EstonianEid: remove the iconv dependency and use the common name from the certificate as the card label.

This makes it universal, as some cards don't have the personal data file (Digi-ID)
It also makes it a bit ugly, as the common name is the name and personal ID code
concatenated like "FIRSTNAME,LASTNAME,123456789"

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4817 c6295689-39f2-0310-b995-f0e70906c6a9

NEWS

@@ -40,7 +40,9 @@ New in 0.12.??; 2010-??-??; ??
   Fix path to reference headers, remove src/include/ directory.
 * Various source code fixes and improvements.
 * OpenSC now depends on xsltproc utility and docbook-xsl to build docs and man
-
+* Remove iconv dependency. EstEID driver now uses the commonName from the
+  certificate for card label.
+ 
 New in 0.11.12; 2009-12-18; Andreas Jellinghaus
 * Document integer problem in OpenSC and implement workaround
 * Improve entersafe profile to support private data objects

configure.ac

@@ -99,13 +99,6 @@ AC_ARG_ENABLE(
 	[enable_readline="detect"]
 )
 
-AC_ARG_ENABLE(
-	[iconv],
-	[AS_HELP_STRING([--enable-iconv],[enable iconv linkage @<:@detect@:>@])],
-	,
-	[enable_iconv="detect"]
-)
-
 AC_ARG_ENABLE(
 	[openssl],
 	[AS_HELP_STRING([--enable-openssl],[enable openssl linkage @<:@detect@:>@])],
@@ -390,66 +383,6 @@ if test "${enable_readline}" = "yes"; then
 	fi
 fi
 
-AC_ARG_VAR([ICONV_CFLAGS], [C compiler flags for iconv])
-AC_ARG_VAR([ICONV_LIBS], [linker flags for iconv])
-if test -n "${ICONV_LIBS}"; then
-	ac_cv_lib_iconv="yes"
-else
-	AC_MSG_CHECKING([if iconv library available within libc])
-	AC_LINK_IFELSE(
-		[AC_LANG_FUNC_LINK_TRY([iconv])],
-		[
-			AC_MSG_RESULT([yes])
-			ac_cv_lib_iconv="yes"
-		],
-		[
-			AC_MSG_RESULT([no])
-			AC_CHECK_LIB(
-				[iconv],
-				[iconv],
-				[
-					ac_cv_lib_iconv="yes"
-					ICONV_LIBS="-liconv"
-				],
-				[AC_CHECK_LIB(
-					[iconv],
-					[libiconv],
-					[
-						ac_cv_lib_iconv="yes"
-						ICONV_LIBS="-liconv"
-					]
-				)]
-			)
-		]
-	)
-fi
-saved_CFLAGS="${CFLAGS}"
-CFLAGS="${CFLAGS} ${ICONV_CFLAGS}"
-AC_CHECK_HEADERS([iconv.h])
-CFLAGS="${saved_CFLAGS}"
-test "${ac_cv_lib_iconv}" = "yes" -a "${ac_cv_header_iconv_h}" = "yes" && have_iconv="yes"
-
-case "${enable_iconv}" in
-	no)
-		have_iconv="no"
-	;;
-	detect)
-		if test "${have_iconv}" = "yes"; then
-			enable_iconv="yes"
-		else
-			enable_iconv="no"
-		fi
-	;;
-esac
-
-if test "${enable_iconv}" = "yes"; then
-	if test "${have_iconv}" = "yes"; then
-		AC_DEFINE([ENABLE_ICONV], [1], [Use iconv libraries and header files])
-	else
-		AC_MSG_ERROR([iconv linkage required, but no iconv was found])
-	fi
-fi
-
 PKG_CHECK_MODULES(
 	[OPENSSL],
 	[libcrypto >= 0.9.7],
@@ -574,11 +507,6 @@ if test "${enable_readline}" = "yes"; then
 	OPTIONAL_READLINE_CFLAGS="${READLINE_CFLAGS}"
 	OPTIONAL_READLINE_LIBS="${READLINE_LIBS}"
 fi
-if test "${enable_iconv}" = "yes"; then
-	OPENSC_FEATURES="${OPENSC_FEATURES} iconv"
-	OPTIONAL_ICONV_CFLAGS="${ICONV_CFLAGS}"
-	OPTIONAL_ICONV_LIBS="${ICONV_LIBS}"
-fi
 if test "${enable_openssl}" = "yes"; then
 	OPENSC_FEATURES="${OPENSC_FEATURES} openssl"
 	OPTIONAL_OPENSSL_CFLAGS="${OPENSSL_CFLAGS}"
@@ -622,8 +550,6 @@ AC_SUBST([OPTIONAL_ZLIB_CFLAGS])
 AC_SUBST([OPTIONAL_ZLIB_LIBS])
 AC_SUBST([OPTIONAL_READLINE_CFLAGS])
 AC_SUBST([OPTIONAL_READLINE_LIBS])
-AC_SUBST([OPTIONAL_ICONV_CFLAGS])
-AC_SUBST([OPTIONAL_ICONV_LIBS])
 AC_SUBST([OPTIONAL_OPENSSL_CFLAGS])
 AC_SUBST([OPTIONAL_OPENSSL_LIBS])
 AC_SUBST([OPTIONAL_OPENCT_CFLAGS])
@@ -634,7 +560,6 @@ AC_SUBST([LIBRARY_BITNESS])
 AM_CONDITIONAL([ENABLE_MAN], [test "${enable_man}" = "yes"])
 AM_CONDITIONAL([ENABLE_ZLIB], [test "${enable_zlib}" = "yes"])
 AM_CONDITIONAL([ENABLE_READLINE], [test "${enable_readline}" = "yes"])
-AM_CONDITIONAL([ENABLE_ICONV], [test "${enable_iconv}" = "yes"])
 AM_CONDITIONAL([ENABLE_OPENSSL], [test "${enable_openssl}" = "yes"])
 AM_CONDITIONAL([ENABLE_OPENCT], [test "${enable_openct}" = "yes"])
 AM_CONDITIONAL([ENABLE_DOC], [test "${enable_doc}" = "yes"])
@@ -690,7 +615,6 @@ man support:             ${enable_man}
 doc support:             ${enable_doc}
 zlib support:            ${enable_zlib}
 readline support:        ${enable_readline}
-iconv support:           ${enable_iconv}
 OpenSSL support:         ${enable_openssl}
 PC/SC support:           ${enable_pcsc}
 OpenCT support:          ${enable_openct}
@@ -712,8 +636,6 @@ READLINE_CFLAGS:         ${READLINE_CFLAGS}
 READLINE_LIBS:           ${READLINE_LIBS}
 ZLIB_CFLAGS:             ${ZLIB_CFLAGS}
 ZLIB_LIBS:               ${ZLIB_LIBS}
-ICONV_CFLAGS:            ${ICONV_CFLAGS}
-ICONV_LIBS:              ${ICONV_LIBS}
 OPENSSL_CFLAGS:          ${OPENSSL_CFLAGS}
 OPENSSL_LIBS:            ${OPENSSL_LIBS}
 OPENCT_CFLAGS:           ${OPENCT_CFLAGS}

