From 65b105e77c6fd0d864cc0852a6d879f1b639add7 Mon Sep 17 00:00:00 2001
From: Nicolas Stalder <n@stalder.io>
Date: Sun, 10 Jan 2021 16:41:06 +0100
Subject: [PATCH] Implement two `pin_source`s

---
 examples/lookup.rs | 16 ++++++++++++++--
 pin.txt            |  1 +
 src/lib.rs         | 31 +++++++++++++++++++++++++++----
 3 files changed, 42 insertions(+), 6 deletions(-)
 create mode 100644 pin.txt

diff --git a/examples/lookup.rs b/examples/lookup.rs
index e8c7852..364ae53 100644
--- a/examples/lookup.rs
+++ b/examples/lookup.rs
@@ -10,13 +10,25 @@ fn main() {
     }
 }
 fn try_main() -> anyhow::Result<()> {
-    let uri_str = r"pkcs11:
+    let _uri_str = r"pkcs11:
+        type=private;
+        token=lpc55-2ac0c213b4903b76;
+        object=lpc55-2ac0c213b4903b76%20@%202021-01-08T20:41:24
+            ?pin-source=file:pin.txt
+            &module-path=/usr/lib/libsofthsm2.so";
+    let _uri_str = r"pkcs11:
+        type=private;
+        token=lpc55-2ac0c213b4903b76;
+        object=lpc55-2ac0c213b4903b76%20@%202021-01-08T20:41:24
+            ?pin-source=env:PIN
+            &module-path=/usr/lib/libsofthsm2.so";
+    let _uri_str = r"pkcs11:
         type=private;
         token=lpc55-2ac0c213b4903b76;
         object=lpc55-2ac0c213b4903b76%20@%202021-01-08T20:41:24
             ?pin-value=1234
             &module-path=/usr/lib/libsofthsm2.so";
-    let uri = Pkcs11Uri::try_from(uri_str)?;
+    let uri = Pkcs11Uri::try_from(_uri_str)?;
     let (context, session, object) = uri.identify_object().unwrap();
 
     //  CKM_SHA256_RSA_PKCS
diff --git a/pin.txt b/pin.txt
new file mode 100644
index 0000000..81c545e
--- /dev/null
+++ b/pin.txt
@@ -0,0 +1 @@
+1234
diff --git a/src/lib.rs b/src/lib.rs
index accdc13..46891f7 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -370,10 +370,33 @@ impl Pkcs11Uri {
                 slot, flags, /*application: */ None, /*notify: */ None,
             )
             .unwrap();
-        let maybe_pin: Option<&str> = self.query_attributes.pin_value.as_deref();
-        trace!("{:?}", maybe_pin);
-        ctx.login(session, pkcs11::types::CKU_USER, maybe_pin)
-            .unwrap();
+
+        if let Some(pin) = self.query_attributes.pin_value.as_deref() {
+            trace!("{:?}", pin);
+            ctx.login(session, pkcs11::types::CKU_USER, Some(pin))
+                .unwrap();
+        } else if let Some(source) = self.query_attributes.pin_source.as_deref() {
+            if let Some(index) = source.find(':') {
+                let scheme = &source[..index];
+                match scheme {
+                    "env" => {
+                        let pin = std::env::var(&source[4..]).unwrap();
+                        trace!("{:?}", pin);
+                        ctx.login(session, pkcs11::types::CKU_USER, Some(&pin))
+                            .unwrap();
+                    }
+                    "file" => {
+                        let pin = String::from_utf8_lossy(&std::fs::read(&source[5..]).unwrap()).trim().to_string();
+                        trace!("{:?}", pin);
+                        ctx.login(session, pkcs11::types::CKU_USER, Some(pin.as_str()))
+                            .unwrap();
+                    }
+                    _ => {}
+                }
+            }
+        } else {
+            ctx.login(session, pkcs11::types::CKU_USER, None).unwrap();
+        }
 
         // 3. find the object
         // object_class: Option<ObjectClass>