When https://github.com/grafeas/voucher/pull/21 added SHA384 and SHA512 support to GCP-KMS, it inadvertently introduced a bug that causes voucher to panic when receiving any GCP-KMS requests.
This PR introduces a failing test case to capture that issue, then patches the implementation so the test passes 🎉
To avoid credentials/dependencies, I stubbed in a mock KMS client. This was hand-written - the Makefile suggests mockgen + gomock may be an existing pattern I should have followed instead.
ooq
commented
3 years ago
When https://github.com/grafeas/voucher/pull/21 added
SHA384andSHA512support to GCP-KMS, it inadvertently introduced a bug that causes voucher to panic when receiving any GCP-KMS requests.The core issue is https://github.com/grafeas/voucher/blob/77fc03e375d132ab11c0c0c124df88cf12060e63/v2/signer/kms/signer.go#L58-L59 , where
digestis access immediately after it is declared (but before it is instantiated).This PR introduces a failing test case to capture that issue, then patches the implementation so the test passes 🎉
To avoid credentials/dependencies, I stubbed in a mock KMS client. This was hand-written - the Makefile suggests
mockgen+gomockmay be an existing pattern I should have followed instead.