src/libopensc/Makefile.am

@@ -14,7 +14,7 @@ noinst_HEADERS = cards.h ctbcs.h internal.h esteid.h muscle.h muscle-filesystem.
 AM_CPPFLAGS = -DOPENSC_CONF_PATH=\"$(sysconfdir)/opensc.conf\"
 AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS) $(OPTIONAL_OPENCT_CFLAGS) \
 	$(OPTIONAL_PCSC_CFLAGS) $(OPTIONAL_ZLIB_CFLAGS) \
-	$(OPTIONAL_ICONV_CFLAGS) $(LTLIB_CFLAGS)
+	$(LTLIB_CFLAGS)
 INCLUDES = -I$(top_srcdir)/src
 
 libopensc_la_SOURCES = \
@@ -50,7 +50,7 @@ if WIN32
 libopensc_la_SOURCES += $(top_builddir)/win32/versioninfo.rc
 endif
 libopensc_la_LIBADD = $(OPTIONAL_OPENSSL_LIBS) $(OPTIONAL_OPENCT_LIBS) \
-	$(OPTIONAL_ZLIB_LIBS) $(OPTIONAL_ICONV_LIBS) $(LTLIB_LIBS) \
+	$(OPTIONAL_ZLIB_LIBS) $(LTLIB_LIBS) \
 	$(top_builddir)/src/pkcs15init/libpkcs15init.la \
 	$(top_builddir)/src/scconf/libscconf.la \
 	$(top_builddir)/src/common/libcompat.la

