Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Relax requirements around PKCS#11 config #387

Merged
merged 1 commit into from
Mar 7, 2024
Merged

Relax requirements around PKCS#11 config #387

merged 1 commit into from
Mar 7, 2024

Conversation

MatthiasValvekens
Copy link
Owner

Description of the changes

  • Allow key label / id to be defaulted from the corresponding cert settings and vice-versa. Most PKCS#11 token layouts follow a reasonable naming scheme where for a given key <> cert pair, either the IDs or the labels coincide, so this allows for better ergonomics there.
  • For directly instantiated PKCS11Signer s, delay throwing errors until key/cert lookup (allows even more flexibility at the cost of slightly less informative error messages at this level of the API)

Fixes #386

Caveats

There is a minor change in exception behaviour inside PKCS11Signer, since the __init__ method no longer does any validation.

Checklist

Please go over this checklist to increase the chances of your PR being worked on in a timely manner. Deviations are allowed with proper justification (see previous section).

  • I have read the project's CoC and contribution guidelines.
  • I understand and agree to the terms in the Developer Certificate of Origin as applied to this contribution.
  • All new code in this PR has full test coverage.

For new features (delete if not applicable)

  • I have discussed the implementation of this feature with the project maintainer(s) on the discussion forum or over email.
  • I have verified that my changes do not break existing API or CLI functionality, or ensured that all breaking changes are clearly documented in this PR.
  • All public API functionality in this PR is documented.

@MatthiasValvekens
Relax requirements around PKCS#11 config
99ab3b4 
 - Allow key label / id to be defaulted from the corresponding
   cert settings and vice-versa
 - For directly instantiated PKCS11Signers, delay throwing errors
   until key/cert lookup
   (allows even more flexibility at the cost of less informative error
    messages at this level of the API)

Fixes #386
@MatthiasValvekens MatthiasValvekens added the enhancement New feature or request label Mar 7, 2024
@codecov Codecov
Copy link

codecov bot commented Mar 7, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.83%. Comparing base (9936d8c) to head (99ab3b4).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master     #387   +/-   ##
=======================================
  Coverage   98.83%   98.83%           
=======================================
  Files         113      113           
  Lines       16291    16299    +8     
=======================================
+ Hits        16101    16109    +8     
  Misses        190      190
Flag Coverage Δ
unittests 98.83% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@MatthiasValvekens MatthiasValvekens merged commit 5041978 into master Mar 7, 2024
21 checks passed
@MatthiasValvekens MatthiasValvekens deleted the feature/relax-pkcs11-config branch March 14, 2024 22:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

PKCS11: identifiying signing key
1 participant
@MatthiasValvekens