prepare even more

Signed-off-by: Matthieu Gallien <[email protected]>

Author: mgallien

src/libsync/clientsideencryption.cpp

@@ -892,13 +892,111 @@ std::optional<QByteArray> encryptStringAsymmetric(ENGINE *sslEngine, EVP_PKEY *p
     return out.toBase64();
 }
 
+void debugOpenssl()
+{
+    if (ERR_peek_error() == 0) {
+        return;
+    }
+
+    const char *file;
+    char errorMessage[255];
+    int line;
+    while (const auto errorNumber = ERR_get_error_line(&file, &line)) {
+        ERR_error_string(errorNumber, errorMessage);
+        qCWarning(lcCse()) << errorMessage << file << line;
+    }
+}
+
 }
 
 
 ClientSideEncryption::ClientSideEncryption()
 {
-    _sslEngine = ENGINE_new();
+    auto ctx = PKCS11_CTX_new();
+
+    auto rc = PKCS11_CTX_load(ctx, "");
+    if (rc) {
+        qCWarning(lcCse()) << "loading pkcs11 engine failed:" << ERR_reason_error_string(ERR_get_error());
+        rc = 1;
+        exit(-1);
+    }
+
+    auto nslots = 0u;
+    PKCS11_SLOT *tokenSlots = nullptr;
+    /* get information on all slots */
+    rc = PKCS11_enumerate_slots(ctx, &tokenSlots, &nslots);
+    if (rc < 0) {
+        qCWarning(lcCse()) << "no slots available";
+        rc = 2;
+        exit(-1);
+    }
+
+    /* get first slot with a token */
+    auto slot = PKCS11_find_token(ctx, tokenSlots, nslots);
+    if (slot == NULL || slot->token == NULL) {
+        qCWarning(lcCse()) << "no token available";
+        rc = 3;
+        exit(-1);
+    }
+    qCInfo(lcCse()) << "Slot manufacturer......:" << slot->manufacturer;
+    qCInfo(lcCse()) << "Slot description.......:" << slot->description;
+    qCInfo(lcCse()) << "Slot token label.......:" << slot->token->label;
+    qCInfo(lcCse()) << "Slot token manufacturer:" << slot->token->manufacturer;
+    qCInfo(lcCse()) << "Slot token model.......:" << slot->token->model;
+    qCInfo(lcCse()) << "Slot token serialnr....:" << slot->token->serialnr;
+
+    auto logged_in = 0;
+    rc = PKCS11_is_logged_in(slot, 0, &logged_in);
+    if (rc != 0) {
+        qCWarning(lcCse()) << "PKCS11_is_logged_in failed";
+        rc = 8;
+        exit(-1);
+    }
+
+    /* perform pkcs #11 login */
+    QByteArray password = "0000";
+    rc = PKCS11_login(slot, 0, password.data());
+    if (rc != 0) {
+        qCWarning(lcCse()) << "PKCS11_login failed";
+        rc = 10;
+        exit(-1);
+    }
+
+    /* check if user is logged in */
+    rc = PKCS11_is_logged_in(slot, 0, &logged_in);
+    if (rc != 0) {
+        qCWarning(lcCse()) << "PKCS11_is_logged_in failed";
+        rc = 11;
+        exit(-1);
+    }
+    if (!logged_in) {
+        qCWarning(lcCse()) << "PKCS11_is_logged_in says user is not logged in, expected to be logged in";
+        rc = 12;
+        exit(-1);
+    }
+
+    ENGINE_load_dynamic();
+
+    _sslEngine = ENGINE_by_id("dynamic");
     qCInfo(lcCse()) << "ssl engine" << _sslEngine;
+
+    if (!ENGINE_ctrl_cmd_string(_sslEngine, "VERBOSE", nullptr, 0)) {
+        qCWarning(lcCse()) << "issue when adding hardware token to ssl engine" << _sslEngine;
+        EncryptionHelper::debugOpenssl();
+        return;
+    }
+
+    if (!ENGINE_ctrl_cmd_string(_sslEngine, "LOAD", nullptr, 0)) {
+        qCWarning(lcCse()) << "issue when adding hardware token to ssl engine" << _sslEngine;
+        EncryptionHelper::debugOpenssl();
+        return;
+    }
+
+    if (!ENGINE_init(_sslEngine)) {
+        qCWarning(lcCse()) << "issue when adding hardware token to ssl engine" << _sslEngine;
+        EncryptionHelper::debugOpenssl();
+        return;
+    }
 }
 
 const QSslKey &ClientSideEncryption::getPublicKey() const