Blame SOURCES/coolkey-1.1.0-alt-tokens-2.patch

a2763b
diff -up ./src/coolkey/slot.cpp.alt-tokens-2 ./src/coolkey/slot.cpp
a2763b
--- ./src/coolkey/slot.cpp.alt-tokens-2	2018-06-25 17:58:23.472185284 -0700
a2763b
+++ ./src/coolkey/slot.cpp	2018-06-25 18:02:29.714918126 -0700
a2763b
@@ -415,8 +415,9 @@ Slot::Slot(const char *readerName_, Log
a2763b
 	tokenManufacturer(NULL),
a2763b
 	slotInfoFound(false), context(context_), conn(NULL), state(UNKNOWN), 
a2763b
 	isVersion1Key(false), needLogin(false), fullTokenName(false), 
a2763b
-	mCoolkey(false), mOldCAC(false), mCACLocalLogin(false),
a2763b
-	pivContainer(-1), pivKey(-1), maxCacCerts(MAX_CERT_SLOTS), 
a2763b
+	mCoolkey(false), mOldCAC(false), mCACLocalLogin(false), mCAC_ACA(false),
a2763b
+	pivContainer(-1), pivKey(-1),
a2763b
+	minCacCerts(0), maxCacCerts(MAX_CERT_SLOTS),
a2763b
 	algs(ALG_NONE), p15aid(0), p15odfAddr(0), p15tokenInfoAddr(0),
a2763b
 	p15Instance(0),
a2763b
 #ifdef USE_SHMEM
a2763b
@@ -782,9 +783,11 @@ Slot::connectToToken()
a2763b
 	 state |= PIV_CARD | APPLET_SELECTABLE | APPLET_PERSONALIZED;
a2763b
 	 isVersion1Key = 0;
a2763b
 	 needLogin = true;
a2763b
+	 minCacCerts = 0;
a2763b
 	 maxCacCerts = MAX_CERT_SLOTS;
a2763b
          mCoolkey = 0;
a2763b
 	 mOldCAC = 0;
a2763b
+	 mCAC_ACA = 0;
a2763b
 	 mCACLocalLogin = getPIVLoginType();
a2763b
 	return;
a2763b
     } 
a2763b
@@ -924,23 +927,29 @@ Slot::getCACAid()
a2763b
 	CKYBuffer_Resize(&cardAID[i],0);
a2763b
     }
a2763b
 
a2763b
+    mCAC_ACA=false;
a2763b
     status = CACApplet_SelectCCC(conn,NULL);
a2763b
     if (status != CKYSUCCESS) {
a2763b
 	/* are we an old CAC */
a2763b
-	status = CACApplet_SelectPKI(conn, &cardAID[0], 0, NULL);
a2763b
-	if (status != CKYSUCCESS) {
a2763b
-	   /* no, just fail */
a2763b
-	   return status;
a2763b
-	}
a2763b
-	/* yes, fill in the old applets */
a2763b
-	mOldCAC = true;
a2763b
-	maxCacCerts = 1;
a2763b
-	for (i=1; i< MAX_CERT_SLOTS; i++) {
a2763b
+	maxCacCerts = 0;
a2763b
+	minCacCerts = -1;
a2763b
+        status = CACApplet_SelectACA(conn,NULL);
a2763b
+        if (status == CKYSUCCESS) {
a2763b
+	    mCAC_ACA = true;
a2763b
+        }
a2763b
+	for (i=0; i< MAX_CERT_SLOTS; i++) {
a2763b
 	    status = CACApplet_SelectPKI(conn, &cardAID[i], i, NULL);
a2763b
 	    if (status == CKYSUCCESS) {
a2763b
+		if (minCacCerts == -1) {
a2763b
+		    minCacCerts = i;
a2763b
+                }
a2763b
 		maxCacCerts = i+1;
a2763b
 	    }
a2763b
 	}
a2763b
+	if (minCacCerts == -1) {
a2763b
+	    return status;
a2763b
+        }
a2763b
+	mOldCAC = true;
a2763b
 	return CKYSUCCESS;
a2763b
     }
a2763b
     /* definately not an old CAC */
a2763b
@@ -997,6 +1006,7 @@ Slot::getCACAid()
a2763b
     if (certSlot == 0) {
a2763b
 	status = CKYAPDUFAIL; /* probably neeed a beter error code */
a2763b
     }
a2763b
+    minCacCerts = 0;
a2763b
     maxCacCerts = certSlot;
a2763b
 
a2763b
 done:
a2763b
@@ -3840,7 +3850,16 @@ Slot::login(SessionHandleSuffix handleSu
a2763b
     if(status != CKYSUCCESS ) handleConnectionError();
a2763b
 
