another work around the mac 10.10 yosemite PCSC bug, this time fix cryptoki; refs #34

m4/ax_check_qt.m4

@@ -32,7 +32,7 @@ AC_DEFUN([AX_CXX_QT_TOOL], [
   $1=${$1:-$(pkg-config --variable=host_bins Qt5Core)/$2}
   $1=${$1:-$(pkg-config --variable=$2_location QtCore)}
   $1=${$1:-$(pkg-config --variable=host_bins QtCore)/$2}
-  if ! which "$$1" > /dev/null; then
+  if ! which "${$1%% *}" > /dev/null; then
     if which "$2" > /dev/null; then
       $1=$2
     else

src/suisseid.hxx

@@ -274,6 +274,13 @@ namespace suisseid {
       }
       
       virtual Certificate certificate(const std::string& keylabel) {
+#       ifdef __APPLE__
+          /*! @bug Work around Mac OSX 10.10 bug. On Mac OSX 10.10
+                   there is a bug in PCSC: After a reconnect, first
+                   transaction (SCardTransmit) fails with
+                   SCARD_W_RESET_CARD (0x80100068). */
+          static int applebug(0);
+#       endif
         CRYPTOLOG("get certificate for key "<<keylabel);
         cryptoki::ObjectList keys // find keys with digsig-label
           (session().find(cryptoki::AttributeList()
@@ -284,19 +291,50 @@ namespace suisseid {
         for (cryptoki::ObjectList::iterator key(keys.begin());
              key!=keys.end(); ++key) {
           cryptoki::Attribute id(key->attribute(CKA_ID));
-          CRYPTOLOG("get certs for key with id "<<id.value);
+          CRYPTOLOG("get certs for key with id "<<crypto::hex(id));
           cryptoki::ObjectList certs
             (session().find(cryptoki::AttributeList()
                             <<cryptoki::Attribute(CKA_CLASS)
                             .from<CK_OBJECT_CLASS>(CKO_CERTIFICATE)
                             <<id));
           CRYPTOLOG("found "<<certs.size()<<" certificates");
-          for (cryptoki::ObjectList::iterator cert(certs.begin());
-               cert!=certs.end(); ++cert) { // return first matching cert
-            return Certificate(cert->attribute(CKA_VALUE).value,
-                               cert->attribute(CKA_LABEL).value,
-                               id);
+#       ifdef __APPLE__
+          /*! @bug Work around Mac OSX 10.10 bug. On Mac OSX 10.10
+                   there is a bug in PCSC: After a reconnect, first
+                   transaction (SCardTransmit) fails with
+                   SCARD_W_RESET_CARD (0x80100068). */
+          try {
+#       endif
+            for (cryptoki::ObjectList::iterator cert(certs.begin());
+                 cert!=certs.end(); ++cert) // return first matching cert
+              return Certificate(cert->attribute(CKA_VALUE).value,
+                                 cert->attribute(CKA_LABEL).value,
+                                 id);
+#         ifdef __APPLE__
+            /*! @bug Work around Mac OSX 10.10 bug. On Mac OSX 10.10
+                     there is a bug in PCSC: After a reconnect, first
+                     transaction (SCardTransmit) fails with
+                     SCARD_W_RESET_CARD (0x80100068). */
+          } catch (std::exception& x) {
+            if (++applebug>1) {
+              CRYPTOLOG("failed again after apple bug retry with "<<x.what());
+              applebug = 0; // failed again, give up, reset counter
+              throw;
+            } else {
+              CRYPTOLOG("failed with "<<x.what());
+              // try to fix Apple's Mac OS X 10.10 implementation bug
+              CRYPTOLOG("Mac OS X 10.10 implementation bug: "
+                        "On Mac OSX 10.10 there is a bug in "
+                        "PCSC: After a reconnect, first "
+                        "transaction (SCardTransmit) fails "
+                        "with SCARD_W_RESET_CARD (0x80100068). "
+                        "Retry Nr. "<<applebug);
+              Certificate c(certificate(const std::string& keylabel));
+              applebug = 0; // successful, reset counter
+              return c;
+            }
           }
+#         endif
         }
         throw no_certfound(keylabel);
       }