[FAB-3772] Improve coverage for PKCS11 package (1 of 3)

This is the first of three patches to improve the coverage of the bccsp/pkcs11 package. This patch builds on top of https://gerrit.hyperledger.org/r/#/c/9441 Change-Id: If29efc543004ac6e72e6d91327e20fe227627c6b Signed-off-by: John Harrison <harrijk63@gmail.com>
hyperledger · May 26, 2017 · 67e2c09 · 67e2c09
1 parent df39698
commit 67e2c09
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 2 deletions.
diff --git a/bccsp/pkcs11/impl.go b/bccsp/pkcs11/impl.go
@@ -150,6 +150,9 @@ func (csp *impl) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, e
 		// Re-randomized an ECDSA public key
 		case *bccsp.ECDSAReRandKeyOpts:
 			pubKey := ecdsaK.pub
+			if pubKey == nil {
+				return nil, errors.New("Public base key cannot be nil.")
+			}
 			reRandOpts := opts.(*bccsp.ECDSAReRandKeyOpts)
 			tempSK := &ecdsa.PublicKey{
 				Curve: pubKey.Curve,
@@ -208,6 +211,10 @@ func (csp *impl) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, e
 		case *bccsp.ECDSAReRandKeyOpts:
 			reRandOpts := opts.(*bccsp.ECDSAReRandKeyOpts)
 			pubKey := ecdsaK.pub.pub
+			if pubKey == nil {
+				return nil, errors.New("Public base key cannot be nil.")
+			}
+
 			secret := csp.getSecretValue(ecdsaK.ski)
 			if secret == nil {
 				return nil, errors.New("Could not obtain EC Private Key")
@@ -271,7 +278,7 @@ func (csp *impl) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, e
 func (csp *impl) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error) {
 	// Validate arguments
 	if raw == nil {
-		return nil, errors.New("Invalid raw. Cannot be nil")
+		return nil, errors.New("Invalid raw. Cannot be nil.")
 	}
 
 	if opts == nil {
@@ -414,7 +421,7 @@ func (csp *impl) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.K
 		case *rsa.PublicKey:
 			return csp.KeyImport(pk, &bccsp.RSAGoPublicKeyImportOpts{Temporary: opts.Ephemeral()})
 		default:
-			return nil, errors.New("Certificate public key type not recognized. Supported keys: [ECDSA, RSA]")
+			return nil, errors.New("Certificate's public key type not recognized. Supported keys: [ECDSA, RSA]")
 		}
 
 	default:

diff --git a/bccsp/pkcs11/impl_test.go b/bccsp/pkcs11/impl_test.go
@@ -40,6 +40,8 @@ import (
 	"github.com/hyperledger/fabric/bccsp/signer"
 	"github.com/hyperledger/fabric/bccsp/sw"
 	"github.com/hyperledger/fabric/bccsp/utils"
+	"github.com/op/go-logging"
+	"github.com/stretchr/testify/assert"
 	"golang.org/x/crypto/sha3"
 )
 
@@ -57,6 +59,9 @@ type testConfig struct {
 }
 
 func TestMain(m *testing.M) {
+	// Activate DEBUG level to cover listAttrs function
+	logging.SetLevel(logging.DEBUG, "bccsp_p11")
+
 	ks, err := sw.NewFileBasedKeyStore(nil, os.TempDir(), false)
 	if err != nil {
 		fmt.Printf("Failed initiliazing KeyStore [%s]", err)
@@ -107,6 +112,61 @@ func TestMain(m *testing.M) {
 	os.Exit(0)
 }
 
+func TestNew(t *testing.T) {
+	opts := PKCS11Opts{
+		HashFamily: "SHA2",
+		SecLevel:   256,
+		SoftVerify: false,
+		Sensitive:  true,
+		Library:    "lib",
+		Label:      "ForFabric",
+		Pin:        "98765432",
+	}
+
+	// Setup PKCS11 library and provide initial set of values
+	lib, _, _ := FindPKCS11Lib()
+	opts.Library = lib
+
+	// Test for nil keystore
+	_, err := New(opts, nil)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Invalid bccsp.KeyStore instance. It must be different from nil.")
+
+	// Test for invalid PKCS11 loadLib
+	opts.Library = ""
+	_, err = New(opts, currentKS)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Failed initializing PKCS11 library")
+}
+
+func TestFindPKCS11LibEnvVars(t *testing.T) {
+	const (
+		dummy_PKCS11_LIB   = "/usr/lib/pkcs11"
+		dummy_PKCS11_PIN   = "98765432"
+		dummy_PKCS11_LABEL = "testing"
+	)
+
+	// Set environment variables used for test and preserve
+	// original values for restoration after test completion
+	orig_PKCS11_LIB := os.Getenv("PKCS11_LIB")
+	os.Setenv("PKCS11_LIB", dummy_PKCS11_LIB)
+
+	orig_PKCS11_PIN := os.Getenv("PKCS11_PIN")
+	os.Setenv("PKCS11_PIN", dummy_PKCS11_PIN)
+
+	orig_PKCS11_LABEL := os.Getenv("PKCS11_LABEL")
+	os.Setenv("PKCS11_LABEL", dummy_PKCS11_LABEL)
+
+	lib, pin, label := FindPKCS11Lib()
+	assert.EqualValues(t, dummy_PKCS11_LIB, lib, "FindPKCS11Lib did not return expected library")
+	assert.EqualValues(t, dummy_PKCS11_PIN, pin, "FindPKCS11Lib did not return expected pin")
+	assert.EqualValues(t, dummy_PKCS11_LABEL, label, "FindPKCS11Lib did not return expected label")
+
+	os.Setenv("PKCS11_LIB", orig_PKCS11_LIB)
+	os.Setenv("PKCS11_PIN", orig_PKCS11_PIN)
+	os.Setenv("PKCS11_LABEL", orig_PKCS11_LABEL)
+}
+
 func TestInvalidNewParameter(t *testing.T) {
 	lib, pin, label := FindPKCS11Lib()
 	opts := PKCS11Opts{