Jakuje · Jakuje · Mar 12, 2021 · Mar 30, 2021 · Mar 28, 2021 · Mar 28, 2021
diff --git a/.clang-format b/.clang-format
@@ -0,0 +1,33 @@
+BasedOnStyle: LLVM
+# defaults from LLVM
+# BreakBeforeBraces: Attach
+# AllowShortIfStatementsOnASingleLine: Never
+# IndentCaseLabels: false
+# AlignAfterOpenBracket: Align
+# AlignTrailingComments: true
+# MaxEmptyLinesToKeep: 1
+# ReflowComments: falsedefault
+# SortIncludes: true
+# BreakBeforeBinaryOperators: None
+# BraceWrapping:
+#   AfterClass:      false
+#   AfterControlStatement: false
+#   AfterFunction:   false
+#   AfterNamespace:  false
+#   BeforeCatch:     false
+#   BeforeElse:      false
+#   IndentBraces:    false
+
+# OpenSC modifications
+IndentWidth: 8
+# This is ugly, but hopefully allowing to use tabs for continuation indentation
+ContinuationIndentWidth: 8
+UseTab: ForContinuationAndIndentation
+AlignConsecutiveMacros: true
+ColumnLimit: 110
+
+BraceWrapping:
+  AfterEnum:       true
+  AfterObjCDeclaration: true
+  AfterStruct:     true
+  AfterUnion:      true
diff --git a/.github/build.sh b/.github/build.sh
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+set -ex -o xtrace
+
+export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig;
+
+if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then
+	PR_NUMBER=$(echo $GITHUB_REF | awk 'BEGIN { FS = "/" } ; { print $3 }')
+	if [ "$GITHUB_BASE_REF" == "master" ]; then
+		./bootstrap.ci -s "-pr$PR_NUMBER"
+	else
+		./bootstrap.ci -s "$GITHUB_BASE_REF-pr$PR_NUMBER"
+	fi
+else
+	BRANCH=$(echo $GITHUB_REF | awk 'BEGIN { FS = "/" } ; { print $3 }')
+	if [ "$BRANCH" == "master" ]; then
+		./bootstrap
+	else
+		./bootstrap.ci -s "$BRANCH"
+	fi
+fi
+
+if [ "$RUNNER_OS" == "macOS" ]; then
+	./MacOSX/build
+	exit $?
+fi
+
+if [ "$1" == "mingw" -o "$1" == "mingw32" ]; then
+	if [ "$1" == "mingw" ]; then
+		HOST=x86_64-w64-mingw32
+	elif [ "$1" == "mingw32" ]; then
+		HOST=i686-w64-mingw32
+	fi
+	unset CC
+	unset CXX
+	./configure --host=$HOST --with-completiondir=/tmp --disable-openssl --disable-readline --disable-zlib --disable-notify --prefix=$PWD/win32/opensc || cat config.log;
+	make -j 2 V=1
+	# no point in running tests on mingw
+else
+	if [ "$1" == "ix86" ]; then
+		export CFLAGS="-m32"
+		export LDFLAGS="-m32"
+	fi
+	# normal procedure
+	./configure  --disable-dependency-tracking
+	make -j 2 V=1
+	# 32b build has some issues to find openssl correctly
+	if [ "$1" != "ix86" ]; then
+		make check
+	fi
+fi
+
+# this is broken in old ubuntu
+if [ "$1" == "dist" ]; then
+	make distcheck
+	make dist
+fi
+
+sudo make install
+if [ "$1" == "mingw" -o "$1" == "mingw32" ]; then
+	# pack installed files
+	wine "C:/Program Files/Inno Setup 5/ISCC.exe" win32/OpenSC.iss
+fi
diff --git a/.github/cleanup-macos.sh b/.github/cleanup-macos.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -ex -o xtrace
+
+if [ -n "$PASS_SECRETS_TAR_ENC" ]; then
+    .github/remove_signing_key.sh
+fi
diff --git a/.github/push_artifacts.sh b/.github/push_artifacts.sh
