pkcs11: Changed how pkcs11-manager is initialized.
authorTobias Brunner <tobias@strongswan.org>
Wed, 2 Nov 2011 10:24:25 +0000 (11:24 +0100)
committerTobias Brunner <tobias@strongswan.org>
Wed, 2 Nov 2011 19:27:54 +0000 (20:27 +0100)
The manager is now created directly, but events and certificate loading
is deferred.

src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c

index b196256..554e07f 100644 (file)
@@ -22,6 +22,7 @@
 #include <debug.h>
 #include <utils/linked_list.h>
 #include <threading/mutex.h>
+#include <threading/rwlock.h>
 
 #include "pkcs11_manager.h"
 #include "pkcs11_creds.h"
@@ -57,6 +58,16 @@ struct private_pkcs11_plugin_t {
         * mutex to lock list
         */
        mutex_t *mutex;
+
+       /**
+        * TRUE if events from tokens are to be handled
+        */
+       bool handle_events;
+
+       /**
+        * Lock for the above flag
+        */
+       rwlock_t *handle_events_lock;
 };
 
 /**
@@ -66,9 +77,10 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11,
                                                   CK_SLOT_ID slot, bool add)
 {
        enumerator_t *enumerator;
-       pkcs11_creds_t *creds, *found = NULL;;
+       pkcs11_creds_t *creds, *found = NULL;
 
-       if (add)
+       this->handle_events_lock->read_lock(this->handle_events_lock);
+       if (add && this->handle_events)
        {
                creds = pkcs11_creds_create(p11, slot);
                if (creds)
@@ -79,7 +91,7 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11,
                        lib->credmgr->add_set(lib->credmgr, &creds->set);
                }
        }
-       else
+       else if (this->handle_events)
        {
                this->mutex->lock(this->mutex);
                enumerator = this->creds->create_enumerator(this->creds);
@@ -104,6 +116,7 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11,
                        lib->credmgr->flush_cache(lib->credmgr, CERT_X509);
                }
        }
+       this->handle_events_lock->unlock(this->handle_events_lock);
 }
 
 METHOD(plugin_t, get_name, char*,
@@ -113,20 +126,21 @@ METHOD(plugin_t, get_name, char*,
 }
 
 /**
- * Register/unregister PKCS#11 manager.
+ * Load/unload certificates from tokens.
  */
-static bool register_manager(private_pkcs11_plugin_t *this,
-                                                        plugin_feature_t *feature, bool reg, void *data)
+static bool handle_certs(private_pkcs11_plugin_t *this,
+                                                plugin_feature_t *feature, bool reg, void *data)
 {
+       this->handle_events_lock->write_lock(this->handle_events_lock);
+       this->handle_events = reg;
+       this->handle_events_lock->unlock(this->handle_events_lock);
+
        if (reg)
        {
                enumerator_t *enumerator;
                pkcs11_library_t *p11;
                CK_SLOT_ID slot;
 
-               this->manager = pkcs11_manager_create((void*)token_event_cb, this);
-               lib->set(lib, "pkcs11-manager", this->manager);
-
                enumerator = this->manager->create_token_enumerator(this->manager);
                while (enumerator->enumerate(enumerator, &p11, &slot))
                {
@@ -143,13 +157,9 @@ static bool register_manager(private_pkcs11_plugin_t *this,
                        lib->credmgr->remove_set(lib->credmgr, &creds->set);
                        creds->destroy(creds);
                }
-
-               lib->set(lib, "pkcs11-manager", NULL);
-               this->manager->destroy(this->manager);
        }
        return TRUE;
 }
-
 /**
  * Add a set of features
  */
@@ -169,76 +179,49 @@ METHOD(plugin_t, get_features, int,
        static plugin_feature_t f_hash[] = {
                PLUGIN_REGISTER(HASHER, pkcs11_hasher_create),
                        PLUGIN_PROVIDE(HASHER, HASH_MD2),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(HASHER, HASH_MD5),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(HASHER, HASH_SHA1),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(HASHER, HASH_SHA256),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(HASHER, HASH_SHA384),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(HASHER, HASH_SHA512),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
        };
        static plugin_feature_t f_dh[] = {
                PLUGIN_REGISTER(DH, pkcs11_dh_create),
                        PLUGIN_PROVIDE(DH, MODP_2048_BIT),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(DH, MODP_2048_224),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(DH, MODP_2048_256),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(DH, MODP_1536_BIT),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(DH, MODP_3072_BIT),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(DH, MODP_4096_BIT),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(DH, MODP_6144_BIT),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(DH, MODP_8192_BIT),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(DH, MODP_1024_BIT),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(DH, MODP_1024_160),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(DH, MODP_768_BIT),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(DH, MODP_CUSTOM),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
        };
        static plugin_feature_t f_rng[] = {
                PLUGIN_REGISTER(RNG, pkcs11_rng_create),
                        PLUGIN_PROVIDE(RNG, RNG_STRONG),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(RNG, RNG_TRUE),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
        };
        static plugin_feature_t f_key[] = {
                PLUGIN_REGISTER(PRIVKEY, pkcs11_private_key_connect, FALSE),
                        PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                PLUGIN_REGISTER(PUBKEY, pkcs11_public_key_load, TRUE),
                        PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
        };
        static plugin_feature_t f_ecdh[] = {
                PLUGIN_REGISTER(DH, pkcs11_dh_create),
                        PLUGIN_PROVIDE(DH, ECP_192_BIT),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(DH, ECP_224_BIT),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(DH, ECP_256_BIT),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(DH, ECP_384_BIT),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
                        PLUGIN_PROVIDE(DH, ECP_521_BIT),
-                               PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
        };
        static plugin_feature_t f_manager[] = {
-               PLUGIN_CALLBACK(register_manager, NULL),
-                       PLUGIN_PROVIDE(CUSTOM, "pkcs11-manager"),
+               PLUGIN_CALLBACK((plugin_feature_callback_t)handle_certs, NULL),
+                       PLUGIN_PROVIDE(CUSTOM, "pkcs11-certs"),
                                PLUGIN_DEPENDS(CERT_DECODE, CERT_X509),
        };
        static plugin_feature_t f[countof(f_hash) + countof(f_dh) + countof(f_rng) +
@@ -279,8 +262,11 @@ METHOD(plugin_t, get_features, int,
 METHOD(plugin_t, destroy, void,
        private_pkcs11_plugin_t *this)
 {
+       lib->set(lib, "pkcs11-manager", NULL);
+       this->manager->destroy(this->manager);
        this->creds->destroy(this->creds);
        this->mutex->destroy(this->mutex);
+       this->handle_events_lock->destroy(this->handle_events_lock);
        free(this);
 }
 
@@ -301,7 +287,11 @@ plugin_t *pkcs11_plugin_create()
                },
                .creds = linked_list_create(),
                .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+               .handle_events_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
        );
 
+       this->manager = pkcs11_manager_create((void*)token_event_cb, this);
+       lib->set(lib, "pkcs11-manager", this->manager);
+
        return &this->public.plugin;
 }