Add tests with extractable property.

2021-10-28 19:45:19 -07:00 · 2021-10-28 19:45:19 -07:00 · fa11e82b67
commit fa11e82b67
parent 886b9a1d8d
2 changed files with 28 additions and 2 deletions
--- a/kms/pkcs11/pkcs11_test.go
+++ b/kms/pkcs11/pkcs11_test.go
@ -208,6 +208,16 @@ func TestPKCS11_CreateKey(t *testing.T) {
 				SigningKey: testObject,
 			},
 		}, false},
+		{"default extractable", args{&apiv1.CreateKeyRequest{
+			Name:        testObject,
+			Extractable: true,
+		}}, &apiv1.CreateKeyResponse{
+			Name:      testObject,
+			PublicKey: &ecdsa.PublicKey{},
+			CreateSignerRequest: apiv1.CreateSignerRequest{
+				SigningKey: testObject,
+			},
+		}, false},
 		{"RSA SHA256WithRSA", args{&apiv1.CreateKeyRequest{
 			Name:               testObject,
 			SignatureAlgorithm: apiv1.SHA256WithRSA,
@ -563,6 +573,7 @@ func TestPKCS11_StoreCertificate(t *testing.T) {
 	// Make sure to delete the created certificate
 	t.Cleanup(func() {
 		k.DeleteCertificate(testObject)
+		k.DeleteCertificate(testObjectAlt)
 	})

 	type args struct {
@ -577,6 +588,11 @@ func TestPKCS11_StoreCertificate(t *testing.T) {
 			Name:        testObject,
 			Certificate: cert,
 		}}, false},
+		{"ok extractable", args{&apiv1.StoreCertificateRequest{
+			Name:        testObjectAlt,
+			Certificate: cert,
+			Extractable: true,
+		}}, false},
 		{"fail already exists", args{&apiv1.StoreCertificateRequest{
 			Name:        testObject,
 			Certificate: cert,
@ -593,13 +609,22 @@ func TestPKCS11_StoreCertificate(t *testing.T) {
 			Name:        "http:id=7770;object=create-cert",
 			Certificate: cert,
 		}}, true},
-		{"fail ImportCertificateWithLabel", args{&apiv1.StoreCertificateRequest{
-			Name:        "pkcs11:foo=bar",
+		{"fail missing id", args{&apiv1.StoreCertificateRequest{
+			Name:        "pkcs11:object=create-cert",
+			Certificate: cert,
+		}}, true},
+		{"fail missing object", args{&apiv1.StoreCertificateRequest{
+			Name:        "pkcs11:id=7770;object=",
 			Certificate: cert,
 		}}, true},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+			if tt.args.req.Extractable {
+				if testModule == "SoftHSM2" {
+					t.Skip("Extractable certificates are not supported on SoftHSM2")
+				}
+			}
 			if err := k.StoreCertificate(tt.args.req); (err != nil) != tt.wantErr {
 				t.Errorf("PKCS11.StoreCertificate() error = %v, wantErr %v", err, tt.wantErr)
 			}
--- a/kms/pkcs11/setup_test.go
+++ b/kms/pkcs11/setup_test.go
@ -18,6 +18,7 @@ import (
 var (
 	testModule        = ""
 	testObject        = "pkcs11:id=7370;object=test-name"
+	testObjectAlt     = "pkcs11:id=7377;object=alt-test-name"
 	testObjectByID    = "pkcs11:id=7370"
 	testObjectByLabel = "pkcs11:object=test-name"
 	testKeys          = []struct {