@@ -2,11 +2,15 @@
 
 set -ex -o xtrace
 
+if [ -z "$GH_TOKEN" ]; then
+    exit 0
+fi
+
 BUILDPATH=${PWD}
 BRANCH="`git log --max-count=1 --date=short --abbrev=8 --pretty=format:"%cd_%h"`"
 
 git clone --single-branch https://${GH_TOKEN}@github.com/OpenSC/Nightly.git > /dev/null 2>&1
-cd Nightly
+pushd Nightly
 git checkout -b "${BRANCH}"
 
 for file in ${BUILDPATH}/win32/Output/OpenSC*.exe ${BUILDPATH}/opensc*.tar.gz ${BUILDPATH}/OpenSC*.dmg ${BUILDPATH}/OpenSC*.msi ${BUILDPATH}/OpenSC*.zip
@@ -33,3 +37,4 @@ do
     git pull --rebase origin --strategy-option ours "${BRANCH}"
     i=$(( $i + 1 ))
 done
+popd
diff --git a/.github/restart-pcscd.sh b/.github/restart-pcscd.sh
@@ -0,0 +1,39 @@
+#!/bin/bash -e
+
+# This file is made to be sourced into other test scripts and not executed
+# manually because it sets trap to restore pcscd to working state
+
+# register cleanup handler
+function pcscd_cleanup {
+	echo "Process terminated: resetting pcscd"
+	sudo pkill pcscd
+	if which systemctl; then
+		sudo systemctl start pcscd.socket
+	fi
+}
+trap pcscd_cleanup EXIT
+
+
+# stop the pcscd service and run it from console to see possible errors
+if which systemctl; then
+	sudo systemctl stop pcscd.service pcscd.socket
+else
+	sudo pkill pcscd || echo "no pcscd process was running"
+fi
+sudo /usr/sbin/pcscd -f 2>&1 | sed -e 's/^/pcscd: /;' &
+
+
+# Try to wait up to 30 seconds for pcscd to come up and create PID file
+for ((i=1;i<=30;i++)); do
+	echo "Waiting for pcscd to start: $i s"
+	if [ -f "/var/run/pcscd/pcscd.pid" ]; then
+		break
+	fi
+	sleep 1
+done
+
+
+# if it did not come up, warn, but continue
+if [ ! -f "/var/run/pcscd/pcscd.pid" ]; then
+	echo "WARNING: The pcscd pid file does not exist ... trying anyway"
+fi
diff --git a/.github/secrets.tar.enc b/.github/secrets.tar.enc
diff --git a/.github/secrets.tar.gpg b/.github/secrets.tar.gpg
diff --git a/.github/setup-java.sh b/.github/setup-java.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -ex -o xtrace
+
+# Select the right java
+sudo update-java-alternatives -s java-1.8.0-openjdk-amd64
+sudo update-alternatives --get-selections | grep ^java
+export PATH="/usr/lib/jvm/java-8-openjdk-amd64/bin/:$PATH"
+export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/
+env | grep -i openjdk
+
+# VSmartcard
+./.github/setup-vsmartcard.sh
+
+# Javacard SDKs
+if [ ! -d "oracle_javacard_sdks" ]; then
+	git clone https://github.com/martinpaljak/oracle_javacard_sdks.git
+fi
+export JC_HOME=$PWD/oracle_javacard_sdks/jc222_kit
+export JC_CLASSIC_HOME=$PWD/oracle_javacard_sdks/jc305u3_kit
+
+# jCardSim
+if [ ! -d "jcardsim" ]; then
+	git clone https://github.com/Jakuje/jcardsim.git
+fi
+pushd jcardsim
+env | grep -i openjdk
+export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/
+mvn initialize && mvn clean install
+popd
diff --git a/.github/setup-linux.sh b/.github/setup-linux.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+set -ex -o xtrace
+
+# Generic dependencies
