Ignore the empty OpenPGP token exposed by OpenSC with a Nitrokey 3

ebourg · Feb 21, 2023 · 2a927d0 · 2a927d0
1 parent 862f470
commit 2a927d0
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/jsign-core/src/main/java/net/jsign/OpenSC.java b/jsign-core/src/main/java/net/jsign/OpenSC.java
@@ -90,6 +90,14 @@ static long getTokenSlot(File libraryPath, String name) throws PKCS11Exception,
             CK_SLOT_INFO info = pkcs11.C_GetSlotInfo(slot);
             String description = new String(info.slotDescription).trim();
             if (name == null || description.toLowerCase().contains(name.toLowerCase())) {
+                CK_TOKEN_INFO tokenInfo = pkcs11.C_GetTokenInfo(slot);
+                String label = new String(tokenInfo.label).trim();
+                if (label.equals("OpenPGP card (User PIN (sig))")) {
+                    // OpenPGP cards such as the Nitrokey 3 are exposed as two slots with the same name by OpenSC.
+                    // Only the first one contains the signing key and the certificate, so the second one is ignored.
+                    continue;
+                }
+
                 matches.add(slot);
             }
             descriptions.add(description);