From f50efb529fcd5a84f9b7c8ce8e652d90e45adffa Mon Sep 17 00:00:00 2001 From: Jeff Hodges Date: Tue, 12 Nov 2024 09:35:38 -0800 Subject: [PATCH] put fakehsm lower --- .../contentsignature_test.go | 74 +++++++++---------- 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/signer/contentsignaturepki/contentsignature_test.go b/signer/contentsignaturepki/contentsignature_test.go index 7380327a5..c50c5586c 100644 --- a/signer/contentsignaturepki/contentsignature_test.go +++ b/signer/contentsignaturepki/contentsignature_test.go @@ -310,43 +310,6 @@ func TestReadRandFailureOnSignHash(t *testing.T) { } } -type fakeHSM struct { - slotToKeys map[string]crypto.PrivateKey -} - -// GetPrivateKey implements signer.HSM. -func (f *fakeHSM) GetPrivateKey(label []byte) (crypto.PrivateKey, error) { - key, ok := f.slotToKeys[string(label)] - if !ok { - return nil, fmt.Errorf("key not found") - } - return key, nil -} - -// GetRand implements signer.HSM. -func (f *fakeHSM) GetRand() io.Reader { - return rand.Reader -} - -// MakeKey creats a key but currently only makes P256 ecdsa kyes. -func (f *fakeHSM) MakeKey(keyTpl interface{}, keyName string) (crypto.PrivateKey, crypto.PublicKey, error) { - switch keyTpl.(type) { - case *ecdsa.PublicKey: - _, ok := f.slotToKeys[keyName] - if ok { - return nil, nil, fmt.Errorf("fakeHSM: key with name %q already exists", keyName) - } - priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - return nil, nil, fmt.Errorf("fakeHSM: failed to generate key: %v", err) - } - f.slotToKeys[keyName] = priv - return priv, priv.Public(), nil - default: - return nil, nil, fmt.Errorf("fakeHSM: making key of type %T is not supported", keyTpl) - } -} - // TestExistingEEKeyShouldWork is an attempt to mimic autograph booting up after // a restart with an existing EE key. That is, the first signer creates the EE // key in the HSM, and the second one should pick it up successfully. @@ -470,3 +433,40 @@ func newTestDBHandler(t *testing.T) *database.Handler { }) return dbHandler } + +type fakeHSM struct { + slotToKeys map[string]crypto.PrivateKey +} + +// GetPrivateKey implements signer.HSM. +func (f *fakeHSM) GetPrivateKey(label []byte) (crypto.PrivateKey, error) { + key, ok := f.slotToKeys[string(label)] + if !ok { + return nil, fmt.Errorf("key not found") + } + return key, nil +} + +// GetRand implements signer.HSM. +func (f *fakeHSM) GetRand() io.Reader { + return rand.Reader +} + +// MakeKey creats a key but currently only makes P256 ecdsa kyes. +func (f *fakeHSM) MakeKey(keyTpl interface{}, keyName string) (crypto.PrivateKey, crypto.PublicKey, error) { + switch keyTpl.(type) { + case *ecdsa.PublicKey: + _, ok := f.slotToKeys[keyName] + if ok { + return nil, nil, fmt.Errorf("fakeHSM: key with name %q already exists", keyName) + } + priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + return nil, nil, fmt.Errorf("fakeHSM: failed to generate key: %v", err) + } + f.slotToKeys[keyName] = priv + return priv, priv.Public(), nil + default: + return nil, nil, fmt.Errorf("fakeHSM: making key of type %T is not supported", keyTpl) + } +}