From 179e793f1aa344fc0452612f6cb619f8e4ec2e10 Mon Sep 17 00:00:00 2001
From: Pierre Laden <pladen@acipia.fr>
Date: Wed, 16 Sep 2020 21:59:48 +0200
Subject: [PATCH 1/3] - provide PINpolicy always to piv-go to avoid trying to
 use attestation cert, which we might not have

- bump piv-go version to 1.6.0
---
 go.mod                 | 2 +-
 kms/yubikey/yubikey.go | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index a71d716c..9a58d7ce 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.1.0
 	github.com/aws/aws-sdk-go v1.30.29
 	github.com/go-chi/chi v4.0.2+incompatible
-	github.com/go-piv/piv-go v1.5.0
+	github.com/go-piv/piv-go v1.6.0
 	github.com/googleapis/gax-go/v2 v2.0.5
 	github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a // indirect
 	github.com/lunixbochs/vtclean v1.0.0 // indirect
diff --git a/kms/yubikey/yubikey.go b/kms/yubikey/yubikey.go
index 28c41f95..acb94b81 100644
--- a/kms/yubikey/yubikey.go
+++ b/kms/yubikey/yubikey.go
@@ -142,6 +142,7 @@ func (k *YubiKey) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, e
 
 	priv, err := k.yk.PrivateKey(slot, cert.PublicKey, piv.KeyAuth{
 		PIN: k.pin,
+		PINPolicy:   piv.PINPolicyAlways,
 	})
 	if err != nil {
 		return nil, errors.Wrap(err, "error retrieving private key")

From 290d5ee97988501fbc8406d66e2404dab81b850c Mon Sep 17 00:00:00 2001
From: Pierre Laden <pladen@acipia.fr>
Date: Wed, 16 Sep 2020 22:15:42 +0200
Subject: [PATCH 2/3] fix gofmt complain

---
 kms/yubikey/yubikey.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kms/yubikey/yubikey.go b/kms/yubikey/yubikey.go
index acb94b81..732921c8 100644
--- a/kms/yubikey/yubikey.go
+++ b/kms/yubikey/yubikey.go
@@ -142,7 +142,7 @@ func (k *YubiKey) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, e
 
 	priv, err := k.yk.PrivateKey(slot, cert.PublicKey, piv.KeyAuth{
 		PIN: k.pin,
-		PINPolicy:   piv.PINPolicyAlways,
+		PINPolicy: piv.PINPolicyAlways,
 	})
 	if err != nil {
 		return nil, errors.Wrap(err, "error retrieving private key")

From 692f7692a272933712b4e82b225dcff97839cae1 Mon Sep 17 00:00:00 2001
From: Pierre Laden <pladen@acipia.fr>
Date: Wed, 16 Sep 2020 22:26:53 +0200
Subject: [PATCH 3/3] fix #2 indentation

---
 kms/yubikey/yubikey.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kms/yubikey/yubikey.go b/kms/yubikey/yubikey.go
index 732921c8..6f2a5c18 100644
--- a/kms/yubikey/yubikey.go
+++ b/kms/yubikey/yubikey.go
@@ -141,7 +141,7 @@ func (k *YubiKey) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, e
 	}
 
 	priv, err := k.yk.PrivateKey(slot, cert.PublicKey, piv.KeyAuth{
-		PIN: k.pin,
+		PIN:       k.pin,
 		PINPolicy: piv.PINPolicyAlways,
 	})
 	if err != nil {