Merge pull request #42 from cbroglie/cbroglie/friendly-configure-errors

Report which fields for selecting token were provided
ThalesGroup · May 28, 2019 · 5b9eb55 · 5b9eb55
2 parents 38ef753 + 940a4ad
commit 5b9eb55
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 17 deletions.
diff --git a/crypto11.go b/crypto11.go
@@ -90,8 +90,10 @@ package crypto11
 import (
 	"crypto"
 	"encoding/json"
+	"fmt"
 	"io"
 	"os"
+	"strings"
 	"time"
 
 	"github.com/vitessio/vitess/go/sync2"
@@ -113,9 +115,6 @@ var errTokenNotFound = errors.New("could not find PKCS#11 token")
 // errClosed is returned if a Context is used after a call to Close.
 var errClosed = errors.New("cannot used closed Context")
 
-// errAmbiguousToken is returned if the supplied Config specifies more than one way to select the token.
-var errAmbiguousToken = errors.New("config must only specify one way to select a token")
-
 // pkcs11Object contains a reference to a loaded PKCS#11 object.
 type pkcs11Object struct {
 	// The PKCS#11 object handle.
@@ -246,18 +245,20 @@ type Config struct {
 // Configure creates a new Context based on the supplied PKCS#11 configuration.
 func Configure(config *Config) (*Context, error) {
 	// Have we been given exactly one way to select a token?
-	count := 0
+	var fields []string
 	if config.SlotNumber != nil {
-		count++
+		fields = append(fields, "slot number")
 	}
 	if config.TokenLabel != "" {
-		count++
+		fields = append(fields, "token label")
 	}
 	if config.TokenSerial != "" {
-		count++
+		fields = append(fields, "token serial number")
 	}
-	if count != 1 {
-		return nil, errAmbiguousToken
+	if len(fields) == 0 {
+		return nil, fmt.Errorf("config must specify exactly one way to select a token: none given")
+	} else if len(fields) > 1 {
+		return nil, fmt.Errorf("config must specify exactly one way to select a token: %v given", strings.Join(fields, ", "))
 	}
 
 	if config.MaxSessions == 0 {

diff --git a/crypto11_test.go b/crypto11_test.go
@@ -158,15 +158,34 @@ func TestKeyDelete(t *testing.T) {
 
 func TestAmbiguousTokenConfig(t *testing.T) {
 	slotNum := 1
-	badConfigs := []*Config{
-		{TokenSerial: "serial", TokenLabel: "label"},
-		{TokenSerial: "serial", SlotNumber: &slotNum},
-		{SlotNumber: &slotNum, TokenLabel: "label"},
+	tests := []struct {
+		config *Config
+		err    string
+	}{
+		{
+			config: &Config{TokenSerial: "serial", TokenLabel: "label"},
+			err:    "config must specify exactly one way to select a token: token label, token serial number given",
+		},
+		{
+			config: &Config{TokenSerial: "serial", SlotNumber: &slotNum},
+			err:    "config must specify exactly one way to select a token: slot number, token serial number given",
+		},
+		{
+			config: &Config{SlotNumber: &slotNum, TokenLabel: "label"},
+			err:    "config must specify exactly one way to select a token: slot number, token label given",
+		},
+		{
+			config: &Config{},
+			err:    "config must specify exactly one way to select a token: none given",
+		},
 	}
-
-	for _, config := range badConfigs {
-		_, err := Configure(config)
-		assert.Equal(t, errAmbiguousToken, err)
+	for i, test := range tests {
+		t.Run(fmt.Sprintf("test_%d", i), func(t *testing.T) {
+			_, err := Configure(test.config)
+			if assert.Error(t, err) {
+				assert.Equal(t, test.err, err.Error())
+			}
+		})
 	}
 }