another work around the mac 10.10 yosemite PCSC bug, this time fix cryptoki; refs #34

2014-12-11 09:06:51 +00:00
parent d379988ce2
commit cac66974da
2 changed files with 45 additions and 7 deletions
--- a/src/suisseid.hxx
+++ b/src/suisseid.hxx
@@ -274,6 +274,13 @@ namespace suisseid {
      }
      
      virtual Certificate certificate(const std::string& keylabel) {
+#       ifdef __APPLE__
+          /*! @bug Work around Mac OSX 10.10 bug. On Mac OSX 10.10
+                   there is a bug in PCSC: After a reconnect, first
+                   transaction (SCardTransmit) fails with
+                   SCARD_W_RESET_CARD (0x80100068). */
+          static int applebug(0);
+#       endif
        CRYPTOLOG("get certificate for key "<<keylabel);
        cryptoki::ObjectList keys // find keys with digsig-label
          (session().find(cryptoki::AttributeList()
@@ -284,19 +291,50 @@ namespace suisseid {
        for (cryptoki::ObjectList::iterator key(keys.begin());
             key!=keys.end(); ++key) {
          cryptoki::Attribute id(key->attribute(CKA_ID));
-          CRYPTOLOG("get certs for key with id "<<id.value);
+          CRYPTOLOG("get certs for key with id "<<crypto::hex(id));
          cryptoki::ObjectList certs
            (session().find(cryptoki::AttributeList()
                            <<cryptoki::Attribute(CKA_CLASS)
                            .from<CK_OBJECT_CLASS>(CKO_CERTIFICATE)
                            <<id));
          CRYPTOLOG("found "<<certs.size()<<" certificates");
-          for (cryptoki::ObjectList::iterator cert(certs.begin());
-               cert!=certs.end(); ++cert) { // return first matching cert
-            return Certificate(cert->attribute(CKA_VALUE).value,
-                               cert->attribute(CKA_LABEL).value,
-                               id);
+#       ifdef __APPLE__
+          /*! @bug Work around Mac OSX 10.10 bug. On Mac OSX 10.10
+                   there is a bug in PCSC: After a reconnect, first
+                   transaction (SCardTransmit) fails with
+                   SCARD_W_RESET_CARD (0x80100068). */
+          try {
+#       endif
+            for (cryptoki::ObjectList::iterator cert(certs.begin());
+                 cert!=certs.end(); ++cert) // return first matching cert
+              return Certificate(cert->attribute(CKA_VALUE).value,
+                                 cert->attribute(CKA_LABEL).value,
+                                 id);
+#         ifdef __APPLE__
+            /*! @bug Work around Mac OSX 10.10 bug. On Mac OSX 10.10
+                     there is a bug in PCSC: After a reconnect, first
+                     transaction (SCardTransmit) fails with
+                     SCARD_W_RESET_CARD (0x80100068). */
+          } catch (std::exception& x) {
+            if (++applebug>1) {
+              CRYPTOLOG("failed again after apple bug retry with "<<x.what());
+              applebug = 0; // failed again, give up, reset counter
+              throw;
+            } else {
+              CRYPTOLOG("failed with "<<x.what());
+              // try to fix Apple's Mac OS X 10.10 implementation bug
+              CRYPTOLOG("Mac OS X 10.10 implementation bug: "
+                        "On Mac OSX 10.10 there is a bug in "
+                        "PCSC: After a reconnect, first "
+                        "transaction (SCardTransmit) fails "
+                        "with SCARD_W_RESET_CARD (0x80100068). "
+                        "Retry Nr. "<<applebug);
+              Certificate c(certificate(const std::string& keylabel));
+              applebug = 0; // successful, reset counter
+              return c;
+            }
          }
+#         endif
        }
        throw no_certfound(keylabel);
      }