Fix compatibility with p11-kit-proxy

- Add patch to fix the PKCS11 module locking issue
- Add patch to fix buffer overflow on chromium
- Add patch to override turorial
- Add p11-kit module configuration
- Create symlink in the p11-kit modules directory

The module should be now loaded by the whole system without further
configuration, unless OpenSC is installed. In such case the user should
instruct OpenSC to ignore the smart card reader used with the CIE.

Signed-off-by: Luca Magrone <luca@magrone.cc>

cie-middleware-fix-chromium-buffer-overflow.patch

@@ -0,0 +1,28 @@
+From 754dbb4a06c626817bddde261cf8ddfd1468293f Mon Sep 17 00:00:00 2001
+From: Luca Magrone <luca@magrone.cc>
+Date: Tue, 15 Oct 2024 19:15:00 +0200
+Subject: [PATCH] cie-pkcs11: LOGGER: debug: increase buffer size to 8192
+
+It fixes a buffer overflow on chromium-based browsers
+
+Signed-off-by: Luca Magrone <luca@magrone.cc>
+---
+ cie-pkcs11/LOGGER/Logger.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/cie-pkcs11/LOGGER/Logger.cpp b/cie-pkcs11/LOGGER/Logger.cpp
+index 3df99b5..6591215 100644
+--- a/cie-pkcs11/LOGGER/Logger.cpp
++++ b/cie-pkcs11/LOGGER/Logger.cpp
+@@ -265,7 +265,7 @@ void Logger::log_log(ostream& out, LogLevel level, const char* text) throw() {
+ // Interface for Debug Log
+ void Logger::debug(const char* fmt, ...) throw()
+ {
+-	char buffer[4096];
++	char buffer[8192];
+ 	va_list args;
+ 	va_start(args, fmt);
+
+-- 
+2.43.5
+

cie-middleware-fix-pkcs11-cant-lock.patch

@@ -0,0 +1,73 @@
+From d7d431300752c15d0c1a02b9be9054d075df402d Mon Sep 17 00:00:00 2001
+From: Luca Magrone <luca@magrone.cc>
+Date: Tue, 15 Oct 2024 16:36:19 +0200
+Subject: [PATCH] PKCS11: Fix implementation of PKCS#11 2.11 paragraph 11.4
+
+According to the specification, if CKF_OS_LOCKING_OK is set and 'fields
+are supplied (i.e., they all have nonNULL_PTR values)' the library can
+decide to use app locking or os locking (locking with 'the native
+operating system primitives') or return CKR_CANT_LOCK (which is what it
+currently does). Since the library is already using system primitives to
+implement locking, it is de-facto using os locking and it should not
+return CKR_CANT_LOCK because it can actually lock.
+
+This is critical for allowing the library to be loaded by p11-kit in a
+manged way which in turn allows it to be loaded by p11-kit-proxy.
+
+Also:
+    - Comment unused string.
+    - Throw CKR_CRYPTOKI_ALREADY_INITIALIZED if the library is already
+      initialized.
+
+Note related to p11-kit:
+In the scenario where p11-kit loads both opensc-pkcs11 and libcie-pkcs11
+the Smart Card reader is picked up by both modules and it is likely that
+both modules will try to access the CIE. This means opensc is going to
+get stuck at reading the CIE (because it cannot read it properly). As a
+result the user will be unable to use the CIE.
+As a workaround the user should tell opensc to ignore the smart card
+reader in opensc settings (i.e. adding 'ignored_readers = Reader Name;'
+to the proper section of opensc.conf)
+
+Signed-off-by: Luca Magrone <luca@magrone.cc>
+---
+ cie-pkcs11/PKCS11/PKCS11Functions.cpp | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/cie-pkcs11/PKCS11/PKCS11Functions.cpp b/cie-pkcs11/PKCS11/PKCS11Functions.cpp
+index a4a7213..93eef49 100755
+--- a/cie-pkcs11/PKCS11/PKCS11Functions.cpp
++++ b/cie-pkcs11/PKCS11/PKCS11Functions.cpp
+@@ -67,7 +67,7 @@ BOOL APIENTRY DllMainP11( HANDLE hModule,
+ 	if (ul_reason_for_call==DLL_PROCESS_ATTACH && !bModuleInit) {
+ 		bModuleInit=true;
+ 		moduleInfo.init(hModule);
+-		std::string mainMutexName;
++		//std::string mainMutexName;
+ 		//mainMutexName="CIE_P11_Mutex_"+moduleInfo.szModuleName;
+ 		//p11Mutex.Create(mainMutexName.c_str());
+ 		//xmlInit();
+@@ -326,8 +326,8 @@ CK_RV CK_ENTRY C_Initialize(CK_VOID_PTR pReserved)
+ //    CK_C_INITIALIZE_ARGS_PTR ptr=(CK_C_INITIALIZE_ARGS_PTR)pReserved;
+
+ 	if (bP11Initialized)
+-		return CKR_OK;
+-	//	throw p11_error(CKR_CRYPTOKI_ALREADY_INITIALIZED)
++		throw p11_error(CKR_CRYPTOKI_ALREADY_INITIALIZED);
++	//	return CKR_OK;
+
+ 	// verifico che i flag siano supportati
+ 	CK_C_INITIALIZE_ARGS_PTR iargs = NULL_PTR;
+@@ -338,8 +338,7 @@ CK_RV CK_ENTRY C_Initialize(CK_VOID_PTR pReserved)
+
+ 		if (iargs->flags	& CKF_OS_LOCKING_OK)
+ 		{
+-			if ((iargs->CreateMutex) || (iargs->DestroyMutex) || (iargs->LockMutex) || (iargs->UnlockMutex))
+-				throw p11_error(CKR_CANT_LOCK);
++			// Nothing to do because we will use os locking
+ 		}
+ 		else if (iargs->flags == 0)
+ 		{
+-- 
+2.43.5
+

