Add some tests

Author: vishesh92

engine/schema/src/main/resources/META-INF/cloudstack/core/spring-engine-schema-core-daos-context.xml

@@ -313,4 +313,6 @@
   <bean id="kmsKeyDaoImpl" class="org.apache.cloudstack.kms.dao.KMSKeyDaoImpl" />
   <bean id="kmsKekVersionDaoImpl" class="org.apache.cloudstack.kms.dao.KMSKekVersionDaoImpl" />
   <bean id="kmsWrappedKeyDaoImpl" class="org.apache.cloudstack.kms.dao.KMSWrappedKeyDaoImpl" />
+  <bean id="hsmProfileDaoImpl" class="org.apache.cloudstack.kms.dao.HSMProfileDaoImpl" />
+  <bean id="hsmProfileDetailsDaoImpl" class="org.apache.cloudstack.kms.dao.HSMProfileDetailsDaoImpl" />
 </beans>

framework/kms/src/main/java/org/apache/cloudstack/framework/kms/KMSException.java

@@ -29,6 +29,7 @@ public class KMSException extends CloudRuntimeException {
      * Error types for KMS operations to enable intelligent retry logic
      */
     public enum ErrorType {
+        CONNECTION_FAILED(true),
         /**
          * Provider not initialized or unavailable
          */

framework/kms/src/main/java/org/apache/cloudstack/framework/kms/KMSProvider.java

@@ -21,8 +21,6 @@
 
 import com.cloud.utils.component.Adapter;
 
-import java.util.List;
-
 /**
  * Abstract provider contract for Key Management Service operations.
  * <p>
@@ -83,14 +81,6 @@ default String createKek(KeyPurpose purpose, String label, int keyBits) throws K
      */
     void deleteKek(String kekId) throws KMSException;
 
-    /**
-     * List all KEK identifiers for a given purpose
-     *
-     * @param purpose the key purpose to filter by (null = all purposes)
-     * @return list of KEK identifiers
-     * @throws KMSException if listing fails
-     */
-    List<String> listKeks(KeyPurpose purpose) throws KMSException;
 
     /**
      * Check if a KEK exists and is accessible

plugins/kms/database/src/main/java/org/apache/cloudstack/kms/provider/DatabaseKMSProvider.java

@@ -183,31 +183,6 @@ public void deleteKek(String kekId) throws KMSException {
         }
     }
 
-    @Override
-    public List<String> listKeks(KeyPurpose purpose) throws KMSException {
-        try {
-            List<String> keks = new ArrayList<>();
-
-            List<KMSDatabaseKekObjectVO> kekObjects;
-            if (purpose != null) {
-                kekObjects = kekObjectDao.listByPurpose(purpose);
-            } else {
-                kekObjects = kekObjectDao.listAll();
-            }
-
-            for (KMSDatabaseKekObjectVO kekObject : kekObjects) {
-                if (kekObject.getRemoved() == null) {
-                    keks.add(kekObject.getLabel());
-                }
-            }
-
-            logger.debug("listKeks called for purpose: {}. Found {} KEKs.", purpose, keks.size());
-            return keks;
-        } catch (Exception e) {
-            throw KMSException.kekOperationFailed("Failed to list KEKs: " + e.getMessage(), e);
-        }
-    }
-
     @Override
     public boolean isKekAvailable(String kekId) throws KMSException {
         try {

plugins/kms/pkcs11/src/main/java/org/apache/cloudstack/kms/provider/pkcs11/PKCS11HSMProvider.java

@@ -54,19 +54,19 @@
 public class PKCS11HSMProvider extends AdapterBase implements KMSProvider {
     private static final Logger logger = LogManager.getLogger(PKCS11HSMProvider.class);
     private static final String PROVIDER_NAME = "pkcs11";
-    
+
     @Inject
     private HSMProfileDao hsmProfileDao;
-    
+
     @Inject
     private HSMProfileDetailsDao hsmProfileDetailsDao;
-    
+
     @Inject
     private KMSKekVersionDao kmsKekVersionDao;
 
