// file      : openssl/agent/pkcs11/pkcs11.hxx -*- C++ -*-
// license   : MIT; see accompanying LICENSE file

#ifndef OPENSSL_AGENT_PKCS11_PKCS11_HXX
#define OPENSSL_AGENT_PKCS11_PKCS11_HXX

// PKCS#11 API (Cryptoki) definitions.
//
#include <openssl/agent/pkcs11/pkcs11.h>

#include <openssl/types.hxx>
#include <openssl/utility.hxx>

namespace openssl
{
  namespace agent
  {
    namespace pkcs11
    {
      // For simplicity we will not handle multiple PKCS#11 modules
      // simultaneously. The first one loaded will stay till the end of the
      // process lifetime.
      //

      // Return the PKCS#11 API pointer. If requested, ignore non-existent
      // module returning NULL.
      //
      // On the first call load the PKCS#11 module using the specified path
      // and initialize the API. Return the same pointer on the subsequent
      // calls regardless of the path. Throw runtime_error if anything goes
      // wrong.
      //
      CK_FUNCTION_LIST*
      api (const path&, bool ignore_nonexistent = false);

      // Return a pointer to the previously initialized PKCS#11 API.
      //
      CK_FUNCTION_LIST*
      api ();

      // Throw runtime_error describing a PKCS#11 API error.
      //
      [[noreturn]] void
      throw_api_error (CK_RV error, string what);

      // Convert API string representation to a regular one.
      //
      // PKCS#11 API struct string members are fixed-sized unsigned character
      // arrays right-padded with the space character. Return such a string
      // with the trailing spaces stripped.
      //
      inline string
      api_string (const unsigned char* s, size_t n)
      {
        for (; n != 0 && s[n - 1] == ' '; --n) ;
        return string (reinterpret_cast<const char*> (s), n);
      }
    }
  }
}

#endif // OPENSSL_AGENT_PKCS11_PKCS11_HXX