in aws_signing_helper/pkcs11_signer.go [543:596]
func pkcs11PasswordPrompt(module *pkcs11.Ctx, session pkcs11.SessionHandle, userType uint, passwordName string, finalAuthErrMsg string) (pinValue string, err error) {
var (
parseErrMsg string
pin string
prompt string
ttyReadPath string
ttyWritePath string
ttyReadFile *os.File
ttyWriteFile *os.File
)
parseErrMsg = fmt.Sprintf("unable to read PKCS#11 %s", passwordName)
prompt = fmt.Sprintf("Please enter your %s:", passwordName)
ttyReadPath = "/dev/tty"
ttyWritePath = ttyReadPath
if runtime.GOOS == "windows" {
ttyReadPath = "CONIN$"
ttyWritePath = "CONOUT$"
}
ttyReadFile, err = os.OpenFile(ttyReadPath, os.O_RDWR, 0)
if err != nil {
return "", errors.New(parseErrMsg)
}
defer ttyReadFile.Close()
ttyWriteFile, err = os.OpenFile(ttyWritePath, os.O_WRONLY, 0)
if err != nil {
return "", errors.New(parseErrMsg)
}
defer ttyWriteFile.Close()
for true {
pin, err = GetPassword(ttyReadFile, ttyWriteFile, prompt, parseErrMsg)
if err != nil && err.Error() == parseErrMsg {
continue
}
err = module.Login(session, userType, pin)
if err != nil {
// Loop on failure in case the user mistyped their PIN.
if strings.Contains(err.Error(), "CKR_PIN_INCORRECT") {
prompt = fmt.Sprintf("Incorrect %s. Please re-enter your %s:", passwordName, passwordName)
continue
}
return "", fmt.Errorf(finalAuthErrMsg, err.Error())
}
return pin, nil
}
// The code should never reach here.
return "", fmt.Errorf("unexpected error when prompting for %s", passwordName)
}