pub struct TokenInfo { /* private fields */ }
Expand description
Information about a token
Implementations§
source§impl TokenInfo
impl TokenInfo
sourcepub fn label(&self) -> &str
pub fn label(&self) -> &str
An application-defined label, assigned during token initialization
Conformance: This string is maximally 32 bytes (not chars) as UTF-8
sourcepub fn manufacturer_id(&self) -> &str
pub fn manufacturer_id(&self) -> &str
The ID of the device manufacturer
Conformance: This string is maximally 32 bytes (not chars) as UTF-8
sourcepub fn model(&self) -> &str
pub fn model(&self) -> &str
The model of the device
Conformance: This string is maximally 16 bytes (not chars) as UTF-8
sourcepub fn serial_number(&self) -> &str
pub fn serial_number(&self) -> &str
The character-string serial number of the device
Conformance: This string is maximally 16 bytes (not chars) as UTF-8
sourcepub fn write_protected(&self) -> bool
pub fn write_protected(&self) -> bool
True if the token is write-protected
Conformance: Exactly what this value means is determined by the application. An application may be unable to perform certain actions on a write- protected token. These actions can include any of the following (non- exhaustive):
- Creating/modifying/deleting any object on the token
- Creating/modifying/deleting a token object on the token
- Changing the Security Officer’s PIN
- Changing the normal user’s PIN
The token may change its write-protected status depending on the
session state to implement its object management policy. For instance,
the token may report write-protection unless the session state is R/W
SO or R/W User to implement a policy that does not allow any objects,
public or private, to be created, modified, or deleted unless the user
has successfully called Session::login
.
sourcepub fn login_required(&self) -> bool
pub fn login_required(&self) -> bool
True if there are some cryptographic functions that a user must be logged in to perform
sourcepub fn user_pin_initialized(&self) -> bool
pub fn user_pin_initialized(&self) -> bool
True of the normal user’s PIN has been initialized
sourcepub fn restore_key_not_needed(&self) -> bool
pub fn restore_key_not_needed(&self) -> bool
True if a successful save of a session’s cryptographic operations state always contains all keys needed to restore the state of the session.
sourcepub fn clock_on_token(&self) -> bool
pub fn clock_on_token(&self) -> bool
True if the token has its own hardware clock
sourcepub fn protected_authentication_path(&self) -> bool
pub fn protected_authentication_path(&self) -> bool
True if the token has a “protected authentication path” whereby a user can log into the token without passing a PIN
sourcepub fn dual_crypto_operations(&self) -> bool
pub fn dual_crypto_operations(&self) -> bool
True if a single session with the token can perform dual cryptographic operations
sourcepub fn token_initialized(&self) -> bool
pub fn token_initialized(&self) -> bool
True if the token has been initialized with `Pkcs11::init_token or an equivalent mechanism outside the scope of the PKCS#11 standard
Conformance:
Calling Pkcs11::init_token
when
this flag is set will cause the token to be reinitialized.
sourcepub fn secondary_authentication(&self) -> bool
pub fn secondary_authentication(&self) -> bool
True if the token supports secondary authentication for private key
objects
Conformance:
This field is deprecated and new providers must not set it. I.e., this function must always return false
.
sourcepub fn user_pin_count_low(&self) -> bool
pub fn user_pin_count_low(&self) -> bool
True if an incorrect user login PIN has been entered at least once since the last successful authentication
Conformance: This value may be set to always be false if the token either does not support the functionality or will not reveal the information because of its security policy.
sourcepub fn user_pin_final_try(&self) -> bool
pub fn user_pin_final_try(&self) -> bool
True if supplying an incorrect user PIN will cause it to become locked
Conformance: This value may be set to always be false if the token either does not support the functionality or will not reveal the information because of its security policy.
sourcepub fn user_pin_locked(&self) -> bool
pub fn user_pin_locked(&self) -> bool
True if the user PIN has been locked; user login to the token is not possible
sourcepub fn user_pin_to_be_changed(&self) -> bool
pub fn user_pin_to_be_changed(&self) -> bool
True if the user PIN value is the default value set by the token initialization or manufacturing, or the PIN has been expired by the card
Conformance: This may be always false if the token either does not support the functionality or will not reveal the information because of its security policy.
