Skip to content

Commit

Permalink
Add tests for bad configurations
Browse files Browse the repository at this point in the history
  • Loading branch information
sosthene-nitrokey committed Jan 10, 2024
1 parent 0facff0 commit 457fc9a
Show file tree
Hide file tree
Showing 4 changed files with 105 additions and 25 deletions.
2 changes: 1 addition & 1 deletion pkcs11/src/api/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ pub extern "C" fn C_Initialize(pInitArgs: CK_VOID_PTR) -> CK_RV {
let mut result = Ok(());

DEVICE_INIT.call_once(|| {
let res = crate::config::initialization::initialize_configuration();
let res = crate::config::initialization::initialize();
match res {
Ok(device) => {
_ = DEVICE.set(device);
Expand Down
49 changes: 30 additions & 19 deletions pkcs11/src/config/config_file.rs
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
use std::{io::Read, mem};

use merge::Merge;
use serde::{Deserialize, Serialize};

Expand All @@ -11,16 +13,10 @@ pub enum ConfigError {
const CONFIG_FILE_NAME: &str = "p11nethsm.conf";
const ENV_VAR_CONFIG_FILE: &str = "P11NETHSM_CONFIG_FILE";

pub fn read_configuration() -> Result<P11Config, ConfigError> {
let mut config = P11Config::default();

pub fn config_files() -> Result<Vec<Vec<u8>>, ConfigError> {
if let Ok(file_path) = std::env::var(ENV_VAR_CONFIG_FILE) {
let file = std::fs::File::open(file_path).map_err(ConfigError::Io)?;
let config_file = serde_yaml::from_reader(file).map_err(ConfigError::Yaml)?;

config.merge(config_file);

return Ok(config);
let file = std::fs::read(file_path).map_err(ConfigError::Io)?;
return Ok(vec![file]);
}

let mut config_folders = vec![
Expand All @@ -32,28 +28,42 @@ pub fn read_configuration() -> Result<P11Config, ConfigError> {
config_folders.push(format!("{}/.config/nitrokey", home));
}

let mut file_read = false;

let mut res: Vec<Vec<u8>> = Vec::new();
let mut buffer: Vec<u8> = Vec::new();
for folder in config_folders {
let file_path = format!("{}/{}", folder, CONFIG_FILE_NAME);

if let Ok(file) = std::fs::File::open(file_path) {
let config_file = serde_yaml::from_reader(file).map_err(ConfigError::Yaml)?;

config.merge(config_file);
file_read = true;
if let Ok(mut file) = std::fs::File::open(file_path) {
file.read_to_end(&mut buffer).map_err(ConfigError::Io)?;
res.push(mem::take(&mut buffer));
}
}

// if no config file was found, return an error
Ok(res)
}

if !file_read {
pub fn merge_configurations(configs: Vec<Vec<u8>>) -> Result<P11Config, ConfigError> {
let mut config = P11Config::default();

// if no config file was found, return an error
if configs.is_empty() {
return Err(ConfigError::NoConfigFile);
}

for file in configs {
let parsed = serde_yaml::from_slice(&file).map_err(ConfigError::Yaml)?;
config.merge(parsed);
}

Ok(config)
}

#[cfg(test)]
pub fn read_configuration() -> Result<P11Config, ConfigError> {
let configs = config_files()?;

merge_configurations(configs)
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum LogLevel {
Trace,
Expand Down Expand Up @@ -198,6 +208,7 @@ mod tests {
use super::*;

#[test]
#[ignore]
fn test_read_home_config() {
let config = r#"
enable_set_attribute_value: true
Expand Down
76 changes: 72 additions & 4 deletions pkcs11/src/config/initialization.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ use std::{
};

use super::{
config_file::SlotConfig,
config_file::{config_files, SlotConfig},
device::{Device, Slot},
};
use log::{debug, error, trace};
Expand All @@ -21,9 +21,9 @@ pub enum InitializationError {
NoUser(String),
}

pub fn initialize_configuration() -> Result<Device, InitializationError> {
let config =
crate::config::config_file::read_configuration().map_err(InitializationError::Config)?;
pub fn initialize_with_configs(configs: Vec<Vec<u8>>) -> Result<Device, InitializationError> {
let config = crate::config::config_file::merge_configurations(configs)
.map_err(InitializationError::Config)?;
crate::config::logging::configure_logger(&config);

// initialize the clients
Expand All @@ -38,6 +38,10 @@ pub fn initialize_configuration() -> Result<Device, InitializationError> {
})
}

pub fn initialize() -> Result<Device, InitializationError> {
initialize_with_configs(config_files().map_err(InitializationError::Config)?)
}

struct DangerIgnoreVerifier {}

impl ServerCertVerifier for DangerIgnoreVerifier {
Expand Down Expand Up @@ -159,3 +163,67 @@ fn slot_from_config(slot: &SlotConfig) -> Result<Slot, InitializationError> {
db: Arc::new(Mutex::new(crate::backend::db::Db::new())),
})
}

#[cfg(test)]
mod tests {
use super::*;

/// Test various good and bad configs for panics
#[test]
fn test_config_loading() {
let configs: Vec<Vec<u8>> = vec![
r#"
slots:
- label: LocalHSM
description: Local HSM (docker)
operator:
username: "operator"
password: "opPassphrase"
administrator:
username: "admin"
password: "Administrator"
instances:
- url: "https://localhost:8443/api/v1"
danger_insecure_cert: true
sha256_fingerprints:
- "31:92:8E:A4:5E:16:5C:A7:33:44:E8:E9:8E:64:C4:AE:7B:2A:57:E5:77:43:49:F3:69:C9:8F:C4:2F:3A:3B:6E"
retries:
count: 10
delay_seconds: 1
timeout_seconds: 10
"#.into(),
];

assert!(initialize_with_configs(configs).is_ok());

let configs_bad_fingerprint: Vec<Vec<u8>> = vec![
r#"
slots:
- label: LocalHSM
description: Local HSM (docker)
operator:
username: "operator"
password: "opPassphrase"
administrator:
username: "admin"
password: "Administrator"
instances:
- url: "https://localhost:8443/api/v1"
danger_insecure_cert: true
sha256_fingerprints:
- "31:92:8E:A4:5Eeeeee:16:5C:A7:33:44:E8:E9:8E:64:C4:AE:7B:2A:57:E5:77:43:49:F3:69:C9:8F:C4:2F:3A:3B:6E"
retries:
count: 10
delay_seconds: 1
timeout_seconds: 10
"#.into(),
];
assert!(initialize_with_configs(configs_bad_fingerprint).is_err());
let configs_bad_yml: Vec<Vec<u8>> = vec![r#"
dict:
bad_yml
"#
.into()];
assert!(initialize_with_configs(configs_bad_yml).is_err());
}
}
3 changes: 2 additions & 1 deletion pkcs11/src/config/logging.rs
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,6 @@ pub fn configure_logger(config: &P11Config) {
builder.target(env_logger::Target::Pipe(file));
}

builder.init()
// Don't crash on re-initialization
builder.try_init().ok();
}

0 comments on commit 457fc9a

Please sign in to comment.