func (ps *Key) getPrivateKey(module *pkcs11.Ctx, session pkcs11.SessionHandle, label string) (pkcs11.ObjectHandle, error) {
var noHandle pkcs11.ObjectHandle
template := []*pkcs11.Attribute{
pkcs11.NewAttribute(pkcs11.CKA_CLASS, pkcs11.CKO_PRIVATE_KEY),
pkcs11.NewAttribute(pkcs11.CKA_LABEL, label),
}
if err := module.FindObjectsInit(session, template); err != nil {
return noHandle, err
}
objs, _, err := module.FindObjects(session, 2)
if err != nil {
return noHandle, err
}
if err = module.FindObjectsFinal(session); err != nil {
return noHandle, err
}
if len(objs) == 0 {
return noHandle, fmt.Errorf("private key not found")
}
privateKeyHandle := objs[0]
// Check whether the key has the CKA_ALWAYS_AUTHENTICATE attribute.
// If so, fail: we don't want to have to re-authenticate for each sign
// operation.
attributes, err := module.GetAttributeValue(session, privateKeyHandle, []*pkcs11.Attribute{
pkcs11.NewAttribute(pkcs11.CKA_ALWAYS_AUTHENTICATE, false),
})
if err != nil {
return noHandle, err
}
for _, attribute := range attributes {
if len(attribute.Value) > 0 && attribute.Value[0] == 1 {
ps.alwaysAuthenticate = true
}
}
return privateKeyHandle, nil
}
func getPrivateKey(context *pkcs11.Ctx, session pkcs11.SessionHandle, label string) (pkcs11.ObjectHandle, error) {
var noKey pkcs11.ObjectHandle
template := []*pkcs11.Attribute{
pkcs11.NewAttribute(pkcs11.CKA_CLASS, pkcs11.CKO_PRIVATE_KEY),
pkcs11.NewAttribute(pkcs11.CKA_LABEL, label),
}
if err := context.FindObjectsInit(session, template); err != nil {
return noKey, err
}
objs, _, err := context.FindObjects(session, 2)
if err != nil {
return noKey, err
}
if err = context.FindObjectsFinal(session); err != nil {
return noKey, err
}
if len(objs) == 0 {
err = fmt.Errorf("private key not found")
return noKey, err
}
return objs[0], nil
}