Skip to content

Commit

Permalink
Fix hardware key sign err shadow bug. (#37285)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Joerger
Joerger authored Jan 25, 2024
1 parent a9b3002 commit bca9688
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions api/utils/keys/yubikey.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -330,22 +330,22 @@ func (y *YubiKeyPrivateKey) sign(ctx context.Context, rand io.Reader, digest []b
const pivGenericAuthErrCodeString = "6982"

signature, err := signer.Sign(rand, digest, opts)
if err != nil && strings.Contains(err.Error(), pivGenericAuthErrCodeString) && manualRetryWithPIN {
switch {
case err == nil:
return signature, nil
case manualRetryWithPIN && strings.Contains(err.Error(), pivGenericAuthErrCodeString):
pin, err := promptPIN()
if err != nil {
return nil, trace.Wrap(err)
}
if err := yk.VerifyPIN(pin); err != nil {
return nil, trace.Wrap(err)
}
signature, err = signer.Sign(rand, digest, opts)
}

if err != nil {
signature, err := signer.Sign(rand, digest, opts)
return signature, trace.Wrap(err)
default:
return nil, trace.Wrap(err)
}

return signature, nil
}

func (y *YubiKeyPrivateKey) toPrivateKey() (*PrivateKey, error) {
Expand Down

0 comments on commit bca9688

Please sign in to comment.