src/libopensc/Makefile.mak

@@ -39,7 +39,7 @@ opensc.dll: $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib ..\pkcs15init\p
 	echo LIBRARY $* > $*.def
 	echo EXPORTS >> $*.def
 	type lib$*.exports >> $*.def
-	link $(LINKFLAGS) /dll /def:$*.def /implib:$*.lib /out:opensc.dll $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib ..\pkcs15init\pkcs15init.lib winscard.lib $(OPENSSL_LIB) $(ZLIB_LIB) $(ICONV_LIB) gdi32.lib $(LIBLTDL_LIB) advapi32.lib ws2_32.lib
+	link $(LINKFLAGS) /dll /def:$*.def /implib:$*.lib /out:opensc.dll $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib ..\pkcs15init\pkcs15init.lib winscard.lib $(OPENSSL_LIB) $(ZLIB_LIB) gdi32.lib $(LIBLTDL_LIB) advapi32.lib ws2_32.lib
 	if EXIST opensc.dll.manifest mt -manifest opensc.dll.manifest -outputresource:opensc.dll;2
 
 opensc_a.lib: $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib ..\pkcs15init\pkcs15init.lib

src/libopensc/pkcs15-esteid.c

@@ -26,11 +26,12 @@
 #include <stdlib.h>
 #include <string.h>
 #include <stdio.h>
-#ifdef ENABLE_ICONV
-#include <iconv.h>
+#ifdef ENABLE_OPENSSL
+#include <openssl/x509v3.h>
 #endif
 
 #include "common/compat_strlcpy.h"
+#include "common/compat_strlcat.h"
 
 #include "internal.h"
 #include "pkcs15.h"
@@ -62,12 +63,6 @@ static int
 sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
 {
 	sc_card_t *card = p15card->card;
-#ifdef ENABLE_ICONV
-	iconv_t iso_utf;
-	char *inptr, *outptr;
-	size_t inbytes, outbytes, result;
-	char label[64], name1[32], name2[32];
-#endif
 	unsigned char buff[128];
 	int r, i, flags;
 	sc_path_t tmppath;
@@ -86,37 +81,6 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
 	buff[r] = '\0';
 	set_string (&p15card->tokeninfo->serial_number, (const char *) buff);
 
-#ifdef ENABLE_ICONV
-	/* Read the name of the cardholder and convert it into UTF-8 */
-	iso_utf  = iconv_open ("UTF-8", "CP1252");
-	if (iso_utf == (iconv_t) -1)
-		return SC_ERROR_INTERNAL;
-	
-	r = sc_read_record (card, SC_ESTEID_PD_GIVEN_NAMES1, buff, sizeof(buff), SC_RECORD_BY_REC_NR);
-	SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "read name1 failed");
-	inptr = (char *) buff;
-	outptr = name1;
-	inbytes = r;
-	outbytes = 32;
-	result = iconv(iso_utf, &inptr, &inbytes, &outptr, &outbytes);
-	if (result == (size_t) -1)
-		return SC_ERROR_INTERNAL;	
-	*outptr = '\0';
-	
-	r = sc_read_record (card, SC_ESTEID_PD_SURNAME, buff, sizeof(buff), SC_RECORD_BY_REC_NR);
-	SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "read name2 failed");
-	inptr = (char *) buff;
-	outptr = name2;
-	inbytes = r;
-	outbytes = 32;
-	result = iconv(iso_utf, &inptr, &inbytes, &outptr, &outbytes);
-	if (result == (size_t) -1)
-		return SC_ERROR_INTERNAL;
-	*outptr = '\0';
-	iconv_close(iso_utf);
-	snprintf(label, sizeof(label), "%s %s", name1, name2);
-	set_string (&p15card->tokeninfo->label, label);
-#endif
 	p15card->tokeninfo->flags = SC_PKCS15_TOKEN_PRN_GENERATION
 				  | SC_PKCS15_TOKEN_EID_COMPLIANT
 				  | SC_PKCS15_TOKEN_READONLY;
@@ -149,6 +113,44 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
 		r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);
 		if (r < 0)
 			return SC_ERROR_INTERNAL;
+#ifdef ENABLE_OPENSSL
+		if (i == 0) {
+			BIO *mem = NULL;
+			X509 *x509 = NULL;
+			sc_pkcs15_cert_t *cert;
+			char cardholder_name[64];
+			unsigned char *tmp = NULL;
+			r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert);
+			if (r == SC_SUCCESS) {
+				mem = BIO_new_mem_buf(cert->data, cert->data_len);
+				if (!mem)
+					return SC_ERROR_INTERNAL;
+				x509 = d2i_X509_bio(mem, NULL);
+				if (!x509)
+					return SC_ERROR_INTERNAL;
+				r = X509_NAME_get_index_by_NID(X509_get_subject_name(x509), NID_commonName, -1);
+				if (r >= 0) {
+					X509_NAME_ENTRY *ne;
+					ASN1_STRING *a_str;
+					ne = X509_NAME_get_entry(X509_get_subject_name(x509), r);
+					if (!ne)
+						return SC_ERROR_INTERNAL;
+					a_str = X509_NAME_ENTRY_get_data(ne);
+					if (!a_str)
+						return SC_ERROR_INTERNAL;
+					r = ASN1_STRING_to_UTF8(&tmp, a_str);
+					if (r > 0) {
+						if ((unsigned)r > sizeof(cardholder_name) - 1)
+							r = sizeof(cardholder_name) -1;
+						memcpy(cardholder_name, tmp, r);
+						cardholder_name[r] = '\0';
+						set_string (&p15card->tokeninfo->label, cardholder_name);
+						OPENSSL_free(tmp);
+					}
+				}				
+			}			
+		}
+#endif	
 	}
 
