Merge pull request #732 from smallstep/mariano/softkms-fullpath

maraino · web-flow · commit 7012e70ad7ea · 2025-03-24T15:33:11.000-07:00
Fix open files with a full path in softkms
diff --git a/kms/softkms/softkms.go b/kms/softkms/softkms.go
@@ -195,7 +195,12 @@ func filename(s string) string {
 		if f := u.Get("path"); f != "" {
 			return f
 		}
-		return u.Opaque
+		switch {
+		case u.Path != "":
+			return u.Path
+		default:
+			return u.Opaque
+		}
 	}
 	return s
 }
diff --git a/kms/softkms/softkms_test.go b/kms/softkms/softkms_test.go
@@ -12,9 +12,12 @@ import (
 	"encoding/pem"
 	"fmt"
 	"os"
+	"path/filepath"
 	"reflect"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
+
 	"go.step.sm/crypto/kms/apiv1"
 	"go.step.sm/crypto/pemutil"
 	"go.step.sm/crypto/x25519"
@@ -247,6 +250,12 @@ func TestSoftKMS_GetPublicKey(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
+
+	fullPath := filepath.Join(t.TempDir(), "pub.pem")
+	if err := os.WriteFile(fullPath, b, 0o0600); err != nil {
+		t.Fatal(err)
+	}
+
 	block, _ := pem.Decode(b)
 	pub, err := x509.ParsePKIXPublicKey(block.Bytes)
 	if err != nil {
@@ -270,8 +279,11 @@ func TestSoftKMS_GetPublicKey(t *testing.T) {
 		wantErr bool
 	}{
 		{"key", args{&apiv1.GetPublicKeyRequest{Name: "testdata/pub.pem"}}, pub, false},
+		{"key full path", args{&apiv1.GetPublicKeyRequest{Name: fullPath}}, pub, false},
 		{"key uri", args{&apiv1.GetPublicKeyRequest{Name: "softkms:testdata/pub.pem"}}, pub, false},
 		{"key path uri", args{&apiv1.GetPublicKeyRequest{Name: "softkms:path=testdata/pub.pem"}}, pub, false},
+		{"key full path uri", args{&apiv1.GetPublicKeyRequest{Name: "softkms:" + fullPath}}, pub, false},
+		{"key full path value", args{&apiv1.GetPublicKeyRequest{Name: "softkms:path=" + fullPath}}, pub, false},
 		{"cert", args{&apiv1.GetPublicKeyRequest{Name: "testdata/cert.crt"}}, pub, false},
 		{"cert uri", args{&apiv1.GetPublicKeyRequest{Name: "softkms:testdata/cert.crt"}}, pub, false},
 		{"cert path uri", args{&apiv1.GetPublicKeyRequest{Name: "softkms:path=testdata/cert.crt"}}, pub, false},
@@ -405,3 +417,25 @@ func TestSoftKMS_CreateDecrypter(t *testing.T) {
 		})
 	}
 }
+
+func Test_filename(t *testing.T) {
+	type args struct {
+		s string
+	}
+	tests := []struct {
+		name string
+		args args
+		want string
+	}{
+		{"ok name", args{"testdata/pub.pem"}, "testdata/pub.pem"},
+		{"ok uri value", args{"softkms:path=testdata/pub.pem"}, "testdata/pub.pem"},
+		{"ok uri value full", args{"softkms:path=/testdata/pub.pem"}, "/testdata/pub.pem"},
+		{"ok uri opaque", args{"softkms:testdata/pub.pem"}, "testdata/pub.pem"},
+		{"ok uri path", args{"softkms:/testdata/pub.pem"}, "/testdata/pub.pem"},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equal(t, tt.want, filename(tt.args.s))
+		})
+	}
+}

Original file line number	Diff line number	Diff line change
`@@ -195,7 +195,12 @@ func filename(s string) string {`
`195`	`195`	`if f := u.Get("path"); f != "" {`
`196`	`196`	`return f`
`197`	`197`	`}`
`198`		`- return u.Opaque`
	`198`	`+ switch {`
	`199`	`+ case u.Path != "":`
	`200`	`+ return u.Path`
	`201`	`+ default:`
	`202`	`+ return u.Opaque`
	`203`	`+ }`
`199`	`204`	`}`
`200`	`205`	`return s`
`201`	`206`	`}`