Implement two pin_sources

nickray · Jan 10, 2021 · 65b105e · 65b105e
1 parent 644eab5
commit 65b105e
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 6 deletions.
diff --git a/examples/lookup.rs b/examples/lookup.rs
@@ -10,13 +10,25 @@ fn main() {
     }
 }
 fn try_main() -> anyhow::Result<()> {
-    let uri_str = r"pkcs11:
+    let _uri_str = r"pkcs11:
+        type=private;
+        token=lpc55-2ac0c213b4903b76;
+        object=lpc55-2ac0c213b4903b76%20@%202021-01-08T20:41:24
+            ?pin-source=file:pin.txt
+            &module-path=/usr/lib/libsofthsm2.so";
+    let _uri_str = r"pkcs11:
+        type=private;
+        token=lpc55-2ac0c213b4903b76;
+        object=lpc55-2ac0c213b4903b76%20@%202021-01-08T20:41:24
+            ?pin-source=env:PIN
+            &module-path=/usr/lib/libsofthsm2.so";
+    let _uri_str = r"pkcs11:
         type=private;
         token=lpc55-2ac0c213b4903b76;
         object=lpc55-2ac0c213b4903b76%20@%202021-01-08T20:41:24
             ?pin-value=1234
             &module-path=/usr/lib/libsofthsm2.so";
-    let uri = Pkcs11Uri::try_from(uri_str)?;
+    let uri = Pkcs11Uri::try_from(_uri_str)?;
     let (context, session, object) = uri.identify_object().unwrap();
 
     //  CKM_SHA256_RSA_PKCS

diff --git a/pin.txt b/pin.txt
@@ -0,0 +1 @@
+1234
diff --git a/src/lib.rs b/src/lib.rs
@@ -370,10 +370,33 @@ impl Pkcs11Uri {
                 slot, flags, /*application: */ None, /*notify: */ None,
             )
             .unwrap();
-        let maybe_pin: Option<&str> = self.query_attributes.pin_value.as_deref();
-        trace!("{:?}", maybe_pin);
-        ctx.login(session, pkcs11::types::CKU_USER, maybe_pin)
-            .unwrap();
+
+        if let Some(pin) = self.query_attributes.pin_value.as_deref() {
+            trace!("{:?}", pin);
+            ctx.login(session, pkcs11::types::CKU_USER, Some(pin))
+                .unwrap();
+        } else if let Some(source) = self.query_attributes.pin_source.as_deref() {
+            if let Some(index) = source.find(':') {
+                let scheme = &source[..index];
+                match scheme {
+                    "env" => {
+                        let pin = std::env::var(&source[4..]).unwrap();
+                        trace!("{:?}", pin);
+                        ctx.login(session, pkcs11::types::CKU_USER, Some(&pin))
+                            .unwrap();
+                    }
+                    "file" => {
+                        let pin = String::from_utf8_lossy(&std::fs::read(&source[5..]).unwrap()).trim().to_string();
+                        trace!("{:?}", pin);
+                        ctx.login(session, pkcs11::types::CKU_USER, Some(pin.as_str()))
+                            .unwrap();
+                    }
+                    _ => {}
+                }
+            }
+        } else {
+            ctx.login(session, pkcs11::types::CKU_USER, None).unwrap();
+        }
 
         // 3. find the object
         // object_class: Option<ObjectClass>