config: Rename private_certificate to pin_protected_certificate

Preserve reading of private_certificate for backward compatibility

doc/files/files.html

@@ -874,7 +874,7 @@
  <code class="literal">use_pin_caching</code> option for OpenSC
  to be able to provide PIN for the card when needed.
  </p></dd><dt><span class="term">
- <code class="option">private_certificate = <em class="replaceable"><code>value</code></em>;</code>
+ <code class="option">pin_protected_certificate = <em class="replaceable"><code>value</code></em>;</code>
  </span></dt><dd><p>
  How to handle a PIN-protected certificate. Known
  parameters:

doc/files/opensc.conf.5.xml.in

@@ -1350,7 +1350,7 @@ app <replaceable>application</replaceable> {
  </varlistentry>
  <varlistentry>
  <term>
- <option>private_certificate = <replaceable>value</replaceable>;</option>
+ <option>pin_protected_certificate = <replaceable>value</replaceable>;</option>
  </term>
  <listitem><para>
  How to handle a PIN-protected certificate. Known

etc/opensc.conf.example.in

@@ -948,7 +948,7 @@ app default {
  # How to handle a PIN-protected certificate
  # Valid values: protect, declassify, ignore.
  # Default: ignore in tokend, protect otherwise
- # private_certificate = declassify;
+ # pin_protected_certificate = declassify;
 
  # Enable pkcs15 emulation.
  # Default: yes

src/libopensc/pkcs15-cert.c

@@ -501,7 +501,7 @@ sc_pkcs15_decode_cdf_entry(struct sc_pkcs15_card *p15card, struct sc_pkcs15_obje
  }
  sc_log(ctx, "Certificate path '%s'", sc_print_path(&info.path));
 
- switch (p15card->opts.private_certificate) {
+ switch (p15card->opts.pin_protected_certificate) {
  case SC_PKCS15_CARD_OPTS_PRIV_CERT_DECLASSIFY:
  sc_log(ctx, "Declassifying certificate");
  obj->flags &= ~SC_PKCS15_CO_FLAG_PRIVATE;

src/libopensc/pkcs15.c

@@ -1268,7 +1268,7 @@ sc_pkcs15_bind(struct sc_card *card, struct sc_aid *aid,
  scconf_block *conf_block = NULL;
  int r, emu_first, enable_emu;
  const char *use_file_cache;
- const char *private_certificate;
+ const char *pin_protected_certificate, *private_certificate;
 
  if (card == NULL || p15card_out == NULL) {
  return SC_ERROR_INVALID_ARGUMENTS;
@@ -1289,12 +1289,11 @@ sc_pkcs15_bind(struct sc_card *card, struct sc_aid *aid,
  p15card->opts.pin_cache_counter = 10;
  p15card->opts.pin_cache_ignore_user_consent = 0;
  if (0 == strcmp(ctx->app_name, "tokend")) {
- private_certificate = "ignore";
- p15card->opts.private_certificate = SC_PKCS15_CARD_OPTS_PRIV_CERT_IGNORE;
+ pin_protected_certificate = "ignore";
  } else {
- private_certificate = "protect";
- p15card->opts.private_certificate = SC_PKCS15_CARD_OPTS_PRIV_CERT_PROTECT;
+ pin_protected_certificate = "protect";
  }
+ private_certificate = "";
 
  conf_block = sc_get_conf_block(ctx, "framework", "pkcs15", 1);
  if (conf_block) {
@@ -1303,6 +1302,8 @@ sc_pkcs15_bind(struct sc_card *card, struct sc_aid *aid,
  p15card->opts.pin_cache_counter = scconf_get_int(conf_block, "pin_cache_counter", p15card->opts.pin_cache_counter);
  p15card->opts.pin_cache_ignore_user_consent = scconf_get_bool(conf_block, "pin_cache_ignore_user_consent",
  p15card->opts.pin_cache_ignore_user_consent);
+ pin_protected_certificate = scconf_get_str(conf_block, "pin_protected_certificate", pin_protected_certificate);
+ /* read also the old value to keep backward compatibility */
  private_certificate = scconf_get_str(conf_block, "private_certificate", private_certificate);
  }
 