+DEPS="docbook-xsl xsltproc gengetopt help2man pcscd check pcsc-tools libtool make autoconf autoconf-archive automake pkg-config openssl git"
+
+# 64bit or 32bit dependencies
+if [ "$1" == "ix86" ]; then
+	sudo dpkg --add-architecture i386
+	DEPS="$DEPS gcc-multilib libpcsclite-dev:i386 libcmocka-dev:i386 libssl-dev:i386 zlib1g-dev:i386 libreadline-dev:i386 softhsm2:i386"
+else
+	DEPS="$DEPS libpcsclite-dev libcmocka-dev libssl-dev zlib1g-dev libreadline-dev softhsm2"
+fi
+
+if [ "$1" == "clang-tidy" ]; then
+	DEPS="$DEPS clang-tidy"
+elif [ "$1" == "cac" ]; then
+	DEPS="$DEPS libglib2.0-dev libnss3-dev gnutls-bin libusb-dev libudev-dev flex libnss3-tools"
+elif [ "$1" == "oseid" ]; then
+	DEPS="$DEPS socat gawk xxd"
+elif [ "$1" == "piv" -o "$1" == "isoapplet" -o "$1" == "gidsapplet" -o "$1" == "openpgp" ]; then
+	if [ "$1" == "piv" ]; then
+		DEPS="$DEPS cmake"
+	fi
+	DEPS="$DEPS ant openjdk-8-jdk maven"
+elif [ "$1" == "mingw" -o "$1" == "mingw32" ]; then
+	DEPS="$DEPS wine wine32 xvfb wget"
+	sudo dpkg --add-architecture i386
+	if [ "$1" == "mingw" ]; then
+		DEPS="$DEPS binutils-mingw-w64-x86-64 gcc-mingw-w64-x86-64 mingw-w64"
+	elif [ "$1" == "mingw32" ]; then
+		DEPS="$DEPS binutils-mingw-w64-i686 gcc-mingw-w64-i686"
+	fi
+fi
+
+# make sure we do not get prompts
+export DEBIAN_FRONTEND=noninteractive
+export DEBCONF_NONINTERACTIVE_SEEN=true
+sudo apt-get update
+sudo apt-get install -y build-essential $DEPS
+
+if [ "$1" == "mingw" -o "$1" == "mingw32" ]; then
+	if [ ! -f "$(winepath 'C:/Program Files/Inno Setup 5/ISCC.exe')" ]; then
+		/sbin/start-stop-daemon --start --quiet --pidfile /tmp/custom_xvfb_99.pid --make-pidfile --background --exec /usr/bin/Xvfb -- :99 -ac -screen 0 1280x1024x16
+		export DISPLAY=:99.0
+		[ -d isetup ] || mkdir isetup
+		pushd isetup
+		[ -f isetup-5.5.6.exe ] || wget http://files.jrsoftware.org/is/5/isetup-5.5.6.exe
+		sleep 5 # make sure the X server is ready ?
+		wine isetup-5.5.6.exe /SILENT /VERYSILENT /SP- /SUPPRESSMSGBOXES /NORESTART
+		popd
+	fi
+fi
diff --git a/.github/setup-macos.sh b/.github/setup-macos.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+set -ex -o xtrace
+
+brew install automake
+
+# gengetopt
+curl https://ftp.gnu.org/gnu/gengetopt/gengetopt-2.23.tar.xz -L --output gengetopt-2.23.tar.xz
+tar xfj gengetopt-2.23.tar.xz
+pushd gengetopt-2.23
+./configure && make
+sudo make install
+popd
+
+# help2man
+curl https://ftp.gnu.org/gnu/help2man/help2man-1.47.16.tar.xz -L --output help2man-1.47.16.tar.xz
+tar xjf help2man-1.47.16.tar.xz
+pushd help2man-1.47.16
+./configure && make
+sudo make install
+popd
+
+# openSCToken
+export PATH="/usr/local/opt/ccache/libexec:$PATH"
+git clone https://github.com/frankmorgner/OpenSCToken.git
+sudo rm -rf /Library/Developer/CommandLineTools;
+
+if [ -n "$PASS_SECRETS_TAR_ENC" ]; then
+    gpg --quiet --batch --yes --decrypt --passphrase="$PASS_SECRETS_TAR_ENC" --output .github/secrets.tar .github/secrets.tar.gpg
+    .github/add_signing_key.sh;
+else
