static int
sc_init(void)
{
int r;
r = sc_establish_context(&ctx, "openssh");
if (r)
goto err;
if (sc_reader_id >= ctx->reader_count) {
r = SC_ERROR_NO_READERS_FOUND;
error("Illegal reader number %d (max %d)", sc_reader_id,
ctx->reader_count -1);
goto err;
}
r = sc_connect_card(ctx->reader[sc_reader_id], 0, &card);
if (r)
goto err;
r = sc_pkcs15_bind(card, &p15card);
if (r)
goto err;
return 0;
err:
sc_close();
return r;
}
static int list_readers(sc_context_t *ctx)
{
char card_atr[0x3e];
sc_card_t *card;
sc_reader_t *reader;
size_t i, rcount = sc_ctx_get_reader_count(ctx);
if (rcount == 0) {
printf("No smart card readers found.\n");
return 0;
}
printf("%-4s %-7s %s\n", "Nr.", "Driver", "Smart Card Reader");
for (i = 0; i < rcount; i++) {
reader = sc_ctx_get_reader(ctx, i);
memset(card_atr, '\0', sizeof card_atr);
if (sc_detect_card_presence(reader) & SC_READER_CARD_PRESENT) {
if (sc_connect_card(reader, &card) == SC_SUCCESS) {
sc_bin_to_hex(card->atr.value, card->atr.len,
card_atr, sizeof card_atr, ':');
}
sc_disconnect_card(card);
} else {
strncpy(card_atr, "[no card present]", sizeof card_atr);
}
printf("%-4d %-7s %s\n", i, reader->driver->short_name, reader->name);
printf(" ATR: %s\n", card_atr);
}
return 0;
}
static int init_pkcs15(PluginInstance *inst)
{
int r;
r = sc_establish_context(&inst->ctx, "opensc-signer");
if (r)
return r;
inst->reader_id = 0;
r = sc_connect_card(inst->ctx->reader[inst->reader_id], 0, &inst->card);
if (r)
return r;
r = sc_pkcs15_bind(inst->card, &inst->p15card);
if (r)
return r;
return 0;
}
int sc_test_init(int *argc, char *argv[])
{
char *opt_driver = NULL, *app_name;
int opt_debug = 0, opt_reader = -1;
int i, c, rc;
sc_context_param_t ctx_param;
if ((app_name = strrchr(argv[0], '/')) != NULL)
app_name++;
else
app_name = argv[0];
while ((c = getopt_long(*argc, argv, "r:c:d", options, NULL)) != -1) {
switch (c) {
case 'r':
opt_reader = atoi(optarg);
break;
case 'c':
opt_driver = optarg;
break;
case 'd':
opt_debug++;
break;
default:
fprintf(stderr,
"usage: %s [-r reader] [-c driver] [-d]\n",
app_name);
exit(1);
}
}
*argc = optind;
printf("Using libopensc version %s.\n", sc_get_version());
memset(&ctx_param, 0, sizeof(ctx_param));
ctx_param.ver = 0;
ctx_param.app_name = app_name;
i = sc_context_create(&ctx, &ctx_param);
if (i != SC_SUCCESS) {
printf("Failed to establish context: %s\n", sc_strerror(i));
return i;
}
ctx->debug = opt_debug;
if (opt_reader >= sc_ctx_get_reader_count(ctx)) {
fprintf(stderr, "Illegal reader number.\n"
"Only %d reader(s) configured.\n",
sc_ctx_get_reader_count(ctx));
exit(1);
}
while (1) {
if (opt_reader >= 0) {
rc = sc_detect_card_presence(sc_ctx_get_reader(ctx, opt_reader));
printf("Card %s.\n", rc == 1 ? "present" : "absent");
if (rc < 0)
return rc;
} else {
for (i = rc = 0; rc != 1 && i < sc_ctx_get_reader_count(ctx); i++)
rc = sc_detect_card_presence(sc_ctx_get_reader(ctx, opt_reader));
if (rc == 1)
opt_reader = i - 1;
}
if (rc > 0) {
printf("Card detected in reader '%s'\n",sc_ctx_get_reader(ctx, opt_reader)->name);
break;
}
if (rc < 0)
return rc;
printf("Please insert a smart card. Press return to continue");
fflush(stdout);
while (getc(stdin) != '\n')
;
}
printf("Connecting... ");
fflush(stdout);
i = sc_connect_card(sc_ctx_get_reader(ctx, opt_reader), &card);
