diff --git a/kms/apiv1/options_test.go b/kms/apiv1/options_test.go new file mode 100644 index 00000000..645b63b1 --- /dev/null +++ b/kms/apiv1/options_test.go @@ -0,0 +1,51 @@ +package apiv1 + +import ( + "testing" +) + +func TestOptions_Validate(t *testing.T) { + tests := []struct { + name string + options *Options + wantErr bool + }{ + {"nil", nil, false}, + {"softkms", &Options{Type: "softkms"}, false}, + {"cloudkms", &Options{Type: "cloudkms"}, false}, + {"awskms", &Options{Type: "awskms"}, true}, + {"pkcs11", &Options{Type: "pkcs11"}, true}, + {"unsupported", &Options{Type: "unsupported"}, true}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if err := tt.options.Validate(); (err != nil) != tt.wantErr { + t.Errorf("Options.Validate() error = %v, wantErr %v", err, tt.wantErr) + } + }) + } +} + +func TestErrNotImplemented_Error(t *testing.T) { + type fields struct { + msg string + } + tests := []struct { + name string + fields fields + want string + }{ + {"default", fields{}, "not implemented"}, + {"custom", fields{"custom message: not implemented"}, "custom message: not implemented"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + e := ErrNotImplemented{ + msg: tt.fields.msg, + } + if got := e.Error(); got != tt.want { + t.Errorf("ErrNotImplemented.Error() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/kms/apiv1/requests.go b/kms/apiv1/requests.go index 40187d4f..35c2fcae 100644 --- a/kms/apiv1/requests.go +++ b/kms/apiv1/requests.go @@ -90,10 +90,12 @@ func (s SignatureAlgorithm) String() string { } } +// GetPublicKeyRequest is the parameter used in the kms.GetPublicKey method. type GetPublicKeyRequest struct { Name string } +// CreateKeyRequest is the parameter used in the kms.CreateKey method. type CreateKeyRequest struct { Name string SignatureAlgorithm SignatureAlgorithm @@ -104,6 +106,7 @@ type CreateKeyRequest struct { ProtectionLevel ProtectionLevel } +// CreateKeyResponse is the response value of the kms.CreateKey method. type CreateKeyResponse struct { Name string PublicKey crypto.PublicKey @@ -111,6 +114,7 @@ type CreateKeyResponse struct { CreateSignerRequest CreateSignerRequest } +// CreateSignerRequest is the parameter used in the kms.CreateSigner method. type CreateSignerRequest struct { Signer crypto.Signer SigningKey string diff --git a/kms/apiv1/requests_test.go b/kms/apiv1/requests_test.go new file mode 100644 index 00000000..b378e631 --- /dev/null +++ b/kms/apiv1/requests_test.go @@ -0,0 +1,51 @@ +package apiv1 + +import "testing" + +func TestProtectionLevel_String(t *testing.T) { + tests := []struct { + name string + p ProtectionLevel + want string + }{ + {"unspecified", UnspecifiedProtectionLevel, "unspecified"}, + {"software", Software, "software"}, + {"hsm", HSM, "hsm"}, + {"unknown", ProtectionLevel(100), "unknown(100)"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := tt.p.String(); got != tt.want { + t.Errorf("ProtectionLevel.String() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestSignatureAlgorithm_String(t *testing.T) { + tests := []struct { + name string + s SignatureAlgorithm + want string + }{ + {"UnspecifiedSignAlgorithm", UnspecifiedSignAlgorithm, "unspecified"}, + {"SHA256WithRSA", SHA256WithRSA, "SHA256-RSA"}, + {"SHA384WithRSA", SHA384WithRSA, "SHA384-RSA"}, + {"SHA512WithRSA", SHA512WithRSA, "SHA512-RSA"}, + {"SHA256WithRSAPSS", SHA256WithRSAPSS, "SHA256-RSAPSS"}, + {"SHA384WithRSAPSS", SHA384WithRSAPSS, "SHA384-RSAPSS"}, + {"SHA512WithRSAPSS", SHA512WithRSAPSS, "SHA512-RSAPSS"}, + {"ECDSAWithSHA256", ECDSAWithSHA256, "ECDSA-SHA256"}, + {"ECDSAWithSHA384", ECDSAWithSHA384, "ECDSA-SHA384"}, + {"ECDSAWithSHA512", ECDSAWithSHA512, "ECDSA-SHA512"}, + {"PureEd25519", PureEd25519, "Ed25519"}, + {"unknown", SignatureAlgorithm(100), "unknown(100)"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := tt.s.String(); got != tt.want { + t.Errorf("SignatureAlgorithm.String() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/kms/kms_test.go b/kms/kms_test.go new file mode 100644 index 00000000..9b041e59 --- /dev/null +++ b/kms/kms_test.go @@ -0,0 +1,45 @@ +package kms + +import ( + "context" + "reflect" + "testing" + + "github.com/smallstep/certificates/kms/apiv1" + "github.com/smallstep/certificates/kms/cloudkms" + "github.com/smallstep/certificates/kms/softkms" +) + +func TestNew(t *testing.T) { + ctx := context.Background() + + type args struct { + ctx context.Context + opts apiv1.Options + } + tests := []struct { + name string + args args + want KeyManager + wantErr bool + }{ + {"softkms", args{ctx, apiv1.Options{Type: "softkms"}}, &softkms.SoftKMS{}, false}, + {"default", args{ctx, apiv1.Options{}}, &softkms.SoftKMS{}, false}, + {"cloudkms", args{ctx, apiv1.Options{Type: "cloudkms"}}, &cloudkms.CloudKMS{}, true}, // fails because not credentials + {"awskms", args{ctx, apiv1.Options{Type: "awskms"}}, nil, true}, // not yet supported + {"pkcs11", args{ctx, apiv1.Options{Type: "pkcs11"}}, nil, true}, // not yet supported + {"fail validation", args{ctx, apiv1.Options{Type: "foobar"}}, nil, true}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := New(tt.args.ctx, tt.args.opts) + if (err != nil) != tt.wantErr { + t.Errorf("New() error = %v, wantErr %v", err, tt.wantErr) + return + } + if reflect.TypeOf(got) != reflect.TypeOf(tt.want) { + t.Errorf("New() = %T, want %T", got, tt.want) + } + }) + } +}