feat: update pkcs11 piv

native-pkcs11-piv/src/piv/backend.rs

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use std::sync::Arc;
+use std::sync::{Arc, Mutex};
 
 use tracing::instrument;
 use yubikey::YubiKey;
@@ -27,14 +27,49 @@ use native_pkcs11_traits::Result as P11Result;
 
 #[derive(Debug, Default)]
 pub struct YubikeyPivBackend {
-    yubikey: Option<YubiKey>,
+    cached_pin: Mutex<Option<String>>,
+    yubikey: Mutex<Option<YubiKey>>,
 }
 
 impl YubikeyPivBackend {
     pub fn new() -> Self {
-        YubikeyPivBackend {
-            yubikey: None
+        YubikeyPivBackend::default()
+    }
+
+    fn run_with_yubikey<F>(&self, verify: bool, mut callback: F) -> P11Result<()>
+    where
+        F: FnMut(&mut YubiKey) -> P11Result<()>,
+    {
+        let mut yubikey = self.yubikey.lock().unwrap();
+        if yubikey.is_none() {
+            *yubikey = Some(YubiKey::open()?);
         }
+        let mut yk = yubikey.as_mut().unwrap();
+        if verify {
+            let pin = self.prepare_pin()?;
+            let verify_result = yk.verify_pin(pin.as_bytes());
+            if verify_result.is_err() {
+                self.clear_pin();
+            }
+            verify_result?;
+        }
+        callback(&mut yk)
+    }
+
+    fn clear_pin(&self) -> () {
+        let mut cached_pin = self.cached_pin.lock().unwrap();
+        if cached_pin.is_some() {
+            *cached_pin = None;
+        }
+    }
+
+    fn prepare_pin(&self) -> P11Result<String> {
+        let mut cached_pin = self.cached_pin.lock().unwrap();
+        if cached_pin.is_none() {
+            let pin = crate::piv::pinentry::get_pin()?;
+            *cached_pin = Some(pin);
+        }
+        Ok(cached_pin.as_deref().unwrap().to_string())
     }
 }