cie-middleware-override-tutorial.patch

@@ -0,0 +1,278 @@
+From 0f8746e40656ddbde6a63031ee2e961d5323f019 Mon Sep 17 00:00:00 2001
+From: Luca Magrone <luca@magrone.cc>
+Date: Tue, 15 Oct 2024 22:16:03 +0200
+Subject: [PATCH] CIEID: Override turorial to explain the OpenSC issue
+
+Replace the remote webpage loaded from the tutorial tab with a bundled
+one that reflects the new changes introduced with the set of patches
+included in the RPM package.
+
+Specifically, inform the user that no further configuration has to be
+done unless there is OpenSC installed on the system. Walk the user
+through what to do if that's the case.
+
+Signed-off-by: Luca Magrone <luca@magrone.cc>
+---
+ CIEID/src/it/ipzs/cieid/MainFrame.java        |   2 +-
+ .../src/it/ipzs/cieid/res/tutorial_linux.html | 236 ++++++++++++++++++
+ 2 files changed, 237 insertions(+), 1 deletion(-)
+ create mode 100644 CIEID/src/it/ipzs/cieid/res/tutorial_linux.html
+
+diff --git a/CIEID/src/it/ipzs/cieid/MainFrame.java b/CIEID/src/it/ipzs/cieid/MainFrame.java
+index ac56eca..1c42a7e 100644
+--- a/CIEID/src/it/ipzs/cieid/MainFrame.java
++++ b/CIEID/src/it/ipzs/cieid/MainFrame.java
+@@ -1244,7 +1244,7 @@ public class MainFrame extends JFrame {
+         MiniWebView webView = new MiniWebView();
+         webView.setBounds(12, 99, 571, 362);
+         panel_8.add(webView);
+-        webView.showPage("https://idserver.servizicie.interno.gov.it/idp/tutorial/computer/lettoreusb/linux/tutorial_linux_firefox.jsp");
++        webView.showPage(MainFrame.class.getResource("/it/ipzs/cieid/res/tutorial_linux.html"));
+         panel_9 = new JPanel();
+         panel_9.setLayout(null);
+         panel_9.setBackground(Color.WHITE);
+diff --git a/CIEID/src/it/ipzs/cieid/res/tutorial_linux.html b/CIEID/src/it/ipzs/cieid/res/tutorial_linux.html
+new file mode 100644
+index 0000000..0509ce2
+--- /dev/null
++++ b/CIEID/src/it/ipzs/cieid/res/tutorial_linux.html
+@@ -0,0 +1,236 @@
++<!doctype html>
++<html lang="it">
++<head>
++<meta charset="UTF-8">
++<title>Aiuto</title>
++<link rel="preconnect" href="https://fonts.googleapis.com">
++<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
++<link href="https://fonts.googleapis.com/css2?family=Titillium+Web:wght@300;400;600;700&display=swap" rel="stylesheet">
++<style type="text/css" media="screen">
++/* latin-ext */
++@font-face {
++	font-family: 'Titillium Web', sans-serif;
++	font-style: normal;
++	font-weight: 300;
++}
++
++
++/* latin */
++@font-face {
++	font-family: 'Titillium Web', sans-serif;
++	font-style: normal;
++	font-weight: 300;
++}
++
++
++/* latin-ext */
++@font-face {
++	font-family: 'Titillium Web', sans-serif;
++	font-style: normal;
++	font-weight: 400;
++}
++/* latin */
++@font-face {
++	font-family: 'Titillium Web', sans-serif;
++	font-style: normal;
++	font-weight: 400;
++}
++
++/* latin-ext */
++@font-face {
++	font-family: 'Titillium Web', sans-serif;
++	font-style: normal;
