GP11 Reference Manual | ||||
---|---|---|---|---|
Top | Description | Object Hierarchy | Properties | Signals |
Synopsis
GP11Module; GP11Module* gp11_module_new (CK_FUNCTION_LIST_PTR funcs
); GP11Module* gp11_module_initialize (const gchar *path
,gpointer reserved
,GError **err
); gboolean gp11_module_equal (gconstpointer module1
,gconstpointer module2
); guint gp11_module_hash (gconstpointer module
); const gchar* gp11_module_get_path (GP11Module *self
); CK_FUNCTION_LIST_PTR gp11_module_get_functions (GP11Module *self
); GP11ModuleInfo* gp11_module_get_info (GP11Module *self
); GList* gp11_module_get_slots (GP11Module *self
,gboolean token_present
); gboolean gp11_module_get_pool_sessions (GP11Module *self
); void gp11_module_set_pool_sessions (GP11Module *self
,gboolean pool
); gint gp11_module_get_auto_authenticate (GP11Module *self
); void gp11_module_set_auto_authenticate (GP11Module *self
,gint auto_authenticate
); gboolean gp11_module_enumerate_objects (GP11Module *self
,GP11ObjectForeachFunc func
,gpointer user_data
,...
); gboolean (*GP11ObjectForeachFunc) (GP11Object *object
,gpointer user_data
); GP11ModuleInfo; void gp11_module_info_free (GP11ModuleInfo *module_info
);
Properties
"auto-authenticate" gint : Read / Write "functions" gpointer : Read / Write / Construct Only "path" gchar* : Read / Write / Construct Only "pool-sessions" gboolean : Read / Write
Description
A GP11Module object holds a loaded PKCS11 module. A PKCS11 module is a shared library.
You can load and initialize a PKCS11 module with the gp11_module_initialize()
call. If you already
have a loaded and initialized module that you'd like to use with the various GP11 functions, then
you can use gp11_module_new()
.
Details
gp11_module_new ()
GP11Module* gp11_module_new (CK_FUNCTION_LIST_PTR funcs
);
Create a GP11Module representing a PKCS11 module. It is assumed that this the module is already initialized. In addition it will not be finalized when complete.
|
Initialized PKCS11 function list pointer |
Returns : |
The new PKCS11 module. |
gp11_module_initialize ()
GP11Module* gp11_module_initialize (const gchar *path
,gpointer reserved
,GError **err
);
Load and initialize a PKCS11 module represented by a GP11Module object.
|
The file system path to the PKCS11 module to load. |
|
Extra arguments for the PKCS11 module, should usually be NULL. |
|
A location to store an error resulting from a failed load. |
Returns : |
The loaded PKCS11 module or NULL if failed. |
gp11_module_equal ()
gboolean gp11_module_equal (gconstpointer module1
,gconstpointer module2
);
Checks equality of two modules. Two GP11Module objects can point to the same underlying PKCS11 module.
|
A pointer to the first GP11Module |
|
A pointer to the second GP11Module |
Returns : |
TRUE if module1 and module2 are equal. FALSE if either is not a GP11Module. |
gp11_module_hash ()
guint gp11_module_hash (gconstpointer module
);
Create a hash value for the GP11Module.
This function is intended for easily hashing a GP11Module to add to a GHashTable or similar data structure.
|
A pointer to a GP11Module |
Returns : |
An integer that can be used as a hash value, or 0 if invalid. |
gp11_module_get_path ()
const gchar* gp11_module_get_path (GP11Module *self
);
Get the file path of this module. This may not be an absolute path, and
usually reflects the path passed to gp11_module_initialize()
.
|
The module for which to get the path. |
Returns : |
The path, do not modify or free this value. |
gp11_module_get_functions ()
CK_FUNCTION_LIST_PTR gp11_module_get_functions (GP11Module *self
);
Get the PKCS11 function list for the module.
|
The module for which to get the function list. |
Returns : |
The function list, do not modify this structure. |
gp11_module_get_info ()
GP11ModuleInfo* gp11_module_get_info (GP11Module *self
);
Get the info about a PKCS11 module.
|
The module to get info for. |
Returns : |
The module info. Release this with gp11_module_info_free() .
|
gp11_module_get_slots ()
GList* gp11_module_get_slots (GP11Module *self
,gboolean token_present
);
Get the GP11Slot objects for a given module.
|
The module for which to get the slots. |
|
Whether to limit only to slots with a token present. |
Returns : |
The possibly empty list of slots. Release this with gp11_list_unref_free() .
|
gp11_module_get_pool_sessions ()
gboolean gp11_module_get_pool_sessions (GP11Module *self
);
Get the reuse sessions setting. When this is set, sessions
will be pooled and reused if their flags match when
gp11_slot_open_session()
is called.
|
The module to get setting from. |
Returns : |
Whether reusing sessions or not. |
gp11_module_set_pool_sessions ()
void gp11_module_set_pool_sessions (GP11Module *self
,gboolean pool
);
When this is set, sessions will be pooled and reused
if their flags match when gp11_slot_open_session()
is called.
|
The module to set the setting on. |
|
Whether to reuse sessions or not. |
gp11_module_get_auto_authenticate ()
gint gp11_module_get_auto_authenticate (GP11Module *self
);
Get the auto login setting. When this is set, this slot will emit the 'authenticate-slot' signal when a session requires authentication, and the 'authenticate-object' signal when an object requires authintication.
|
The module to get setting from. |
Returns : |
Whether auto login or not. |
gp11_module_set_auto_authenticate ()
void gp11_module_set_auto_authenticate (GP11Module *self
,gint auto_authenticate
);
When this is set, this slot will emit the 'authenticate-slot' signal when a session requires authentication, and the 'authenticate-object' signal when an object requires authintication.
|
The module to set the setting on. |
|
Whether auto login or not. |
gp11_module_enumerate_objects ()
gboolean gp11_module_enumerate_objects (GP11Module *self
,GP11ObjectForeachFunc func
,gpointer user_data
,...
