pkcs11/_pkcs11.pyx: rename p_auth -> use_protected_auth, use_pap -> use_protected_auth; types.py: add use_protected_auth to signature and doc string"

Grant Sowards · Grant Sowards · commit 0e831d07245c · 2020-07-13T17:18:24.000-06:00
diff --git a/pkcs11/_pkcs11.pyx b/pkcs11/_pkcs11.pyx
@@ -225,7 +225,7 @@ class Slot(types.Slot):
 class Token(types.Token):
     """Extend Token with implementation."""
 
-    def open(self, rw=False, user_pin=None, so_pin=None, p_auth=False):
+    def open(self, rw=False, user_pin=None, so_pin=None, use_protected_auth=False):
         cdef CK_SESSION_HANDLE handle
         cdef CK_FLAGS flags = CKF_SERIAL_SESSION
         cdef CK_USER_TYPE user_type
@@ -235,11 +235,11 @@ class Token(types.Token):
 
         if user_pin is not None and so_pin is not None:
             raise ArgumentsBad("Set either `user_pin` or `so_pin`")
-        elif user_pin is not None and use_pap:
-            raise ArgumentsBad("Set either `user_pin` or `p_auth`")
-        elif so_pin is not None and use_pap:
-            raise ArgumentsBad("Set either `so_pin` or `p_auth`")
-        elif p_auth:
+        elif user_pin is not None and use_protected_auth:
+            raise ArgumentsBad("Set either `user_pin` or `use_protected_auth`")
+        elif so_pin is not None and use_protected_auth:
+            raise ArgumentsBad("Set either `so_pin` or `use_protected_auth`")
+        elif use_protected_auth:
             pin = None
             user_type = CKU_USER
         elif user_pin is not None:
@@ -254,11 +254,11 @@ class Token(types.Token):
 
         assertRV(_funclist.C_OpenSession(self.slot.slot_id, flags, NULL, NULL, &handle))
 
-        if p_auth:
+        if use_protected_auth:
             if self.flags & TokenFlag.PROTECTED_AUTHENTICATION_PATH:
-                assertRV(_funclist.C_Login(handle, user_type, NULL, < CK_ULONG > 0))
+                assertRV(_funclist.C_Login(handle, user_type, NULL, <CK_ULONG> 0))
             else:
-                raise ArgumentsBad('Protected authentication is not supported by loaded module')
+                raise ArgumentsBad("Protected authentication is not supported by loaded module")
         elif pin is not None:
             assertRV(_funclist.C_Login(handle, user_type, pin, <CK_ULONG> len(pin)))
 
diff --git a/pkcs11/types.py b/pkcs11/types.py
@@ -200,7 +200,7 @@ def __init__(self, slot,
     def __eq__(self, other):
         return self.slot == other.slot
 
-    def open(self, rw=False, user_pin=None, so_pin=None):
+    def open(self, rw=False, user_pin=None, so_pin=None, use_protected_auth=False):
         """
         Open a session on the token and optionally log in as a user or
         security officer (pass one of `user_pin` or `so_pin`).
@@ -217,6 +217,7 @@ def open(self, rw=False, user_pin=None, so_pin=None):
         :param bytes user_pin: Authenticate to this session as a user.
         :param bytes so_pin: Authenticate to this session as a
             security officer.
+        :param use_protected_auth: True to use protected authentication on a token
 
         :rtype: Session
         """
