docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #281 from docker/better-pkcs11-logging 

Log whether a pkcs11 library was found and if it was loadable.

This unfortunately prints out every time any operation is done on the Yubikey, producing a lot of log output, but perhaps that is better because an operation might fail at any given time.

Output if no Yubikey:
DEBU[0000] Failed to initialize PKCS11 environment: loaded library /usr/local/lib/libykcs11.dylib, but no HSM slots found 

If there is a Yubikey:
DEBU[0000] Initialized PKCS11 library /usr/local/lib/libykcs11.dylib and started HSM session
This commit is contained in:
Ying Li 2015-11-13 15:51:11 -08:00
parent 142da6ccd3 f9bd60701f
commit 68962ce0f7
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
trustmanager/yubikey/yubikeystore.go
View File

@ -796,28 +796,31 @@ func SetupHSMEnv(libraryPath string, libLoader pkcs11LibLoader) (
IPKCS11Ctx, pkcs11.SessionHandle, error) {
if libraryPath == "" {
return nil, 0, errors.New("No library found.")
return nil, 0, fmt.Errorf("no library found.")
}
p := libLoader(libraryPath)
if p == nil {
return nil, 0, errors.New("Failed to init library")
return nil, 0, fmt.Errorf("failed to load library %s", libraryPath)
}
if err := p.Initialize(); err != nil {
defer finalizeAndDestroy(p)
return nil, 0, fmt.Errorf("Initialize error %s", err.Error())
return nil, 0, fmt.Errorf(
"found library %s, but initialize error %s", libraryPath, err.Error())
}
slots, err := p.GetSlotList(true)
if err != nil {
defer finalizeAndDestroy(p)
return nil, 0, fmt.Errorf("Failed to list HSM slots %s", err)
return nil, 0, fmt.Errorf(
"loaded library %s, but failed to list HSM slots %s", libraryPath, err)
}
// Check to see if we got any slots from the HSM.
if len(slots) < 1 {
defer finalizeAndDestroy(p)
return nil, 0, fmt.Errorf("No HSM Slots found")
return nil, 0, fmt.Errorf(
"loaded library %s, but no HSM slots found", libraryPath)
}
// CKF_SERIAL_SESSION: TRUE if cryptographic functions are performed in serial with the application; FALSE if the functions may be performed in parallel with the application.
@ -825,9 +828,12 @@ func SetupHSMEnv(libraryPath string, libLoader pkcs11LibLoader) (
session, err := p.OpenSession(slots[0], pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION)
if err != nil {
defer cleanup(p, session)
return nil, 0, fmt.Errorf("Failed to Start Session with HSM %s", err)
return nil, 0, fmt.Errorf(
"loaded library %s, but failed to start session with HSM %s",
libraryPath, err)
}
logrus.Debugf("Initialized PKCS11 library %s and started HSM session", libraryPath)
return p, session, nil
}