Add multi-backend support to integration tests

The test setup helper functions in `rc_common` are refactored to simplify
testing against multiple database backends. The `setup_token` function now
dynamically generates the configuration required for sqlite, nssdb, and memory
backends.

This allows for more comprehensive integration testing. A new test is added to
verify that token state is correctly preserved after a `C_Finalize` and
`C_Initialize` sequence. This new, higher-level test replaces the previous
C-style re-initialization tests. Existing tests are updated to use the new,
unified setup function.

Co-authored-by: Gemini <gemini@google.com>
Signed-off-by: Simo Sorce <simo@redhat.com>

Author: simo5

cdylib/tests/rc_common.rs

@@ -7,7 +7,7 @@ use cryptoki::slot::Slot;
 use cryptoki::types::AuthPin;
 use std::env;
 use std::fs;
-use std::path::{Path, PathBuf};
+use std::path::PathBuf;
 
 fn _setup_common() -> (Pkcs11, Slot) {
     let module = env::var("TEST_PKCS11_MODULE").unwrap_or_else(|_| {
@@ -72,40 +72,57 @@ fn setup_test_dir(name: &str) -> PathBuf {
     testdir
 }
 
-pub fn setup_token(name: &str) -> (Pkcs11, Slot) {
-    let testdir = setup_test_dir(name);
-    let confname = testdir.join(format!("{}.sql", name));
-
-    // Set KRYOPTIC_CONF for the C library. Using `std::env::set_var` is not thread-safe.
-    unsafe {
-        env::set_var("KRYOPTIC_CONF", confname);
-    }
-
-    _setup_common()
-}
-
-pub fn setup(name: &str, common_config_lines: &[&str]) -> (Pkcs11, Slot) {
+pub fn setup_token(name: &str, common_config_lines: &[&str]) -> (Pkcs11, Slot) {
     let testdir = setup_test_dir(name);
     let confname = testdir.join(format!("{}.conf", name));
-    let sql_path = testdir.join(format!("{}.sql", name));
 
     let mut config_content = String::new();
+    let mut dbtype = "sqlite".to_string();
 
-    // Add common section lines
+    let mut final_config_lines = Vec::new();
     for line in common_config_lines {
+        let line_str = *line;
+        if line_str.starts_with("dbtype=") {
+            dbtype = line_str.splitn(2, '=').nth(1).unwrap().trim().to_string();
+        } else {
+            final_config_lines.push(line_str);
+        }
+    }
+
+    match dbtype.as_str() {
+        "sqlite" | "nssdb" | "memory" => {}
+        _ => panic!("Unsupported dbtype: {}", dbtype),
+    }
+
+    // Add common section lines
+    for line in final_config_lines {
         config_content.push_str(line);
         config_content.push('\n');
     }
 
-    // Add slot configuration pointing to the sqlite db
+    // Add slot configuration
+    let dbargs = match dbtype.as_str() {
+        "sqlite" => {
+            let sql_path = testdir.join(format!("{}.sql", name));
+            sql_path.to_str().unwrap().replace('\\', "\\\\")
+        }
+        "nssdb" => format!(
+            "configDir={}",
+            testdir.to_str().unwrap().replace('\\', "\\\\")
+        ),
+        "memory" => "flags=encrypt".to_string(),
+        _ => unreachable!(),
+    };
+
     let slot_config = format!(
         r#"
 [[slots]]
   slot = 0
-  dbtype = "sqlite"
+  dbtype = "{}"
   dbargs = "{}"
 "#,
-        sql_path.to_str().unwrap().replace('\\', "\\\\")
+        dbtype,
+        dbargs.replace('\\', "\\\\")
     );
     config_content.push_str(&slot_config);
 
@@ -119,6 +136,7 @@ pub fn setup(name: &str, common_config_lines: &[&str]) -> (Pkcs11, Slot) {
     _setup_common()
 }
 
+#[allow(dead_code)]
 pub fn modify_setup(
     name: &str,
     common_config_lines: &[&str],
@@ -130,25 +148,53 @@ pub fn modify_setup(
     )
     .join(name);
     let confname = testdir.join(format!("{}.conf", name));
-    let sql_path = testdir.join(format!("{}.sql", name));
 
     let mut config_content = String::new();
+    let mut dbtype = "sqlite".to_string();
 
