Skip to content

Commit

Permalink
p11-kit list-tokens: New subcommand
Browse files Browse the repository at this point in the history
This adds a new subcommand "list-tokens" to the p11-kit command, which
is similar to "list-modules" but only prints tokens.  This would make
scripting tasks easier.

Signed-off-by: Daiki Ueno <[email protected]>
  • Loading branch information
ueno committed Sep 30, 2023
1 parent 97afe36 commit 1657a9e
Show file tree
Hide file tree
Showing 7 changed files with 278 additions and 2 deletions.
19 changes: 19 additions & 0 deletions doc/manual/p11-kit.xml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@
<cmdsynopsis>
<command>p11-kit list-modules</command>
</cmdsynopsis>
<cmdsynopsis>
<command>p11-kit list-tokens</command> ...
</cmdsynopsis>
<cmdsynopsis>
<command>p11-kit list-objects</command> ...
</cmdsynopsis>
Expand Down Expand Up @@ -102,6 +105,22 @@ $ p11-kit list-modules

</refsect1>

<refsect1 id="p11-kit-list-tokens">
<title>List Tokens</title>

<para>List all tokens available in system configured PKCS#11 modules.</para>

<programlisting>
$ p11-kit list-tokens pkcs11:token
$ p11-kit list-tokens --only-uris pkcs11:token
</programlisting>

<para>This retrieves all tokens and displays some of their
common attributes. If <option>--only-uris</option> is given,
only the matching token URIs are printed.</para>

</refsect1>

<refsect1 id="p11-kit-list-objects">
<title>List Objects</title>

Expand Down
4 changes: 4 additions & 0 deletions p11-kit/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -270,6 +270,7 @@ p11_kit_p11_kit_SOURCES = \
p11-kit/generate-keypair.c \
p11-kit/list-objects.c \
p11-kit/list-profiles.c \
p11-kit/list-tokens.c \
p11-kit/lists.c \
p11-kit/p11-kit.c \
p11-kit/print-config.c \
Expand Down Expand Up @@ -301,6 +302,7 @@ p11_kit_p11_kit_testable_SOURCES = \
p11-kit/generate-keypair.c \
p11-kit/list-objects.c \
p11-kit/list-profiles.c \
p11-kit/list-tokens.c \
p11-kit/lists.c \
p11-kit/p11-kit.c \
p11-kit/print-config.c \
Expand Down Expand Up @@ -425,6 +427,7 @@ sh_tests += \
p11-kit/test-objects.sh \
p11-kit/test-lists.sh \
p11-kit/test-server.sh \
p11-kit/test-list-tokens.sh \
$(NULL)

if WITH_ASN1
Expand Down Expand Up @@ -617,5 +620,6 @@ EXTRA_DIST += \
p11-kit/test-lists.sh \
p11-kit/test-messages.sh \
p11-kit/test-server.sh \
p11-kit/test-list-tokens.sh \
p11-kit/test-export-public.sh \
$(NULL)
162 changes: 162 additions & 0 deletions p11-kit/list-tokens.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,162 @@
#include "config.h"

#include "attrs.h"
#include "buffer.h"
#include "constants.h"
#define P11_DEBUG_FLAG P11_DEBUG_TOOL
#include "debug.h"
#include "iter.h"
#include "message.h"
#include "print.h"
#include "tool.h"

#include <assert.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#ifdef ENABLE_NLS
#include <libintl.h>
#define _(x) dgettext(PACKAGE_NAME, x)
#else
#define _(x) (x)
#endif

void print_token_info (p11_list_printer *printer,
CK_TOKEN_INFO *info);

char *format_token_uri (CK_TOKEN_INFO *info);

static int
print_tokens (p11_list_printer *printer,
const char *token_str,
bool only_uris)
{
int ret = 1;
CK_FUNCTION_LIST **modules = NULL;
P11KitUri *uri = NULL;
P11KitIter *iter = NULL;

