When a smartcard error occurs, disconnect to avoid sticky errors.

[linux-dallas-multipass] / README

A proxy to be able to use Buypass (www.buypass.no) smart cards on Linux.
Roughly equivalent to Buypass' official “Javafri” application (aka SCProxy),
but obviously highly unofficial.

Licensed under GPLv2+. If you use this for anything, you're clearly insane.
I don't know Rust.

To build, you'll need a bazillion Rust crates, because who can serve HTTPS
and talk to a smartcard reader without 105 dependencies. Generate a self-signed
certificate:

  openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 3650 -nodes -subj "/C=NO/CN=localhost CA for multipass"
  openssl rsa -in key.pem > cert.rsa

If you want it to work in Chrome, you'll actually need to go via a CA, so slightly
more involved:

  openssl req -x509 -newkey rsa:4096 -keyout CA-key.pem -out CA-cert.pem -days 3650 -nodes -subj "/C=NO/CN=localhost CA for multipass"
  openssl req -newkey rsa:4096 -keyout key.pem -out server-cert.csr -days 3650 -nodes -subj "/C=NO/CN=127.0.0.1" -addext "subjectAltName = IP.1:127.0.0.1"
  cat <<EOF >extensions.conf
[v3_ca]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = IP.1:127.0.0.1
EOF
  openssl x509 -req -days 3650 -in server-cert.csr -CA CA-cert.pem -CAkey CA-key.pem -CAcreateserial -out cert.pem -extensions v3_ca -extfile extensions.conf
  openssl rsa -in key.pem > cert.rsa

Install the certificate (or CA certificate) in your browser. You'll also need
to spoof the User-Agent to say Windows, or Buypass will complain about the
lack of Java.

Build and run:

  sudo apt install pcscd libpcsclite-dev
  cargo run

Insert the smartcard in your reader, and then go to www.helsenorge.no to log in.
There's an example systemd service in multipass.service for persistent running
(do cargo build --release first, then adjust path).