+    unset CODE_SIGN_IDENTITY INSTALLER_SIGN_IDENTITY;
+fi
diff --git a/.github/setup-vsmartcard.sh b/.github/setup-vsmartcard.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -ex -o xtrace
+
+if [ ! -d "vsmartcard" ]; then
+	git clone https://github.com/frankmorgner/vsmartcard.git
+fi
+pushd vsmartcard/virtualsmartcard
+git checkout -b  tag-0.8 virtualsmartcard-0.8
+autoreconf -vis && ./configure && make -j2 && sudo make install
+popd
diff --git a/.github/test-cac.sh b/.github/test-cac.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+set -ex -o xtrace
+
+# install the opensc
+sudo make install
+export LD_LIBRARY_PATH=/usr/local/lib
+
+# VSmartcard
+./.github/setup-vsmartcard.sh
+
+# libcacard
+if [ ! -d "libcacard" ]; then
+	git clone https://gitlab.freedesktop.org/spice/libcacard.git
+fi
+pushd libcacard
+./autogen.sh --prefix=/usr && make -j2 && sudo make install
+popd
+
+# prepare pcscd
+. .github/restart-pcscd.sh
+
+# virt_cacard
+if [ ! -d "virt_cacard" ]; then
+	git clone https://github.com/Jakuje/virt_cacard.git
+fi
+pushd virt_cacard
+./autogen.sh && ./configure && make
+./setup-softhsm2.sh
+export SOFTHSM2_CONF=$PWD/softhsm2.conf
+# register cleanup function on exit
+trap "pkill -9 virt_cacard" EXIT
+./virt_cacard 2>&1 | sed -e 's/^/virt_cacard: /;' &
+popd
+
+# run the tests
+pushd src/tests/p11test/
+sleep 5
+./p11test -s 0 -p 12345678 -o virt_cacard.json
+popd
+
+# cleanup -- this would break later uses of pcscd
+pushd vsmartcard/virtualsmartcard
+sudo make uninstall
+popd
+
+diff -u3 src/tests/p11test/virt_cacard{_ref,}.json
diff --git a/.github/test-gidsapplet.sh b/.github/test-gidsapplet.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+set -ex -o xtrace
+
+# install the opensc
+sudo make install
+export LD_LIBRARY_PATH=/usr/local/lib
+
+# setup java stuff
+. .github/setup-java.sh
+
+# GidsApplet
+git clone https://github.com/vletoux/GidsApplet.git;
+javac -classpath jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar GidsApplet/src/com/mysmartlogon/gidsApplet/*.java;
+echo "com.licel.jcardsim.card.applet.0.AID=A000000397425446590201" > gids_jcardsim.cfg;
+echo "com.licel.jcardsim.card.applet.0.Class=com.mysmartlogon.gidsApplet.GidsApplet" >> gids_jcardsim.cfg;
+echo "com.licel.jcardsim.card.ATR=3B80800101" >> gids_jcardsim.cfg;
+echo "com.licel.jcardsim.vsmartcard.host=localhost" >> gids_jcardsim.cfg;
+echo "com.licel.jcardsim.vsmartcard.port=35963" >> gids_jcardsim.cfg;
+
+
+# prepare pcscd
+. .github/restart-pcscd.sh
+
+
+# start the applet and run couple of commands against that
+java -noverify -cp GidsApplet/src/:jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar com.licel.jcardsim.remote.VSmartCard gids_jcardsim.cfg >/dev/null &
+PID=$!;
+sleep 5;
+opensc-tool --card-driver default --send-apdu 80b80000190bA0000003974254465902010bA00000039742544659020100;
+opensc-tool -n;
+gids-tool --initialize --pin 123456 --admin-key 000000000000000000000000000000000000000000000000 --serial 00000000000000000000000000000000;
+kill -9 $PID