obj_mgmt.c

IBM的Linux上的PKCS#11实现

   CK_OBJECT_CLASS     cert3_class        = CKO_CERTIFICATE;
   CK_CERTIFICATE_TYPE cert3_type         = CKC_X_509;
   CK_BYTE             cert3_subject[]    = "Certificate subject #3";
   CK_BYTE             cert3_id[]         = "Certificate ID #3";
   CK_BYTE             cert3_value[]      = "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";

   CK_ATTRIBUTE        cert3_attribs[] =
   {
       {CKA_CLASS,            &cert3_class,       sizeof(cert3_class)   },
       {CKA_TOKEN,            &true,              sizeof(true)          },
       {CKA_CERTIFICATE_TYPE, &cert3_type,        sizeof(cert3_type)    },
       {CKA_SUBJECT,          &cert3_subject,     sizeof(cert3_subject) },
       {CKA_ID,               &cert3_id,          sizeof(cert3_id)      },
       {CKA_VALUE,            &cert3_value,       sizeof(cert3_value)   },
       {CKA_PRIVATE,          &false,             sizeof(false)         }
   };

   CK_BYTE  find1_id[] = "Certificate ID #2";
   CK_ATTRIBUTE   find1_attribs[] =
   {
       {CKA_ID, &find1_id,  sizeof(find1_id)}
   };

   CK_BYTE  find2_id[] = "Certificate ID #123456";
   CK_ATTRIBUTE   find2_attribs[] =
   {
       {CKA_ID, &find2_id,  sizeof(find2_id)}
   };

   CK_OBJECT_HANDLE  obj_list[10];
   CK_ULONG          find_count;



   printf("do_CreateTokenObjects...\n");

   memcpy( user_pin, "12345678", 8 );
   user_pin_len = 8;

   slot_id = SLOT_ID;


   // create a USER R/W session
   //
   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &h_session );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #1", rc );
      return FALSE;
   }

   rc = funcs->C_Login( h_session, CKU_USER, user_pin, user_pin_len );
   if (rc != CKR_OK) {
      show_error("   C_Login #1", rc );
      return FALSE;
   }

   //
   //---------------------------------------------------------------------
   //

   // create the token objects
   //
   rc = funcs->C_CreateObject( h_session, cert1_attribs, 7, &h_cert1 );
   if (rc != CKR_OK) {
      show_error("   C_CreateObject #1", rc );
      return FALSE;
   }

   rc = funcs->C_CreateObject( h_session, cert2_attribs, 7, &h_cert2 );
   if (rc != CKR_OK) {
      show_error("   C_CreateObject #2", rc );
      return FALSE;
   }

   rc = funcs->C_CreateObject( h_session, cert3_attribs, 7, &h_cert3 );
   if (rc != CKR_OK) {
      show_error("   C_CreateObject #3", rc );
      return FALSE;
   }

   //
   //---------------------------------------------------------------------
   //

   // now, retrieve a list of all object handles
   //
   rc = funcs->C_FindObjectsInit( h_session, NULL, 0 );
   if (rc != CKR_OK) {
      show_error("   C_FindObjectsInit #1", rc );
      return FALSE;
   }

   rc = funcs->C_FindObjects( h_session, obj_list, 10, &find_count );
   if (rc != CKR_OK) {
      show_error("   C_FindObjects #1", rc );
      return FALSE;
   }

   if (find_count != 3) {
      printf("   ERROR:  expected C_FindObjects #1 to find 3 objects\n");
      printf("           it found %d objects\n", find_count );
      return FALSE;
   }

   rc = funcs->C_FindObjectsFinal( h_session );
   if (rc != CKR_OK) {
      show_error("   C_FindObjectsFinal #1", rc );
      return FALSE;
   }

   //
   //---------------------------------------------------------------------
   //

