d_slot_id);
d_pin = stormap["pin"];
d_label = stormap["label"];
// validate parameters
projects / pdns / commitdiff