in key/aziot-keys/src/key_pair.rs [578:627]
fn load_inner(
locations: &[crate::implementation::Location],
treat_malformed_as_missing: bool,
) -> Result<Option<KeyPair>, crate::AZIOT_KEYS_RC> {
for location in locations {
match location {
crate::implementation::Location::Filesystem(path) => match std::fs::read(path) {
Ok(private_key_pem) => {
let private_key =
match openssl::pkey::PKey::private_key_from_pem(&private_key_pem) {
Ok(private_key) => private_key,
Err(_) if treat_malformed_as_missing => continue,
Err(err) => return Err(err.into()),
};
// Copy private_key's public parameters into a new public key
let public_key_der = private_key.public_key_to_der()?;
let public_key = openssl::pkey::PKey::public_key_from_der(&public_key_der)?;
return Ok(Some(KeyPair::FileSystem(public_key, private_key)));
}
Err(err) if err.kind() == std::io::ErrorKind::NotFound => (),
Err(err) => return Err(crate::implementation::err_external(err)),
},
crate::implementation::Location::Pkcs11 { lib_path, uri } => {
let pkcs11_context = pkcs11::Context::load(lib_path.clone())
.map_err(crate::implementation::err_external)?;
let pkcs11_slot = pkcs11_context
.find_slot(&uri.slot_identifier)
.map_err(crate::implementation::err_external)?;
let pkcs11_session = pkcs11_context
.open_session(pkcs11_slot, uri.pin.clone())
.map_err(crate::implementation::err_external)?;
match pkcs11_session.get_key_pair(uri.object_label.as_deref()) {
Ok(key_pair) => return Ok(Some(KeyPair::Pkcs11(key_pair))),
Err(pkcs11::GetKeyError::KeyDoesNotExist) => (),
Err(err) => return Err(crate::implementation::err_external(err)),
}
}
}
}
Ok(None)
}