another work around the mac 10.10 yosemite PCSC bug, this time fix cryptoki; refs #34

master
Marc Wäckerlin 10 years ago
parent d379988ce2
commit cac66974da
  1. 2
      m4/ax_check_qt.m4
  2. 44
      src/suisseid.hxx

@ -32,7 +32,7 @@ AC_DEFUN([AX_CXX_QT_TOOL], [
$1=${$1:-$(pkg-config --variable=host_bins Qt5Core)/$2} $1=${$1:-$(pkg-config --variable=host_bins Qt5Core)/$2}
$1=${$1:-$(pkg-config --variable=$2_location QtCore)} $1=${$1:-$(pkg-config --variable=$2_location QtCore)}
$1=${$1:-$(pkg-config --variable=host_bins QtCore)/$2} $1=${$1:-$(pkg-config --variable=host_bins QtCore)/$2}
if ! which "$$1" > /dev/null; then if ! which "${$1%% *}" > /dev/null; then
if which "$2" > /dev/null; then if which "$2" > /dev/null; then
$1=$2 $1=$2
else else

@ -274,6 +274,13 @@ namespace suisseid {
} }
virtual Certificate certificate(const std::string& keylabel) { virtual Certificate certificate(const std::string& keylabel) {
# ifdef __APPLE__
/*! @bug Work around Mac OSX 10.10 bug. On Mac OSX 10.10
there is a bug in PCSC: After a reconnect, first
transaction (SCardTransmit) fails with
SCARD_W_RESET_CARD (0x80100068). */
static int applebug(0);
# endif
CRYPTOLOG("get certificate for key "<<keylabel); CRYPTOLOG("get certificate for key "<<keylabel);
cryptoki::ObjectList keys // find keys with digsig-label cryptoki::ObjectList keys // find keys with digsig-label
(session().find(cryptoki::AttributeList() (session().find(cryptoki::AttributeList()
@ -284,19 +291,50 @@ namespace suisseid {
for (cryptoki::ObjectList::iterator key(keys.begin()); for (cryptoki::ObjectList::iterator key(keys.begin());
key!=keys.end(); ++key) { key!=keys.end(); ++key) {
cryptoki::Attribute id(key->attribute(CKA_ID)); cryptoki::Attribute id(key->attribute(CKA_ID));
CRYPTOLOG("get certs for key with id "<<id.value); CRYPTOLOG("get certs for key with id "<<crypto::hex(id));
cryptoki::ObjectList certs cryptoki::ObjectList certs
(session().find(cryptoki::AttributeList() (session().find(cryptoki::AttributeList()
<<cryptoki::Attribute(CKA_CLASS) <<cryptoki::Attribute(CKA_CLASS)
.from<CK_OBJECT_CLASS>(CKO_CERTIFICATE) .from<CK_OBJECT_CLASS>(CKO_CERTIFICATE)
<<id)); <<id));
CRYPTOLOG("found "<<certs.size()<<" certificates"); CRYPTOLOG("found "<<certs.size()<<" certificates");
# ifdef __APPLE__
/*! @bug Work around Mac OSX 10.10 bug. On Mac OSX 10.10
there is a bug in PCSC: After a reconnect, first
transaction (SCardTransmit) fails with
SCARD_W_RESET_CARD (0x80100068). */
try {
# endif
for (cryptoki::ObjectList::iterator cert(certs.begin()); for (cryptoki::ObjectList::iterator cert(certs.begin());
cert!=certs.end(); ++cert) { // return first matching cert cert!=certs.end(); ++cert) // return first matching cert
return Certificate(cert->attribute(CKA_VALUE).value, return Certificate(cert->attribute(CKA_VALUE).value,
cert->attribute(CKA_LABEL).value, cert->attribute(CKA_LABEL).value,
id); id);
} # ifdef __APPLE__
/*! @bug Work around Mac OSX 10.10 bug. On Mac OSX 10.10
there is a bug in PCSC: After a reconnect, first
transaction (SCardTransmit) fails with
SCARD_W_RESET_CARD (0x80100068). */
} catch (std::exception& x) {
if (++applebug>1) {
CRYPTOLOG("failed again after apple bug retry with "<<x.what());
applebug = 0; // failed again, give up, reset counter
throw;
} else {
CRYPTOLOG("failed with "<<x.what());
// try to fix Apple's Mac OS X 10.10 implementation bug
CRYPTOLOG("Mac OS X 10.10 implementation bug: "
"On Mac OSX 10.10 there is a bug in "
"PCSC: After a reconnect, first "
"transaction (SCardTransmit) fails "
"with SCARD_W_RESET_CARD (0x80100068). "
"Retry Nr. "<<applebug);
Certificate c(certificate(const std::string& keylabel));
applebug = 0; // successful, reset counter
return c;
}
}
# endif
} }
throw no_certfound(keylabel); throw no_certfound(keylabel);
} }

Loading…
Cancel
Save