3333
3434
3535def PYKCS11LIB ():
36- global _PYKCS11LIB
36+ global _PYKCS11LIB # pylint: disable=global-statement
3737 if _PYKCS11LIB is None :
3838 _PYKCS11LIB = PyKCS11 .PyKCS11Lib ()
3939 _PYKCS11LIB .load ()
@@ -96,11 +96,15 @@ def from_priv_key_uri(
9696 if uri .scheme != cls .SCHEME :
9797 raise ValueError (f"HSMSigner does not support { priv_key_uri } )
9898
99+ if secrets_handler is None :
100+ raise ValueError ("HSMSigner requires a secrets handler" )
101+
99102 # For now, we only support keyid 2, i.e. PIV slot 9c (Digital Signature)
100103 # https://developers.yubico.com/PIV/Introduction/Certificate_slots.html
104+ # https://developers.yubico.com/yubico-piv-tool/YKCS11/
101105 hsm_keyid = 2
102106
103- return HSMSigner (hsm_keyid , public_key , secrets_handler )
107+ return cls (hsm_keyid , public_key , secrets_handler )
104108
105109 def sign (self , payload : bytes ) -> Signature :
106110 """Signs payload with Hardware Security Module (HSM).
@@ -118,7 +122,7 @@ def sign(self, payload: bytes) -> Signature:
118122 lib = PYKCS11LIB ()
119123 slot_id = lib .getSlotList (tokenPresent = True )[0 ]
120124 session = lib .openSession (slot_id , PyKCS11 .CKF_RW_SESSION )
121- session .login (self .secrets_handler ())
125+ session .login (self .secrets_handler ("pin" ))
122126
123127 # Search for ecdsa public keys with passed keyid on HSM
124128 keys = session .findObjects (
0 commit comments