Token selection should not insist on name or serial of the token

[chris2511]

Issue:

1. Create a new key
2. Export it to 2 tokens
3. Delete it and import it from token1
4. Put token2 into the reader and try to create a selfsigned cert.

Observed behavior:
XCA will insist on inserting token1 and not issue the certificate with token2
Expected behavior:
XCA first looks for the key on the current token(s) only by modulus.

[pieska]

This is a serious issue if you have a HSM failure and import your keys into a new HSM which obviously has a different serial number.
In my opinion XCA should NOT check the serial or should have a button to register the HSM's serial number. I disabled the serial check, in my opinion the label is sufficent and i needed access to my keys on the replacement HSM. Here's the patch if someone has the same issue:

--- xca-2.1.2/lib/pki_scard.cpp.1	2018-11-07 19:06:57.000000000 +0100
+++ xca-2.1.2/lib/pki_scard.cpp	2019-10-09 20:00:04.495026213 +0200
@@ -603,8 +603,11 @@ bool pki_scard::prepare_card(slotid *slo
 		for (i=0; i<p11_slots.count(); i++) {
 			pkcs11 myp11;
 			tkInfo ti = myp11.tokenInfo(p11_slots[i]);
+/*
 			if (ti.label() == card_label &&
 			    ti.serial() == card_serial)
+*/
+			if (ti.label() == card_label)
 			{
 				break;
 			}

[chris2511]

Closed by 4bce90e