another work around the mac 10.10 yosemite PCSC bug, this time fix cryptoki; refs #34
This commit is contained in:
Marc Wäckerlin
@@ -32,7 +32,7 @@ AC_DEFUN([AX_CXX_QT_TOOL], [
|
||||
$1=${$1:-$(pkg-config --variable=host_bins Qt5Core)/$2}
|
||||
$1=${$1:-$(pkg-config --variable=$2_location QtCore)}
|
||||
$1=${$1:-$(pkg-config --variable=host_bins QtCore)/$2}
|
||||
if ! which "$$1" > /dev/null; then
|
||||
if ! which "${$1%% *}" > /dev/null; then
|
||||
if which "$2" > /dev/null; then
|
||||
$1=$2
|
||||
else
|
||||
|
||||
@@ -274,6 +274,13 @@ namespace suisseid {
|
||||
}
|
||||
|
||||
virtual Certificate certificate(const std::string& keylabel) {
|
||||
# ifdef __APPLE__
|
||||
/*! @bug Work around Mac OSX 10.10 bug. On Mac OSX 10.10
|
||||
there is a bug in PCSC: After a reconnect, first
|
||||
transaction (SCardTransmit) fails with
|
||||
SCARD_W_RESET_CARD (0x80100068). */
|
||||
static int applebug(0);
|
||||
# endif
|
||||
CRYPTOLOG("get certificate for key "<<keylabel);
|
||||
cryptoki::ObjectList keys // find keys with digsig-label
|
||||
(session().find(cryptoki::AttributeList()
|
||||
@@ -284,19 +291,50 @@ namespace suisseid {
|
||||
for (cryptoki::ObjectList::iterator key(keys.begin());
|
||||
key!=keys.end(); ++key) {
|
||||
cryptoki::Attribute id(key->attribute(CKA_ID));
|
||||
CRYPTOLOG("get certs for key with id "<<id.value);
|
||||
CRYPTOLOG("get certs for key with id "<<crypto::hex(id));
|
||||
cryptoki::ObjectList certs
|
||||
(session().find(cryptoki::AttributeList()
|
||||
<<cryptoki::Attribute(CKA_CLASS)
|
||||
.from<CK_OBJECT_CLASS>(CKO_CERTIFICATE)
|
||||
<<id));
|
||||
CRYPTOLOG("found "<<certs.size()<<" certificates");
|
||||
for (cryptoki::ObjectList::iterator cert(certs.begin());
|
||||
cert!=certs.end(); ++cert) { // return first matching cert
|
||||
return Certificate(cert->attribute(CKA_VALUE).value,
|
||||
cert->attribute(CKA_LABEL).value,
|
||||
id);
|
||||
# ifdef __APPLE__
|
||||
/*! @bug Work around Mac OSX 10.10 bug. On Mac OSX 10.10
|
||||
there is a bug in PCSC: After a reconnect, first
|
||||
transaction (SCardTransmit) fails with
|
||||
SCARD_W_RESET_CARD (0x80100068). */
|
||||
try {
|
||||
# endif
|
||||
for (cryptoki::ObjectList::iterator cert(certs.begin());
|
||||
cert!=certs.end(); ++cert) // return first matching cert
|
||||
return Certificate(cert->attribute(CKA_VALUE).value,
|
||||
cert->attribute(CKA_LABEL).value,
|
||||
id);
|
||||
# ifdef __APPLE__
|
||||
/*! @bug Work around Mac OSX 10.10 bug. On Mac OSX 10.10
|
||||
there is a bug in PCSC: After a reconnect, first
|
||||
transaction (SCardTransmit) fails with
|
||||
SCARD_W_RESET_CARD (0x80100068). */
|
||||
} catch (std::exception& x) {
|
||||
if (++applebug>1) {
|
||||
CRYPTOLOG("failed again after apple bug retry with "<<x.what());
|
||||
applebug = 0; // failed again, give up, reset counter
|
||||
throw;
|
||||
} else {
|
||||
CRYPTOLOG("failed with "<<x.what());
|
||||
// try to fix Apple's Mac OS X 10.10 implementation bug
|
||||
CRYPTOLOG("Mac OS X 10.10 implementation bug: "
|
||||
"On Mac OSX 10.10 there is a bug in "
|
||||
"PCSC: After a reconnect, first "
|
||||
"transaction (SCardTransmit) fails "
|
||||
"with SCARD_W_RESET_CARD (0x80100068). "
|
||||
"Retry Nr. "<<applebug);
|
||||
Certificate c(certificate(const std::string& keylabel));
|
||||
applebug = 0; // successful, reset counter
|
||||
return c;
|
||||
}
|
||||
}
|
||||
# endif
|
||||
}
|
||||
throw no_certfound(keylabel);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user