if (i != SC_SUCCESS) {
printf("Connecting to card failed: %s\n", sc_strerror(i));
return i;
}
printf("connected.\n");
{
char tmp[SC_MAX_ATR_SIZE*3];
sc_bin_to_hex(card->atr, card->atr_len, tmp, sizeof(tmp) - 1, ':');
printf("ATR = %s\n",tmp);
}
if (opt_driver != NULL) {
rc = sc_set_card_driver(ctx, opt_driver);
if (rc != 0) {
fprintf(stderr,
"Driver '%s' not found!\n", opt_driver);
return rc;
}
}
return 0;
}
int util_connect_card(sc_context_t *ctx, sc_card_t **cardp,
int reader_id, int slot_id, int wait, int verbose)
{
sc_reader_t *reader;
sc_card_t *card;
int r;
if (wait) {
sc_reader_t *readers[16];
int slots[16];
unsigned int i;
int j, k, found;
unsigned int event;
for (i = k = 0; i < sc_ctx_get_reader_count(ctx); i++) {
if (reader_id >= 0 && (unsigned int)reader_id != i)
continue;
reader = sc_ctx_get_reader(ctx, i);
for (j = 0; j < reader->slot_count; j++, k++) {
readers[k] = reader;
slots[k] = j;
}
}
//printf("Waiting for card to be inserted...\n");
r = sc_wait_for_event(readers, slots, k,
SC_EVENT_CARD_INSERTED,
&found, &event, -1);
if (r < 0) {
syslog(LOG_ERR,
"Error while waiting for card: %s\n",
sc_strerror(r));
return 3;
}
reader = readers[found];
slot_id = slots[found];
} else {
if (sc_ctx_get_reader_count(ctx) == 0) {
syslog(LOG_ERR,
"No smart card readers found.\n");
return 1;
}
if (reader_id < 0) {
unsigned int i;
/* Automatically try to skip to a reader with a card if reader not specified */
for (i = 0; i < sc_ctx_get_reader_count(ctx); i++) {
reader = sc_ctx_get_reader(ctx, i);
if (sc_detect_card_presence(reader, 0) & SC_SLOT_CARD_PRESENT) {
reader_id = i;
syslog(LOG_NOTICE, "Using reader with a card: %s\n", reader->name);
goto autofound;
}
}
reader_id = 0;
}
autofound:
if ((unsigned int)reader_id >= sc_ctx_get_reader_count(ctx)) {
syslog(LOG_ERR,
"Illegal reader number. "
"Only %d reader(s) configured.\n",
sc_ctx_get_reader_count(ctx));
return 1;
}
reader = sc_ctx_get_reader(ctx, reader_id);
slot_id = 0;
if (sc_detect_card_presence(reader, 0) <= 0) {
syslog(LOG_ERR, "Card not present.\n");
return 3;
}
}
if (verbose)
printf("Connecting to card in reader %s...\n", reader->name);
if ((r = sc_connect_card(reader, slot_id, &card)) < 0) {
syslog(LOG_ERR,
"Failed to connect to card: %s\n",
sc_strerror(r));
return 1;
}
if (verbose)
printf("Using card driver %s.\n", card->driver->name);
if ((r = sc_lock(card)) < 0) {
syslog(LOG_ERR,
"Failed to lock card: %s\n",
sc_strerror(r));
sc_disconnect_card(card, 0);
return 1;
}
*cardp = card;
return 0;
}
CK_RV card_detect(sc_reader_t *reader)
{
struct sc_pkcs11_card *p11card = NULL;
int free_p11card = 0;
int rc;
CK_RV rv;
unsigned int i;
int j;
sc_log(context, "%s: Detecting smart card", reader->name);
/* Check if someone inserted a card */
again:
rc = sc_detect_card_presence(reader);
if (rc < 0) {
sc_log(context, "%s: failed, %s", reader->name, sc_strerror(rc));
return sc_to_cryptoki_error(rc, NULL);
}
if (rc == 0) {
sc_log(context, "%s: card absent", reader->name);
card_removed(reader); /* Release all resources */
return CKR_TOKEN_NOT_PRESENT;
}
/* If the card was changed, disconnect the current one */
if (rc & SC_READER_CARD_CHANGED) {
sc_log(context, "%s: Card changed", reader->name);
/* The following should never happen - but if it
* does we'll be stuck in an endless loop.
