[glib-networking/pgriffis/pkcs11-pin-handling] gnutls-pkcs11: Improve error handling for PIN failures

[Patrick Griffis <pgriffis src gnome org>]

commit b352363b14f24b10b81a2f3c5d2400ce39098b24
Author: Patrick Griffis <pgriffis igalia com>
Date:   Wed May 26 14:22:13 2021 -0500

    gnutls-pkcs11: Improve error handling for PIN failures

 tls/base/gtlsconnection-base.c      | 22 ++++++++++++++++++++++
 tls/base/gtlsconnection-base.h      |  3 +++
 tls/gnutls/gtlscertificate-gnutls.c |  5 ++++-
 tls/gnutls/gtlsconnection-gnutls.c  | 24 +++---------------------
 4 files changed, 32 insertions(+), 22 deletions(-)
---
diff --git a/tls/base/gtlsconnection-base.c b/tls/base/gtlsconnection-base.c
index dd87b1b..72551dc 100644
--- a/tls/base/gtlsconnection-base.c
+++ b/tls/base/gtlsconnection-base.c
@@ -2687,6 +2687,28 @@ g_tls_connection_base_handshake_thread_request_certificate (GTlsConnectionBase *
   return res != G_TLS_INTERACTION_FAILED;
 }
 
+gboolean
+g_tls_connection_base_handshake_thread_ask_password (GTlsConnectionBase *tls,
+                                                     GTlsPassword       *password)
+{
+  GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+  GTlsInteractionResult res = G_TLS_INTERACTION_UNHANDLED;
+  GTlsInteraction *interaction;
+
+  g_return_val_if_fail (G_IS_TLS_CONNECTION_BASE (tls), FALSE);
+
+  g_clear_error (&priv->interaction_error);
+
+  interaction = g_tls_connection_get_interaction (G_TLS_CONNECTION (tls));
+  if (!interaction)
+    return FALSE;
+
+  res = g_tls_interaction_invoke_ask_password (interaction, password,
+                                               priv->read_cancellable,
+                                               &priv->interaction_error);
+  return res != G_TLS_INTERACTION_FAILED;
+}
+
 void
 g_tls_connection_base_handshake_thread_buffer_application_data (GTlsConnectionBase *tls,
                                                                 guint8             *data,
diff --git a/tls/base/gtlsconnection-base.h b/tls/base/gtlsconnection-base.h
index 7312683..a89122e 100644
--- a/tls/base/gtlsconnection-base.h
+++ b/tls/base/gtlsconnection-base.h
@@ -194,6 +194,9 @@ gboolean                  g_tls_connection_base_ever_handshaked         (GTlsCon
 
 gboolean                  g_tls_connection_base_handshake_thread_request_certificate
                                                                         (GTlsConnectionBase  *tls);
+gboolean                  g_tls_connection_base_handshake_thread_ask_password
+                                                                        (GTlsConnectionBase *tls,
+                                                                         GTlsPassword       *password);
 
 void                      g_tls_connection_base_handshake_thread_buffer_application_data
                                                                         (GTlsConnectionBase *tls,
diff --git a/tls/gnutls/gtlscertificate-gnutls.c b/tls/gnutls/gtlscertificate-gnutls.c
index 9d81cce..62d586a 100644
--- a/tls/gnutls/gtlscertificate-gnutls.c
+++ b/tls/gnutls/gtlscertificate-gnutls.c
@@ -528,7 +528,10 @@ g_tls_certificate_gnutls_copy  (GTlsCertificateGnutls  *gnutls,
       status = gnutls_privkey_import_pkcs11_url (*pkey,
                                                  gnutls->private_key_pkcs11_uri ? 
gnutls->private_key_pkcs11_uri : gnutls->pkcs11_uri);
       if (status != GNUTLS_E_SUCCESS)
-        g_warning ("Failed to copy PKCS #11 private key: %s", gnutls_strerror (status));
+        {
+          *pkey = NULL;
+          g_info ("Failed to copy PKCS #11 private key: %s", gnutls_strerror (status));
+        }
     }
   else
     {
diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c
index bc3f9c8..372f1fb 100644
--- a/tls/gnutls/gtlsconnection-gnutls.c
+++ b/tls/gnutls/gtlsconnection-gnutls.c
@@ -259,37 +259,19 @@ on_pin_request (void         *userdata,
 
   description = g_strdup_printf (" %s (%s)", token_label, token_url);
   password = g_tls_password_new (password_flags, description);
-  result = g_tls_interaction_invoke_ask_password (interaction, password,
-                                                  priv->cancellable,
-                                                  &error);
-  g_free (description);
-
-  switch (result)
-    {
-    case G_TLS_INTERACTION_FAILED:
-      if (!g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED))
-        g_warning ("Error getting PIN: %s", error->message);
-      g_error_free (error);
-      break;
-    case G_TLS_INTERACTION_UNHANDLED:
-      break;
-    case G_TLS_INTERACTION_HANDLED:
+  if (g_tls_connection_base_handshake_thread_ask_password (connection, password))
       {
         gsize password_size;
         const guchar *password_data = g_tls_password_get_value (password, &password_size);
         if (password_size > pin_max)
-          g_warning ("PIN is larger than max PIN size");
+          g_info ("PIN is larger than max PIN size");
 
         memcpy (pin, password_data, MIN (password_size, pin_max));
         ret = GNUTLS_E_SUCCESS;
-        break;
-      }
-    default:
-      g_assert_not_reached ();
     }
 
+  g_free (description);
   g_object_unref (password);
-
   return ret;
 }