Minor.

pavel-raykov · pavel-raykov · commit c668eb842d36 · 2025-10-30T16:49:25.000+01:00
diff --git a/keystore/admin_test.go b/keystore/admin_test.go
@@ -212,57 +212,76 @@ func TestKeystore_ConcurrentCreateAndRead(t *testing.T) {
 }
 
 func TestKeystore_ExportImport(t *testing.T) {
-	t.Parallel()
-
 	ks1, err := keystore.LoadKeystore(t.Context(), keystore.NewMemoryStorage(), keystore.EncryptionParams{
 		Password:     "ks1",
 		ScryptParams: keystore.FastScryptParams,
 	})
-	require.NoError(t, err)
-	_, err = ks1.CreateKeys(t.Context(), keystore.CreateKeysRequest{
-		Keys: []keystore.CreateKeyRequest{
-			{KeyName: "key1", KeyType: keystore.Ed25519},
-		},
-	})
-	require.NoError(t, err)
-	exportParams := keystore.EncryptionParams{
-		Password:     "export-pass",
-		ScryptParams: keystore.FastScryptParams,
-	}
-	exportResponse, err := ks1.ExportKeys(t.Context(), keystore.ExportKeysRequest{
-		Keys: []keystore.ExportKeyParam{
-			{KeyName: "key1", Enc: exportParams},
-		},
-	})
-	require.Len(t, exportResponse.Keys, 1)
 	ks2, err := keystore.LoadKeystore(t.Context(), keystore.NewMemoryStorage(), keystore.EncryptionParams{
 		Password:     "ks2",
 		ScryptParams: keystore.FastScryptParams,
 	})
-	_, err = ks2.ImportKeys(t.Context(), keystore.ImportKeysRequest{
-		Keys: []keystore.ImportKeyRequest{
-			{KeyName: "key1", Enc: exportParams, Data: exportResponse.Keys[0].Data},
-		},
-	})
-	require.NoError(t, err)
 
-	n1, err := ks1.GetKeys(t.Context(), keystore.GetKeysRequest{KeyNames: []string{"key1"}})
-	require.NoError(t, err)
-	n2, err := ks2.GetKeys(t.Context(), keystore.GetKeysRequest{KeyNames: []string{"key1"}})
-	require.Equal(t, n1, n2)
+	t.Run("export and import", func(t *testing.T) {
+		exportParams := keystore.EncryptionParams{
+			Password:     "export-pass",
+			ScryptParams: keystore.FastScryptParams,
+		}
+		_, err = ks1.CreateKeys(t.Context(), keystore.CreateKeysRequest{
+			Keys: []keystore.CreateKeyRequest{
+				{KeyName: "key1", KeyType: keystore.Ed25519},
+			},
+		})
+		require.NoError(t, err)
+		exportResponse, err := ks1.ExportKeys(t.Context(), keystore.ExportKeysRequest{
+			Keys: []keystore.ExportKeyParam{
+				{KeyName: "key1", Enc: exportParams},
+			},
+		})
+		require.Len(t, exportResponse.Keys, 1)
+		_, err = ks2.ImportKeys(t.Context(), keystore.ImportKeysRequest{
+			Keys: []keystore.ImportKeyRequest{
+				{KeyName: "key1", Enc: exportParams, Data: exportResponse.Keys[0].Data},
+			},
+		})
+		require.NoError(t, err)
+		key1ks1, err := ks1.GetKeys(t.Context(), keystore.GetKeysRequest{KeyNames: []string{"key1"}})
+		require.NoError(t, err)
+		key1ks2, err := ks2.GetKeys(t.Context(), keystore.GetKeysRequest{KeyNames: []string{"key1"}})
+		require.Equal(t, key1ks1, key1ks2)
 
-	testData := []byte("hello world")
-	signature, err := ks2.Sign(t.Context(), keystore.SignRequest{
-		KeyName: "key1",
-		Data:    testData,
+		// We cannot compare private keys directly, so we test that signing with key1 from ks1 and verifying
+		// with key1 from ks2 works as if two keys are the same.
+		testData := []byte("hello world")
+		signature, err := ks2.Sign(t.Context(), keystore.SignRequest{
+			KeyName: "key1",
+			Data:    testData,
+		})
+		require.NoError(t, err)
+		verifyResp, err := ks1.Verify(t.Context(), keystore.VerifyRequest{
+			KeyType:   keystore.Ed25519,
+			PublicKey: key1ks1.Keys[0].KeyInfo.PublicKey,
+			Data:      testData,
+			Signature: signature.Signature,
+		})
+		require.NoError(t, err)
+		require.True(t, verifyResp.Valid)
 	})
-	require.NoError(t, err)
-	verifyResp, err := ks1.Verify(t.Context(), keystore.VerifyRequest{
-		KeyType:   keystore.Ed25519,
-		PublicKey: n1.Keys[0].KeyInfo.PublicKey,
-		Data:      testData,
-		Signature: signature.Signature,
+
+	t.Run("export non-existent key", func(t *testing.T) {
+		_, err = ks1.ExportKeys(t.Context(), keystore.ExportKeysRequest{
+			Keys: []keystore.ExportKeyParam{
+				{KeyName: "key2", Enc: keystore.EncryptionParams{}},
+			},
+		})
+		require.ErrorIs(t, err, keystore.ErrKeyNotFound)
+	})
+
+	t.Run("import existing key", func(t *testing.T) {
+		_, err = ks2.ImportKeys(t.Context(), keystore.ImportKeysRequest{
+			Keys: []keystore.ImportKeyRequest{
+				{KeyName: "key1", Enc: keystore.EncryptionParams{}, Data: []byte{}},
+			},
+		})
+		require.ErrorIs(t, err, keystore.ErrKeyAlreadyExists)
 	})
-	require.NoError(t, err)
-	require.True(t, verifyResp.Valid)
 }
