Close key manager.

This commit is contained in:
Mariano Cano 2021-02-01 15:28:09 -08:00
parent 3fdab93ab8
commit 1d2146166b

View file

@ -137,6 +137,10 @@ func main() {
fatal(err) fatal(err)
} }
defer func() {
_ = k.Close()
}()
// Check if the slots are empty, fail if they are not // Check if the slots are empty, fail if they are not
certUris := []string{ certUris := []string{
c.RootObject, c.CrtObject, c.RootObject, c.CrtObject,
@ -168,17 +172,17 @@ func main() {
// Some HSMs like Nitrokey will overwrite the key with the // Some HSMs like Nitrokey will overwrite the key with the
// certificate label. // certificate label.
if err := deleter.DeleteKey(u); err != nil { if err := deleter.DeleteKey(u); err != nil {
fatal(err) fatalClose(err, k)
} }
if err := deleter.DeleteCertificate(u); err != nil { if err := deleter.DeleteCertificate(u); err != nil {
fatal(err) fatalClose(err, k)
} }
} }
} }
for _, u := range keyUris { for _, u := range keyUris {
if u != "" { if u != "" {
if err := deleter.DeleteKey(u); err != nil { if err := deleter.DeleteKey(u); err != nil {
fatal(err) fatalClose(err, k)
} }
} }
} }
@ -186,12 +190,8 @@ func main() {
} }
if err := createPKI(k, c); err != nil { if err := createPKI(k, c); err != nil {
fatal(err) fatalClose(err, k)
} }
defer func() {
_ = k.Close()
}()
} }
func fatal(err error) { func fatal(err error) {
@ -203,6 +203,11 @@ func fatal(err error) {
os.Exit(1) os.Exit(1)
} }
func fatalClose(err error, k kms.KeyManager) {
_ = k.Close()
fatal(err)
}
func usage() { func usage() {
fmt.Fprintln(os.Stderr, "Usage: step-pkcs11-init") fmt.Fprintln(os.Stderr, "Usage: step-pkcs11-init")
fmt.Fprintln(os.Stderr, ` fmt.Fprintln(os.Stderr, `
@ -228,6 +233,7 @@ func checkCertificate(k kms.KeyManager, rawuri string) {
}); err == nil { }); err == nil {
fmt.Fprintf(os.Stderr, "⚠️ Your PKCS #11 module already has a certificate on %s.\n", rawuri) fmt.Fprintf(os.Stderr, "⚠️ Your PKCS #11 module already has a certificate on %s.\n", rawuri)
fmt.Fprintln(os.Stderr, " If you want to delete it and start fresh, use `--force`.") fmt.Fprintln(os.Stderr, " If you want to delete it and start fresh, use `--force`.")
_ = k.Close()
os.Exit(1) os.Exit(1)
} }
} }
@ -239,6 +245,7 @@ func checkObject(k kms.KeyManager, rawuri string) {
}); err == nil { }); err == nil {
fmt.Fprintf(os.Stderr, "⚠️ Your PKCS #11 module already has a key on %s.\n", rawuri) fmt.Fprintf(os.Stderr, "⚠️ Your PKCS #11 module already has a key on %s.\n", rawuri)
fmt.Fprintln(os.Stderr, " If you want to delete it and start fresh, use `--force`.") fmt.Fprintln(os.Stderr, " If you want to delete it and start fresh, use `--force`.")
_ = k.Close()
os.Exit(1) os.Exit(1)
} }
} }