From f396b19b2c222fa0a50e9bb9704059af4578e678 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 31 Aug 2018 12:08:35 -0400
Subject: [PATCH 3/7] Add utility function to get the internal token name

The NSS internal token is the default if no token is specified for
the cert or the key.
---
 src/certread-n.c | 6 +++++-
 src/certsave-n.c | 3 +++
 src/keygen-n.c   | 3 +++
 src/keyiread-n.c | 3 +++
 src/submit-n.c   | 5 ++++-
 src/util-n.c     | 6 ++++++
 src/util-n.h     | 1 +
 7 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/src/certread-n.c b/src/certread-n.c
index 57a38dcf..1d9217c6 100644
--- a/src/certread-n.c
+++ b/src/certread-n.c
@@ -190,6 +190,9 @@ cm_certread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
 		cm_log(1, "Error reading PIN for cert db.\n");
 		_exit(CM_SUB_STATUS_ERROR_AUTH);
 	}
+	if (entry->cm_cert_token == NULL) {
+		entry->cm_cert_token = util_internal_token_name();
+	}
 	PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
 	for (sle = slotlist->head;
 	     ((sle != NULL) && (sle->slot != NULL));
@@ -253,7 +256,8 @@ cm_certread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
 			}
 			error = PK11_Authenticate(sle->slot, PR_TRUE, &cb_data);
 			if (error != SECSuccess) {
-				cm_log(1, "Error authenticating to cert db.\n");
+				cm_log(1, "certread-n: Error authenticating to cert db "
+					   "slot %s.\n", PK11_GetTokenName(sle->slot));
 				goto next_slot;
 			}
 			if ((pin != NULL) &&
diff --git a/src/certsave-n.c b/src/certsave-n.c
index af176ce5..193309c5 100644
--- a/src/certsave-n.c
+++ b/src/certsave-n.c
@@ -214,6 +214,9 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
 			_exit(CM_SUB_STATUS_ERROR_AUTH);
 		}
 		PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
+		if (entry->cm_cert_token == NULL) {
+			entry->cm_cert_token = util_internal_token_name();
+		}
 		for (sle = slotlist->head;
 		     ((sle != NULL) && (sle->slot != NULL));
 		     sle = sle->next)
diff --git a/src/keygen-n.c b/src/keygen-n.c
index 84b0bbd3..f7fdf6c0 100644
--- a/src/keygen-n.c
+++ b/src/keygen-n.c
@@ -272,6 +272,9 @@ cm_keygen_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
 		cm_log(1, "Error locating token for key generation.\n");
 		_exit(CM_SUB_STATUS_ERROR_NO_TOKEN);
 	}
+	if (entry->cm_cert_token == NULL) {
+		entry->cm_cert_token = util_internal_token_name();
+	}
 	/* Walk the list looking for the requested slot, or the first one if
 	 * none was requested. */
 	slot = NULL;
diff --git a/src/keyiread-n.c b/src/keyiread-n.c
index 89913aa2..b8408bf1 100644
--- a/src/keyiread-n.c
+++ b/src/keyiread-n.c
@@ -152,6 +152,9 @@ cm_keyiread_n_get_keys(struct cm_store_entry *entry, int readwrite)
 		_exit(CM_SUB_STATUS_ERROR_AUTH);
 	}
 	PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
+	if (entry->cm_key_token == NULL) {
+		entry->cm_key_token = util_internal_token_name();
+	}
 	n_tokens = 0;
 	pubkey = NULL;
 	/* In practice, the internal slot is either a non-storage slot (in
diff --git a/src/submit-n.c b/src/submit-n.c
index 872153ea..da07d253 100644
--- a/src/submit-n.c
+++ b/src/submit-n.c
@@ -346,6 +346,9 @@ cm_submit_n_decrypt_envelope(const unsigned char *envelope,
 		cm_log(1, "Error reading PIN for key storage.\n");
 		goto done;
 	}
+	if (args->entry->cm_key_token == NULL) {
+		args->entry->cm_key_token = util_internal_token_name();
+	}
 	PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
 	n_tokens = 0;
 	/* In practice, the internal slot is either a non-storage slot (in
@@ -402,7 +405,7 @@ cm_submit_n_decrypt_envelope(const unsigned char *envelope,
 		}
 		error = PK11_Authenticate(slot, PR_TRUE, &cb_data);
 		if (error != SECSuccess) {
-			cm_log(1, "Error authenticating to token "
+			cm_log(1, "submit-n: Error authenticating to token "
 			       "\"%s\".\n", token);
 			goto done;
 		}
diff --git a/src/util-n.c b/src/util-n.c
index 7805e58e..293e2583 100644
--- a/src/util-n.c
+++ b/src/util-n.c
@@ -287,3 +287,9 @@ util_set_db_entry_cert_owner(const char *dbdir, struct cm_store_entry *entry)
 	util_set_db_owner_perms(dbdir, secmoddb, entry->cm_cert_owner,
 				entry->cm_cert_perms);
 }
+
+char *
+util_internal_token_name()
+{
+	return strdup(PK11_GetTokenName(PK11_GetInternalKeySlot()));
+}
diff --git a/src/util-n.h b/src/util-n.h
index 8a918d5c..637fd4b1 100644
--- a/src/util-n.h
+++ b/src/util-n.h
@@ -29,5 +29,6 @@ void util_set_db_entry_key_owner(const char *dbdir,
 				 struct cm_store_entry *entry);
 void util_set_db_entry_cert_owner(const char *dbdir,
 				  struct cm_store_entry *entry);
+char * util_internal_token_name();
 
 #endif
-- 
2.14.4