The wrapper fails to call C_FindObjectsFinal

[sandevins]

I'm trying to use the library to sign a hash using a custom PKCS#11 provider with the following code.

    lib = pkcs11.lib(lib_path)

    token = lib.get_token()
    with token.open(user_pin=pin) as session:

        if cert_label:
            certs = session.get_objects({pkcs11.Attribute.LABEL: cert_label})
        elif cert_id:
            certs = session.get_objects({pkcs11.Attribute.ID: cert_id})
        else:
            raise ValueError("You have to specify a cert_id or a cert_label")

        if not certs:
            raise pkcs11.exceptions.NoSuchObject("Certificate was not found")

        cert = next(certs)

        priv_keys = session.get_objects({
            pkcs11.Attribute.CLASS: pkcs11.ObjectClass.PRIVATE_KEY,
            pkcs11.Attribute.ID: cert[pkcs11.Attribute.ID]
        })

The thing is when I call session.get_objects({pkcs11.Attribute.LABEL: cert_label}) these are the calls to the provider:

| C_FindObjectsInit:              | OUT:  1 objects found
| C_FindObjectsInit:              | Exit: CKR_OK
| C_FindObjects:                   |
| C_FindObjects:                   | Exit: CKR_OK
| C_GetAttributeValue:         |
...

The library doesn't call C_FindObjectsFinal, which means that the operation is still on progress. When the program gets to priv_keys = session.get_objects({... the provider returns Exit: CKR_OPERATION_ACTIVE.

Is there something that I'm missing? Maybe I have to call C_FindObjectsFinal manually.

[MatthiasValvekens]

It's indeed true that C_FindObjectsFinal is in principle only called after you fully consume the generator returned by get_objects. After all, the library has no way of knowing that you're done reading until after that point.

The recently merged PR #208 also makes it so that if you abort the generator (either explicitly with del or by letting it be garbage collected), C_FindObjectsFinal will also be invoked.