 	/* the file with key pin info (tries left) */
@@ -247,6 +249,8 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
 		if (r < 0)
 			return SC_ERROR_INTERNAL;
 	}
+	/* Read the certificate to get the name of the person */
+
 	return SC_SUCCESS;
 }
 

win32/Make.rules.mak

@@ -36,18 +36,6 @@ ZLIB_LIB = C:\ZLIB\LIB\zlib.lib
 OPENSC_FEATURES = $(OPENSC_FEATURES) zlib
 !ENDIF
 
-# If you want support for iconv (Used for EstEID):
-# - Download iconv and build
-# - uncomment the line starting with ICONV_DEF 
-# - set the ICONV_INCL_DIR below to the iconv include lib proceeded by "/I"
-# - set the ICONV_LIB  below to your iconv lib file
-#ICONV_DEF = /DENABLE_ICONV
-!IF "$(ICONV_DEF)" == "/DENABLE_ICONV"
-ICONV_INCL_DIR = /IC:\build\iconv\include
-ICONV_LIB = C:\build\iconv\lib\iconv.lib
-OPENSC_FEATURES = $(OPENSC_FEATURES) iconv
-!ENDIF
-
 # No choice for DUMPRESTORE: it has to be desabled
 SIMCLIST_NO_DUMPRESTORE_DEF = /DSIMCLIST_NO_DUMPRESTORE
 
@@ -55,7 +43,7 @@ SIMCLIST_NO_DUMPRESTORE_DEF = /DSIMCLIST_NO_DUMPRESTORE
 # http://msinttypes.googlecode.com/files/msinttypes-r26.zip
 INTTYPES_INCL_DIR =  /IC:\opensc\dependencies\msys\local
 
-COPTS = /D_CRT_SECURE_NO_DEPRECATE /Zi /MD /nologo /DHAVE_CONFIG_H /I$(TOPDIR)\win32 /I$(TOPDIR)\src $(OPENSSL_INCL_DIR) $(ZLIB_INCL_DIR) $(LIBLTDL_INCL) $(ICONV_INCL_DIR) $(INTTYPES_INCL_DIR) /D_WIN32_WINNT=0x0400 /DWIN32_LEAN_AND_MEAN $(OPENSSL_DEF) $(ZLIB_DEF) $(ICONV_DEF) $(SIMCLIST_NO_DUMPRESTORE_DEF) /DOPENSC_FEATURES="\"$(OPENSC_FEATURES)\""
+COPTS = /D_CRT_SECURE_NO_DEPRECATE /Zi /MD /nologo /DHAVE_CONFIG_H /I$(TOPDIR)\win32 /I$(TOPDIR)\src $(OPENSSL_INCL_DIR) $(ZLIB_INCL_DIR) $(LIBLTDL_INCL) $(INTTYPES_INCL_DIR) /D_WIN32_WINNT=0x0400 /DWIN32_LEAN_AND_MEAN $(OPENSSL_DEF) $(ZLIB_DEF) $(SIMCLIST_NO_DUMPRESTORE_DEF) /DOPENSC_FEATURES="\"$(OPENSC_FEATURES)\""
 LINKFLAGS = /DEBUG /NOLOGO /INCREMENTAL:NO /MACHINE:IX86
 
 .c.obj::