From 25483ba741e399ae629efdae8a864df1cdcb2d96 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 7 Feb 2025 14:31:06 -0500
Subject: [PATCH] Try to avoid requesting a PIN just to load a cert

In many tokens certificates can be loaded without logging into the
token,
If the URI unequivocally refrences a certificate object, try to load
it without forsing a login.

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 src/store.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/store.c b/src/store.c
index 8a637bbd..57b77642 100644
--- a/src/store.c
+++ b/src/store.c
@@ -97,7 +97,8 @@ static void store_fetch(struct p11prov_store_ctx *ctx,
         || login_behavior == PUBKEY_LOGIN_ALWAYS) {
         login = true;
     }
-    if (p11prov_uri_get_class(ctx->parsed_uri) == CKO_PUBLIC_KEY
+    if ((p11prov_uri_get_class(ctx->parsed_uri) == CKO_PUBLIC_KEY
+         || p11prov_uri_get_class(ctx->parsed_uri) == CKO_CERTIFICATE)
         && login_behavior != PUBKEY_LOGIN_ALWAYS) {
         login = false;
     }