// file      : openssl/agent/pkcs11/pkcs11.hxx -*- C++ -*-
// license   : MIT; see accompanying LICENSE file


// PKCS#11 API (Cryptoki) definitions.
#include <openssl/agent/pkcs11/pkcs11.h>

#include <openssl/types.hxx>
#include <openssl/utility.hxx>

namespace openssl
  namespace agent
    namespace pkcs11
      // For simplicity we will not handle multiple PKCS#11 modules
      // simultaneously. The first one loaded will stay till the end of the
      // process lifetime.

      // Return the PKCS#11 API pointer. If requested, ignore non-existent
      // module returning NULL.
      // On the first call load the PKCS#11 module using the specified path
      // and initialize the API. Return the same pointer on the subsequent
      // calls regardless of the path. Throw runtime_error if anything goes
      // wrong.
      api (const path&, bool ignore_nonexistent = false);

      // Return a pointer to the previously initialized PKCS#11 API.
      api ();

      // Throw runtime_error describing a PKCS#11 API error.
      [[noreturn]] void
      throw_api_error (CK_RV error, string what);

      // Convert API string representation to a regular one.
      // PKCS#11 API struct string members are fixed-sized unsigned character
      // arrays right-padded with the space character. Return such a string
      // with the trailing spaces stripped.
      inline string
      api_string (const unsigned char* s, size_t n)
        for (; n != 0 && s[n - 1] == ' '; --n) ;
        return string (reinterpret_cast<const char*> (s), n);