view release on metacpan or  search on metacpan

lib/Crypt/PKCS11/Easy.pm  view on Meta::CPAN

has pin => (is => 'ro', required => 0);


has module_dirs => (
    is      => 'ro',
    lazy    => 1,
    isa     => ArrayRef,
    default => sub {
        [
            '/usr/lib64/pkcs11/', '/usr/lib/pkcs11',
            '/usr/lib/x86_64-linux-gnu/pkcs11/'
        ];
    },
);

has _pkcs11 => (is => 'rwp');

has _key => (is => 'lazy');

# to keep usage simple, only allowed one session per object
has _session => (is => 'lazy', predicate => 1);

# TODO allow overriding defaults, possibly using predefined groups of related mechs
has _default_mech => (
    is      => 'ro',
    default => sub {
        {
            digest  => CKM_SHA_1,
            encrypt => CKM_RSA_PKCS,
            sign    => CKM_SHA1_RSA_PKCS,
            verify  => CKM_SHA1_RSA_PKCS,

        };
    },
);

has _module_dirs => (
    is      => 'ro',
    lazy    => 1,
    default => sub {
        my $self = shift;
        my @paths;
        for (@{$self->module_dirs}) {
            my $path = path($_)->absolute;
            push @paths, $path if $path->is_dir;
        }
        die "No valid module paths found\n" if scalar @paths == 0;
        return \@paths;
    },
);

has _flags => (
    is      => 'ro',
    lazy    => 1,
    default => sub {
        {
            token => [
                qw/rng write_protected login_required user_pin_initialized
                  restore_key_not_needed clock_on_token protected_authentication_path
                  dual_crypto_operations token_initialized secondary_authentication
                  user_pin_count_low user_pin_final_try user_pin_locked so_pin_count_low
                  user_pin_to_be_changed so_pin_final_try so_pin_locked so_pin_to_be_changed
                  error_state
                  /
            ],
            mechanism => [
                qw/hw encrypt decrypt digest sign sign_recover verify verify_recover generate generate_key_pair wrap unwrap derive extension/
            ],
            slot => [qw/token_present removable_device hw_slot/],
        };
    },
);

has [qw/_token_flags _mechanism_flags _slot_flags/] => (is => 'lazy');

has _sig_length => (
    is      => 'ro',
    lazy    => 1,
    default => sub {
        {
            1   => 20,
            224 => 28,
            256 => 32,
            384 => 48,
            512 => 64,
        };
    },
);

sub _build__mechanism_flags {
    _flags_to_hash($_[0]->_flags->{mechanism});
}

sub _build__token_flags {
    _flags_to_hash($_[0]->_flags->{token});
}

sub _build__slot_flags {
    _flags_to_hash($_[0]->_flags->{slot});
}

sub BUILD {
    my $self = shift;
    return $self->_set__pkcs11($self->_build__pkcs11);
}

sub _flags_to_hash {
    my $flags = shift;
    no strict 'refs';    ## no critic
    my %flag = map {
        my $f = 'Crypt::PKCS11::CKF_' . uc($_);
        $f->() => $_;
    } @$flags;

    return \%flag;
}

sub _build__pkcs11 {
    my $self = shift;

    $log->debug('Initialising PKCS#11...');