Workaround Fin driver issues

IB-5827

Signed-off-by: Raul Metsma <[email protected]>

client/QPKCS11.cpp

@@ -266,9 +266,19 @@ QPKCS11::PinStatus QPKCS11::login( const TokenData &_t )
 			if(d->f->C_OpenSession(slot, CKF_SERIAL_SESSION, nullptr, nullptr, &d->session) != CKR_OK)
 				continue;
 			currentSlot = slot;
+			bool isAuthSlot = false;
 			for(CK_OBJECT_HANDLE obj: d->findObject(d->session, CKO_CERTIFICATE))
 			{
-				if(_t.cert() == QSslCertificate(d->attribute(d->session, obj, CKA_VALUE), QSsl::Der))
+				SslCertificate cert(d->attribute(d->session, obj, CKA_VALUE), QSsl::Der);
+				// Hack: Workaround broken FIN pkcs11 drivers showing non-repu certificates in auth slot
+				if(d->isFinDriver)
+				{
+					if(isAuthSlot)
+						continue;
+					if(!cert.keyUsage().contains(SslCertificate::NonRepudiation))
+						isAuthSlot = true;
+				}
+				if(_t.cert() == cert)
 					return d->attribute(d->session, obj, CKA_ID);
 			}
 		}
@@ -348,11 +358,20 @@ QList<TokenData> QPKCS11::tokens() const
 		CK_SESSION_HANDLE session = 0;
 		if(d->f->C_OpenSession(slot, CKF_SERIAL_SESSION, nullptr, nullptr, &session) != CKR_OK)
 			continue;
+		bool isAuthSlot = false;
 		for( CK_OBJECT_HANDLE obj: d->findObject( session, CKO_CERTIFICATE ) )
 		{
 			SslCertificate cert(d->attribute(session, obj, CKA_VALUE), QSsl::Der);
 			if(cert.isCA())
 				continue;
+			// Hack: Workaround broken FIN pkcs11 drivers showing non-repu certificates in auth slot
+			if(d->isFinDriver)
+			{
+				if(isAuthSlot)
+					continue;
+				if(!cert.keyUsage().contains(SslCertificate::NonRepudiation))
+					isAuthSlot = true;
+			}
 			TokenData t;
 			t.setCard(toQByteArray(token.serialNumber).trimmed());
 			t.setCert(cert);