* So better be fussy.
if (!retry--)
return CKR_TOKEN_NOT_PRESENT; */
card_removed(reader);
goto again;
}
/* Locate a slot related to the reader */
for (i=0; i<list_size(&virtual_slots); i++) {
sc_pkcs11_slot_t *slot = (sc_pkcs11_slot_t *) list_get_at(&virtual_slots, i);
if (slot->reader == reader) {
p11card = slot->p11card;
break;
}
}
/* Detect the card if it's not known already */
if (p11card == NULL) {
sc_log(context, "%s: First seen the card ", reader->name);
p11card = (struct sc_pkcs11_card *)calloc(1, sizeof(struct sc_pkcs11_card));
if (!p11card)
return CKR_HOST_MEMORY;
free_p11card = 1;
p11card->reader = reader;
}
if (p11card->card == NULL) {
sc_log(context, "%s: Connecting ... ", reader->name);
rc = sc_connect_card(reader, &p11card->card);
if (rc != SC_SUCCESS) {
sc_log(context, "%s: SC connect card error %i", reader->name, rc);
rv = sc_to_cryptoki_error(rc, NULL);
goto fail;
}
/* escape commands are only guaranteed to be working with a card
* inserted. That's why by now, after sc_connect_card() the reader's
* metadata may have changed. We re-initialize the metadata for every
* slot of this reader here. */
if (reader->flags & SC_READER_ENABLE_ESCAPE) {
for (i = 0; i<list_size(&virtual_slots); i++) {
sc_pkcs11_slot_t *slot = (sc_pkcs11_slot_t *) list_get_at(&virtual_slots, i);
if (slot->reader == reader)
init_slot_info(&slot->slot_info, reader);
}
}
sc_log(context, "%s: Connected SC card %p", reader->name, p11card->card);
}
/* Detect the framework */
if (p11card->framework == NULL) {
struct sc_app_info *app_generic = sc_pkcs15_get_application_by_type(p11card->card, "generic");
sc_log(context, "%s: Detecting Framework. %i on-card applications", reader->name, p11card->card->app_count);
sc_log(context, "%s: generic application %s", reader->name, app_generic ? app_generic->label : "<none>");
for (i = 0; frameworks[i]; i++)
if (frameworks[i]->bind != NULL)
break;
/*TODO: only first framework is used: pkcs15init framework is not reachable here */
if (frameworks[i] == NULL) {
rv = CKR_GENERAL_ERROR;
goto fail;
}
p11card->framework = frameworks[i];
/* Initialize framework */
sc_log(context, "%s: Detected framework %d. Creating tokens.", reader->name, i);
/* Bind 'generic' application or (emulated?) card without applications */
if (app_generic || !p11card->card->app_count) {
scconf_block *conf_block = NULL;
int enable_InitToken = 0;
conf_block = sc_match_atr_block(p11card->card->ctx, NULL,
&p11card->reader->atr);
if (!conf_block) /* check default block */
conf_block = sc_get_conf_block(context,
"framework", "pkcs15", 1);
