pkcs15-jpki.c - minidriver problem with reading public key

Add SC_PKCS15_CO_FLAG_PRIVATE on "Digital Signature Public Key" and
set pubkey_obj.flags and pubkey_obj.auth_id to use the Sign KEY
so minidriver.c can request the pin before reading the public key.
Card enforces this as perspecs.

Partial fix for OpenSC#3169 Only pkcs15-jpki.c is changed.

In addition to changes in OpenSC#3167 that address "user_consent" using
"PinCacheAlwaysPrompt", The JPKI card forces the user to verify the Sign PIN
before the public key is read. But to use the Sign KEY,
Windows minidriver specs V7.07 says: the "CCP_CONTAINER_INFO"
contains "cbSigPublicKey" and "pbSigPublicKey"
which is needed before the key is selected.

It might be possible to add bogus information in these and
substitute the real values at a later time. But this will require
someone with a working card.

 On branch minidriver-PinCacheAlwaysPrompt
 Changes to be committed:
	modified:   libopensc/pkcs15-jpki.c

 On branch JPKI-Improvments
 Changes to be committed:
	modified:   libopensc/pkcs15-jpki.c

src/libopensc/pkcs15-jpki.c

@@ -199,6 +199,11 @@ sc_pkcs15emu_jpki_init(sc_pkcs15_card_t * p15card)
 			"User Authentication Public Key",
 			"Digital Signature Public Key"
 		};
+		static int jpki_pubkey_flags[2] = {
+			0,
+			SC_PKCS15_CO_FLAG_PRIVATE
+		};
+		static int jpki_pubkey_auth_id[2] = {0, 2};
 		struct sc_pkcs15_pubkey_info pubkey_info;
 		struct sc_pkcs15_object pubkey_obj;
 		static char const *jpki_pubkey_paths[2] = {
@@ -217,6 +222,9 @@ sc_pkcs15emu_jpki_init(sc_pkcs15_card_t * p15card)
 
 		sc_format_path(jpki_pubkey_paths[i], &pubkey_info.path);
 		pubkey_info.path.type = SC_PATH_TYPE_FILE_ID;
+		pubkey_obj.flags = jpki_pubkey_flags[i];
+		pubkey_obj.auth_id.len = 1;
+		pubkey_obj.auth_id.value[0] = jpki_pubkey_auth_id[i];
 
 		rc = sc_pkcs15emu_add_rsa_pubkey(p15card, &pubkey_obj, &pubkey_info);
 		if (rc < 0) {