   // now, search for the 2nd object
   //
   rc = funcs->C_FindObjectsInit( h_session, find1_attribs, 1 );
   if (rc != CKR_OK) {
      show_error("   C_FindObjectsInit #2", rc );
      return FALSE;
   }

   rc = funcs->C_FindObjects( h_session, obj_list, 10, &find_count );
   if (rc != CKR_OK) {
      show_error("   C_FindObjects #2", rc );
      return FALSE;
   }

   if (find_count != 1) {
      printf("   ERROR:  C_FindObjects #2 should have found 1 object!\n");
      return FALSE;
   }

   if (obj_list[0] != h_cert2) {
      printf("   ERROR:  C_FindObjects #2 found the wrong object!");
      return FALSE;
   }

   rc = funcs->C_FindObjectsFinal( h_session );
   if (rc != CKR_OK) {
      show_error("   C_FindObjectsFinal #2", rc );
      return FALSE;
   }

   //
   //---------------------------------------------------------------------
   //

   // now, search for a non-existant attribute
   //
   rc = funcs->C_FindObjectsInit( h_session, find2_attribs, 1 );
   if (rc != CKR_OK) {
      show_error("   C_FindObjectsInit #3", rc );
      return FALSE;
   }

   rc = funcs->C_FindObjects( h_session, obj_list, 10, &find_count );
   if (rc != CKR_OK) {
      show_error("   C_FindObjects #3", rc );
      return FALSE;
   }

   if (find_count != 0) {
      printf("   ERROR:  C_FindObjects #3 should have found 0 objects!\n");
      return FALSE;
   }

   rc = funcs->C_FindObjectsFinal( h_session );
   if (rc != CKR_OK) {
      show_error("   C_FindObjectsFinal #3", rc );
      return FALSE;
   }

   //
   //---------------------------------------------------------------------
   //

   // done...close all sessions and open a new one
   //
   rc = funcs->C_CloseAllSessions( slot_id );
   if (rc != CKR_OK) {
      show_error("   C_CloseAllSessions #1", rc );
      return FALSE;
   }

   // create a USER R/W session
   //
   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &h_session );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #2", rc );
      return FALSE;
   }

   rc = funcs->C_Login( h_session, CKU_USER, user_pin, user_pin_len );
   if (rc != CKR_OK) {
      show_error("   C_Login #2", rc );
      return FALSE;
   }

   //
   //---------------------------------------------------------------------
   //

   // now, retrieve a list of all object handles
   //
   rc = funcs->C_FindObjectsInit( h_session, NULL, 0 );
   if (rc != CKR_OK) {
      show_error("   C_FindObjectsInit #4", rc );
      return FALSE;
   }

   rc = funcs->C_FindObjects( h_session, obj_list, 10, &find_count );
   if (rc != CKR_OK) {
      show_error("   C_FindObjects #4", rc );
      return FALSE;
   }

   if (find_count != 3) {
      printf("   ERROR:  expected C_FindObjects #4 to find 3 objects\n");
      printf("           it found %d objects\n", find_count );
      return FALSE;
   }

   rc = funcs->C_FindObjectsFinal( h_session );
   if (rc != CKR_OK) {
      show_error("   C_FindObjectsFinal #4", rc );
      return FALSE;
   }

   //
   //---------------------------------------------------------------------
   //

   // now, search for the 2nd object
   //
   rc = funcs->C_FindObjectsInit( h_session, find1_attribs, 1 );
   if (rc != CKR_OK) {
      show_error("   C_FindObjectsInit #5", rc );
      return FALSE;
   }

   rc = funcs->C_FindObjects( h_session, obj_list, 10, &find_count );
   if (rc != CKR_OK) {
      show_error("   C_FindObjects #5", rc );
      return FALSE;
   }

   if (find_count != 1) {
      printf("   ERROR:  C_FindObjects #5 should have found 1 object!\n");
      return FALSE;
   }

   if (obj_list[0] != h_cert2) {
      printf("   ERROR:  C_FindObjects #5 found the wrong object!");
      return FALSE;
   }

   rc = funcs->C_FindObjectsFinal( h_session );
   if (rc != CKR_OK) {
      show_error("   C_FindObjectsFinal #5", rc );
      return FALSE;
   }

