[Fedora-directory-commits] coolkey/src/coolkey slot.cpp,1.1,1.2

Robert Relyea (rrelyea) fedora-directory-commits at redhat.com
Tue Jul 25 23:37:14 UTC 2006 

Author: rrelyea

Update of /cvs/dirsec/coolkey/src/coolkey
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4940

Modified Files:
	slot.cpp 
Log Message:


patch to support cac cards with only less than 3 certs.



Index: slot.cpp
===================================================================
RCS file: /cvs/dirsec/coolkey/src/coolkey/slot.cpp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- slot.cpp	9 Jun 2006 18:39:11 -0000	1.1
+++ slot.cpp	25 Jul 2006 23:37:11 -0000	1.2
@@ -605,7 +605,7 @@
 	 * ... even removing and reinserting the card does not change the
 	 * applet selection,
 	 * do so reset the card now  so we can get the CUID 
-	 * this will cause other apps to loose login state! */
+	 * NOTE: this will cause other apps to loose login state! */
 	CKYCardConnection_Reset(conn);
         readCUID(); /* get the CUID before we loose the ability to */
 	isVersion1Key = 0;
@@ -1655,6 +1655,8 @@
 	segmentHeader->dataHeaderSize = size;
 	segmentHeader->dataOffset = segmentHeader->dataHeaderOffset + size;
 	segmentHeader->dataSize = 0;
+	segmentHeader->cert2Offset = segmentHeader->dataOffset;
+	segmentHeader->cert2Size = 0;
 	shmData = (CKYByte *) &segmentAddr[segmentHeader->dataHeaderOffset];
 	break;
     case 1:
@@ -1975,7 +1977,24 @@
     CKYBuffer_InitEmpty(&cert);
     CKYBuffer_InitEmpty(&rawCert);
     CKYBuffer_InitEmpty(&shmCert);
-    selectCACApplet(instance);
+
+    //
+    // not all CAC cards have all the PKI instances
+    // catch the applet selection errors if they don't
+    //
+    try {
+        selectCACApplet(instance);
+    } catch(PKCS11Exception& e) {
+	// all CAC's must have instance '0', throw the error it
+	// they don't.
+	if (instance == 0) throw e;
+	// If the CAC doesn't have instance '2', and we were updating
+	// the shared memory, set it to valid now.
+	if ((instance == 2) && !shmem.isValid()) {
+	    shmem.setValid();
+	}
+	return;
+    }
 
     log->log("CAC Cert %d: select CAC applet:  %d ms\n",
 						 instance, OSTimeNow() - time);
@@ -2014,6 +2033,10 @@
 		needRead = 0;
 	    }
 	}
+	if (!needRead && (shmCertSize == 0)) {	
+	    /* no cert of this type, just return */
+	    return;
+	}
     }
     CKYBuffer_FreeData(&shmCert);
 
@@ -2029,7 +2052,14 @@
 						&nextSize, &apduRC);
 	
 	    if (status != CKYSUCCESS) {
-		handleConnectionError();
+		/* CAC only requires the Certificate in pki '0' */
+		/* if pki '1' or '2' are empty, treat it as a non-fatal error*/
+		if (instance == 2) {
+		    /* we've attempted to read all the certs, shared memory
+		     * is now valid */
+		    shmem.setValid();
+		}
+	   
 	    }
 	}

More information about the Fedora-directory-commits mailing list