From f396b19b2c222fa0a50e9bb9704059af4578e678 Mon Sep 17 00:00:00 2001

From: Rob Crittenden <rcritten@redhat.com>

Date: Fri, 31 Aug 2018 12:08:35 -0400

Subject: [PATCH 3/7] Add utility function to get the internal token name

The NSS internal token is the default if no token is specified for

the cert or the key.

---

 src/certread-n.c | 6 +++++-

 src/certsave-n.c | 3 +++

 src/keygen-n.c   | 3 +++

 src/keyiread-n.c | 3 +++

 src/submit-n.c   | 5 ++++-

 src/util-n.c     | 6 ++++++

 src/util-n.h     | 1 +

 7 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/src/certread-n.c b/src/certread-n.c

index 57a38dcf..1d9217c6 100644

--- a/src/certread-n.c

+++ b/src/certread-n.c

@@ -190,6 +190,9 @@ cm_certread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,

 		cm_log(1, "Error reading PIN for cert db.\n");

 		_exit(CM_SUB_STATUS_ERROR_AUTH);

 	}

+	if (entry->cm_cert_token == NULL) {

+		entry->cm_cert_token = util_internal_token_name();

+	}

 	PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);

 	for (sle = slotlist->head;

 	     ((sle != NULL) && (sle->slot != NULL));

@@ -253,7 +256,8 @@ cm_certread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,

 			}

 			error = PK11_Authenticate(sle->slot, PR_TRUE, &cb_data);

 			if (error != SECSuccess) {

-				cm_log(1, "Error authenticating to cert db.\n");

+				cm_log(1, "certread-n: Error authenticating to cert db "

+					   "slot %s.\n", PK11_GetTokenName(sle->slot));

 				goto next_slot;

 			}

 			if ((pin != NULL) &&

diff --git a/src/certsave-n.c b/src/certsave-n.c

index af176ce5..193309c5 100644

--- a/src/certsave-n.c

+++ b/src/certsave-n.c

@@ -214,6 +214,9 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,

 			_exit(CM_SUB_STATUS_ERROR_AUTH);

 		}

 		PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);

+		if (entry->cm_cert_token == NULL) {

+			entry->cm_cert_token = util_internal_token_name();

+		}

 		for (sle = slotlist->head;

 		     ((sle != NULL) && (sle->slot != NULL));

 		     sle = sle->next)

diff --git a/src/keygen-n.c b/src/keygen-n.c

index 84b0bbd3..f7fdf6c0 100644

--- a/src/keygen-n.c

+++ b/src/keygen-n.c

@@ -272,6 +272,9 @@ cm_keygen_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,

 		cm_log(1, "Error locating token for key generation.\n");

 		_exit(CM_SUB_STATUS_ERROR_NO_TOKEN);

 	}

+	if (entry->cm_cert_token == NULL) {

+		entry->cm_cert_token = util_internal_token_name();

+	}

 	/* Walk the list looking for the requested slot, or the first one if

 	 * none was requested. */

 	slot = NULL;

diff --git a/src/keyiread-n.c b/src/keyiread-n.c

index 89913aa2..b8408bf1 100644

--- a/src/keyiread-n.c

+++ b/src/keyiread-n.c

@@ -152,6 +152,9 @@ cm_keyiread_n_get_keys(struct cm_store_entry *entry, int readwrite)

 		_exit(CM_SUB_STATUS_ERROR_AUTH);

 	}

 	PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);

+	if (entry->cm_key_token == NULL) {

+		entry->cm_key_token = util_internal_token_name();

+	}

 	n_tokens = 0;

 	pubkey = NULL;

 	/* In practice, the internal slot is either a non-storage slot (in

diff --git a/src/submit-n.c b/src/submit-n.c

index 872153ea..da07d253 100644

--- a/src/submit-n.c

+++ b/src/submit-n.c

@@ -346,6 +346,9 @@ cm_submit_n_decrypt_envelope(const unsigned char *envelope,

 		cm_log(1, "Error reading PIN for key storage.\n");

 		goto done;

 	}

+	if (args->entry->cm_key_token == NULL) {

+		args->entry->cm_key_token = util_internal_token_name();

+	}

 	PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);

 	n_tokens = 0;

 	/* In practice, the internal slot is either a non-storage slot (in

@@ -402,7 +405,7 @@ cm_submit_n_decrypt_envelope(const unsigned char *envelope,

 		}

 		error = PK11_Authenticate(slot, PR_TRUE, &cb_data);

 		if (error != SECSuccess) {

-			cm_log(1, "Error authenticating to token "

+			cm_log(1, "submit-n: Error authenticating to token "

 			       "\"%s\".\n", token);

 			goto done;

 		}

diff --git a/src/util-n.c b/src/util-n.c

index 7805e58e..293e2583 100644

--- a/src/util-n.c

+++ b/src/util-n.c

@@ -287,3 +287,9 @@ util_set_db_entry_cert_owner(const char *dbdir, struct cm_store_entry *entry)

 	util_set_db_owner_perms(dbdir, secmoddb, entry->cm_cert_owner,

 				entry->cm_cert_perms);

 }

+

+char *

+util_internal_token_name()

+{

+	return strdup(PK11_GetTokenName(PK11_GetInternalKeySlot()));

+}

diff --git a/src/util-n.h b/src/util-n.h

index 8a918d5c..637fd4b1 100644

--- a/src/util-n.h

+++ b/src/util-n.h

@@ -29,5 +29,6 @@ void util_set_db_entry_key_owner(const char *dbdir,

 				 struct cm_store_entry *entry);

 void util_set_db_entry_cert_owner(const char *dbdir,

 				  struct cm_store_entry *entry);

+char * util_internal_token_name();

 #endif

-- 

2.14.4