3e6137110b
This adds a new KMS, SSHAgentKMS, which is a KMS to provide signing keys for issuing ssh certificates signed by a key managed by a ssh-agent. It uses the golang.org/x/crypto package to get a native Go implementation to talk to a ssh-agent. This was primarly written to be able to use gpg-agent to provide the keys stored in a YubiKeys openpgp interface, but can be used for other setups like proxying a ssh-agent over network. That way the signing key for ssh certificates can be kept in a "sign-only" hsm. This code was written for my employer Intinor AB, but for simplicity sake gifted to me to contribute upstream. Signed-off-by: Anton Lundin <glance@acc.umu.se>
52 lines
1.2 KiB
Go
52 lines
1.2 KiB
Go
package apiv1
|
|
|
|
import (
|
|
"testing"
|
|
)
|
|
|
|
func TestOptions_Validate(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
options *Options
|
|
wantErr bool
|
|
}{
|
|
{"nil", nil, false},
|
|
{"softkms", &Options{Type: "softkms"}, false},
|
|
{"cloudkms", &Options{Type: "cloudkms"}, false},
|
|
{"awskms", &Options{Type: "awskms"}, false},
|
|
{"sshagentkms", &Options{Type: "sshagentkms"}, false},
|
|
{"pkcs11", &Options{Type: "pkcs11"}, true},
|
|
{"unsupported", &Options{Type: "unsupported"}, true},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
if err := tt.options.Validate(); (err != nil) != tt.wantErr {
|
|
t.Errorf("Options.Validate() error = %v, wantErr %v", err, tt.wantErr)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestErrNotImplemented_Error(t *testing.T) {
|
|
type fields struct {
|
|
msg string
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
want string
|
|
}{
|
|
{"default", fields{}, "not implemented"},
|
|
{"custom", fields{"custom message: not implemented"}, "custom message: not implemented"},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
e := ErrNotImplemented{
|
|
msg: tt.fields.msg,
|
|
}
|
|
if got := e.Error(); got != tt.want {
|
|
t.Errorf("ErrNotImplemented.Error() = %v, want %v", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|