From 88b832dfab800d0b2f77bf24078f44065cc30110 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 24 Feb 2023 13:27:50 +0900
Subject: [PATCH] Logout after use (when login).

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 tkd/pksign.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/tkd/pksign.c b/tkd/pksign.c
index 3c65f58c0..e922c936b 100644
--- a/tkd/pksign.c
+++ b/tkd/pksign.c
@@ -637,15 +637,18 @@ learn_keys (struct token *token)
   unsigned long err = 0;
   int i;
 
-  /* Detect private keys on the token.  */
+  /* Detect private keys on the token.
+   * It's good if it also offers raw public key material.
+   */
   detect_private_keys (token);
 
   /*
    * In some implementations (EC key on SoftHSMv2, for example),
-   * public key is not available in CKO_PRIVATE_KEY objects.
+   * attributes for raw public key material is not available in
+   * a CKO_PRIVATE_KEY object.
    *
-   * So, try to examine CKO_PUBLIC_KEY objects, if it provides
-   * public keys.
+   * We try to examine CKO_PUBLIC_KEY objects, too see if it provides
+   * raw public key material in a CKO_PUBLIC_KEY object.
    */
   check_public_keys (token);
 
@@ -658,6 +661,8 @@ learn_keys (struct token *token)
     }
 
 #if 0
+  /* Another way to get raw public key material is get it from the
+     certificate, if available. */
   get_certificate (token);
 #endif
 
@@ -801,7 +806,7 @@ main (int argc, const char *argv[])
             }
 
           /* XXX: Support each PIN for each token.  */
-          if (pin)
+          if (token->login_required && pin)
             login (token, pin, pin_len);
 
 	  puts ("************");
@@ -842,6 +847,9 @@ main (int argc, const char *argv[])
     {
       struct token *token = &ck->token_list[i];
 
+      if (token->valid && token->login_required && pin)
+        logout (token);
+
       close_session (token);
     }