Add token and pin initialization

pkcs11/_pkcs11.pyx

@@ -253,6 +253,31 @@ class Slot(types.Slot):
 class Token(types.Token):
     """Extend Token with implementation."""
 
+    def init_token(self, token_label, so_pin):
+        cdef CK_SLOT_ID slot_id = self.slot.slot_id
+        cdef CK_UTF8CHAR *pin_data
+        cdef CK_ULONG pin_length
+        cdef CK_UTF8CHAR *label
+
+        if token_label is None or so_pin is None:
+            raise ArgumentsBad("Set both `token_label` and `so_pin`")
+
+        pin = so_pin.encode('utf-8')
+        tlabel = token_label.encode('utf-8')
+
+        if pin and tlabel:
+            pin_data = pin
+            pin_length = len(pin)
+            label = tlabel
+
+            with nogil:
+                assertRV(_funclist.C_InitToken(slot_id, pin_data, pin_length,
+                                               label))
+
+            return True
+
+        return False
+
     def open(self, rw=False, user_pin=None, so_pin=None):
         cdef CK_SLOT_ID slot_id = self.slot.slot_id
         cdef CK_SESSION_HANDLE handle
@@ -373,6 +398,27 @@ def merge_templates(default_template, *user_templates):
 class Session(types.Session):
     """Extend Session with implementation."""
 
+    def init_pin(self, user_pin):
+        cdef CK_OBJECT_HANDLE handle = self._handle
+        cdef CK_UTF8CHAR *pin_data
+        cdef CK_ULONG pin_length
+
+        if user_pin is None:
+            raise ArgumentsBad("Set `user_pin`")
+
+        pin = user_pin.encode('utf-8')
+
+        if pin:
+            pin_data = pin
+            pin_length = len(pin)
+
+            with nogil:
+                assertRV(_funclist.C_InitPIN(handle, pin_data, pin_length))
+
+            return True
+
+        return False
+
     def close(self):
         cdef CK_OBJECT_HANDLE handle = self._handle
 

tests/test_sessions.py

@@ -26,6 +26,19 @@ def test_open_session_and_login_so(self):
         with self.token.open(rw=True, so_pin=TOKEN_SO_PIN) as session:
             self.assertIsInstance(session, pkcs11.Session)
 
+    @Only.softhsm2  # We don't have credentials to do this for other platforms
+    def test_init_pin(self):
+        temp_token_pin = "bearsbeetsbattlestargalactica"
+
+        with self.token.open(rw=True, so_pin=TOKEN_SO_PIN) as session:
+            self.assertTrue(session.init_pin(temp_token_pin))
+
+        with self.token.open(user_pin=temp_token_pin) as session:
+            self.assertIsInstance(session, pkcs11.Session)
+
+        with self.token.open(rw=True, so_pin=TOKEN_SO_PIN) as session:
+            self.assertTrue(session.init_pin(TOKEN_PIN))
+
     @requires(pkcs11.Mechanism.AES_KEY_GEN)
     def test_generate_key(self):
         with self.token.open(user_pin=TOKEN_PIN) as session:

tests/test_slots_and_tokens.py

@@ -72,3 +72,23 @@ def test_get_token(self):
         self.assertEqual(token.label, TOKEN)
         self.assertIn(pkcs11.TokenFlag.TOKEN_INITIALIZED, token.flags)
         self.assertIn(pkcs11.TokenFlag.LOGIN_REQUIRED, token.flags)
+
+    @Only.softhsm2
+    def test_init_token(self):
+        lib = pkcs11.lib(LIB)
+        tokens = lib.get_tokens()
+        temp_token_pin = "bearsbeetsbattlestargalactica"
+        temp_token_label = "schrute"
+
+        for token in tokens:
+            if pkcs11.TokenFlag.TOKEN_INITIALIZED not in token.flags:
+                self.assertTrue(token.init_token(temp_token_label,
+                                                 temp_token_pin))
+                break
+        else:
+            raise AssertionError("No Uninitialized token found")
+
+        token, *_ = lib.get_tokens(token_label=temp_token_label)
+
+        self.assertIn(pkcs11.TokenFlag.TOKEN_INITIALIZED, token.flags)
+        self.assertNotIn(pkcs11.TokenFlag.USER_PIN_INITIALIZED, token.flags)