From dd6a43ad139d726ead351b47df5cd749013e1846 Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano.cano@gmail.com>
Date: Thu, 4 Feb 2021 12:32:30 -0800
Subject: [PATCH] Add fake implementation of pkcs11 key manager without cgo.

This allows other binaries to import pkcs11 directly even if they
are compiled without cgo.
---
 kms/pkcs11/pkcs11_no_cgo.go | 42 +++++++++++++++++++++++++++++++++++--
 1 file changed, 40 insertions(+), 2 deletions(-)

diff --git a/kms/pkcs11/pkcs11_no_cgo.go b/kms/pkcs11/pkcs11_no_cgo.go
index e60a7563..87c9a36b 100644
--- a/kms/pkcs11/pkcs11_no_cgo.go
+++ b/kms/pkcs11/pkcs11_no_cgo.go
@@ -4,6 +4,7 @@ package pkcs11
 
 import (
 	"context"
+	"crypto"
 	"os"
 	"path/filepath"
 
@@ -11,9 +12,46 @@ import (
 	"github.com/smallstep/certificates/kms/apiv1"
 )
 
+var errUnsupported error
+
 func init() {
+	name := filepath.Base(os.Args[0])
+	errUnsupported = errors.Errorf("unsupported kms type 'pkcs11': %s is compiled without cgo support", name)
+
 	apiv1.Register(apiv1.PKCS11, func(ctx context.Context, opts apiv1.Options) (apiv1.KeyManager, error) {
-		name := filepath.Base(os.Args[0])
-		return nil, errors.Errorf("unsupported kms type 'pkcs11': %s is compiled without cgo support", name)
+		return nil, errUnsupported
 	})
 }
+
+// PKCS11 is the implementation of a KMS using the PKCS #11 standard.
+type PKCS11 struct{}
+
+// New implements the kms.KeyManager interface and without CGO will always
+// return an error.
+func New(ctx context.Context, opts apiv1.Options) (*PKCS11, error) {
+	return nil, errUnsupported
+}
+
+// GetPublicKey implements the kms.KeyManager interface and without CGO will always
+// return an error.
+func (*PKCS11) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error) {
+	return nil, errUnsupported
+}
+
+// CreateKey implements the kms.KeyManager interface and without CGO will always
+// return an error.
+func (*PKCS11) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyResponse, error) {
+	return nil, errUnsupported
+}
+
+// CreateSigner implements the kms.KeyManager interface and without CGO will always
+// return an error.
+func (*PKCS11) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, error) {
+	return nil, errUnsupported
+}
+
+// Close implements the kms.KeyManager interface and without CGO will always
+// return an error.
+func (*PKCS11) Close() error {
+	return errUnsupported
+}