Explicitly logging out the token to avoid leaving it in a non-stable state.

crypto_pkcs11.cc

 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "entd/crypto_pkcs11.h"
 
 #include "base/logging.h"
 #include "base/string_util.h"
 #include "base/string_number_conversions.h"
 #include <chromeos/utility.h>
@@ skipping 481 matching lines @@
   BindMethod(instance_t, &Pkcs11::Session::CallRefresh, "refresh");
   BindMethod(instance_t, &Pkcs11::Session::Close, "close");
   BindMethod(instance_t, &Pkcs11::Session::Login, "login");
   BindMethod(instance_t, &Pkcs11::Session::Logout, "logout");
   BindMethod(instance_t, &Pkcs11::Session::InitPin, "initPin");
   BindMethod(instance_t, &Pkcs11::Session::SetPin, "setPin");
   BindMethod(instance_t, &Pkcs11::Session::GenerateKeyPair, "generateKeyPair");
   BindMethod(instance_t, &Pkcs11::Session::FindObjects, "findObjects");
   BindMethod(instance_t, &Pkcs11::Session::CreateObject, "createObject");
 
+  BindMethod(instance_t, &Pkcs11::Session::LogoutAndClose, "logoutAndClose");
+
   return true;
 }
 
 bool Pkcs11::Session::Refresh() {
   CK_SESSION_INFO session_info;
   CK_RV rv = C_GetSessionInfo(session_handle_, &session_info);
   if (!OkOrWarn(rv))
     return false;
 
   v8::Handle<v8::Object> self = js_object();
@@ skipping 24 matching lines @@
                       reinterpret_cast<CK_CHAR_PTR>(*ascii_pin),
                       ascii_pin.length()));
 
   return v8::Undefined();
 }
 
 v8::Handle<v8::Value> Pkcs11::Session::Close(const v8::Arguments& args) {
   if (!session_handle_)
     return ThrowException("Not open");
 
+  if (logged_in_) {
+    OkOrThrow(C_Logout(session_handle_));

[rginda, 2011/01/18 22:10:19]

You should return early if this throws.

[Nelson Araujo, 2011/01/18 22:50:19]

Done.

+    logged_in_ = false;
+  }
+
   OkOrThrow(C_CloseSession(session_handle_));
   session_handle_ = 0;
   return v8::Undefined();
 }
 
 v8::Handle<v8::Value> Pkcs11::Session::Login(const v8::Arguments& args) {
   if (args.Length() < 1)
     return ThrowException("Missing required parameter: userType");
 
   uint32_t user_type = args[0]->Uint32Value();
   if (user_type != CKU_USER && user_type != CKU_SO)
     return ThrowException("Invalid value for parameter: userType");
 
   if (args.Length() < 2)
     return ThrowException("Missing required parameter: pin");
 
   v8::String::AsciiValue ascii_pin(args[1]);
 
+  logged_in_ = false;
+
   CK_RV rv = C_Login(session_handle_, user_type,
                      reinterpret_cast<CK_CHAR_PTR>(*ascii_pin),
                      ascii_pin.length());
 
   if (rv == CKR_PIN_INCORRECT)
     return v8::False();
 
   if (!OkOrThrow(rv))
     return v8::Undefined();
 
+  logged_in_ = true;
   return v8::True();
 }
 
 v8::Handle<v8::Value> Pkcs11::Session::Logout(const v8::Arguments& args) {
   OkOrThrow(C_Logout(session_handle_));
+  logged_in_ = false;
   return v8::Undefined();
 }
 
+v8::Handle<v8::Value> Pkcs11::Session::LogoutAndClose(
+  const v8::Arguments& args) {
+  Logout(args);
+  Close(args);
+  return v8::Undefined();
+}
+
 v8::Handle<v8::Value> Pkcs11::Session::SetPin(const v8::Arguments& args) {
   if (args.Length() < 1)
     return ThrowException("Missing required parameter: oldPin");
 
   v8::String::AsciiValue old_pin(args[0]);
 
   if (args.Length() < 2)
     return ThrowException("Missing required parameter: newPin");
 
   v8::String::AsciiValue new_pin(args[1]);
@@ skipping 702 matching lines @@
   SET_CK_CONST(ctor_t, CKR_MUTEX_BAD);
   SET_CK_CONST(ctor_t, CKR_MUTEX_NOT_LOCKED);
   SET_CK_CONST(ctor_t, CKR_VENDOR_DEFINED);
 
   return true;
 }
 
 }  // namespace crypto
 
 }  // namespace entd