     // Session pool per HSM profile
     private final Map<Long, HSMSessionPool> sessionPools = new ConcurrentHashMap<>();
-    
+
     // Profile configuration caching
     private final Map<Long, Map<String, String>> profileConfigCache = new ConcurrentHashMap<>();
 
@@ -80,6 +80,16 @@ public String getProviderName() {
         return PROVIDER_NAME;
     }
 
+    /**
+     * @return The name of the component that provided this configuration
+     * variable.  This value is saved in the database so someone can easily
+     * identify who provides this variable.
+     **/
+    @Override
+    public String getConfigComponentName() {
+        return PKCS11HSMProvider.class.getSimpleName();
+    }
+
     @Override
     public ConfigKey<?>[] getConfigKeys() {
         return new ConfigKey<?>[0];
@@ -90,7 +100,7 @@ public String createKek(KeyPurpose purpose, String label, int keyBits, Long hsmP
         if (hsmProfileId == null) {
             throw KMSException.invalidParameter("HSM Profile ID is required for PKCS#11 provider");
         }
-        
+
         if (StringUtils.isEmpty(label)) {
             label = generateKekLabel(purpose);
         }
@@ -142,14 +152,14 @@ public byte[] unwrapKey(WrappedKey wrappedKey, Long hsmProfileId) throws KMSExce
     public WrappedKey rewrapKey(WrappedKey oldWrappedKey, String newKekLabel, Long targetHsmProfileId) throws KMSException {
         // 1. Unwrap with old KEK
         byte[] plainKey = unwrapKey(oldWrappedKey, null); // Auto-resolve old profile
-        
+
         try {
             // 2. Wrap with new KEK
             Long profileId = targetHsmProfileId;
             if (profileId == null) {
                 profileId = resolveProfileId(newKekLabel);
             }
-            
+
             return wrapKey(plainKey, oldWrappedKey.getPurpose(), newKekLabel, profileId);
         } finally {
             // Zeroize plaintext key
@@ -183,16 +193,11 @@ public void deleteKek(String kekId) throws KMSException {
         }
     }
 
-    @Override
-    public List<String> listKeks(KeyPurpose purpose) throws KMSException {
-        throw new KMSException(KMSException.ErrorType.OPERATION_FAILED, "Listing KEKs directly from HSMs not supported, use DB");
-    }
-
     @Override
     public boolean isKekAvailable(String kekId) throws KMSException {
         Long hsmProfileId = resolveProfileId(kekId);
         if (hsmProfileId == null) return false;
-        
+
         HSMSessionPool pool = getSessionPool(hsmProfileId);
         PKCS11Session session = null;
         try {
@@ -210,20 +215,20 @@ public boolean healthCheck() throws KMSException {
         return true;
     }
 
-    private Long resolveProfileId(String kekLabel) throws KMSException {
+    Long resolveProfileId(String kekLabel) throws KMSException {
         KMSKekVersionVO version = kmsKekVersionDao.findByKekLabel(kekLabel);
         if (version != null && version.getHsmProfileId() != null) {
             return version.getHsmProfileId();
         }
         throw new KMSException(KMSException.ErrorType.KEK_NOT_FOUND, "Could not resolve HSM profile for KEK: " + kekLabel);
     }
 
-    private HSMSessionPool getSessionPool(Long profileId) {
-        return sessionPools.computeIfAbsent(profileId, 
+    HSMSessionPool getSessionPool(Long profileId) {
+        return sessionPools.computeIfAbsent(profileId,
             id -> new HSMSessionPool(id, loadProfileConfig(id)));
     }
 
