Skip to content

Commit 5d8ad3e

Browse files
Bravo555Bravo555
committed
Don't short circuit diagnostics on error
Signed-off-by: Marcel Guzik <marcel.guzik@cumulocity.com>
1 parent 2832c78 commit 5d8ad3e

File tree

1 file changed

+78
-47
lines changed
  • crates/extensions/tedge-p11-server/src/pkcs11

1 file changed

+78
-47
lines changed

crates/extensions/tedge-p11-server/src/pkcs11/mod.rs

Lines changed: 78 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@ use rustls::SignatureScheme;
3636
use serde::Deserialize;
3737
use serde::Serialize;
3838
use tracing::debug;
39+
use tracing::error;
3940
use tracing::trace;
4041
use tracing::warn;
4142

@@ -204,8 +205,8 @@ impl Cryptoki {
204205
Err(e) => e.into_inner(),
205206
};
206207

207-
debug!(slots = ?get_all_slots_info(&context)?);
208-
debug!(tokens = ?get_all_token_info(&context)?);
208+
debug!(slots = ?get_all_slots_info(&context));
209+
debug!(tokens = ?get_all_token_info(&context));
209210

210211
let slots_with_tokens = context.get_slots_with_token()?;
211212
let tokens: Result<Vec<_>, _> = slots_with_tokens
@@ -249,13 +250,25 @@ impl Cryptoki {
249250
uri_attributes,
250251
};
251252

252-
let objects = session
253-
.session
254-
.find_objects(&[])?
255-
.into_iter()
256-
.map(|o| session.export_object_uri(o))
257-
.collect::<Result<Vec<_>, _>>()?;
258-
trace!(?objects, "Objects found in the token");
253+
let template = [];
254+
let objects = session.session.find_objects(&template);
255+
match objects {
256+
Err(err) => {
257+
error!(?template, ?err, "failed to find objects");
258+
}
259+
Ok(objects) => {
260+
let objects = objects
261+
.into_iter()
262+
.flat_map(|o| {
263+
let uri = session.export_object_uri(o).inspect_err(
264+
|err| error!(?err, object = ?o, "failed to read properties of object"),
265+
);
266+
uri.map(|u| (o, u)).ok()
267+
})
268+
.collect::<Vec<_>>();
269+
trace!(?objects, "Objects found in the token");
270+
}
271+
}
259272

260273
Ok(session)
261274
}
@@ -282,24 +295,47 @@ impl Cryptoki {
282295
}
283296
}
284297

285-
fn get_all_slots_info(cryptoki: &Pkcs11) -> anyhow::Result<Vec<SlotInfo>> {
286-
let slotinfos = cryptoki
287-
.get_all_slots()?
298+
fn get_all_slots_info(cryptoki: &Pkcs11) -> Vec<SlotInfo> {
299+
let slots = match cryptoki.get_all_slots() {
300+
Ok(slots) => slots,
301+
Err(err) => {
302+
error!(?err, "failed to get slots");
303+
return vec![];
304+
}
305+
};
306+
let slotinfos = slots
288307
.into_iter()
289-
.map(|s| cryptoki.get_slot_info(s))
290-
.collect::<Result<Vec<_>, _>>()?;
308+
.flat_map(|s| {
309+
cryptoki
310+
.get_slot_info(s)
311+
.inspect_err(|err| error!(slot = ?s, ?err, "failed to read slot info from slot"))
312+
.ok()
313+
})
314+
.collect::<Vec<_>>();
291315

292-
Ok(slotinfos)
316+
slotinfos
293317
}
294318

295-
fn get_all_token_info(cryptoki: &Pkcs11) -> anyhow::Result<Vec<TokenInfo>> {
296-
let slots = cryptoki.get_slots_with_token()?;
319+
fn get_all_token_info(cryptoki: &Pkcs11) -> Vec<TokenInfo> {
320+
let slots = match cryptoki.get_slots_with_token() {
321+
Ok(slots) => slots,
322+
Err(err) => {
323+
error!(?err, "failed to get slots");
324+
return vec![];
325+
}
326+
};
327+
297328
let tokeninfos = slots
298329
.into_iter()
299-
.map(|s| cryptoki.get_token_info(s))
300-
.collect::<Result<Vec<_>, _>>()?;
330+
.flat_map(|s| {
331+
cryptoki
332+
.get_token_info(s)
333+
.inspect_err(|err| error!(slot = ?s, ?err, "failed to read token info from slot"))
334+
.ok()
335+
})
336+
.collect::<Vec<_>>();
301337

302-
Ok(tokeninfos)
338+
tokeninfos
303339
}
304340

305341
/// A cryptoki session opened with a token.
@@ -478,38 +514,33 @@ impl<'a> CryptokiSession<'a> {
478514
}
479515

480516
fn export_object_uri(&self, object: ObjectHandle) -> anyhow::Result<String> {
481-
let mut attrs = self
482-
.session
483-
.get_attributes(object, &[AttributeType::Id, AttributeType::Label])?
484-
.into_iter();
485-
486-
let id = attrs.next().context("No id")?;
487-
let Attribute::Id(id) = id else {
488-
anyhow::bail!("Not id");
489-
};
490-
491-
let label = attrs.next().context("No label")?;
492-
let Attribute::Label(label) = label else {
493-
anyhow::bail!("Not label");
494-
};
495-
let label = std::str::from_utf8(&label).context("label should be utf-8")?;
517+
let template = &[AttributeType::Id, AttributeType::Label];
518+
let attrs = self.session.get_attributes(object, template)?.into_iter();
496519

497520
let mut key_uri = export_session_uri(&self.token_info);
498521

499-
// id, object, type
500-
key_uri.push(';');
501-
key_uri.push_str("id=");
502-
// from RFC section 2.3: Note that the value of the "id" attribute SHOULD NOT be encoded as UTF-8 because it can
503-
// contain non-textual data, instead it SHOULD be entirely percent-encoded
504-
for byte in &id {
505-
key_uri.push_str(percent_encoding::percent_encode_byte(*byte));
522+
for attr in attrs {
523+
match attr {
524+
Attribute::Id(id) => {
525+
key_uri.push(';');
526+
key_uri.push_str("id=");
527+
// from RFC section 2.3: Note that the value of the "id" attribute SHOULD NOT be encoded as UTF-8 because it can
528+
// contain non-textual data, instead it SHOULD be entirely percent-encoded
529+
for byte in &id {
530+
key_uri.push_str(percent_encoding::percent_encode_byte(*byte));
531+
}
532+
}
533+
Attribute::Label(label) => {
534+
let label = std::str::from_utf8(&label).context("label should be utf-8")?;
535+
key_uri.push(';');
536+
key_uri.push_str("object=");
537+
let label = uri::percent_encode(label);
538+
key_uri.push_str(&label);
539+
}
540+
other => warn!(asked = ?template, got= ?other, "Got invalid attribute"),
541+
}
506542
}
507543

508-
key_uri.push(';');
509-
key_uri.push_str("object=");
510-
let label = uri::percent_encode(label);
511-
key_uri.push_str(&label);
512-
513544
// omit the "type" attribute since its not relevant when used as device.key_uri, which is intended use for this produced value
514545

515546
anyhow::ensure!(key_uri.starts_with("pkcs11:"));

0 commit comments

Comments
 (0)