@@ -1314,16 +1315,24 @@ sc_pkcs15_bind(struct sc_card *card, struct sc_aid *aid,
  p15card->opts.use_file_cache = SC_PKCS15_OPTS_CACHE_NO_FILES;
  }
 
+ if (0 == strcmp(pin_protected_certificate, "protect")) {
+ p15card->opts.pin_protected_certificate = SC_PKCS15_CARD_OPTS_PRIV_CERT_PROTECT;
+ } else if (0 == strcmp(pin_protected_certificate, "ignore")) {
+ p15card->opts.pin_protected_certificate = SC_PKCS15_CARD_OPTS_PRIV_CERT_IGNORE;
+ } else if (0 == strcmp(pin_protected_certificate, "declassify")) {
+ p15card->opts.pin_protected_certificate = SC_PKCS15_CARD_OPTS_PRIV_CERT_DECLASSIFY;
+ }
+ /* overwrite pin_protected_certificate when private_certificate set */
  if (0 == strcmp(private_certificate, "protect")) {
- p15card->opts.private_certificate = SC_PKCS15_CARD_OPTS_PRIV_CERT_PROTECT;
+ p15card->opts.pin_protected_certificate = SC_PKCS15_CARD_OPTS_PRIV_CERT_PROTECT;
  } else if (0 == strcmp(private_certificate, "ignore")) {
- p15card->opts.private_certificate = SC_PKCS15_CARD_OPTS_PRIV_CERT_IGNORE;
+ p15card->opts.pin_protected_certificate = SC_PKCS15_CARD_OPTS_PRIV_CERT_IGNORE;
  } else if (0 == strcmp(private_certificate, "declassify")) {
- p15card->opts.private_certificate = SC_PKCS15_CARD_OPTS_PRIV_CERT_DECLASSIFY;
+ p15card->opts.pin_protected_certificate = SC_PKCS15_CARD_OPTS_PRIV_CERT_DECLASSIFY;
  }
- sc_log(ctx, "PKCS#15 options: use_file_cache=%d use_pin_cache=%d pin_cache_counter=%d pin_cache_ignore_user_consent=%d private_certificate=%d",
- p15card->opts.use_file_cache, p15card->opts.use_pin_cache,p15card->opts.pin_cache_counter,
- p15card->opts.pin_cache_ignore_user_consent, p15card->opts.private_certificate);
+ sc_log(ctx, "PKCS#15 options: use_file_cache=%d use_pin_cache=%d pin_cache_counter=%d pin_cache_ignore_user_consent=%d pin_protected_certificate=%d",
+ p15card->opts.use_file_cache, p15card->opts.use_pin_cache, p15card->opts.pin_cache_counter,
+ p15card->opts.pin_cache_ignore_user_consent, p15card->opts.pin_protected_certificate);
 
  r = sc_lock(card);
  if (r) {

src/libopensc/pkcs15.h

@@ -586,7 +586,7 @@ typedef struct sc_pkcs15_card {
  int use_pin_cache;
  int pin_cache_counter;
  int pin_cache_ignore_user_consent;
- int private_certificate;
+ int pin_protected_certificate;
  } opts;
 
  unsigned int magic;
@@ -612,7 +612,7 @@ typedef struct sc_pkcs15_card {
 #define SC_PKCS15_OPTS_CACHE_PUBLIC_FILES 1
 #define SC_PKCS15_OPTS_CACHE_ALL_FILES 2
 
-/* suitable for struct sc_pkcs15_card.opts.private_certificate */
+/* suitable for struct sc_pkcs15_card.opts.pin_protected_certificate */
 #define SC_PKCS15_CARD_OPTS_PRIV_CERT_PROTECT 0
 #define SC_PKCS15_CARD_OPTS_PRIV_CERT_IGNORE 1
 #define SC_PKCS15_CARD_OPTS_PRIV_CERT_DECLASSIFY 2