++	font-weight: 600;
++}
++/* latin */
++@font-face {
++	font-family: 'Titillium Web', sans-serif;
++	font-style: normal;
++	font-weight: 600;
++}
++/* latin-ext */
++@font-face {
++	font-family: 'Titillium Web', sans-serif;
++	font-style: normal;
++	font-weight: 700;
++}
++/* latin */
++@font-face {
++	font-family: 'Titillium Web', sans-serif;
++	font-style: normal;
++	font-weight: 700;
++}
++
++
++body {
++	height: 94.5%;
++	width: 88.2%;
++	font-family: Titillium Web;
++	color: #747474;
++	font-size: 21px;
++	font-weight: 400;
++	text-align:justify
++}
++
++.title {
++font-family: Titillium Web;
++	color: #747474;
++	font-size: 30px;
++	font-weight: 700;
++	text-align: center
++}
++
++.subtitle {
++font-family: Titillium Web;
++	color: #9D9D9D;
++	font-size: 26px;
++	font-weight: 700;
++	text-align: center
++}
++
++.margine {
++
++display: block;
++	padding-left: 10%;
++	padding-right: 10%;
++}
++
++.icon_image{
++		width: 18%;
++	max-width: 40%;
++	display: block;
++  margin-left: auto;
++  margin-right: auto;
++}
++
++.screen_image{
++	width: 60%;
++	max-width: 60%;
++	display: block;
++  margin-left: auto;
++  margin-right: auto;
++}
++
++.android_image{
++	width: 30%;
++	max-width: 60%;
++	display: block;
++  margin-left: auto;
++  margin-right: auto;
++}
++
++@media screen and (min-width: 600px) and (max-width: 1000px) {
++.screen_image{
++	width: 50%;
++	max-width: 60%;
++	display: block;
++  margin-left: auto;
++  margin-right: auto;
++}
++.android_image{
++	width: 50%;
++	max-width: 60%;
++	display: block;
++  margin-left: auto;
++  margin-right: auto;
++}
++	.icon_image{
++		width: 25%;
++	max-width: 40%;
++	display: block;
++  margin-left: auto;
++  margin-right: auto;
++}
++body {
++	font-size: 19px;
++	}
++}
++
++@media screen and (max-width: 600px) {
++.screen_image{
++	width: 60%;
++	max-width: 60%;
++	display: block;
++  margin-left: auto;
++  margin-right: auto;
++}
++.android_image{
++	width: 60%;
++	max-width: 60%;
++	display: block;
++  margin-left: auto;
++  margin-right: auto;
++}
++	.icon_image{
++		width: 30%;
++	max-width: 40%;
++	display: block;
++  margin-left: auto;
++  margin-right: auto;
++}
++body {
++	font-size: 17px;
++	}
++}
++</style>
++
++</head>
++
++<body>
++<div class="margine">
++  <p class="title">Come usare Cie ID</p>
++  <p class="subtitle">Sul browser web</p>
++  <p>&nbsp;</p>
++
++<ol>
++	<p>
++    Il browser web dovrebbe essere gi&agrave; correttamente configurato, se riscontri dei problemi potresti aver installato sul tuo sistema <a href="https://github.com/OpenSC/OpenSC/wiki" targets="_blank">OpenSC</a>.
++	</p>
++	<p>
++	Per risolvere il problema <strong>puoi disinstallare OpenSC</strong> oppure, alternativamente, puoi <strong>configurare OpenSC per ignorare il tuo lettore di smart card</strong>:
++	</p>
++	<ul>
++		<li>
++		Da riga di comando: lancia "opensc-tool --list-readers", sotto la voce "Name" troverai l'elenco dei lettori disponibili, prendi nota del nome del tuo lettore.