);
Call a function for every matching object on the module. This call may block for an indefinite period.
The variable argument list should contain:
a) |
The gulong attribute type (ie: CKA_LABEL). |
b) |
The attribute data type (one of GP11_BOOLEAN, GP11_ULONG, GP11_STRING, GP11_DATE) orthe raw attribute value length. |
c) |
The attribute value, either a gboolean, gulong, gchar*, GDate* or a pointer to a raw attribute value. |
The variable argument list should be terminated with GP11_INVALID.
This function will open a session per slot. It's recommended that you set the 'reuse-sessions' property on each slot if you'll be calling it a lot.
You can access the session in which the object was found, by using the
gp11_object_get_session()
function on the resulting objects.
This function skips tokens that are not initialize, and makes a best effort to find objects on valid tokens.
The function can return FALSE to stop the enumeration.
|
The module to enumerate objects. |
|
Function to call for each object. |
|
Data to pass to the function. |
|
The arguments must be triples of: attribute type, data type, value. |
Returns : |
If FALSE then an error prevented all matching objects from being enumerated. |
GP11ObjectForeachFunc ()
gboolean (*GP11ObjectForeachFunc) (GP11Object *object
,gpointer user_data
);
This function is passed to gp11_module_enumerate_objects()
or a similar function.
It is called once for each object matched.
The GP11Session through which the object is accessible can be retrieved by calling
gp11_object_get_session()
on object.
|
The enumerated object. |
|
Data passed to enumerate function. |
Returns : |
TRUE to continue enumerating, FALSE to stop. |
GP11ModuleInfo
typedef struct { guint8 pkcs11_version_major; guint8 pkcs11_version_minor; gchar *manufacturer_id; gulong flags; gchar *library_description; guint8 library_version_major; guint8 library_version_minor; } GP11ModuleInfo;
Holds information about the PKCS#11 module.
This structure corresponds to CK_MODULE_INFO in the PKCS11 standard. The strings are NULL terminated for easier use.
Use gp11_module_info_free()
to release this structure when done with it.
guint8 |
The major version of the module. |
guint8 |
The minor version of the module. |
gchar * |
The module manufacturer. |
gulong |
The module PKCS#11 flags. |
gchar * |
The module description. |
guint8 |
The major version of the library. |
guint8 |
The minor version of the library. |
gp11_module_info_free ()
void gp11_module_info_free (GP11ModuleInfo *module_info
);
Free a GP11ModuleInfo structure.
|
The module info to free, or NULL. |
Property Details
The "auto-authenticate"
property
"auto-authenticate" gint : Read / Write
Whether or not to automatically authenticate token objects that need a C_Login call before they can be used.
The "authenticate-object" signal will be fired when an object needs to be authenticated.
Allowed values: >= 0
Default value: 0
The "functions"
property
"functions" gpointer : Read / Write / Construct Only
The raw PKCS#11 function list for the module.
This points to a CK_FUNCTION_LIST structure.
The "path"
property
"path" gchar* : Read / Write / Construct Only
The PKCS#11 module file path.
This may be set to NULL if this object was created from an already
initialized module via the gp11_module_new()
function.
Default value: NULL
The "pool-sessions"
property
"pool-sessions" gboolean : Read / Write
Whether or not to pool PKCS#11 sessions. When this is set, sessions
will be pooled and reused if their flags match when gp11_slot_open_session()
is called.
Default value: FALSE
Signal Details
The "authenticate-object"
signal
gboolean user_function (GP11Module *module, GP11Object *object, gchar *label, gpointer password, gpointer user_data) : Run Last
This signal is emitted when a password is needed to authenticate a PKCS#11 object like a key. If the module prompts for passwords itself, then this signal will not be emitted.
|
The module. |
|
The object to be authenticated. |
|
A displayable label which describes the object. |
|
A gchar** where a password should be returned. |
|
user data set when the signal handler was connected. |
Returns : |
FALSE if the user cancelled, TRUE if we should proceed. |
The "authenticate-slot"
signal
gboolean user_function (GP11Module *module, GP11Slot *slot, gchar *string, gpointer password, gpointer user_data) : Run Last
This signal is emitted when a password is needed to authenticate a PKCS#11 slot. If the module prompts for passwords itself, then this signal will not be emitted.
|
The module |
|
The slot to be authenticated. |
|
A displayable label which describes the object. |
|
A gchar** where a password should be returned. |
|
user data set when the signal handler was connected. |
Returns : |
FALSE if the user cancelled, TRUE if we should proceed. |