Make add-profile command to create token objects instead of session objects

p11-kit/add-profile.c

@@ -44,8 +44,8 @@
 #include "tool.h"
 
 #include <assert.h>
-#include <stdbool.h>
 #include <stdlib.h>
+#include <string.h>
 
 #ifdef ENABLE_NLS
 #include <libintl.h>
@@ -58,72 +58,38 @@ int
 p11_kit_add_profile (int argc,
 		     char *argv[]);
 
-static bool
-profile_exists (CK_FUNCTION_LIST *module,
-		CK_PROFILE_ID profile)
-{
-	CK_RV rv;
-	P11KitIter *iter = NULL;
-	CK_OBJECT_CLASS klass = CKO_PROFILE;
-	CK_PROFILE_ID profile_id = CKP_INVALID_ID;
-	CK_ATTRIBUTE matching = { CKA_CLASS, &klass, sizeof (klass) };
-	CK_ATTRIBUTE attr = { CKA_PROFILE_ID, &profile_id, sizeof (profile_id) };
-	CK_FUNCTION_LIST *modules[] = { module, NULL };
-
-	iter = p11_kit_iter_new (NULL, 0);
-	if (iter == NULL) {
-		p11_message (_("failed to initialize iterator"));
-		return false;
-	}
-
-	p11_kit_iter_add_filter (iter, &matching, 1);
-	p11_kit_iter_begin (iter, modules);
-	while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
-		rv = p11_kit_iter_get_attributes (iter, &attr, 1);
-		if (rv != CKR_OK) {
-			p11_message (_("failed to retrieve attribute of an object"));
-			p11_kit_iter_free (iter);
-			return false;
-		}
-
-		if (profile_id == profile) {
-			p11_kit_iter_free (iter);
-			return true;
-		}
-	}
-	p11_kit_iter_free (iter);
-
-	return false;
-}
-
 static int
 add_profile (const char *token_str,
 	     CK_PROFILE_ID profile)
 {
 	int ret = 1;
 	CK_RV rv;
+	const char *pin = NULL;
+	CK_ULONG count = 0;
 	CK_OBJECT_HANDLE object = 0;
 	CK_SESSION_HANDLE session = 0;
-	CK_FUNCTION_LIST *prev_module = NULL;
+	CK_SLOT_ID slot = 0;
 	CK_FUNCTION_LIST *module = NULL;
 	CK_FUNCTION_LIST **modules = NULL;
 	P11KitUri *uri = NULL;
 	P11KitIter *iter = NULL;
+	CK_BBOOL token = CK_TRUE;
 	CK_OBJECT_CLASS klass = CKO_PROFILE;
 	CK_ATTRIBUTE template[] = {
 	    { CKA_CLASS, &klass, sizeof (klass) },
+	    { CKA_TOKEN, &token, sizeof (token) },
 	    { CKA_PROFILE_ID, &profile, sizeof (profile) }
 	};
 	CK_ULONG template_len = sizeof (template) / sizeof (template[0]);
 
 	uri = p11_kit_uri_new ();
 	if (uri == NULL) {
-		p11_message (_("failed to allocate memory for URI"));
+		p11_message (_("failed to allocate memory"));
 		goto cleanup;
 	}
 
 	if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_TOKEN, uri) != P11_KIT_URI_OK) {
-		p11_message (_("failed to parse the token URI"));
+		p11_message (_("failed to parse URI"));
 		goto cleanup;
 	}
 
@@ -133,33 +99,81 @@ add_profile (const char *token_str,
 		goto cleanup;
 	}
 
-	iter = p11_kit_iter_new (uri, P11_KIT_ITER_WANT_WRITABLE);
+	iter = p11_kit_iter_new (uri, P11_KIT_ITER_WITH_TOKENS | P11_KIT_ITER_WITHOUT_OBJECTS);
 	if (iter == NULL) {
 		p11_message (_("failed to initialize iterator"));
 		goto cleanup;
 	}
 
 	p11_kit_iter_begin (iter, modules);
-	while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
-		module = p11_kit_iter_get_module (iter);
-		if (module == prev_module || profile_exists (module, profile)) {
-			prev_module = module;
-			continue;
-		}
+	rv = p11_kit_iter_next (iter);
+	if (rv != CKR_OK) {
+		p11_message (_("failed to find the token: %s"), p11_kit_strerror (rv));
+		goto cleanup;
+	}
 