-    private Map<String, String> loadProfileConfig(Long profileId) {
+    Map<String, String> loadProfileConfig(Long profileId) {
         return profileConfigCache.computeIfAbsent(profileId, id -> {
             List<HSMProfileDetailsVO> details = hsmProfileDetailsDao.listByProfileId(id);
             Map<String, String> config = new HashMap<>();
@@ -238,14 +243,14 @@ private Map<String, String> loadProfileConfig(Long profileId) {
         });
     }
 
-    private boolean isSensitiveKey(String key) {
-        return key.equalsIgnoreCase("pin") || 
-               key.equalsIgnoreCase("password") || 
+    boolean isSensitiveKey(String key) {
+        return key.equalsIgnoreCase("pin") ||
+               key.equalsIgnoreCase("password") ||
                key.toLowerCase().contains("secret") ||
                key.equalsIgnoreCase("private_key");
     }
 
-    private String generateKekLabel(KeyPurpose purpose) {
+    String generateKekLabel(KeyPurpose purpose) {
         return purpose.getName() + "-kek-" + UUID.randomUUID().toString().substring(0, 8);
     }
 
@@ -256,14 +261,14 @@ private static class HSMSessionPool {
         private final Map<String, String> config;
         private final int maxSessions;
         private final int minIdleSessions;
-        
+
         HSMSessionPool(Long profileId, Map<String, String> config) {
             this.profileId = profileId;
             this.config = config;
             this.maxSessions = Integer.parseInt(config.getOrDefault("max_sessions", "10"));
             this.minIdleSessions = Integer.parseInt(config.getOrDefault("min_idle_sessions", "2"));
             this.availableSessions = new ArrayBlockingQueue<>(maxSessions);
-            
+
             // Pre-warm
             for (int i = 0; i < minIdleSessions; i++) {
                 try {
@@ -273,7 +278,7 @@ private static class HSMSessionPool {
                 }
             }
         }
-        
+
         PKCS11Session acquireSession(long timeoutMs) throws KMSException {
             try {
                 PKCS11Session session = availableSessions.poll();
@@ -288,15 +293,15 @@ PKCS11Session acquireSession(long timeoutMs) throws KMSException {
                 throw new KMSException(KMSException.ErrorType.CONNECTION_FAILED, "Failed to acquire HSM session", e);
             }
         }
-        
+
         void releaseSession(PKCS11Session session) {
             if (session != null && session.isValid()) {
                 if (!availableSessions.offer(session)) {
                     session.close(); // Pool full
                 }
             }
         }
-        
+
         private PKCS11Session createNewSession() throws KMSException {
             return new PKCS11Session(config);
         }
@@ -307,12 +312,12 @@ private static class PKCS11Session {
         private final Map<String, String> config;
         private KeyStore keyStore;
         private Provider provider;
-        
+
         PKCS11Session(Map<String, String> config) throws KMSException {
             this.config = config;
             connect();
         }
-        
+
         private void connect() throws KMSException {
             try {
                 String libraryPath = config.get("library_path");
@@ -324,33 +329,33 @@ private void connect() throws KMSException {
                 throw new KMSException(KMSException.ErrorType.CONNECTION_FAILED, "Failed to connect to HSM: " + e.getMessage(), e);
             }
         }
-        
+
         boolean isValid() {
             return true;
         }
-        
+
         void close() {
             if (provider != null) {
                 Security.removeProvider(provider.getName());
             }
         }
-        
+
         String generateKey(String label, int keyBits, KeyPurpose purpose) throws KMSException {
             return label;
         }
-        
+
         byte[] wrapKey(byte[] plainDek, String kekLabel) throws KMSException {
             return "wrapped_blob".getBytes();
         }
-        
+
         byte[] unwrapKey(byte[] wrappedBlob, String kekLabel) throws KMSException {
             return new byte[32]; // 256 bits
         }
-        
+
         void deleteKey(String label) throws KMSException {
             // Stub
         }
-        
+
         boolean checkKeyExists(String label) throws KMSException {
             return true;
         }