enable_InitToken = scconf_get_bool(conf_block,
"pkcs11_enable_InitToken", 0);
sc_log(context, "%s: Try to bind 'generic' token.", reader->name);
rv = frameworks[i]->bind(p11card, app_generic);
if (rv == CKR_TOKEN_NOT_RECOGNIZED && enable_InitToken) {
sc_log(context, "%s: 'InitToken' enabled -- accept non-binded card", reader->name);
rv = CKR_OK;
}
if (rv != CKR_OK) {
sc_log(context,
"%s: cannot bind 'generic' token: rv 0x%lX",
reader->name, rv);
goto fail;
}
sc_log(context, "%s: Creating 'generic' token.", reader->name);
rv = frameworks[i]->create_tokens(p11card, app_generic);
if (rv != CKR_OK) {
sc_log(context,
"%s: create 'generic' token error 0x%lX",
reader->name, rv);
goto fail;
}
}
/* Now bind the rest of applications that are not 'generic' */
for (j = 0; j < p11card->card->app_count; j++) {
struct sc_app_info *app_info = p11card->card->app[j];
char *app_name = app_info ? app_info->label : "<anonymous>";
if (app_generic && app_generic == p11card->card->app[j])
continue;
sc_log(context, "%s: Binding %s token.", reader->name, app_name);
rv = frameworks[i]->bind(p11card, app_info);
if (rv != CKR_OK) {
sc_log(context, "%s: bind %s token error Ox%lX",
reader->name, app_name, rv);
continue;
}
sc_log(context, "%s: Creating %s token.", reader->name, app_name);
rv = frameworks[i]->create_tokens(p11card, app_info);
if (rv != CKR_OK) {
sc_log(context,
"%s: create %s token error 0x%lX",
reader->name, app_name, rv);
goto fail;
}
}
}
sc_log(context, "%s: Detection ended", reader->name);
return CKR_OK;
fail:
if (free_p11card) {
if (p11card->framework)
p11card->framework->unbind(p11card);
if (p11card->card != NULL)
sc_disconnect_card(p11card->card);
free(p11card);
}
return rv;
}
CK_RV card_detect(sc_reader_t *reader)
{
struct sc_pkcs11_card *p11card = NULL;
int rc, rv;
unsigned int i;
rv = CKR_OK;
sc_debug(context, SC_LOG_DEBUG_NORMAL, "%s: Detecting smart card\n", reader->name);
/* Check if someone inserted a card */
again:rc = sc_detect_card_presence(reader);
if (rc < 0) {
sc_debug(context, SC_LOG_DEBUG_NORMAL, "%s: failed, %s\n", reader->name, sc_strerror(rc));
return sc_to_cryptoki_error(rc, NULL);
}
if (rc == 0) {
sc_debug(context, SC_LOG_DEBUG_NORMAL, "%s: card absent\n", reader->name);
card_removed(reader); /* Release all resources */
return CKR_TOKEN_NOT_PRESENT;
}
/* If the card was changed, disconnect the current one */
if (rc & SC_READER_CARD_CHANGED) {
sc_debug(context, SC_LOG_DEBUG_NORMAL, "%s: Card changed\n", reader->name);
/* The following should never happen - but if it
* does we'll be stuck in an endless loop.
* So better be fussy.