uri = p11_kit_uri_new ();
if (uri == NULL) {
p11_message (_("failed to allocate memory"));
goto cleanup;
}

if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_TOKEN, uri) != P11_KIT_URI_OK) {
p11_message (_("failed to parse URI"));
goto cleanup;
}

modules = p11_kit_modules_load_and_initialize (0);
if (modules == NULL) {
p11_message (_("failed to load and initialize modules"));
goto cleanup;
}

iter = p11_kit_iter_new (uri, P11_KIT_ITER_WITH_TOKENS |
P11_KIT_ITER_WITHOUT_OBJECTS);
if (iter == NULL) {
p11_debug ("failed to initialize iterator");
goto cleanup;
}

p11_kit_iter_begin (iter, modules);
while (p11_kit_iter_next (iter) == CKR_OK) {
CK_TOKEN_INFO *info = p11_kit_iter_get_token (iter);
char *value;

if (only_uris) {
value = format_token_uri (info);
if (value)
printf ("%s\n", value);
free (value);
} else {
value = p11_kit_space_strdup (info->label, sizeof (info->label));
p11_list_printer_start_section (printer, "token", "%s", value);
free (value);

print_token_info (printer, info);
p11_list_printer_end_section (printer);
}
}

ret = 0;

cleanup:
p11_kit_iter_free (iter);
p11_kit_uri_free (uri);
if (modules != NULL)
p11_kit_modules_finalize_and_release (modules);

return ret;
}

int
p11_kit_list_tokens (int argc,
char *argv[])
{
int opt;
bool only_uris = false;
p11_list_printer printer;

enum {
opt_verbose = 'v',
opt_quiet = 'q',
opt_help = 'h',
};

struct option options[] = {
{ "verbose", no_argument, NULL, opt_verbose },
{ "quiet", no_argument, NULL, opt_quiet },
{ "only-uris", no_argument, NULL, CHAR_MAX + 1 },
{ "help", no_argument, NULL, opt_help },
{ 0 },
};

p11_tool_desc usages[] = {
{ 0, "usage: p11-kit list-tokens" },
{ opt_verbose, "show verbose debug output", },
{ opt_quiet, "suppress command output", },
{ CHAR_MAX + 1, "only print token URIs", },
{ 0 },
};

while ((opt = p11_tool_getopt (argc, argv, options)) != -1) {
switch (opt) {

case opt_verbose:
p11_kit_be_loud ();
break;

case opt_quiet:
p11_kit_be_quiet ();
break;

case CHAR_MAX + 1: /* --only-uris */
only_uris = true;
break;

case opt_help:
p11_tool_usage (usages, options);
return 0;
case '?':
return 2;
default:
assert_not_reached ();
break;
}
}

argc -= optind;
argv += optind;

if (argc != 1) {
p11_tool_usage (usages, options);
return 2;
}

p11_list_printer_init (&printer, stdout, 0);
return print_tokens (&printer, *argv, only_uris);
}
4 changes: 2 additions & 2 deletions p11-kit/lists.c
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ is_ascii_string (const unsigned char *data,
return true;
}

static char *
char *
format_token_uri (CK_TOKEN_INFO *info)
{
char *value;
Expand All @@ -105,7 +105,7 @@ format_token_uri (CK_TOKEN_INFO *info)
return value;
}

static void
void
print_token_info (p11_list_printer *printer,
CK_TOKEN_INFO *info)
{
Expand Down
5 changes: 5 additions & 0 deletions p11-kit/meson.build
Original file line number Diff line number Diff line change
Expand Up @@ -217,6 +217,7 @@ p11_kit_sources = [
'generate-keypair.c',
'list-objects.c',
'list-profiles.c',
'list-tokens.c',
'lists.c',
'p11-kit.c',
'print-config.c'
Expand Down Expand Up @@ -401,6 +402,10 @@ if get_option('test')
test('test-server.sh',
find_program('test-server.sh'),
env: p11_kit_tests_env)

test('test-list-tokens.sh',
find_program('test-list-tokens.sh'),
env: p11_kit_tests_env)
endif

if with_asn1 and host_system != 'windows'
Expand Down
4 changes: 4 additions & 0 deletions p11-kit/p11-kit.c
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,9 @@
int p11_kit_list_modules (int argc,
char *argv[]);

int p11_kit_list_tokens (int argc,
char *argv[]);

int p11_kit_list_objects (int argc,
char *argv[]);

