Use p11_kit_uri_get_pin_value() if available in p11-kit

This allows parsing the pin-value attribute of the PKCS#11 URI.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2 files changed, 23 insertions, 0 deletions

diff --git a/configure.ac b/configure.ac
index 0840042776..c9c9fdc968 100644
--- a/configure.ac
+++ b/configure.ac
@@ -447,6 +447,9 @@ if test "$with_p11_kit" != "no"; then
 		if ! $PKG_CONFIG --atleast-version=0.22.0 p11-kit-1; then
 			with_buggy_p11_kit=yes
 		fi
+		if $PKG_CONFIG --atleast-version=0.23.1 p11-kit-1; then
+			AC_DEFINE([P11_KIT_HAS_PIN_VALUE], 1, [p11-kit supports p11_kit_uri_get_pin_value()])
+		fi
 	else
 	        with_p11_kit=no
 	        AC_MSG_WARN([[
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index f5cf99d658..26d88e51a8 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -2367,6 +2367,25 @@ retrieve_pin(struct pin_info_st *pin_info, struct p11_kit_uri *info,
 
 	*pin = NULL;
 
+#ifdef P11_KIT_HAS_PIN_VALUE
+	/* First check for pin-value field */
+	pinfile = p11_kit_uri_get_pin_value(info);
+	if (pinfile != NULL) {
+		_gnutls_debug_log("p11: Using pin-value to retrieve PIN\n");
+		*pin = p11_kit_pin_new_for_string(pinfile);
+		if (*pin != NULL)
+			ret = 0;
+	} else { /* try pin-source */
+		/* Check if a pinfile is specified, and use that if possible */
+		pinfile = p11_kit_uri_get_pin_source(info);
+		if (pinfile != NULL) {
+			_gnutls_debug_log("p11: Using pin-source to retrieve PIN\n");
+			ret =
+			    retrieve_pin_from_source(pinfile, token_info, attempts,
+						     user_type, pin);
+		}
+	}
+#else
 	/* Check if a pinfile is specified, and use that if possible */
 	pinfile = p11_kit_uri_get_pinfile(info);
 	if (pinfile != NULL) {
@@ -2375,6 +2394,7 @@ retrieve_pin(struct pin_info_st *pin_info, struct p11_kit_uri *info,
 		    retrieve_pin_from_source(pinfile, token_info, attempts,
 					     user_type, pin);
 	}
+#endif
 
 	/* The global gnutls pin callback */
 	if (ret < 0)