[111] trunk/Tokend/PKCS11/GemaltoRecord.cpp

Revision: 111
Author: ludovic.rousseau@gmail.com
Date: 2010-02-02 05:42:35 -0800 (Tue, 02 Feb 2010)

Log Message

GemaltoPrivateKeyRecord::getAcl(): add a new "PIN1" argument to
mAclEntries.add() so that the PIN is asked and the card can be used.

Thanks to Giuseppe Amato for the info

Modified Paths

trunk/Tokend/PKCS11/GemaltoRecord.cpp

Diff

Modified: trunk/Tokend/PKCS11/GemaltoRecord.cpp (110 => 111)


--- trunk/Tokend/PKCS11/GemaltoRecord.cpp	2010-02-02 10:50:08 UTC (rev 110)
+++ trunk/Tokend/PKCS11/GemaltoRecord.cpp	2010-02-02 13:42:35 UTC (rev 111)
@@ -665,12 +665,17 @@
 			mAclEntries.allocator()),
 			AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
 
+		char tmptag[20];
+		const uint32 slot = 1;	// hardwired for now, but...
+		snprintf(tmptag, sizeof(tmptag), "PIN%d", slot);
+
+		// Using this key to sign or decrypt will require PIN1
 		mAclEntries.add(CssmClient::AclFactory::PinSubject(
 			mAclEntries.allocator(), 1),
 			AclAuthorizationSet(
 				CSSM_ACL_AUTHORIZATION_DECRYPT,
 				CSSM_ACL_AUTHORIZATION_SIGN,
-				0));
+				0), tmptag);
 	}
 	count = mAclEntries.size();
 	acls = mAclEntries.entries();