-		session = p11_kit_iter_get_session (iter);
-		rv = module->C_CreateObject (session, template, template_len, &object);
+	module = p11_kit_iter_get_module (iter);
+	if (module == NULL) {
+		p11_message (_("failed to obtain module"));
+		goto cleanup;
+	}
+
+	slot = p11_kit_iter_get_slot (iter);
+	if (slot == 0) {
+		p11_message (_("failed to obtain slot"));
+		goto cleanup;
+	}
+
+	rv = module->C_OpenSession (slot, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session);
+	if (rv != CKR_OK) {
+		p11_message (_("failed to open session: %s"), p11_kit_strerror (rv));
+		goto cleanup;
+	}
+
+	pin = p11_kit_uri_get_pin_value (uri);
+	if (pin != NULL) {
+		rv = module->C_Login (session, CKU_USER, (unsigned char *)pin, strlen (pin));
 		if (rv != CKR_OK) {
-			p11_message (_("failed to create the profile object: %s"), p11_kit_strerror (rv));
+			p11_message (_("failed to login: %s"), p11_kit_strerror (rv));
 			goto cleanup;
 		}
+	}
 
-		prev_module = module;
+	rv = module->C_FindObjectsInit (session, template, template_len);
+	if (rv != CKR_OK) {
+		p11_message (_("failed to initialize search for objects: %s"), p11_kit_strerror (rv));
+		goto cleanup;
+	}
+
+	rv = module->C_FindObjects (session, &object, 1, &count);
+	if (rv != CKR_OK) {
+		module->C_FindObjectsFinal (session);
+		p11_message (_("failed to search for objects: %s"), p11_kit_strerror (rv));
+		goto cleanup;
+	}
+
+	rv = module->C_FindObjectsFinal (session);
+	if (rv != CKR_OK) {
+		p11_message (_("failed to finalize search for objects: %s"), p11_kit_strerror (rv));
+		goto cleanup;
+	}
+
+	if (count != 0) {
+		p11_message (_("profile already exists"));
+		goto cleanup;
+	}
+
+	rv = module->C_CreateObject (session, template, template_len, &object);
+	if (rv != CKR_OK) {
+		p11_message (_("failed to create profile object: %s"), p11_kit_strerror (rv));
+		goto cleanup;
 	}
 
 	ret = 0;
 
 cleanup:
+	if (session != 0)
+		module->C_CloseSession (session);
 	p11_kit_iter_free (iter);
 	p11_kit_uri_free (uri);
 	if (modules != NULL)

p11-kit/delete-object.c

@@ -66,12 +66,12 @@ delete_object (const char *token_str)
 
 	uri = p11_kit_uri_new ();
 	if (uri == NULL) {
-		p11_message (_("failed to allocate memory for URI"));
+		p11_message (_("failed to allocate memory"));
 		goto cleanup;
 	}
 
 	if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_OBJECT_ON_TOKEN, uri) != P11_KIT_URI_OK) {
-		p11_message (_("failed to parse the token URI"));
+		p11_message (_("failed to parse URI"));
 		goto cleanup;
 	}
 

p11-kit/delete-profile.c

@@ -73,12 +73,12 @@ delete_profile (const char *token_str,
 
 	uri = p11_kit_uri_new ();
 	if (uri == NULL) {
-		p11_message (_("failed to allocate memory for URI"));
+		p11_message (_("failed to allocate memory"));
 		goto cleanup;
 	}
 
 	if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_OBJECT_ON_TOKEN, uri) != P11_KIT_URI_OK) {
-		p11_message (_("failed to parse the token URI"));
+		p11_message (_("failed to parse URI"));
 		goto cleanup;
 	}
 
