list-mechanisms: initial implementation #576
Conversation
t184256
changed the title
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| } | ||
|
|
||
| static int | ||
| list_mechanisms (const char *token_str) |
Check warning
Code scanning / CodeQL
Poorly documented large function Warning
t184256
force-pushed
the
list-mechanisms
branch
from
c721f94 to
2158b59
Compare
t184256
force-pushed
the
list-mechanisms
branch
2 times, most recently
from
2cd9dc2 to
f82d700
Compare
|
addressed feedback, added a test against mock data, added printing token labels I don't see how to reasonably use the printing API for what I'm doing, so I just hope mixing it with printfs is OK. |
p11-kit/test-list-mechanisms.sh
Outdated
| 0x80000002 (unknown): sign verify key-size=2048-2048 | ||
| EOF | ||
|
|
||
| if ! "$abs_top_builddir"/p11-kit/p11-kit-testable list-mechanisms -q pkcs11: > list.out; then |
There was a problem hiding this comment.
This URL matches all tokens? I would rather limit it to the first match, as p11tool --list-mechanism does.
There was a problem hiding this comment.
This URL matches all tokens?
Yes.
I would rather limit it to the first match, as p11tool --list-mechanism does.
You mean, limit list-mechanisms subcommand to inspecting the first matching token? I'd disagree on that. First, I think it might introduce confusion in a scenario where the user accidentally matches several tokens. Second, AFAICS this behaviour won't be in line with the existing list-* subcommands that iterate over all matches.
There was a problem hiding this comment.
AFAICS this behaviour won't be in line with the existing list-* subcommands that iterate over all matches
Well, that's not the case:
p11-kit list-modules: doesn't take URLp11-kit list-profiles: takes a token URL, uses first match only, because profiles are capabilities of a particular tokenp11-kit list-objects: takes an object URL, returns all matches
A general guidance on implementing those commands is that each command should do one thing and do it well; if p11-kit list-mechanisms iterate over all matching tokens, it provides 2 functions: listing tokens and showing mechanisms supported by each token. That could be achieved by combining two commands: p11-kit list-tokens (to be implemented in #554) and p11-kit list-mechanisms, like:
for token in $(p11-kit list-tokens --only-uris); do
p11-kit list-mechanisms $token
doneThere was a problem hiding this comment.
Changed to stop after first match. Testing 3 scenarios now: "pkcs11:", specific existing and specific non-existing token. Maybe when we have list-tokens we should also test the iteration you're suggesting.
t184256
force-pushed
the
list-mechanisms
branch
4 times, most recently
from
a7a704d to
cf8826a
Compare
t184256
force-pushed
the
list-mechanisms
branch
2 times, most recently
from
38850a0 to
fce61d3
Compare
p11-kit/list-mechanisms.c
Outdated
|
|
||
| p11_list_printer_init (&printer, stdout, 0); | ||
| p11_kit_iter_begin (iter, modules); | ||
| rv = p11_kit_iter_next (iter); // we will stop at the first token |
There was a problem hiding this comment.
| rv = p11_kit_iter_next (iter); // we will stop at the first token | |
| rv = p11_kit_iter_next (iter); | |
| if (rv != CKR_OK) { | |
| if (rv == CKR_CANCEL) | |
| p11_message (_("no matching token")); | |
| else | |
| p11_message (_("failed to find token: %s"), p11_kit_strerror (rv)); | |
| goto cleanup; | |
| } |
Resolves: p11-glue#563 Signed-off-by: Alexander Sosedkin <[email protected]>
t184256
force-pushed
the
list-mechanisms
branch
from
fce61d3 to
8fe8d0d
Compare
Resolves: #563
To be addressed:
there are no testsadded a test against mock data