if (!retry--)
return CKR_TOKEN_NOT_PRESENT; */
card_removed(reader);
goto again;
}
/* Locate a slot related to the reader */
for (i=0; i<list_size(&virtual_slots); i++) {
sc_pkcs11_slot_t *slot = (sc_pkcs11_slot_t *) list_get_at(&virtual_slots, i);
if (slot->reader == reader) {
p11card = slot->card;
break;
}
}
/* Detect the card if it's not known already */
if (p11card == NULL) {
sc_debug(context, SC_LOG_DEBUG_NORMAL, "%s: First seen the card ", reader->name);
p11card = (struct sc_pkcs11_card *)calloc(1, sizeof(struct sc_pkcs11_card));
if (!p11card)
return CKR_HOST_MEMORY;
p11card->reader = reader;
}
if (p11card->card == NULL) {
sc_debug(context, SC_LOG_DEBUG_NORMAL, "%s: Connecting ... ", reader->name);
rc = sc_connect_card(reader, &p11card->card);
if (rc != SC_SUCCESS)
return sc_to_cryptoki_error(rc, NULL);
}
/* Detect the framework */
if (p11card->framework == NULL) {
sc_debug(context, SC_LOG_DEBUG_NORMAL, "%s: Detecting Framework\n", reader->name);
for (i = 0; frameworks[i]; i++) {
if (frameworks[i]->bind == NULL)
continue;
rv = frameworks[i]->bind(p11card);
if (rv == CKR_OK)
break;
}
if (frameworks[i] == NULL)
return CKR_TOKEN_NOT_RECOGNIZED;
/* Initialize framework */
sc_debug(context, SC_LOG_DEBUG_NORMAL, "%s: Detected framework %d. Creating tokens.\n", reader->name, i);
rv = frameworks[i]->create_tokens(p11card);
if (rv != CKR_OK)
return rv;
p11card->framework = frameworks[i];
}
sc_debug(context, SC_LOG_DEBUG_NORMAL, "%s: Detection ended\n", reader->name);
return CKR_OK;
}
int main(
int argc,
char *argv[]
){
const struct option options[]={
{ "help", 0, NULL, 'h' },
{ "verbose", 0, NULL, 'v' },
{ "reader", 1, NULL, 'r' },
{ "pin", 1, NULL, 'p' },
{ "puk", 1, NULL, 'u' },
{ "pin0", 1, NULL, '0' },
{ "pin1", 1, NULL, '1' },
{ NULL, 0, NULL, 0 }
};
sc_context_t *ctx;
sc_context_param_t ctx_param;
sc_card_t *card;
int do_help=0, do_unblock=0, do_change=0, do_nullpin=0, do_readcert=0, do_writecert=0;
u8 newpin[32];
char *certfile=NULL, *p;
int r, oerr=0, reader=0, debug=0, newlen=0, pin_nr=-1, cert_nr=-1;
size_t i;
while((r=getopt_long(argc,argv,"hvr:p:u:0:1:",options,NULL))!=EOF) switch(r){
case 'h': ++do_help; break;
case 'v': ++debug; break;
case 'r': reader=atoi(optarg); break;
case 'p': set_pin(pinlist[0].value, &pinlist[0].len, optarg); break;
case 'u': set_pin(pinlist[1].value, &pinlist[1].len, optarg); break;
case '0': set_pin(pinlist[2].value, &pinlist[2].len, optarg); break;
case '1': set_pin(pinlist[3].value, &pinlist[3].len, optarg); break;
default: ++oerr;
}
if(do_help){
fprintf(stderr,"This is netkey-tool V1.0, May 15 2005, Copyright Peter Koch <*****@*****.**>\n");
fprintf(stderr,"usage: %s <options> command\n", argv[0]);
fprintf(stderr,"\nOptions:\n");
fprintf(stderr," -v : verbose, may be specified several times\n");
fprintf(stderr," --reader <num>, -r <num> : use reader num (default 0)\n");
fprintf(stderr," --pin <pin>, -p <pin> : current value of global PIN\n");
fprintf(stderr," --puk <pin>, -u <pin> : current value of global PUK\n");
fprintf(stderr," --pin0 <pin>, -0 <pin> : current value of local PIN0\n");
fprintf(stderr," --pin1 <pin>, -1 <pin> : current value of local PIN1\n");
fprintf(stderr,"\nCommands:\n");
fprintf(stderr," unblock {pin | pin0 | pin1}\n");
fprintf(stderr," change {pin | puk | pin0 | pin1} <new pin>\n");