a2763b
     if (state & GOV_CARD) {
a2763b
-	selectCACApplet(0, true);
a2763b
+	if (mCAC_ACA) {
a2763b
+            status = CACApplet_SelectACA(conn,NULL);
a2763b
+	    if ( status == CKYSCARDERR ) handleConnectionError();
a2763b
+	    if ( status != CKYSUCCESS) {
a2763b
+		disconnect();
a2763b
+        	throw PKCS11Exception(CKR_DEVICE_REMOVED);
a2763b
+	    }
a2763b
+	} else {
a2763b
+	    selectCACApplet(minCacCerts, true);
a2763b
+	}
a2763b
     } else if ((state & P15_CARD)== 0) {
a2763b
 	/* p15 does the select in attemptLogin */
a2763b
 	selectApplet();
a2763b
diff -up ./src/coolkey/slot.h.alt-tokens-2 ./src/coolkey/slot.h
a2763b
--- ./src/coolkey/slot.h.alt-tokens-2	2018-06-25 17:58:23.473185283 -0700
a2763b
+++ ./src/coolkey/slot.h	2018-06-25 17:58:23.475185280 -0700
a2763b
@@ -356,8 +356,10 @@ class Slot {
a2763b
     bool mCoolkey;
a2763b
     bool mOldCAC;
a2763b
     bool mCACLocalLogin;
a2763b
+    bool mCAC_ACA;
a2763b
     int pivContainer;
a2763b
     int pivKey;
a2763b
+    int minCacCerts;
a2763b
     int maxCacCerts;
a2763b
     SlotAlgs algs;
a2763b
     unsigned short p15aid;
a2763b
diff -up ./src/libckyapplet/cky_applet.c.alt-tokens-2 ./src/libckyapplet/cky_applet.c
a2763b
--- ./src/libckyapplet/cky_applet.c.alt-tokens-2	2018-06-25 17:58:23.473185283 -0700
a2763b
+++ ./src/libckyapplet/cky_applet.c	2018-06-25 17:58:23.475185280 -0700
a2763b
@@ -626,6 +626,19 @@ CACApplet_SelectCCC(CKYCardConnection *c
a2763b
     return ret;
a2763b
 }
a2763b
 
a2763b
+static CKYByte cacACAid[] = {0xa0, 0x00, 0x00, 0x00, 0x79, 0x10, 0x00 };
a2763b
+CKYStatus
a2763b
+CACApplet_SelectACA(CKYCardConnection *conn, CKYISOStatus *apduRC)
a2763b
+{
a2763b
+    CKYStatus ret;
a2763b
+    CKYBuffer CAC_CM_AID;
a2763b
+    CKYBuffer_InitFromData(&CAC_CM_AID, cacACAid, sizeof(cacACAid));
a2763b
+    ret = CKYApplet_HandleAPDU(conn, CKYAppletFactory_SelectFile, &CAC_CM_AID,
a2763b
+		 NULL, CKY_SIZE_UNKNOWN, CKYAppletFill_Null, NULL, apduRC);
a2763b
+    CKYBuffer_FreeData(&CAC_CM_AID);
a2763b
+    return ret;
a2763b
+}
a2763b
+
a2763b
 CKYStatus
a2763b
 CACApplet_SelectFile(CKYCardConnection *conn, unsigned short ef,
a2763b
 						 CKYISOStatus *apduRC)
a2763b
diff -up ./src/libckyapplet/cky_applet.h.alt-tokens-2 ./src/libckyapplet/cky_applet.h
a2763b
--- ./src/libckyapplet/cky_applet.h.alt-tokens-2	2018-06-25 17:58:23.457185300 -0700
a2763b
+++ ./src/libckyapplet/cky_applet.h	2018-06-25 17:58:23.475185280 -0700
a2763b
@@ -539,6 +539,8 @@ CKYStatus CACApplet_SelectCardManager(CK
a2763b
 							CKYISOStatus *apduRC);
a2763b
 /* Select the CAC CC container. Can happen with either applet selected */
a2763b
 CKYStatus CACApplet_SelectCCC(CKYCardConnection *conn, CKYISOStatus *apduRC);
a2763b
+/* Select the CAC ACA container. Can happen with either applet selected */
a2763b
+CKYStatus CACApplet_SelectACA(CKYCardConnection *conn, CKYISOStatus *apduRC);
a2763b
 /* Select an old CAC applet and fill in the cardAID */
a2763b
 CKYStatus CACApplet_SelectPKI(CKYCardConnection *conn, CKYBuffer *cardAid,
a2763b
 			      CKYByte instance, CKYISOStatus *apduRC);