-    // Add common section lines
+    let mut final_config_lines = Vec::new();
     for line in common_config_lines {
+        let line_str = *line;
+        if line_str.starts_with("dbtype=") {
+            dbtype = line_str.splitn(2, '=').nth(1).unwrap().trim().to_string();
+        } else {
+            final_config_lines.push(line_str);
+        }
+    }
+
+    match dbtype.as_str() {
+        "sqlite" | "nssdb" | "memory" => {}
+        _ => panic!("Unsupported dbtype: {}", dbtype),
+    }
+
+    // Add common section lines
+    for line in final_config_lines {
         config_content.push_str(line);
         config_content.push('\n');
     }
 
-    // Add slot configuration pointing to the sqlite db
+    // Add slot configuration
+    let dbargs = match dbtype.as_str() {
+        "sqlite" => {
+            let sql_path = testdir.join(format!("{}.sql", name));
+            sql_path.to_str().unwrap().replace('\\', "\\\\")
+        }
+        "nssdb" => format!(
+            "configDir={}",
+            testdir.to_str().unwrap().replace('\\', "\\\\")
+        ),
+        "memory" => "flags=encrypt".to_string(),
+        _ => unreachable!(),
+    };
+
     let slot_config = format!(
         r#"
 [[slots]]
   slot = 0
-  dbtype = "sqlite"
+  dbtype = "{}"
   dbargs = "{}"
 "#,
-        sql_path.to_str().unwrap().replace('\\', "\\\\")
+        dbtype, dbargs
     );
     config_content.push_str(&slot_config);
 

cdylib/tests/rc_ecdh.rs

@@ -12,7 +12,7 @@ fn ecdh_reimport_loop_test() -> Result<(), Box<dyn std::error::Error>> {
     use cryptoki::types::AuthPin;
     use std::env;
 
-    let (pkcs11, slot) = rc_common::setup_token("ecdh_reimport_loop_test");
+    let (pkcs11, slot) = rc_common::setup_token("ecdh_reimport_loop_test", &[]);
 
     let user_pin = AuthPin::new("12345678".into());
     let session = pkcs11.open_rw_session(slot)?;

cdylib/tests/rc_eddsa_compat.rs

@@ -11,7 +11,7 @@ use cryptoki::types::AuthPin;
 #[cfg(feature = "integration_tests")]
 fn rc_eddsa_compat() -> Result<(), Box<dyn std::error::Error>> {
     // Setup with default configuration
-    let (pkcs11, slot) = rc_common::setup("rc_eddsa_compat", &[]);
+    let (pkcs11, slot) = rc_common::setup_token("rc_eddsa_compat", &[]);
 
     // Test Vectors for Ed25519ctx from C_CreateObject
     let point: Vec<u8> = vec![

cdylib/tests/rc_login.rs

@@ -4,7 +4,6 @@
 mod rc_common;
 
 use cryptoki::session::UserType;
-use cryptoki::slot::Slot;
 use cryptoki::types::AuthPin;
 
 #[test]
@@ -14,7 +13,7 @@ fn test_login() -> Result<(), Box<dyn std::error::Error>> {
     use cryptoki::error::{Error, RvError};
     use cryptoki::session::SessionState;
 
-    let (pkcs11, slot) = rc_common::setup_token("test_login");
+    let (pkcs11, slot) = rc_common::setup_token("test_login", &[]);
 
     let ro_session = pkcs11.open_ro_session(slot)?;
     let info = ro_session.get_session_info()?;

