From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 2 Nov 2011 10:24:25 +0000 (+0100)
Subject: pkcs11: Changed how pkcs11-manager is initialized.
X-Git-Tag: 4.6.0~37
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=50ad6eacb6b045547d4519a541df416810a9d46a;p=thirdparty%2Fstrongswan.git

pkcs11: Changed how pkcs11-manager is initialized.

The manager is now created directly, but events and certificate loading
is deferred.
---

diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
index b1962568f9..554e07ff69 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
@@ -22,6 +22,7 @@
 #include <debug.h>
 #include <utils/linked_list.h>
 #include <threading/mutex.h>
+#include <threading/rwlock.h>
 
 #include "pkcs11_manager.h"
 #include "pkcs11_creds.h"
@@ -57,6 +58,16 @@ struct private_pkcs11_plugin_t {
 	 * mutex to lock list
 	 */
 	mutex_t *mutex;
+
+	/**
+	 * TRUE if events from tokens are to be handled
+	 */
+	bool handle_events;
+
+	/**
+	 * Lock for the above flag
+	 */
+	rwlock_t *handle_events_lock;
 };
 
 /**
@@ -66,9 +77,10 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11,
 						   CK_SLOT_ID slot, bool add)
 {
 	enumerator_t *enumerator;
-	pkcs11_creds_t *creds, *found = NULL;;
+	pkcs11_creds_t *creds, *found = NULL;
 
-	if (add)
+	this->handle_events_lock->read_lock(this->handle_events_lock);
+	if (add && this->handle_events)
 	{
 		creds = pkcs11_creds_create(p11, slot);
 		if (creds)
@@ -79,7 +91,7 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11,
 			lib->credmgr->add_set(lib->credmgr, &creds->set);
 		}
 	}
-	else
+	else if (this->handle_events)
 	{
 		this->mutex->lock(this->mutex);
 		enumerator = this->creds->create_enumerator(this->creds);
@@ -104,6 +116,7 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11,
 			lib->credmgr->flush_cache(lib->credmgr, CERT_X509);
 		}
 	}
+	this->handle_events_lock->unlock(this->handle_events_lock);
 }
 
 METHOD(plugin_t, get_name, char*,
@@ -113,20 +126,21 @@ METHOD(plugin_t, get_name, char*,
 }
 
 /**
- * Register/unregister PKCS#11 manager.
+ * Load/unload certificates from tokens.
  */
-static bool register_manager(private_pkcs11_plugin_t *this,
-							 plugin_feature_t *feature, bool reg, void *data)
+static bool handle_certs(private_pkcs11_plugin_t *this,
+						 plugin_feature_t *feature, bool reg, void *data)
 {
+	this->handle_events_lock->write_lock(this->handle_events_lock);
+	this->handle_events = reg;
+	this->handle_events_lock->unlock(this->handle_events_lock);
+
 	if (reg)
 	{
 		enumerator_t *enumerator;
 		pkcs11_library_t *p11;
 		CK_SLOT_ID slot;
 
-		this->manager = pkcs11_manager_create((void*)token_event_cb, this);
-		lib->set(lib, "pkcs11-manager", this->manager);
-
 		enumerator = this->manager->create_token_enumerator(this->manager);
 		while (enumerator->enumerate(enumerator, &p11, &slot))
 		{
@@ -143,13 +157,9 @@ static bool register_manager(private_pkcs11_plugin_t *this,
 			lib->credmgr->remove_set(lib->credmgr, &creds->set);
 			creds->destroy(creds);
 		}
-
-		lib->set(lib, "pkcs11-manager", NULL);
-		this->manager->destroy(this->manager);
 	}
 	return TRUE;
 }
-
 /**
  * Add a set of features
  */
@@ -169,76 +179,49 @@ METHOD(plugin_t, get_features, int,
 	static plugin_feature_t f_hash[] = {
 		PLUGIN_REGISTER(HASHER, pkcs11_hasher_create),
 			PLUGIN_PROVIDE(HASHER, HASH_MD2),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(HASHER, HASH_MD5),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(HASHER, HASH_SHA1),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(HASHER, HASH_SHA256),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(HASHER, HASH_SHA384),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(HASHER, HASH_SHA512),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 	};
 	static plugin_feature_t f_dh[] = {
 		PLUGIN_REGISTER(DH, pkcs11_dh_create),
 			PLUGIN_PROVIDE(DH, MODP_2048_BIT),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(DH, MODP_2048_224),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(DH, MODP_2048_256),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(DH, MODP_1536_BIT),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(DH, MODP_3072_BIT),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(DH, MODP_4096_BIT),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(DH, MODP_6144_BIT),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(DH, MODP_8192_BIT),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(DH, MODP_1024_BIT),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(DH, MODP_1024_160),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(DH, MODP_768_BIT),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(DH, MODP_CUSTOM),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 	};
 	static plugin_feature_t f_rng[] = {
 		PLUGIN_REGISTER(RNG, pkcs11_rng_create),
 			PLUGIN_PROVIDE(RNG, RNG_STRONG),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(RNG, RNG_TRUE),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 	};
 	static plugin_feature_t f_key[] = {
 		PLUGIN_REGISTER(PRIVKEY, pkcs11_private_key_connect, FALSE),
 			PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 		PLUGIN_REGISTER(PUBKEY, pkcs11_public_key_load, TRUE),
 			PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 	};
 	static plugin_feature_t f_ecdh[] = {
 		PLUGIN_REGISTER(DH, pkcs11_dh_create),
 			PLUGIN_PROVIDE(DH, ECP_192_BIT),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(DH, ECP_224_BIT),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(DH, ECP_256_BIT),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(DH, ECP_384_BIT),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 			PLUGIN_PROVIDE(DH, ECP_521_BIT),
-				PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
 	};
 	static plugin_feature_t f_manager[] = {
-		PLUGIN_CALLBACK(register_manager, NULL),
-			PLUGIN_PROVIDE(CUSTOM, "pkcs11-manager"),
+		PLUGIN_CALLBACK((plugin_feature_callback_t)handle_certs, NULL),
+			PLUGIN_PROVIDE(CUSTOM, "pkcs11-certs"),
 				PLUGIN_DEPENDS(CERT_DECODE, CERT_X509),
 	};
 	static plugin_feature_t f[countof(f_hash) + countof(f_dh) + countof(f_rng) +
@@ -279,8 +262,11 @@ METHOD(plugin_t, get_features, int,
 METHOD(plugin_t, destroy, void,
 	private_pkcs11_plugin_t *this)
 {
+	lib->set(lib, "pkcs11-manager", NULL);
+	this->manager->destroy(this->manager);
 	this->creds->destroy(this->creds);
 	this->mutex->destroy(this->mutex);
+	this->handle_events_lock->destroy(this->handle_events_lock);
 	free(this);
 }
 
@@ -301,7 +287,11 @@ plugin_t *pkcs11_plugin_create()
 		},
 		.creds = linked_list_create(),
 		.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+		.handle_events_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
 	);
 
+	this->manager = pkcs11_manager_create((void*)token_event_cb, this);
+	lib->set(lib, "pkcs11-manager", this->manager);
+
 	return &this->public.plugin;
 }