prepare even more

Signed-off-by: Matthieu Gallien <[email protected]>
nextcloud · Jul 28, 2023 · 92fa600 · 92fa600
1 parent 8a68de0
commit 92fa600
Showing 1 changed file with 100 additions and 1 deletion.
diff --git a/src/libsync/clientsideencryption.cpp b/src/libsync/clientsideencryption.cpp
@@ -877,13 +877,112 @@ std::optional<QByteArray> encryptStringAsymmetric(ENGINE *sslEngine, EVP_PKEY *p
     return out.toBase64();
 }
 
+void debugOpenssl()
+{
+    if (ERR_peek_error() == 0) {
+        return;
+    }
+
+    const char *file;
+    char errorMessage[255];
+    int line;
+    while (const auto errorNumber = ERR_get_error_line(&file, &line)) {
+        ERR_error_string(errorNumber, errorMessage);
+        qCWarning(lcCse()) << errorMessage << file << line;
+    }
+}
+
 }
 
 
 ClientSideEncryption::ClientSideEncryption()
 {
-    _sslEngine = ENGINE_new();
+    auto ctx = PKCS11_CTX_new();
+
+    auto rc = PKCS11_CTX_load(ctx, "");
+    if (rc) {
+        fprintf(stderr, "loading pkcs11 engine failed: %s\n",
+                ERR_reason_error_string(ERR_get_error()));
+        rc = 1;
+        exit(-1);
+    }
+
+    auto nslots = 0u;
+    PKCS11_SLOT *tokenSlots = nullptr;
+    /* get information on all slots */
+    rc = PKCS11_enumerate_slots(ctx, &tokenSlots, &nslots);
+    if (rc < 0) {
+        fprintf(stderr, "no slots available\n");
+        rc = 2;
+        exit(-1);
+    }
+
+    /* get first slot with a token */
+    auto slot = PKCS11_find_token(ctx, tokenSlots, nslots);
+    if (slot == NULL || slot->token == NULL) {
+        fprintf(stderr, "no token available\n");
+        rc = 3;
+        exit(-1);
+    }
+    printf("Slot manufacturer......: %s\n", slot->manufacturer);
+    printf("Slot description.......: %s\n", slot->description);
+    printf("Slot token label.......: %s\n", slot->token->label);
+    printf("Slot token manufacturer: %s\n", slot->token->manufacturer);
+    printf("Slot token model.......: %s\n", slot->token->model);
+    printf("Slot token serialnr....: %s\n", slot->token->serialnr);
+
+    auto logged_in = 0;
+    rc = PKCS11_is_logged_in(slot, 0, &logged_in);
+    if (rc != 0) {
+        fprintf(stderr, "PKCS11_is_logged_in failed\n");
+        rc = 8;
+        exit(-1);
+    }
+
+    /* perform pkcs #11 login */
+    QByteArray password = "0000";
+    rc = PKCS11_login(slot, 0, password.data());
+    if (rc != 0) {
+        fprintf(stderr, "PKCS11_login failed\n");
+        rc = 10;
+        exit(-1);
+    }
+
+    /* check if user is logged in */
+    rc = PKCS11_is_logged_in(slot, 0, &logged_in);
+    if (rc != 0) {
+        fprintf(stderr, "PKCS11_is_logged_in failed\n");
+        rc = 11;
+        exit(-1);
+    }
+    if (!logged_in) {
+        fprintf(stderr, "PKCS11_is_logged_in says user is not logged in, expected to be logged in\n");
+        rc = 12;
+        exit(-1);
+    }
+
+    ENGINE_load_dynamic();
+
+    _sslEngine = ENGINE_by_id("dynamic");
     qCInfo(lcCse()) << "ssl engine" << _sslEngine;
+
+    if (!ENGINE_ctrl_cmd_string(_sslEngine, "VERBOSE", nullptr, 0)) {
+        qCWarning(lcCse()) << "issue when adding hardware token to ssl engine" << _sslEngine;
+        EncryptionHelper::debugOpenssl();
+        return;
+    }
+
+    if (!ENGINE_ctrl_cmd_string(_sslEngine, "LOAD", nullptr, 0)) {
+        qCWarning(lcCse()) << "issue when adding hardware token to ssl engine" << _sslEngine;
+        EncryptionHelper::debugOpenssl();
+        return;
+    }
+
+    if (!ENGINE_init(_sslEngine)) {
+        qCWarning(lcCse()) << "issue when adding hardware token to ssl engine" << _sslEngine;
+        EncryptionHelper::debugOpenssl();
+        return;
+    }
 }
 
 const QSslKey &ClientSideEncryption::getPublicKey() const