fprintf(stderr," nullpin <new pin>\n");
fprintf(stderr," cert <certnum> <filepath>\n");
fprintf(stderr," cert <filepath> <certnum>\n");
fprintf(stderr,"\nExamples:\n");
fprintf(stderr,"list PINs and Certs without changing anything. Try this first!!\n");
fprintf(stderr," %s\n", argv[0]);
fprintf(stderr,"\nlist PINs and Certs and initial PUK-value (after verification of global PIN)\n");
fprintf(stderr," %s --pin 123456\n", argv[0]);
fprintf(stderr,"\nchange local PIN0 to 654321 after verification of global PIN\n");
fprintf(stderr," %s --pin 123456 change pin0 654321\n", argv[0]);
fprintf(stderr,"\nchange global PIN from hex 01:02:03:04:05:06 to ascii 123456\n");
fprintf(stderr," %s --pin 01:02:03:04:05:06 change pin 123456\n", argv[0]);
fprintf(stderr,"\nunblock global PIN with global PUK\n");
fprintf(stderr," %s --puk 12345678 unblock pin\n", argv[0]);
fprintf(stderr,"\nset global PIN to initial value when in NullPin-state\n");
fprintf(stderr," %s nullpin 123456\n", argv[0]);
fprintf(stderr,"\nstore Certificate into card at position 2 and read it back into file\n");
fprintf(stderr," %s --pin1 123456 cert /tmp/cert1 2\n", argv[0]);
fprintf(stderr," %s cert 2 /tmp/cert2\n", argv[0]);
fprintf(stderr,"\nBe carful - this tool may destroy your card\n");
fprintf(stderr,"\nQuestions? Comments? ==> [email protected]\n");
exit(1);
}
if(optind==argc-2 && !strcmp(argv[optind],"unblock")){
++optind, do_unblock=1;
pin_nr=pin_string2int(argv[optind++]);
if(pin_nr<0 || pin_nr==1) ++oerr;
}
if(optind==argc-3 && !strcmp(argv[optind],"change")){
++optind, do_change=1;
pin_nr=pin_string2int(argv[optind++]);
if(pin_nr<0 || pin_nr>3) ++oerr;
set_pin(newpin,&newlen,argv[optind++]);
}
if(optind==argc-2 && !strcmp(argv[optind],"nullpin")){
++optind, do_nullpin=1;
set_pin(newpin,&newlen,argv[optind++]);
}
if(optind==argc-3 && !strcmp(argv[optind],"cert")){
++optind;
cert_nr=strtol(argv[optind],&p,10);
if(argv[optind][0] && !*p && cert_nr>=0 && cert_nr<(int)(sizeof(certlist)/sizeof(certlist[0]))){
do_readcert=1, certfile=argv[optind+1];
} else {
do_writecert=1, certfile=argv[optind];
cert_nr=strtol(argv[optind+1],&p,10);
if(!argv[optind][0] || *p || cert_nr<0 || cert_nr>=(int)(sizeof(certlist)/sizeof(certlist[0]))) ++oerr;
}
optind+=2;
}
if(oerr || optind!=argc){
fprintf(stderr,"%s: invalid usage, try --help\n", argv[0]);
exit(1);
}
memset(&ctx_param, 0, sizeof(ctx_param));
ctx_param.ver = 0;
ctx_param.app_name = argv[0];
r = sc_context_create(&ctx, &ctx_param);
if(r < 0){
fprintf(stderr,"Establish-Context failed: %s\n", sc_strerror(r));
exit(1);
}
ctx->debug=debug;
if(ctx->debug>0)
printf("Context for application \"%s\" created, Debug=%d\n", ctx->app_name, ctx->debug);
for(i=0;ctx->card_drivers[i];++i)
if(!strcmp("tcos", ctx->card_drivers[i]->short_name)) break;
if(!ctx->card_drivers[i]){
fprintf(stderr,"Context does not support TCOS-cards\n");
exit(1);
}
printf("%d Reader detected\n", sc_ctx_get_reader_count(ctx));
for(i=0; i < sc_ctx_get_reader_count(ctx); ++i){
sc_reader_t *myreader = sc_ctx_get_reader(ctx, i);
printf("%lu: %s, Driver: %s, %d Slot(s)\n",
(unsigned long) i, myreader->name,
myreader->driver->name, myreader->slot_count);
}
if(reader < 0 || reader >= (int)sc_ctx_get_reader_count(ctx)){
fprintf(stderr,"Cannot open reader %d\n", reader);
