-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
list-mechanisms: initial implementation #576
Conversation
c721f94
to
2158b59
Compare
2cd9dc2
to
f82d700
Compare
addressed feedback, added a test against mock data, added printing token labels I don't see how to reasonably use the printing API for what I'm doing, so I just hope mixing it with printfs is OK. |
p11-kit/test-list-mechanisms.sh
Outdated
0x80000002 (unknown): sign verify key-size=2048-2048 | ||
EOF | ||
|
||
if ! "$abs_top_builddir"/p11-kit/p11-kit-testable list-mechanisms -q pkcs11: > list.out; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This URL matches all tokens? I would rather limit it to the first match, as p11tool --list-mechanism
does.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This URL matches all tokens?
Yes.
I would rather limit it to the first match, as p11tool --list-mechanism does.
You mean, limit list-mechanisms
subcommand to inspecting the first matching token? I'd disagree on that. First, I think it might introduce confusion in a scenario where the user accidentally matches several tokens. Second, AFAICS this behaviour won't be in line with the existing list-*
subcommands that iterate over all matches.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AFAICS this behaviour won't be in line with the existing list-* subcommands that iterate over all matches
Well, that's not the case:
p11-kit list-modules
: doesn't take URLp11-kit list-profiles
: takes a token URL, uses first match only, because profiles are capabilities of a particular tokenp11-kit list-objects
: takes an object URL, returns all matches
A general guidance on implementing those commands is that each command should do one thing and do it well; if p11-kit list-mechanisms
iterate over all matching tokens, it provides 2 functions: listing tokens and showing mechanisms supported by each token. That could be achieved by combining two commands: p11-kit list-tokens
(to be implemented in #554) and p11-kit list-mechanisms
, like:
for token in $(p11-kit list-tokens --only-uris); do
p11-kit list-mechanisms $token
done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed to stop after first match. Testing 3 scenarios now: "pkcs11:", specific existing and specific non-existing token. Maybe when we have list-tokens we should also test the iteration you're suggesting.
a7a704d
to
cf8826a
Compare
38850a0
to
fce61d3
Compare
p11-kit/list-mechanisms.c
Outdated
|
||
p11_list_printer_init (&printer, stdout, 0); | ||
p11_kit_iter_begin (iter, modules); | ||
rv = p11_kit_iter_next (iter); // we will stop at the first token |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
rv = p11_kit_iter_next (iter); // we will stop at the first token | |
rv = p11_kit_iter_next (iter); | |
if (rv != CKR_OK) { | |
if (rv == CKR_CANCEL) | |
p11_message (_("no matching token")); | |
else | |
p11_message (_("failed to find token: %s"), p11_kit_strerror (rv)); | |
goto cleanup; | |
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
incorporated
Resolves: p11-glue#563 Signed-off-by: Alexander Sosedkin <[email protected]>
fce61d3
to
8fe8d0d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you, looks good to me!
Resolves: #563
To be addressed:
there are no testsadded a test against mock data