cdylib/tests/rc_re_initialize.rs

@@ -0,0 +1,56 @@
+// Copyright 2024 Simo Sorce
+// See LICENSE.txt file for terms
+
+mod rc_common;
+
+use cryptoki::context::{CInitializeArgs, CInitializeFlags, Pkcs11};
+use cryptoki::session::UserType;
+use cryptoki::types::AuthPin;
+use std::env;
+
+fn test_re_initialize_common(
+    dbtype: &str,
+) -> Result<(), Box<dyn std::error::Error>> {
+    let test_name = format!("test_re_initialize_{}", dbtype);
+    let config_dbtype = format!("dbtype={}", dbtype);
+    let (pkcs11, slot) = rc_common::setup_token(&test_name, &[&config_dbtype]);
+
+    // Check the token info and get label
+    let token_info = pkcs11.get_token_info(slot)?;
+    let expected_label = token_info.label();
+
+    // Now finalize the token
+    pkcs11.finalize()?;
+
+    // Re-initialize and check that we can still access data
+    let module = env::var("TEST_PKCS11_MODULE").unwrap_or_else(|_| {
+        "../target/debug/libkryoptic_pkcs11.so".to_string()
+    });
+    let pkcs11 = Pkcs11::new(&module).expect("Failed to load PKCS#11 module");
+    pkcs11
+        .initialize(CInitializeArgs::new(CInitializeFlags::OS_LOCKING_OK))
+        .expect("Failed to re-initialize PKCS#11");
+
+    // Check the token info to see if state was preserved.
+    let token_info = pkcs11.get_token_info(slot)?;
+    assert_eq!(token_info.label(), expected_label);
+
+    // We should be able to log in.
+    let session = pkcs11.open_rw_session(slot)?;
+    let user_pin = AuthPin::new("12345678".into());
+    session.login(UserType::User, Some(&user_pin))?;
+    session.logout()?;
+
+    Ok(())
+}
+
+#[test]
+fn test_re_initialize() -> Result<(), Box<dyn std::error::Error>> {
+    #[cfg(all(feature = "integration_tests", feature = "default"))]
+    test_re_initialize_common("sqlite")?;
+
+    #[cfg(all(feature = "integration_tests", feature = "nssdb"))]
+    test_re_initialize_common("nssdb")?;
+
+    Ok(())
+}

cdylib/tests/rust_cryptoki.rs

@@ -11,7 +11,7 @@ fn basic_example() -> Result<(), Box<dyn std::error::Error>> {
     use cryptoki::session::UserType;
     use cryptoki::types::AuthPin;
 
-    let (pkcs11, slot) = rc_common::setup_token("basic_example");
+    let (pkcs11, slot) = rc_common::setup_token("basic_example", &[]);
 
     let user_pin = AuthPin::new("12345678".into());
 

src/tests/init.rs

@@ -5,7 +5,7 @@
 use crate::fips::indicators::KRF_FIPS;
 use crate::tests::*;
 
-use serial_test::{parallel, serial};
+use serial_test::parallel;
 
 #[test]
 #[parallel]
@@ -261,55 +261,3 @@ fn test_init_token() {
 
     testtokn.finalize();
 }
-
-fn test_re_init_token_common(dbtype: String, dbargs: String) {
-    let mut testtokn =
-        TestToken::new_type(dbtype, dbargs, String::from("test_reinit_token"));
-
-    let mut args = TestToken::make_init_args(Some(testtokn.make_init_string()));
-    let args_ptr = &mut args as *mut CK_C_INITIALIZE_ARGS;
-    let mut ret = fn_initialize(args_ptr as *mut std::ffi::c_void);
-    assert_in!(ret, [CKR_OK, CKR_CRYPTOKI_ALREADY_INITIALIZED]);
-
-    /* init once */
-    let pin_value = "SO Pin Value";
-    ret = fn_init_token(
-        testtokn.get_slot(),
-        CString::new(pin_value).unwrap().into_raw() as *mut u8,
-        pin_value.len() as CK_ULONG,
-        std::ptr::null_mut(),
-    );
-    assert_eq!(ret, CKR_OK);
-
-    let ret = fn_finalize(std::ptr::null_mut() as *mut std::ffi::c_void);
-    assert_eq!(ret, CKR_OK);
-
-    let ret = fn_initialize(args_ptr as *mut std::ffi::c_void);
-    assert_eq!(ret, CKR_OK);
-
-    testtokn.finalize();
-}
-
-#[cfg(feature = "sqlitedb")]
-#[test]
-#[serial]
-fn test_re_init_token_sql() {
-    let dbargs = format!("{}/{}", TESTDIR, "test_reinit_token.sql");
-    test_re_init_token_common(String::from("sqlite"), dbargs)
-}
-
-#[cfg(feature = "nssdb")]
-#[test]
-#[serial]
-fn test_re_init_token_nss() {
-    let dbargs = format!("configDir={}/{}", TESTDIR, "test_reinit_token");
-    test_re_init_token_common(String::from("nssdb"), dbargs)
-}
-
-#[cfg(feature = "memorydb")]
-#[test]
-#[serial]
-fn test_re_init_token_memory() {
-    let dbargs = "flags=encrypt".to_string();
-    test_re_init_token_common(String::from("memory"), dbargs)
-}