From aa27687850e5dccae3b741931499baab1d1c16cf Mon Sep 17 00:00:00 2001 From: Christopher Broglie Date: Mon, 20 May 2019 14:18:57 -0700 Subject: [PATCH 1/2] Report which fields for selecting token were provided We automatically generate the `crypto11.Config` values from a PKCS #11 URI, so it's helpful to be report exactly which fields were provided. --- crypto11.go | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/crypto11.go b/crypto11.go index f881461..ba6202e 100644 --- a/crypto11.go +++ b/crypto11.go @@ -90,8 +90,10 @@ package crypto11 import ( "crypto" "encoding/json" + "fmt" "io" "os" + "strings" "time" "github.com/vitessio/vitess/go/sync2" @@ -113,9 +115,6 @@ var errTokenNotFound = errors.New("could not find PKCS#11 token") // errClosed is returned if a Context is used after a call to Close. var errClosed = errors.New("cannot used closed Context") -// errAmbiguousToken is returned if the supplied Config specifies more than one way to select the token. -var errAmbiguousToken = errors.New("config must only specify one way to select a token") - // pkcs11Object contains a reference to a loaded PKCS#11 object. type pkcs11Object struct { // The PKCS#11 object handle. @@ -246,18 +245,20 @@ type Config struct { // Configure creates a new Context based on the supplied PKCS#11 configuration. func Configure(config *Config) (*Context, error) { // Have we been given exactly one way to select a token? - count := 0 + var fields []string if config.SlotNumber != nil { - count++ + fields = append(fields, "slot number") } if config.TokenLabel != "" { - count++ + fields = append(fields, "token label") } if config.TokenSerial != "" { - count++ + fields = append(fields, "token serial number") } - if count != 1 { - return nil, errAmbiguousToken + if len(fields) == 0 { + return nil, fmt.Errorf("config must specify exactly one way to select a token: none given") + } else if len(fields) > 1 { + return nil, fmt.Errorf("config must specify exactly one way to select a token: %v given", strings.Join(fields, ", ")) } if config.MaxSessions == 0 { From 940a4ad89c672be2869655cfd8375e68ffbd7b98 Mon Sep 17 00:00:00 2001 From: Christopher Broglie Date: Wed, 22 May 2019 14:22:43 -0700 Subject: [PATCH 2/2] Update tests for new error messages --- crypto11_test.go | 35 +++++++++++++++++++++++++++-------- 1 file changed, 27 insertions(+), 8 deletions(-) diff --git a/crypto11_test.go b/crypto11_test.go index fc84ff5..0f472f0 100644 --- a/crypto11_test.go +++ b/crypto11_test.go @@ -158,15 +158,34 @@ func TestKeyDelete(t *testing.T) { func TestAmbiguousTokenConfig(t *testing.T) { slotNum := 1 - badConfigs := []*Config{ - {TokenSerial: "serial", TokenLabel: "label"}, - {TokenSerial: "serial", SlotNumber: &slotNum}, - {SlotNumber: &slotNum, TokenLabel: "label"}, + tests := []struct { + config *Config + err string + }{ + { + config: &Config{TokenSerial: "serial", TokenLabel: "label"}, + err: "config must specify exactly one way to select a token: token label, token serial number given", + }, + { + config: &Config{TokenSerial: "serial", SlotNumber: &slotNum}, + err: "config must specify exactly one way to select a token: slot number, token serial number given", + }, + { + config: &Config{SlotNumber: &slotNum, TokenLabel: "label"}, + err: "config must specify exactly one way to select a token: slot number, token label given", + }, + { + config: &Config{}, + err: "config must specify exactly one way to select a token: none given", + }, } - - for _, config := range badConfigs { - _, err := Configure(config) - assert.Equal(t, errAmbiguousToken, err) + for i, test := range tests { + t.Run(fmt.Sprintf("test_%d", i), func(t *testing.T) { + _, err := Configure(test.config) + if assert.Error(t, err) { + assert.Equal(t, test.err, err.Error()) + } + }) } }