@@ -99,14 +99,14 @@ delete_profile (const char *token_str,
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
 		rv = p11_kit_iter_get_attributes (iter, &attr, 1);
 		if (rv != CKR_OK) {
-			p11_message (_("failed to retrieve attribute of an object"));
+			p11_message (_("failed to retrieve attribute of an object: %s"), p11_kit_strerror (rv));
 			goto cleanup;
 		}
 
 		if (profile_id == profile) {
 			rv = p11_kit_iter_destroy_object (iter);
 			if (rv != CKR_OK)
-				p11_message (_("failed to delete the profile"));
+				p11_message (_("failed to delete profile: %s"), p11_kit_strerror (rv));
 		}
 	}
 

p11-kit/export-object.c

@@ -141,12 +141,12 @@ export_object (const char *token_str)
 
 	uri = p11_kit_uri_new ();
 	if (uri == NULL) {
-		p11_message (_("failed to allocate memory for URI"));
+		p11_message (_("failed to allocate memory"));
 		goto cleanup;
 	}
 
 	if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_OBJECT_ON_TOKEN, uri) != P11_KIT_URI_OK) {
-		p11_message (_("failed to parse the token URI"));
+		p11_message (_("failed to parse URI"));
 		goto cleanup;
 	}
 

p11-kit/generate-keypair.c

@@ -268,12 +268,12 @@ generate_keypair (const char *token_str,
 
 	uri = p11_kit_uri_new ();
 	if (uri == NULL) {
-		p11_message (_("failed to allocate memory for URI"));
+		p11_message (_("failed to allocate memory"));
 		goto cleanup;
 	}
 
 	if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_TOKEN, uri) != P11_KIT_URI_OK) {
-		p11_message (_("failed to parse the token URI"));
+		p11_message (_("failed to parse URI"));
 		goto cleanup;
 	}
 

p11-kit/list-objects.c

@@ -181,7 +181,7 @@ get_object_uri (P11KitIter *iter,
 
 	uri = p11_kit_uri_new ();
 	if (uri == NULL) {
-		p11_message (_("failed to allocate memory for URI"));
+		p11_message (_("failed to allocate memory"));
 		return NULL;
 	}
 
@@ -345,12 +345,12 @@ list_objects (const char *token_str)
 
 	uri = p11_kit_uri_new ();
 	if (uri == NULL) {
-		p11_message (_("failed to allocate memory for URI"));
+		p11_message (_("failed to allocate memory"));
 		goto cleanup;
 	}
 
 	if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_OBJECT_ON_TOKEN, uri) != P11_KIT_URI_OK) {
-		p11_message (_("failed to parse the token URI"));
+		p11_message (_("failed to parse URI"));
 		goto cleanup;
 	}
 

p11-kit/list-profiles.c

@@ -44,7 +44,6 @@
 
 #include <assert.h>
 #include <stdio.h>
-#include <stdlib.h>
 
 #ifdef ENABLE_NLS
 #include <libintl.h>
@@ -73,12 +72,12 @@ list_profiles (const char *token_str)
 
 	uri = p11_kit_uri_new ();
 	if (uri == NULL) {
-		p11_message (_("failed to allocate memory for URI"));
+		p11_message (_("failed to allocate memory"));
 		goto cleanup;
 	}
 
 	if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_OBJECT_ON_TOKEN, uri) != P11_KIT_URI_OK) {
-		p11_message (_("failed to parse the token URI"));
+		p11_message (_("failed to parse URI"));
 		goto cleanup;
 	}
 
@@ -99,7 +98,7 @@ list_profiles (const char *token_str)
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
 		rv = p11_kit_iter_get_attributes (iter, &attr, 1);
 		if (rv != CKR_OK) {
-			p11_message (_("failed to retrieve attribute of an object"));
+			p11_message (_("failed to retrieve attribute of an object: %s"), p11_kit_strerror (rv));
 			goto cleanup;
 		}