search

Yubico / yubico-piv-tool

Command line tool for the YubiKey PIV application
https://developers.yubico.com/yubico-piv-tool
BSD 2-Clause "Simplified" License
300 stars 99 forks source link

The #462 broke the certificate import into PivApplet in OpenSC CI #465

Closed Jakuje closed 10 months ago

Jakuje commented 10 months ago

We are running the integration tests of OpenSC against PivApplet and Yubico-Piv-Tool is used to write objects to the applet. This started failing after merging #462 earlier today, causing the certificate import failing like this:

+ yubico-piv-tool -v 9999 -r 'Virtual PCD 00 00' -P 123456 -s 9c -aimport-certificate
DBG ykpiv.c:591 (ykpiv_connect): Connect reader 'Virtual PCD 00 00' matching 'Virtual PCD 00 00'.
DBG ykpiv.c:597 (ykpiv_connect): SCardConnect succeeded for 'Virtual PCD 00 00', protocol=2
DBG ykpiv.c:777 (ykpiv_translate_sw): SW_63c5
Now processing for action 'import-certificate'.
Authenticating since action 'import-certificate' needs that.
DBG ykpiv.c:762 (ykpiv_translate_sw): SW_ERR_FILE_NOT_FOUND
DBG ykpiv.c:1814 (_ykpiv_fetch_object): Failed to get data for object 5fff00
DBG ykpiv.c:753 (ykpiv_translate_sw): SW_ERR_SECURITY_STATUS
DBG ykpiv.c:1814 (_ykpiv_fetch_object): Failed to get data for object 5fc109
Successful application authentication.
Failed loading certificate for import.
DBG ykpiv.c:346 (ykpiv_disconnect): Disconnect card #3510058635.

(full log in https://github.com/OpenSC/OpenSC/actions/runs/7667892785/job/20898924960?pr=2993 )

I did not investigate much further as I do not see an obvious error in there, but I hope it will be easier for you to spot the issue in the last commit.

If it is PivApplet doing something unexpected, please move the issue there, but there was no change for last two years or so.

aveenismail commented 10 months ago

Apologies, it seems that we introduced a bug with the latest merge. There is now a pull request with a fix and it will be merged into the master branch as soon as it passes the code review. However, since it's practically the weekend, it might not get reviewed until Monday.

Jakuje commented 10 months ago

Thanks for prompt reaction. Monday is totally ok.

aveenismail commented 10 months ago

The fix is now in the master branch. Please let us know if the problem persists.

Jakuje commented 10 months ago

Rerunning the failed piv jobs in master now:

https://github.com/OpenSC/OpenSC/actions/runs/7692790950

Jakuje commented 10 months ago

And all looks green. Thank you for the prompt addressing of the issue!