object.go

Documentation: github.com/miekg/pkcs11/p11

     1  package p11
     2  
     3  import (
     4  	"errors"
     5  
     6  	"github.com/miekg/pkcs11"
     7  )
     8  
     9  // ErrAttributeNotFound is returned by Attrbibute() if the searched attribute isn't found.
    10  var ErrAttributeNotFound = errors.New("attribute not found")
    11  
    12  // ErrTooManyAttributesFound is returned by Attrbibute() if the search returned multiple attributes.
    13  var ErrTooManyAttributesFound = errors.New("too many attributes found")
    14  
    15  // Object represents a handle to a PKCS#11 object. It is attached to the
    16  // session used to find it. Once that session is closed, operations on the
    17  // Object will fail. Operations may also depend on the logged-in state of
    18  // the application.
    19  type Object struct {
    20  	session      *sessionImpl
    21  	objectHandle pkcs11.ObjectHandle
    22  }
    23  
    24  // Label returns the label of an object.
    25  func (o Object) Label() (string, error) {
    26  	labelBytes, err := o.Attribute(pkcs11.CKA_LABEL)
    27  	if err != nil {
    28  		return "", err
    29  	}
    30  	return string(labelBytes), nil
    31  }
    32  
    33  // Value returns an object's CKA_VALUE attribute, as bytes.
    34  func (o Object) Value() ([]byte, error) {
    35  	return o.Attribute(pkcs11.CKA_VALUE)
    36  }
    37  
    38  // Attribute gets exactly one attribute from a PKCS#11 object, returning
    39  // an error if the attribute is not found, or if multiple attributes are
    40  // returned. On success, it will return the value of that attribute as a slice
    41  // of bytes. For attributes not present (i.e. CKR_ATTRIBUTE_TYPE_INVALID),
    42  // Attribute returns a nil slice and nil error.
    43  func (o Object) Attribute(attributeType uint) ([]byte, error) {
    44  	o.session.Lock()
    45  	defer o.session.Unlock()
    46  
    47  	attrs, err := o.session.ctx.GetAttributeValue(o.session.handle, o.objectHandle,
    48  		[]*pkcs11.Attribute{pkcs11.NewAttribute(attributeType, nil)})
    49  	// The PKCS#11 spec states that C_GetAttributeValue may return
    50  	// CKR_ATTRIBUTE_TYPE_INVALID if an object simply does not posses a given
    51  	// attribute. We don't consider that an error, we just consider that
    52  	// equivalent to an empty value.
    53  	if err == pkcs11.Error(pkcs11.CKR_ATTRIBUTE_TYPE_INVALID) {
    54  		return nil, nil
    55  	} else if err != nil {
    56  		return nil, err
    57  	}
    58  	if len(attrs) == 0 {
    59  		return nil, ErrAttributeNotFound
    60  	}
    61  	if len(attrs) > 1 {
    62  		return nil, ErrTooManyAttributesFound
    63  	}
    64  	return attrs[0].Value, nil
    65  }
    66  
    67  // Set sets exactly one attribute on this object.
    68  func (o Object) Set(attributeType uint, value []byte) error {
    69  	o.session.Lock()
    70  	defer o.session.Unlock()
    71  
    72  	err := o.session.ctx.SetAttributeValue(o.session.handle, o.objectHandle,
    73  		[]*pkcs11.Attribute{pkcs11.NewAttribute(attributeType, value)})
    74  	if err != nil {
    75  		return err
    76  	}
    77  	return nil
    78  }
    79  
    80  // Copy makes a copy of this object, with the attributes in template applied on
    81  // top of it, if possible.
    82  func (o Object) Copy(template []*pkcs11.Attribute) (Object, error) {
    83  	s := o.session
    84  	s.Lock()
    85  	defer s.Unlock()
    86  	newHandle, err := s.ctx.CopyObject(s.handle, o.objectHandle, template)
    87  	if err != nil {
    88  		return Object{}, err
    89  	}
    90  	return Object{
    91  		session:      s,
    92  		objectHandle: newHandle,
    93  	}, nil
    94  }
    95  
    96  // Destroy destroys this object.
    97  func (o Object) Destroy() error {
    98  	s := o.session
    99  	s.Lock()
   100  	defer s.Unlock()
   101  	return s.ctx.DestroyObject(s.handle, o.objectHandle)
   102  }
   103
View as plain text