in aws_signing_helper/cert_store_signer_windows.go [268:338]
func GetCertStoreSigner(certIdentifier CertIdentifier, useLatestExpiringCert bool) (signer Signer, signingAlgorithm string, err error) {
var (
privateKey *winPrivateKey
selectedCertContainer CertificateContainer
cert *x509.Certificate
certCtx *windows.CertContext
certChain []*x509.Certificate
)
store, certCtxs, certChains, certContainers, err := GetMatchingCertsAndChain(certIdentifier)
if err != nil {
goto fail
}
if len(certContainers) == 0 {
err = errors.New("no matching certs found in cert store")
goto fail
}
if useLatestExpiringCert {
sort.Sort(CertificateContainerList(certContainers))
} else {
if len(certContainers) > 1 {
err = errors.New("multiple matching identities")
goto fail
}
}
selectedCertContainer = certContainers[len(certContainers)-1]
if Debug {
log.Printf("selected certificate: %s", DefaultCertContainerToString(selectedCertContainer))
}
cert = selectedCertContainer.Cert
certCtx = certCtxs[selectedCertContainer.Index]
certChain = certChains[selectedCertContainer.Index]
signer = &WindowsCertStoreSigner{store: store, cert: cert, certCtx: certCtx, certChain: certChain}
privateKey, err = signer.(*WindowsCertStoreSigner).getPrivateKey()
if err != nil {
goto fail
}
// Find the signing algorithm
switch privateKey.publicKey.(type) {
case *ecdsa.PublicKey:
signingAlgorithm = aws4_x509_ecdsa_sha256
case *rsa.PublicKey:
signingAlgorithm = aws4_x509_rsa_sha256
default:
err = errors.New("unsupported algorithm")
goto fail
}
return signer, signingAlgorithm, err
fail:
for i, curCertCtx := range certCtxs {
if curCertCtx != nil {
windows.CertFreeCertificateContext(curCertCtx)
certCtxs[i] = nil
}
}
if signer != nil {
signer.Close()
}
if store != 0 {
windows.CertCloseStore(store, 0)
}
return nil, "", err
}