++		</li>
++		<li>
++        Apri il file di configurazione "opensc.conf" con un editor di testo (di solito si trova presso /etc/opensc.conf).
++		</li>
++		<li>
++		Inserisci "ignored_readers = nome del tuo lettore;" dentro le parentesi graffe di "app default".
++		</li>
++		<li>
++		Salva, ed esci.
++		</li>
++	</ul>
++	  <p>&nbsp;</p>
++	  Per autenticarti con la CIE, digita l’URL del servizio di tuo interesse e clicca sul pulsante <strong>Entra con CIE</strong>.
++	  <p>&nbsp;</p>
++	<img class="android_image" src="https://idserver.servizicie.interno.gov.it/idp/images/entra_con_cie.png" alt="image">
++  <p>&nbsp;</p>
++	  <p>&nbsp;</p>
++	  Quando richiesto, procedi ad effettuare l’abilitazione della tua CIE sul computer, necessaria solo per il primo utilizzo. Ti occorrerà il codice <a href="https://www.cartaidentita.interno.gov.it/cosa-pin-puk-utilizzarli/" target="_blank">PIN</a> composto da 4 cifre ricevute al momento di presentazione della domanda e altre 4 cifre che ti sono state recapitate a casa insieme alla nuova Carta di Identità Elettronica. <strong>Ricorda: dopo aver terminato l'abilitazione, ogni volta che ti sarà richiesto l'inserimento del PIN è necessario inserire solo le ultime 4 cifre del PIN.</strong><a href="https://www.cartaidentita.interno.gov.it/richiesta-di-ristampa/" target="_blank">Clicca qui</a> se hai smarrito il PIN.
++  <p>&nbsp;</p>
++	<img class="android_image" src="https://idserver.servizicie.interno.gov.it/idp/images/win_abbina.png" alt="image">
++  <p>&nbsp;</p>
++	  <p>&nbsp;</p>
++
++	  Terminata l’abilitazione, ti verrà richiesto di scegliere il certificato con cui accedere al servizio e di inserire la seconda metà del PIN.
++  <p>&nbsp;</p>
++	<img class="android_image" src="https://idserver.servizicie.interno.gov.it/idp/images/win_firefox_pin.png" alt="image">
++  <p>&nbsp;</p>
++	  <p>&nbsp;</p>
++
++	  Inserito il PIN, clicca su OK o premi INVIO per accedere al servizio. Ti verrà mostrato il certificato digitale con cui accedere. Clicca su OK per proseguire.
++  <p>&nbsp;</p>
++	<img class="android_image" src="https://idserver.servizicie.interno.gov.it/idp/images/win_firefox7.png" alt="image">
++  <p>&nbsp;</p>
++	  <p>&nbsp;</p>
++
++</ol>
++	 <p>In caso di difficoltà, contatta il servizio di assistenza per i cittadini secondo le modalità indicate all’indirizzo <a href="https://www.cartaidentita.interno.gov.it/contatti/" target="_blank">https://www.cartaidentita.interno.gov.it/contatti/</a>. Se vuoi cambiare il PIN o l’hai dimenticato e intendi cambiarlo (avrai bisogno del PUK) consulta il manuale del Software CIE per conoscere la procedura. Il manuale è disponibile all’indirizzo <a href="https://www.cartaidentita.interno.gov.it/software-cie/" target="_blank">https://www.cartaidentita.interno.gov.it/software-cie/.</a></p>
++
++	  <p>&nbsp;</p>
++</div>
++</body>
++</html>
+-- 
+2.43.5
+