   //
   //---------------------------------------------------------------------
   //

   // now, search for a non-existant attribute
   //
   rc = funcs->C_FindObjectsInit( h_session, find2_attribs, 1 );
   if (rc != CKR_OK) {
      show_error("   C_FindObjectsInit #6", rc );
      return FALSE;
   }

   rc = funcs->C_FindObjects( h_session, obj_list, 10, &find_count );
   if (rc != CKR_OK) {
      show_error("   C_FindObjects #6", rc );
      return FALSE;
   }

   if (find_count != 0) {
      printf("   ERROR:  C_FindObjects #6 should have found 0 objects!\n");
      return FALSE;
   }

   rc = funcs->C_FindObjectsFinal( h_session );
   if (rc != CKR_OK) {
      show_error("   C_FindObjectsFinal #6", rc );
      return FALSE;
   }

   //
   //---------------------------------------------------------------------
   //

   // now, destroy the objects
   //
   rc = funcs->C_DestroyObject( h_session, h_cert1 );
   if (rc != CKR_OK) {
      show_error("   C_DestroyObject #1", rc );
      return FALSE;
   }

   rc = funcs->C_DestroyObject( h_session, h_cert2 );
   if (rc != CKR_OK) {
      show_error("   C_DestroyObject #2", rc );
      return FALSE;
   }

   rc = funcs->C_DestroyObject( h_session, h_cert3 );
   if (rc != CKR_OK) {
      show_error("   C_DestroyObject #3", rc );
      return FALSE;
   }

   //
   //---------------------------------------------------------------------
   //

   // now, retrieve a list of all object handles
   //
   rc = funcs->C_FindObjectsInit( h_session, NULL, 0 );
   if (rc != CKR_OK) {
      show_error("   C_FindObjectsInit #7", rc );
      return FALSE;
   }

   rc = funcs->C_FindObjects( h_session, obj_list, 10, &find_count );
   if (rc != CKR_OK) {
      show_error("   C_FindObjects #7", rc );
      return FALSE;
   }

   if (find_count != 0) {
      printf("   ERROR:  expected C_FindObjects #7 to find 0 objects\n");
      printf("           it found %d objects\n", find_count );
      return FALSE;
   }

   rc = funcs->C_FindObjectsFinal( h_session );
   if (rc != CKR_OK) {
      show_error("   C_FindObjectsFinal #7", rc );
      return FALSE;
   }

   //
   //---------------------------------------------------------------------
   //

   // done...close the session
   //
   rc = funcs->C_CloseAllSessions( slot_id );
   if (rc != CKR_OK) {
      show_error("   C_CloseAllSessions #2", rc );
      return FALSE;
   }


   printf("Looks okay...\n");
   return TRUE;
}


int obj_mgmt_functions()
{
   SYSTEMTIME  t1, t2;
   int         rc;


   GetSystemTime(&t1);
   rc = do_CreateSessionObject();
   if (!rc)
      return FALSE;
   GetSystemTime(&t2);
   process_time( t1, t2 );


   GetSystemTime(&t1);
   rc = do_CopyObject();
   if (!rc)
      return FALSE;
   GetSystemTime(&t2);
   process_time( t1, t2 );


   GetSystemTime(&t1);
   rc = do_SetAttributeValues();
   if (!rc)
      return FALSE;
   GetSystemTime(&t2);
   process_time( t1, t2 );

   GetSystemTime(&t1);
   rc = do_FindObjects();
   if (!rc)
      return FALSE;
   GetSystemTime(&t2);
   process_time( t1, t2 );

   if (skip_token_obj == TRUE) {
      printf("Skipping do_CreateTokenObjects()...\n\n");
   }
   else {
      GetSystemTime(&t1);
      rc = do_CreateTokenObjects();
      if (!rc)
         return FALSE;
      GetSystemTime(&t2);
      process_time( t1, t2 );
   }

   return TRUE;
}