exit(1);
}
if((r = sc_connect_card(sc_ctx_get_reader(ctx, 0), 0, &card))<0){
fprintf(stderr,"Connect-Card failed: %s\n", sc_strerror(r));
exit(1);
}
printf("\nCard detected (driver: %s)\nATR:", card->driver->name);
for(i=0;i<card->atr_len;++i) printf("%c%02X", i?':':' ', card->atr[i]); printf("\n");
if((r = sc_lock(card))<0){
fprintf(stderr,"Lock failed: %s\n", sc_strerror(r));
exit(1);
}
show_card(card);
if(do_unblock || do_change){
int i1=pinlist[pin_nr].p1, i2=pinlist[pin_nr].p2;
if((do_unblock || !pinlist[pin_nr].len) &&
(i1<0 || !pinlist[i1].len) && (i2<0 || !pinlist[i2].len)
){
fprintf(stderr, "\nNeed %s", do_change ? pinlist[pin_nr].label : pinlist[i1].label);
if(do_change && i1>=0) fprintf(stderr, " or %s", pinlist[i1].label);
if(i2>=0) fprintf(stderr, " or %s", pinlist[i2].label);
fprintf(stderr, " to %s %s\n", do_change ? "change" : "unblock", pinlist[pin_nr].label);
} else {
if(do_change && pinlist[pin_nr].len) i1=pin_nr;
if(i1<0 || !pinlist[i1].len) i1=i2;
handle_change(card, pin_nr, i1, do_change, newpin, newlen);
}
}
if(do_nullpin){
handle_nullpin(card, newpin, newlen);
show_initial_puk(card);
}
if(do_readcert) handle_readcert(card, cert_nr, certfile);
if(do_writecert){
if(certlist[cert_nr].readonly){
fprintf(stderr, "\nReadonly-Certificate %d cannot be changed\n", cert_nr);
} else if(!pinlist[0].len && !pinlist[3].len){
fprintf(stderr, "\nNeed %s or %s to change Card-Certificate %d\n",
pinlist[0].label, pinlist[3].label, cert_nr
);
} else handle_writecert(card, cert_nr, certfile);
}
if(do_unblock+do_change+do_nullpin+do_readcert==0) show_certs(card);
sc_unlock(card);
sc_disconnect_card(card,0);
sc_release_context(ctx);
exit(0);
}
/* Create a new context for the card and figures out some basic
information of the card. Detects whether a PKCS_15 application is
stored.
Common errors: GPG_ERR_CARD_NOT_PRESENT */
int
card_open (CARD *rcard)
{
#ifdef HAVE_OPENSC
CARD card;
int rc;
if (opt.disable_opensc)
return gpg_error (GPG_ERR_NOT_SUPPORTED);
card = xtrycalloc (1, sizeof *card);
if (!card)
return gpg_error (gpg_err_code_from_errno (errno));
card->reader = 0;
rc = sc_establish_context (&card->ctx, "scdaemon");
if (rc)
{
log_error ("failed to establish SC context: %s\n", sc_strerror (rc));
rc = map_sc_err (rc);
goto leave;
}
if (card->reader >= card->ctx->reader_count)
{
log_error ("no card reader available\n");
rc = gpg_error (GPG_ERR_CARD);
goto leave;
}
card->ctx->error_file = log_get_stream ();
card->ctx->debug = opt.debug_sc;
card->ctx->debug_file = log_get_stream ();
if (sc_detect_card_presence (card->ctx->reader[card->reader], 0) != 1)
{
rc = gpg_error (GPG_ERR_CARD_NOT_PRESENT);
goto leave;
}
rc = sc_connect_card (card->ctx->reader[card->reader], 0, &card->scard);
if (rc)
{
log_error ("failed to connect card in reader %d: %s\n",
card->reader, sc_strerror (rc));
rc = map_sc_err (rc);
goto leave;
}
if (opt.verbose)
log_info ("connected to card in reader %d using driver '%s'\n",
card->reader, card->scard->driver->name);
rc = sc_lock (card->scard);
if (rc)
{
log_error ("can't lock card in reader %d: %s\n",
card->reader, sc_strerror (rc));
rc = map_sc_err (rc);
goto leave;
}
leave:
if (rc)
card_close (card);
else
*rcard = card;
return rc;
#else
return gpg_error (GPG_ERR_NOT_SUPPORTED);
#endif
}
