|
|
|
@ -274,6 +274,13 @@ namespace suisseid { |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
virtual Certificate certificate(const std::string& keylabel) { |
|
|
|
|
# ifdef __APPLE__ |
|
|
|
|
/*! @bug Work around Mac OSX 10.10 bug. On Mac OSX 10.10
|
|
|
|
|
there is a bug in PCSC: After a reconnect, first |
|
|
|
|
transaction (SCardTransmit) fails with |
|
|
|
|
SCARD_W_RESET_CARD (0x80100068). */ |
|
|
|
|
static int applebug(0); |
|
|
|
|
# endif |
|
|
|
|
CRYPTOLOG("get certificate for key "<<keylabel); |
|
|
|
|
cryptoki::ObjectList keys // find keys with digsig-label
|
|
|
|
|
(session().find(cryptoki::AttributeList() |
|
|
|
@ -284,19 +291,50 @@ namespace suisseid { |
|
|
|
|
for (cryptoki::ObjectList::iterator key(keys.begin()); |
|
|
|
|
key!=keys.end(); ++key) { |
|
|
|
|
cryptoki::Attribute id(key->attribute(CKA_ID)); |
|
|
|
|
CRYPTOLOG("get certs for key with id "<<id.value); |
|
|
|
|
CRYPTOLOG("get certs for key with id "<<crypto::hex(id)); |
|
|
|
|
cryptoki::ObjectList certs |
|
|
|
|
(session().find(cryptoki::AttributeList() |
|
|
|
|
<<cryptoki::Attribute(CKA_CLASS) |
|
|
|
|
.from<CK_OBJECT_CLASS>(CKO_CERTIFICATE) |
|
|
|
|
<<id)); |
|
|
|
|
CRYPTOLOG("found "<<certs.size()<<" certificates"); |
|
|
|
|
for (cryptoki::ObjectList::iterator cert(certs.begin()); |
|
|
|
|
cert!=certs.end(); ++cert) { // return first matching cert
|
|
|
|
|
return Certificate(cert->attribute(CKA_VALUE).value, |
|
|
|
|
cert->attribute(CKA_LABEL).value, |
|
|
|
|
id); |
|
|
|
|
# ifdef __APPLE__ |
|
|
|
|
/*! @bug Work around Mac OSX 10.10 bug. On Mac OSX 10.10
|
|
|
|
|
there is a bug in PCSC: After a reconnect, first |
|
|
|
|
transaction (SCardTransmit) fails with |
|
|
|
|
SCARD_W_RESET_CARD (0x80100068). */ |
|
|
|
|
try { |
|
|
|
|
# endif |
|
|
|
|
for (cryptoki::ObjectList::iterator cert(certs.begin()); |
|
|
|
|
cert!=certs.end(); ++cert) // return first matching cert
|
|
|
|
|
return Certificate(cert->attribute(CKA_VALUE).value, |
|
|
|
|
cert->attribute(CKA_LABEL).value, |
|
|
|
|
id); |
|
|
|
|
# ifdef __APPLE__ |
|
|
|
|
/*! @bug Work around Mac OSX 10.10 bug. On Mac OSX 10.10
|
|
|
|
|
there is a bug in PCSC: After a reconnect, first |
|
|
|
|
transaction (SCardTransmit) fails with |
|
|
|
|
SCARD_W_RESET_CARD (0x80100068). */ |
|
|
|
|
} catch (std::exception& x) { |
|
|
|
|
if (++applebug>1) { |
|
|
|
|
CRYPTOLOG("failed again after apple bug retry with "<<x.what()); |
|
|
|
|
applebug = 0; // failed again, give up, reset counter
|
|
|
|
|
throw; |
|
|
|
|
} else { |
|
|
|
|
CRYPTOLOG("failed with "<<x.what()); |
|
|
|
|
// try to fix Apple's Mac OS X 10.10 implementation bug
|
|
|
|
|
CRYPTOLOG("Mac OS X 10.10 implementation bug: " |
|
|
|
|
"On Mac OSX 10.10 there is a bug in " |
|
|
|
|
"PCSC: After a reconnect, first " |
|
|
|
|
"transaction (SCardTransmit) fails " |
|
|
|
|
"with SCARD_W_RESET_CARD (0x80100068). " |
|
|
|
|
"Retry Nr. "<<applebug); |
|
|
|
|
Certificate c(certificate(const std::string& keylabel)); |
|
|
|
|
applebug = 0; // successful, reset counter
|
|
|
|
|
return c; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
# endif |
|
|
|
|
} |
|
|
|
|
throw no_certfound(keylabel); |
|
|
|
|
} |
|
|
|
|