If a PIN is set to the default value or has expired, this function
returns true
. When true, logging in with a PIN will succeed, but only
the Session::set_pin
function can
be called. Calling any other function that required the user to be
logged in will cause PinExpired
to be returned until
Session::set_pin
is called
successfully.
sourcepub fn so_pin_count_low(&self) -> bool
pub fn so_pin_count_low(&self) -> bool
True if an incorrect Security Officer login PIN has been entered at least once since the last successful authentication
Conformance: This value may be set to always be false if the token either does not support the functionality or will not reveal the information because of its security policy.
sourcepub fn so_pin_final_try(&self) -> bool
pub fn so_pin_final_try(&self) -> bool
True if supplying an incorrect Security Officer PIN will cause it to become locked
Conformance: This value may be set to always be false if the token either does not support the functionality or will not reveal the information because of its security policy.
sourcepub fn so_pin_locked(&self) -> bool
pub fn so_pin_locked(&self) -> bool
True if the Security Officer PIN has been locked; Security Officer login to the token is not possible
sourcepub fn so_pin_to_be_changed(&self) -> bool
pub fn so_pin_to_be_changed(&self) -> bool
True if the Security Officer PIN value is the default value set by the token initialization or manufacturing, or the PIN has been expired by the card
Conformance: This may be always false if the token either does not support the functionality or will not reveal the information because of its security policy.
If a PIN is set to the default value or has expired, this function
returns true
. When true, logging in with a PIN will succeed, but only
the Session::set_pin
function can
be called. Calling any other function that required the user to be
logged in will cause PinExpired
to be returned until
Session::set_pin
is called
successfully.
sourcepub fn error_state(&self) -> bool
pub fn error_state(&self) -> bool
True if the token failed a FIPS 140-2 self-test and entered an error state
sourcepub fn max_session_count(&self) -> Limit
pub fn max_session_count(&self) -> Limit
The maximum number of sessions that can be opened with the token at one time by a single application.
sourcepub fn session_count(&self) -> Option<u64>
pub fn session_count(&self) -> Option<u64>
The number of sessions this application currently has open with the token
sourcepub fn max_rw_session_count(&self) -> Limit
pub fn max_rw_session_count(&self) -> Limit
The maximum number of read/write sessions that can be opened with the token at one time by a single application.
sourcepub fn rw_session_count(&self) -> Option<u64>
pub fn rw_session_count(&self) -> Option<u64>
The number of read/write sessions this application currently has open with the token
sourcepub fn max_pin_length(&self) -> usize
pub fn max_pin_length(&self) -> usize
The maximum length in bytes of the PIN
sourcepub fn min_pin_length(&self) -> usize
pub fn min_pin_length(&self) -> usize
The minimum length in bytes of the PIN
sourcepub fn total_public_memory(&self) -> Option<usize>
pub fn total_public_memory(&self) -> Option<usize>
The total amount of memory on the token (in bytes) in which public
objects may be stored
Returns None
if this information is unavailable
sourcepub fn free_public_memory(&self) -> Option<usize>
pub fn free_public_memory(&self) -> Option<usize>
The amount of free (unused) emmeory on the token (in bytes) for public
objects
Returns None
if this information is unavailable
sourcepub fn total_private_memory(&self) -> Option<usize>
pub fn total_private_memory(&self) -> Option<usize>
The total amount of memory on the token (in bytes) in which private
objects may be stored
Returns None
if this information is unavailable
sourcepub fn free_private_memory(&self) -> Option<usize>
pub fn free_private_memory(&self) -> Option<usize>
The amount of free (unused) emmeory on the token (in bytes) for private
objects
Returns None
if this information is unavailable
sourcepub fn hardware_version(&self) -> Version
pub fn hardware_version(&self) -> Version
The version number of the hardware
sourcepub fn firmware_version(&self) -> Version
pub fn firmware_version(&self) -> Version
The version number of the firmware
sourcepub fn utc_time(&self) -> Option<UtcTime>
pub fn utc_time(&self) -> Option<UtcTime>
The current UTC datetime reported by the token
Returns None
if the token is not equipped with a clock (i.e.,
self.clock_on_token() == false
)
Conformance: The string representation of the datetime from the token is only required to be parsable as a string of ASCII digits. No additional structure (e.g., months numbered from 0 or from 1) is defined.