[pkg-opensc-commit] [pkcs11-helper] 54/60: Certificate session fixup

[Eric Dorland]

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to tag pkcs11-helper-1.02
in repository pkcs11-helper.

commit f237e3f052b7877953d05edf09a1e6cae32a83b5
Author: alonbl <alonbl at 485eb718-1723-0410-b8a9-88cf21a28c35>
Date:   Sat Dec 23 22:22:01 2006 +0000

    Certificate session fixup
---
 lib/pkcs11h-certificate.c                 | 42 ++++++++++++++++++-------------
 tests/test-certificate/test-certificate.c | 27 ++++++++++++++++++++
 2 files changed, 52 insertions(+), 17 deletions(-)

diff --git a/lib/pkcs11h-certificate.c b/lib/pkcs11h-certificate.c
index 57b7baf..9d2dd8b 100644
--- a/lib/pkcs11h-certificate.c
+++ b/lib/pkcs11h-certificate.c
@@ -644,7 +644,8 @@ _pkcs11h_certificate_resetSession (
 #if defined(ENABLE_PKCS11H_THREADING)
 	PKCS11H_BOOL mutex_locked = FALSE;
 #endif
-	PKCS11H_BOOL is_key_valid = FALSE;
+	PKCS11H_BOOL session_valid = FALSE;
+	CK_OBJECT_HANDLE cert_handle;
 	CK_RV rv = CKR_FUNCTION_FAILED;
 
 	_PKCS11H_ASSERT (certificate!=NULL);
@@ -721,7 +722,23 @@ _pkcs11h_certificate_resetSession (
 					&certificate->key_handle
 				)) == CKR_OK
 			) {
-				is_key_valid = TRUE;
+				session_valid = TRUE;
+			}
+			else {
+				certificate->key_handle = _PKCS11H_INVALID_OBJECT_HANDLE;
+			}
+		}
+		else {
+			if (
+				(rv = _pkcs11h_session_getObjectById (
+					certificate->session,
+					CKO_CERTIFICATE,
+					certificate->id->attrCKA_ID,
+					certificate->id->attrCKA_ID_size,
+					&cert_handle
+				)) == CKR_OK
+			) {
+				session_valid = TRUE;
 			}
 			else {
 				certificate->key_handle = _PKCS11H_INVALID_OBJECT_HANDLE;
@@ -729,7 +746,9 @@ _pkcs11h_certificate_resetSession (
 		}
 	}
 
-	if (!is_key_valid) {
+	if (!session_valid) {
+		certificate->key_handle = _PKCS11H_INVALID_OBJECT_HANDLE;
+
 		if (
 			(rv = _pkcs11h_session_login (
 				certificate->session,
@@ -747,10 +766,7 @@ _pkcs11h_certificate_resetSession (
 		}
 	}
 
-	if (
-		!is_key_valid &&
-		!public_only
-	) {
+	if (!public_only && certificate->key_handle == _PKCS11H_INVALID_OBJECT_HANDLE) {
 		if (
 			(rv = _pkcs11h_session_getObjectById (
 				certificate->session,
@@ -758,20 +774,12 @@ _pkcs11h_certificate_resetSession (
 				certificate->id->attrCKA_ID,
 				certificate->id->attrCKA_ID_size,
 				&certificate->key_handle
-			)) == CKR_OK
+			)) != CKR_OK
 		) {
-			is_key_valid = TRUE;
+			goto cleanup;
 		}
 	}
 
-	if (
-		!public_only &&
-		!is_key_valid
-	) {
-		rv = CKR_FUNCTION_REJECTED;
-		goto cleanup;
-	}
-
 	rv = CKR_OK;
 
 cleanup:
diff --git a/tests/test-certificate/test-certificate.c b/tests/test-certificate/test-certificate.c
index bf42c05..4a3c28e 100644
--- a/tests/test-certificate/test-certificate.c
+++ b/tests/test-certificate/test-certificate.c
@@ -309,8 +309,35 @@ int main () {
 
 	sign_test (cert);
 
+	printf ("Perforing signature #4 (you should NOT be prompt for anything)\n");
+
+	if ((rv = pkcs11h_certificate_freeCertificate (cert)) != CKR_OK) {
+		fatal ("pkcs11h_certificate_free failed", rv);
+	}
+
+	if (
+		(rv = pkcs11h_certificate_create (
+			certs->certificate_id,
+			NULL,
+			PKCS11H_PROMPT_MASK_ALLOW_ALL,
+			PKCS11H_PIN_CACHE_INFINITE,
+			&cert
+		)) != CKR_OK
+	) {
+		fatal ("pkcs11h_certificate_create failed", rv);
+	}
+
+	sign_test (cert);
+
 	printf ("Terminating pkcs11-helper\n");
 
+	if ((rv = pkcs11h_certificate_freeCertificate (cert)) != CKR_OK) {
+		fatal ("pkcs11h_certificate_free failed", rv);
+	}
+
+	pkcs11h_certificate_freeCertificateIdList (issuers);
+	pkcs11h_certificate_freeCertificateIdList (certs);
+
 	if ((rv = pkcs11h_terminate ()) != CKR_OK) {
 		fatal ("pkcs11h_terminate failed", rv);
 	}

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/pkcs11-helper.git