p11tool: added options --set-pin and --set-so-pin

These allow for an non-interactive --initialize process.

diff --git a/src/certtool-common.h b/src/certtool-common.h
index c347d2740068678e2bb845ddc170e835ad75c156..83377a33eb4d8dfa32a3bd305355c07c3d219767 100644 (file)
--- a/src/certtool-common.h
+++ b/src/certtool-common.h
@@ -53,6 +53,9 @@ typedef struct common_info {
        unsigned int crq_extensions;
        unsigned int v1_cert;
 
+       const char *pin;
+       const char *so_pin;
+
        int cprint;
 
        unsigned int verbose;

diff --git a/src/p11tool-args.def b/src/p11tool-args.def
index eed03b659aa380a3f3f8cbe600aae8aac32cc9b2..3a91e99ef414a0cb7f0550180682e5185079c34e 100644 (file)
--- a/src/p11tool-args.def
+++ b/src/p11tool-args.def
@@ -86,12 +86,6 @@ flag = {
     doc = "";
 };
 
-flag = {
-    name      = initialize;
-    descrip   = "Initializes a PKCS #11 token";
-    doc = "";
-};
-
 flag = {
     name      = write;
     descrip   = "Writes the loaded objects to a PKCS #11 token";
@@ -268,6 +262,26 @@ flag = {
     aliases   = outder;
 };
 
+flag = {
+    name      = initialize;
+    descrip   = "Initializes a PKCS #11 token";
+    doc = "";
+};
+
+flag = {
+    name      = set-pin;
+    arg-type  = string;
+    descrip   = "Specify the PIN to use on token initialization";
+    doc      = "";
+};
+
+flag = {
+    name      = set-so-pin;
+    arg-type  = string;
+    descrip   = "Specify the Security Officer's PIN to use on token initialization";
+    doc      = "";
+};
+
 flag = {
     name      = provider;
     arg-type  = file;

diff --git a/src/p11tool.c b/src/p11tool.c
index 4f71d42a8e7a7e8466ebe48db8fcdef79578977f..898092dd0555041f16c6e47d7c93a86b0c1ed09f 100644 (file)
--- a/src/p11tool.c
+++ b/src/p11tool.c
@@ -151,6 +151,12 @@ static void cmd_parser(int argc, char **argv)
        else
                cinfo.outcert_format = GNUTLS_X509_FMT_PEM;
 
+       if (HAVE_OPT(SET_PIN))
+               cinfo.pin = OPT_ARG(SET_PIN);
+
+       if (HAVE_OPT(SET_SO_PIN))
+               cinfo.so_pin = OPT_ARG(SET_SO_PIN);
+
        if (HAVE_OPT(LOAD_CERTIFICATE))
                cinfo.cert = OPT_ARG(LOAD_CERTIFICATE);
 

diff --git a/src/pkcs11.c b/src/pkcs11.c
index b83346f3d0f5b15ce0c2b9da6d56ede32b703226..c7fa1d106a91a5e4d37f7ea4b51c7769cbe3e271 100644 (file)
--- a/src/pkcs11.c
+++ b/src/pkcs11.c
@@ -538,7 +538,7 @@ pkcs11_init(FILE * outfile, const char *url, const char *label,
            common_info_st * info)
 {
        int ret;
-       char *pin;
+       const char *pin;
        char so_pin[32];
 
        pkcs11_common();
@@ -548,17 +548,28 @@ pkcs11_init(FILE * outfile, const char *url, const char *label,
                exit(1);
        }
 
-       pin = getpass("Enter Security Officer's PIN: ");
-       if (pin == NULL)
-               exit(1);
+       if (info->so_pin != NULL)
+               pin = info->so_pin;
+       else {
+               pin = getpass("Enter Security Officer's PIN: ");
+               if (pin == NULL)
+                       exit(1);
+       }
 
-       if (strlen(pin) >= sizeof(so_pin))
+       if (strlen(pin) >= sizeof(so_pin) || pin[0] == '\n')
                exit(1);
 
        strcpy(so_pin, pin);
 
-       pin = getpass("Enter new User's PIN: ");
-       if (pin == NULL)
+       if (info->so_pin != NULL)
+               pin = info->pin;
+       else {
+               pin = getpass("Enter new User's PIN: ");
+               if (pin == NULL)
+                       exit(1);
+       }
+
+       if (pin[0] == '\n')
                exit(1);
 
        ret = gnutls_pkcs11_token_init(url, so_pin, label);