alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Add tests with extractable property.

Browse source
This commit is contained in:
Mariano Cano 2021-10-28 19:45:19 -07:00
parent 886b9a1d8d
commit fa11e82b67
2 changed files with 28 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
kms/pkcs11/pkcs11_test.go
View file

@ -208,6 +208,16 @@ func TestPKCS11_CreateKey(t *testing.T) {
SigningKey: testObject, SigningKey: testObject,
}, },
}, false}, }, false},
{"default extractable", args{&apiv1.CreateKeyRequest{
Name: testObject,
Extractable: true,
}}, &apiv1.CreateKeyResponse{
Name: testObject,
PublicKey: &ecdsa.PublicKey{},
CreateSignerRequest: apiv1.CreateSignerRequest{
SigningKey: testObject,
},
}, false},
{"RSA SHA256WithRSA", args{&apiv1.CreateKeyRequest{ {"RSA SHA256WithRSA", args{&apiv1.CreateKeyRequest{
Name: testObject, Name: testObject,
SignatureAlgorithm: apiv1.SHA256WithRSA, SignatureAlgorithm: apiv1.SHA256WithRSA,
@ -563,6 +573,7 @@ func TestPKCS11_StoreCertificate(t *testing.T) {
// Make sure to delete the created certificate // Make sure to delete the created certificate
t.Cleanup(func() { t.Cleanup(func() {
k.DeleteCertificate(testObject) k.DeleteCertificate(testObject)
k.DeleteCertificate(testObjectAlt)
}) })
type args struct { type args struct {
@ -577,6 +588,11 @@ func TestPKCS11_StoreCertificate(t *testing.T) {
Name: testObject, Name: testObject,
Certificate: cert, Certificate: cert,
}}, false}, }}, false},
{"ok extractable", args{&apiv1.StoreCertificateRequest{
Name: testObjectAlt,
Certificate: cert,
Extractable: true,
}}, false},
{"fail already exists", args{&apiv1.StoreCertificateRequest{ {"fail already exists", args{&apiv1.StoreCertificateRequest{
Name: testObject, Name: testObject,
Certificate: cert, Certificate: cert,
@ -593,13 +609,22 @@ func TestPKCS11_StoreCertificate(t *testing.T) {
Name: "http:id=7770;object=create-cert", Name: "http:id=7770;object=create-cert",
Certificate: cert, Certificate: cert,
}}, true}, }}, true},
{"fail ImportCertificateWithLabel", args{&apiv1.StoreCertificateRequest{ {"fail missing id", args{&apiv1.StoreCertificateRequest{
Name: "pkcs11:foo=bar", Name: "pkcs11:object=create-cert",
Certificate: cert,
}}, true},
{"fail missing object", args{&apiv1.StoreCertificateRequest{
Name: "pkcs11:id=7770;object=",
Certificate: cert, Certificate: cert,
}}, true}, }}, true},
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
if tt.args.req.Extractable {
if testModule == "SoftHSM2" {
t.Skip("Extractable certificates are not supported on SoftHSM2")
}
}
if err := k.StoreCertificate(tt.args.req); (err != nil) != tt.wantErr { if err := k.StoreCertificate(tt.args.req); (err != nil) != tt.wantErr {
t.Errorf("PKCS11.StoreCertificate() error = %v, wantErr %v", err, tt.wantErr) t.Errorf("PKCS11.StoreCertificate() error = %v, wantErr %v", err, tt.wantErr)
} }

1
kms/pkcs11/setup_test.go
View file

@ -18,6 +18,7 @@ import (
var ( var (
testModule = "" testModule = ""
testObject = "pkcs11:id=7370;object=test-name" testObject = "pkcs11:id=7370;object=test-name"
testObjectAlt = "pkcs11:id=7377;object=alt-test-name"
testObjectByID = "pkcs11:id=7370" testObjectByID = "pkcs11:id=7370"
testObjectByLabel = "pkcs11:object=test-name" testObjectByLabel = "pkcs11:object=test-name"
testKeys = []struct { testKeys = []struct {