Expand Down Expand Up @@ -94,6 +97,7 @@ int p11_kit_external (int argc,

static const p11_tool_command commands[] = {
{ "list-modules", p11_kit_list_modules, N_("List modules and tokens") },
{ "list-tokens", p11_kit_list_tokens, N_("List tokens") },
{ "list-objects", p11_kit_list_objects, N_("List objects of a token") },
{ "export-object", p11_kit_export_object, N_("Export object matching PKCS#11 URI") },
{ "delete-object", p11_kit_delete_object, N_("Delete objects matching PKCS#11 URI") },
Expand Down
82 changes: 82 additions & 0 deletions p11-kit/test-list-tokens.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
#!/bin/sh

# Test public key export from mock-twelve.so (mock-module-ep10.c).

test "${abs_top_builddir+set}" = set || {
echo "set abs_top_builddir" 1>&2
exit 1
}

. "$abs_top_builddir/common/test-init.sh"

setup() {
testdir=$PWD/test-objects-$$
test -d "$testdir" || mkdir "$testdir"
cd "$testdir"
}

teardown() {
rm -rf "$testdir"
}

test_list_tokens_without_uri() {
cat > list.exp <<EOF
usage: p11-kit list-tokens
-v, --verbose show verbose debug output
-q, --quiet suppress command output
--only-uris only print token URIs
EOF
if "$abs_top_builddir"/p11-kit/p11-kit-testable list-tokens -q 2>&1 > list.out; then
assert_fail "p11-kit list-tokens succeeded without token URI"
fi

: ${DIFF=diff}
if ! ${DIFF} list.exp list.out > list.diff; then
sed 's/^/# /' list.diff
assert_fail "output contains incorrect result"
fi
}

test_list_tokens() {
cat > list.exp <<EOF
token: PUBKEY LABEL
uri: pkcs11:model=PUBKEY%20MODEL;manufacturer=PUBKEY%20MANUFACTURER;serial=PUBKEY%20SERIAL;token=PUBKEY%20LABEL
manufacturer: PUBKEY MANUFACTURER
model: PUBKEY MODEL
serial-number: PUBKEY SERIAL
hardware-version: 75.175
firmware-version: 85.185
flags:
login-required
user-pin-initialized
clock-on-token
token-initialized
EOF
if ! "$abs_top_builddir"/p11-kit/p11-kit-testable list-tokens -q "pkcs11:model=PUBKEY%20MODEL" > list.out; then
assert_fail "unable to run: p11-kit list-tokens"
fi

: ${DIFF=diff}
if ! ${DIFF} list.exp list.out > list.diff; then
sed 's/^/# /' list.diff
assert_fail "output contains incorrect result"
fi
}

test_list_tokens_only_uris() {
cat > list.exp <<EOF
pkcs11:model=PUBKEY%20MODEL;manufacturer=PUBKEY%20MANUFACTURER;serial=PUBKEY%20SERIAL;token=PUBKEY%20LABEL
EOF
if ! "$abs_top_builddir"/p11-kit/p11-kit-testable list-tokens -q --only-uris "pkcs11:model=PUBKEY%20MODEL" > list.out; then
assert_fail "unable to run: p11-kit list-tokens --only-uris"
fi

: ${DIFF=diff}
if ! ${DIFF} list.exp list.out > list.diff; then
sed 's/^/# /' list.diff
assert_fail "output contains incorrect result"
fi
}

run test_list_tokens_without_uri test_list_tokens test_list_tokens_only_uris

0 comments on commit 1657a9e

Please sign in to comment.