Skip to content

Separate PKCS#11 Code #122

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
skemper-sd wants to merge 1 commit into
base: main
Choose a base branch
from
+32 −1
Draft

Separate PKCS#11 Code #122

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,14 @@ else
extra_ld_flags=
endif

ifeq ($(ROLESANYWHERE_WITH_PKCS11),)
# the envvar is unset, so we are NOT doing the PKCS11 build
build/bin/aws_signing_helper:
go build -buildmode=pie -ldflags "-X 'github.com/aws/rolesanywhere-credential-helper/cmd.Version=${VERSION}' $(extra_ld_flags) -linkmode=external -w -s" -trimpath -o build/bin/aws_signing_helper main.go
go build -buildmode=pie -ldflags "-X 'github.com/aws/rolesanywhere-credential-helper/cmd.Version=${VERSION}' $(extra_ld_flags) -w -s" -trimpath -o build/bin/aws_signing_helper main.go
else
build/bin/aws_signing_helper:
CGO_ENABLED=1 go build -tags with_pkcs11 -ldflags "-X 'github.com/aws/rolesanywhere-credential-helper/cmd.Version=${VERSION}' $(extra_ld_flags) -linkmode=external -w -s" -trimpath -o build/bin/aws_signing_helper main.go
endif

.PHONY: clean
clean: test-clean
Expand Down
23 changes: 23 additions & 0 deletions aws_signing_helper/pkcs11_nop.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
//go:build !with_pkcs11

package aws_signing_helper

// This file exists to mock out the necessary functions called by core project code, but without actually bringing in
// a dependency on external PKCS#11 libraries (and thus, the requirement to link to them and enable CGO). It is
// supposed to fail whenever called, because users who intentionally adopt the version of this code without PKCS#11
// support should not be calling PKCS#11 functions.

import (
"crypto/x509"
"errors"
)

var Pkcs11NotImplementedError = errors.New("This software has not been compiled with PKCS#11 support.")

func GetPKCS11Signer(libPkcs11 string, cert *x509.Certificate, certChain []*x509.Certificate, privateKeyId string, certificateId string, reusePin bool) (signer Signer, signingAlgorithm string, err error) {
return nil, "", Pkcs11NotImplementedError
}

func GetMatchingPKCSCerts(uriStr string, lib string) (matchingCerts []CertificateContainer, err error) {
return nil, Pkcs11NotImplementedError
}
2 changes: 2 additions & 0 deletions aws_signing_helper/pkcs11_signer.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
//go:build with_pkcs11

package aws_signing_helper

// RFC7512 defines a standard URI format for referencing PKCS#11 objects.
Expand Down