From 6a48771ce1c64859394cf74752e51a9e3b777627 Mon Sep 17 00:00:00 2001
From: martin <martin@c6295689-39f2-0310-b995-f0e70906c6a9>
Date: Mon, 14 Sep 2009 08:51:53 +0000
Subject: [PATCH] Implement CKA_ALWAYS_AUTHENTICATE

git-svn-id: https://www.opensc-project.org/svnp/opensc/branches/martin/0.12@3722 c6295689-39f2-0310-b995-f0e70906c6a9
---
 src/pkcs11/framework-pkcs15.c | 4 ++++
 src/pkcs11/pkcs11-display.c   | 2 +-
 src/tools/pkcs11-tool.c       | 5 +++++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
index 6193990b..47ee23cf 100644
--- a/src/pkcs11/framework-pkcs15.c
+++ b/src/pkcs11/framework-pkcs15.c
@@ -1965,6 +1965,10 @@ static CK_RV pkcs15_prkey_get_attribute(struct sc_pkcs11_session *session,
 		check_attribute_buffer(attr, sizeof(CK_BBOOL));
 		*(CK_BBOOL*)attr->pValue = TRUE;
 		break;
+        case CKA_ALWAYS_AUTHENTICATE:
+		check_attribute_buffer(attr, sizeof(CK_BBOOL));
+		*(CK_BBOOL*)attr->pValue = prkey->prv_p15obj->user_consent;
+		break;
 	case CKA_PRIVATE:
 		check_attribute_buffer(attr, sizeof(CK_BBOOL));
 		*(CK_BBOOL*)attr->pValue = (prkey->prv_p15obj->flags & SC_PKCS15_CO_FLAG_PRIVATE) != 0;
diff --git a/src/pkcs11/pkcs11-display.c b/src/pkcs11/pkcs11-display.c
index 57e4b1dd..870538fe 100644
--- a/src/pkcs11/pkcs11-display.c
+++ b/src/pkcs11/pkcs11-display.c
@@ -621,7 +621,7 @@ type_spec ck_attribute_specs[] = {
   { CKA_EC_POINT          , "CKA_EC_POINT         ", print_generic, NULL },
   { CKA_SECONDARY_AUTH    , "CKA_SECONDARY_AUTH   ", print_generic, NULL },
   { CKA_AUTH_PIN_FLAGS    , "CKA_AUTH_PIN_FLAGS   ", print_generic, NULL },
-  { CKA_ALWAYS_AUTHENTICATE, "CKA_ALWAYS_AUTHENTICATE ", print_generic, NULL },
+  { CKA_ALWAYS_AUTHENTICATE, "CKA_ALWAYS_AUTHENTICATE ", print_boolean, NULL },
   { CKA_WRAP_WITH_TRUSTED , "CKA_WRAP_WITH_TRUSTED ", print_generic, NULL },
   { CKA_WRAP_TEMPLATE     , "CKA_WRAP_TEMPLATE    ", print_generic, NULL },
   { CKA_UNWRAP_TEMPLATE   , "CKA_UNWRAP_TEMPLATE  ", print_generic, NULL },
diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index 9afcdcd4..14a00f70 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -1604,6 +1604,7 @@ ATTR_METHOD(SENSITIVE, CK_BBOOL);
 ATTR_METHOD(ALWAYS_SENSITIVE, CK_BBOOL);
 ATTR_METHOD(NEVER_EXTRACTABLE, CK_BBOOL);
 #endif
+ATTR_METHOD(ALWAYS_AUTHENTICATE, CK_BBOOL);
 ATTR_METHOD(PRIVATE, CK_BBOOL);
 ATTR_METHOD(MODIFIABLE, CK_BBOOL);
 ATTR_METHOD(ENCRYPT, CK_BBOOL);
@@ -1722,6 +1723,10 @@ static void show_key(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj, int pub)
 	if (!*sepa)
 		printf("none");
 	printf("\n");
+
+	if (!pub && getALWAYS_AUTHENTICATE(sess, obj)) {
+		printf("  Access:     always authenticate\n");
+	}
 }
 
 static void show_cert(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj)