"make lint" wasn't actually linting every file in the repo. golint ./...

ignores buildtags, for instance, and somehow didn't pick up some code in the signer. This calls golint on every go file in the repo and also fixes some linting issues, which involves renaming two yubikey functions to avoid stuttering. Signed-off-by: Ying Li <ying.li@docker.com>
2016-04-12 16:03:56 -07:00 · 2016-04-12 16:03:56 -07:00 · cf4e726514
parent d01d666771
commit cf4e726514
10 changed files with 121 additions and 102 deletions
--- a/2
+++ b/2
@ -98,7 +98,7 @@ fmt:
 lint:
 	@echo "+ $@"
-	@test -z "$$(golint -tags "${NOTARY_BUILDTAGS}" ./... | grep -v .pb. | grep -v vendor/ | tee /dev/stderr)"
+	@test -z "$(shell find . -type f -name "*.go" -not -path "./vendor/*" -not -name "*.pb.*" -exec golint {} \; | tee /dev/stderr)"
 # Requires that the following:
 # go get -u github.com/client9/misspell/cmd/misspell
--- a/client/client_pkcs11_test.go
+++ b/client/client_pkcs11_test.go
@ -7,10 +7,10 @@ import "github.com/docker/notary/trustmanager/yubikey"
 // clear out all keys
 func init() {
 	yubikey.SetYubikeyKeyMode(0)
-	if !yubikey.YubikeyAccessible() {
+	if !yubikey.IsAccessible() {
 		return
 	}
-	store, err := yubikey.NewYubiKeyStore(nil, nil)
+	store, err := yubikey.NewYubiStore(nil, nil)
 	if err == nil {
 		for k := range store.ListKeys() {
 			store.RemoveKey(k)
--- a/client/repo_pkcs11.go
+++ b/client/repo_pkcs11.go
@ -24,7 +24,7 @@ func NewNotaryRepository(baseDir, gun, baseURL string, rt http.RoundTripper,
 	}
 	keyStores := []trustmanager.KeyStore{fileKeyStore}
-	yubiKeyStore, _ := yubikey.NewYubiKeyStore(fileKeyStore, retriever)
+	yubiKeyStore, _ := yubikey.NewYubiStore(fileKeyStore, retriever)
 	if yubiKeyStore != nil {
 		keyStores = []trustmanager.KeyStore{yubiKeyStore, fileKeyStore}
 	}
--- a/cmd/notary/integration_pkcs11_test.go
+++ b/cmd/notary/integration_pkcs11_test.go
@ -26,7 +26,7 @@ func init() {
 	}
 	// best effort at removing keys here, so nil is fine
-	s, err := yubikey.NewYubiKeyStore(nil, _retriever)
+	s, err := yubikey.NewYubiStore(nil, _retriever)
 	if err != nil {
 		for k := range s.ListKeys() {
 			s.RemoveKey(k)
@ -41,12 +41,12 @@ func init() {
 	}
 }
-var rootOnHardware = yubikey.YubikeyAccessible
+var rootOnHardware = yubikey.IsAccessible
 // Per-test set up deletes all keys on the yubikey
 func setUp(t *testing.T) {
 	//we're just removing keys here, so nil is fine
-	s, err := yubikey.NewYubiKeyStore(nil, _retriever)
+	s, err := yubikey.NewYubiStore(nil, _retriever)
 	require.NoError(t, err)
 	for k := range s.ListKeys() {
 		err := s.RemoveKey(k)
@ -59,9 +59,9 @@ func setUp(t *testing.T) {
 // on disk
 func verifyRootKeyOnHardware(t *testing.T, rootKeyID string) {
 	// do not bother verifying if there is no yubikey available
-	if yubikey.YubikeyAccessible() {
+	if yubikey.IsAccessible() {
 		// //we're just getting keys here, so nil is fine
-		s, err := yubikey.NewYubiKeyStore(nil, _retriever)
+		s, err := yubikey.NewYubiStore(nil, _retriever)
 		require.NoError(t, err)
 		privKey, role, err := s.GetKey(rootKeyID)
 		require.NoError(t, err)
--- a/cmd/notary/keys.go
+++ b/cmd/notary/keys.go
@ -571,7 +571,7 @@ func (k *keyCommander) keyPassphraseChange(cmd *cobra.Command, args []string) er
 	var addingKeyStore trustmanager.KeyStore
 	switch foundKeyStore.Name() {
 	case "yubikey":
-		addingKeyStore, err = getYubiKeyStore(nil, passChangeRetriever)
+		addingKeyStore, err = getYubiStore(nil, passChangeRetriever)
 		keyInfo = trustmanager.KeyInfo{Role: data.CanonicalRootRole}
 	default:
 		addingKeyStore, err = trustmanager.NewKeyFileStore(config.GetString("trust_dir"), passChangeRetriever)
@ -609,9 +609,9 @@ func (k *keyCommander) getKeyStores(
 	if withHardware {
 		var yubiStore trustmanager.KeyStore
 		if hardwareBackup {
-			yubiStore, err = getYubiKeyStore(fileKeyStore, retriever)
+			yubiStore, err = getYubiStore(fileKeyStore, retriever)
 		} else {
-			yubiStore, err = getYubiKeyStore(nil, retriever)
+			yubiStore, err = getYubiStore(nil, retriever)
 		}
 		if err == nil && yubiStore != nil {
 			// Note that the order is important, since we want to prioritize
--- a/cmd/notary/keys_nonpkcs11.go
+++ b/cmd/notary/keys_nonpkcs11.go
@ -9,6 +9,6 @@ import (
 	"github.com/docker/notary/trustmanager"
 )
-func getYubiKeyStore(fileKeyStore trustmanager.KeyStore, ret passphrase.Retriever) (trustmanager.KeyStore, error) {
+func getYubiStore(fileKeyStore trustmanager.KeyStore, ret passphrase.Retriever) (trustmanager.KeyStore, error) {
 	return nil, errors.New("Not built with hardware support")
 }
--- a/cmd/notary/keys_pkcs11.go
+++ b/cmd/notary/keys_pkcs11.go
@ -8,6 +8,6 @@ import (
 	"github.com/docker/notary/trustmanager/yubikey"
 )
-func getYubiKeyStore(fileKeyStore trustmanager.KeyStore, ret passphrase.Retriever) (trustmanager.KeyStore, error) {
+func getYubiStore(fileKeyStore trustmanager.KeyStore, ret passphrase.Retriever) (trustmanager.KeyStore, error) {
-	return yubikey.NewYubiKeyStore(fileKeyStore, ret)
+	return yubikey.NewYubiStore(fileKeyStore, ret)
 }
--- a/signer/api/api_test.go
+++ b/signer/api/api_test.go
@ -46,8 +46,8 @@ func TestDeleteKeyHandlerReturns404WithNonexistentKey(t *testing.T) {
 	fakeID := "c62e6d68851cef1f7e55a9d56e3b0c05f3359f16838cad43600f0554e7d3b54d"
 	keyID := &pb.KeyID{ID: fakeID}
-	requestJson, _ := json.Marshal(keyID)
+	requestJSON, _ := json.Marshal(keyID)
-	reader = strings.NewReader(string(requestJson))
+	reader = strings.NewReader(string(requestJSON))
 	request, err := http.NewRequest("POST", deleteKeyBaseURL, reader)
 	require.Nil(t, err)
@ -66,8 +66,8 @@ func TestDeleteKeyHandler(t *testing.T) {
 	tufKey, _ := cryptoService.Create("", "", data.ED25519Key)
 	require.NotNil(t, tufKey)
-	requestJson, _ := json.Marshal(&pb.KeyID{ID: tufKey.ID()})
+	requestJSON, _ := json.Marshal(&pb.KeyID{ID: tufKey.ID()})
-	reader = strings.NewReader(string(requestJson))
+	reader = strings.NewReader(string(requestJSON))
 	request, err := http.NewRequest("POST", deleteKeyBaseURL, reader)
 	require.Nil(t, err)
@ -156,9 +156,9 @@ func TestSoftwareSignHandler(t *testing.T) {
 	require.Nil(t, err)
 	sigRequest := &pb.SignatureRequest{KeyID: &pb.KeyID{ID: tufKey.ID()}, Content: make([]byte, 10)}
-	requestJson, _ := json.Marshal(sigRequest)
+	requestJSON, _ := json.Marshal(sigRequest)
-	reader = strings.NewReader(string(requestJson))
+	reader = strings.NewReader(string(requestJSON))
 	request, err := http.NewRequest("POST", signBaseURL, reader)
@ -184,8 +184,8 @@ func TestSoftwareSignWithInvalidRequestHandler(t *testing.T) {
 	cryptoService := cryptoservice.NewCryptoService(keyStore)
 	setup(signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService})
-	requestJson := "{\"blob\":\"7d16f1d0b95310a7bc557747fc4f20fcd41c1c5095ae42f189df0717e7d7f4a0a2b55debce630f43c4ac099769c612965e3fda3cd4c0078ee6a460f14fa19307\"}"
+	requestJSON := "{\"blob\":\"7d16f1d0b95310a7bc557747fc4f20fcd41c1c5095ae42f189df0717e7d7f4a0a2b55debce630f43c4ac099769c612965e3fda3cd4c0078ee6a460f14fa19307\"}"
-	reader = strings.NewReader(requestJson)
+	reader = strings.NewReader(requestJSON)
 	request, err := http.NewRequest("POST", signBaseURL, reader)
@ -213,9 +213,9 @@ func TestSignHandlerReturns404WithNonexistentKey(t *testing.T) {
 	cryptoService.Create("", "", data.ED25519Key)
 	sigRequest := &pb.SignatureRequest{KeyID: &pb.KeyID{ID: fakeID}, Content: make([]byte, 10)}
-	requestJson, _ := json.Marshal(sigRequest)
+	requestJSON, _ := json.Marshal(sigRequest)
-	reader = strings.NewReader(string(requestJson))
+	reader = strings.NewReader(string(requestJSON))
 	request, err := http.NewRequest("POST", signBaseURL, reader)
 	require.Nil(t, err)
--- a/trustmanager/yubikey/yubikeystore.go
+++ b/trustmanager/yubikey/yubikeystore.go
@ -25,14 +25,22 @@ import (
 )
 const (
-	USER_PIN    = "123456"
+	// UserPin is the user pin of a yubikey (in PIV parlance, is the PIN)
-	SO_USER_PIN = "010203040506070801020304050607080102030405060708"
+	UserPin = "123456"
-	numSlots    = 4 // number of slots in the yubikey
+	// SOUserPin is the "Security Officer" user pin - this is the PIV management
 	// (MGM) key, which is different than the admin pin of the Yubikey PGP interface
 	// (which in PIV parlance is the PUK, and defaults to 12345678)
 	SOUserPin = "010203040506070801020304050607080102030405060708"
 	numSlots  = 4 // number of slots in the yubikey
-	KeymodeNone      = 0
+	// KeymodeNone means that no touch or PIN is required to sign with the yubikey
-	KeymodeTouch     = 1 // touch enabled
+	KeymodeNone = 0
-	KeymodePinOnce   = 2 // require pin entry once
+	// KeymodeTouch means that only touch is required to sign with the yubikey
-	KeymodePinAlways = 4 // require pin entry all the time
+	KeymodeTouch = 1
 	// KeymodePinOnce means that the pin entry is required once the first time to sign with the yubikey
 	KeymodePinOnce = 2
 	// KeymodePinAlways means that pin entry is required every time to sign with the yubikey
 	KeymodePinAlways = 4
 	// the key size, when importing a key into yubikey, MUST be 32 bytes
 	ecdsaPrivateKeySize = 32
@ -95,6 +103,8 @@ func init() {
 	}
 }
 // ErrBackupFailed is returned when a YubiStore fails to back up a key that
 // is added
 type ErrBackupFailed struct {
 	err string
 }
@ -127,10 +137,13 @@ type YubiPrivateKey struct {
 	libLoader     pkcs11LibLoader
 }
-type YubikeySigner struct {
+// YubiKeySigner wraps a YubiPrivateKey and implements the crypto.Signer interface
 type yubikeySigner struct {
 	YubiPrivateKey
 }
 // NewYubiPrivateKey returns a YubiPrivateKey, which implements the data.PrivateKey
 // interface except that the private material is inacessible
 func NewYubiPrivateKey(slot []byte, pubKey data.ECDSAPublicKey,
 	passRetriever passphrase.Retriever) *YubiPrivateKey {
@ -142,7 +155,8 @@ func NewYubiPrivateKey(slot []byte, pubKey data.ECDSAPublicKey,
 	}
 }
-func (ys *YubikeySigner) Public() crypto.PublicKey {
+// Public is a required method of the crypto.Signer interface
 func (ys *yubikeySigner) Public() crypto.PublicKey {
 	publicKey, err := x509.ParsePKIXPublicKey(ys.YubiPrivateKey.Public())
 	if err != nil {
 		return nil
@ -158,7 +172,7 @@ func (y *YubiPrivateKey) setLibLoader(loader pkcs11LibLoader) {
 // CryptoSigner returns a crypto.Signer tha wraps the YubiPrivateKey. Needed for
 // Certificate generation only
 func (y *YubiPrivateKey) CryptoSigner() crypto.Signer {
-	return &YubikeySigner{YubiPrivateKey: *y}
+	return &yubikeySigner{YubiPrivateKey: *y}
 }
 // Private is not implemented in hardware  keys
@ -168,10 +182,14 @@ func (y *YubiPrivateKey) Private() []byte {
 	return nil
 }
 // SignatureAlgorithm returns which algorithm this key uses to sign - currently
 // hardcoded to ECDSA
 func (y YubiPrivateKey) SignatureAlgorithm() data.SigAlgorithm {
 	return data.ECDSASignature
 }
 // Sign is a required method of the crypto.Signer interface and the data.PrivateKey
 // interface
 func (y *YubiPrivateKey) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) ([]byte, error) {
 	ctx, session, err := SetupHSMEnv(pkcs11Lib, y.libLoader)
 	if err != nil {
@ -215,7 +233,7 @@ func addECDSAKey(
 ) error {
 	logrus.Debugf("Attempting to add key to yubikey with ID: %s", privKey.ID())
-	err := login(ctx, session, passRetriever, pkcs11.CKU_SO, SO_USER_PIN)
+	err := login(ctx, session, passRetriever, pkcs11.CKU_SO, SOUserPin)
 	if err != nil {
 		return err
 	}
@ -328,7 +346,7 @@ func getECDSAKey(ctx IPKCS11Ctx, session pkcs11.SessionHandle, pkcs11KeyID []byt
 // Sign returns a signature for a given signature request
 func sign(ctx IPKCS11Ctx, session pkcs11.SessionHandle, pkcs11KeyID []byte, passRetriever passphrase.Retriever, payload []byte) ([]byte, error) {
-	err := login(ctx, session, passRetriever, pkcs11.CKU_USER, USER_PIN)
+	err := login(ctx, session, passRetriever, pkcs11.CKU_USER, UserPin)
 	if err != nil {
 		return nil, fmt.Errorf("error logging in: %v", err)
 	}
@ -387,7 +405,7 @@ func sign(ctx IPKCS11Ctx, session pkcs11.SessionHandle, pkcs11KeyID []byte, pass
 }
 func yubiRemoveKey(ctx IPKCS11Ctx, session pkcs11.SessionHandle, pkcs11KeyID []byte, passRetriever passphrase.Retriever, keyID string) error {
-	err := login(ctx, session, passRetriever, pkcs11.CKU_SO, SO_USER_PIN)
+	err := login(ctx, session, passRetriever, pkcs11.CKU_SO, SOUserPin)
 	if err != nil {
 		return err
 	}
@ -595,20 +613,20 @@ func getNextEmptySlot(ctx IPKCS11Ctx, session pkcs11.SessionHandle) ([]byte, err
 	return nil, errors.New("Yubikey has no available slots.")
 }
-// YubiKeyStore is a KeyStore for private keys inside a Yubikey
+// YubiStore is a KeyStore for private keys inside a Yubikey
-type YubiKeyStore struct {
+type YubiStore struct {
 	passRetriever passphrase.Retriever
 	keys          map[string]yubiSlot
 	backupStore   trustmanager.KeyStore
 	libLoader     pkcs11LibLoader
 }
-// NewYubiKeyStore returns a YubiKeyStore, given a backup key store to write any
+// NewYubiStore returns a YubiStore, given a backup key store to write any
 // generated keys to (usually a KeyFileStore)
-func NewYubiKeyStore(backupStore trustmanager.KeyStore, passphraseRetriever passphrase.Retriever) (
+func NewYubiStore(backupStore trustmanager.KeyStore, passphraseRetriever passphrase.Retriever) (
-	*YubiKeyStore, error) {
+	*YubiStore, error) {
-	s := &YubiKeyStore{
+	s := &YubiStore{
 		passRetriever: passphraseRetriever,
 		keys:          make(map[string]yubiSlot),
 		backupStore:   backupStore,
@ -620,15 +638,16 @@ func NewYubiKeyStore(backupStore trustmanager.KeyStore, passphraseRetriever pass
 // Name returns a user friendly name for the location this store
 // keeps its data
-func (s YubiKeyStore) Name() string {
+func (s YubiStore) Name() string {
 	return "yubikey"
 }
-func (s *YubiKeyStore) setLibLoader(loader pkcs11LibLoader) {
+func (s *YubiStore) setLibLoader(loader pkcs11LibLoader) {
 	s.libLoader = loader
 }
-func (s *YubiKeyStore) ListKeys() map[string]trustmanager.KeyInfo {
+// ListKeys returns a list of keys in the yubikey store
 func (s *YubiStore) ListKeys() map[string]trustmanager.KeyInfo {
 	if len(s.keys) > 0 {
 		return buildKeyMap(s.keys)
 	}
@ -650,7 +669,7 @@ func (s *YubiKeyStore) ListKeys() map[string]trustmanager.KeyInfo {
 }
 // AddKey puts a key inside the Yubikey, as well as writing it to the backup store
-func (s *YubiKeyStore) AddKey(keyInfo trustmanager.KeyInfo, privKey data.PrivateKey) error {
+func (s *YubiStore) AddKey(keyInfo trustmanager.KeyInfo, privKey data.PrivateKey) error {
 	added, err := s.addKey(privKey.ID(), keyInfo.Role, privKey)
 	if err != nil {
 		return err
@ -667,7 +686,7 @@ func (s *YubiKeyStore) AddKey(keyInfo trustmanager.KeyInfo, privKey data.Private
 // Only add if we haven't seen the key already.  Return whether the key was
 // added.
-func (s *YubiKeyStore) addKey(keyID, role string, privKey data.PrivateKey) (
+func (s *YubiStore) addKey(keyID, role string, privKey data.PrivateKey) (
 	bool, error) {
 	// We only allow adding root keys for now
@ -713,7 +732,7 @@ func (s *YubiKeyStore) addKey(keyID, role string, privKey data.PrivateKey) (
 // GetKey retrieves a key from the Yubikey only (it does not look inside the
 // backup store)
-func (s *YubiKeyStore) GetKey(keyID string) (data.PrivateKey, string, error) {
+func (s *YubiStore) GetKey(keyID string) (data.PrivateKey, string, error) {
 	ctx, session, err := SetupHSMEnv(pkcs11Lib, s.libLoader)
 	if err != nil {
 		logrus.Debugf("Failed to initialize PKCS11 environment: %s", err.Error())
@ -748,7 +767,7 @@ func (s *YubiKeyStore) GetKey(keyID string) (data.PrivateKey, string, error) {
 // RemoveKey deletes a key from the Yubikey only (it does not remove it from the
 // backup store)
-func (s *YubiKeyStore) RemoveKey(keyID string) error {
+func (s *YubiStore) RemoveKey(keyID string) error {
 	ctx, session, err := SetupHSMEnv(pkcs11Lib, s.libLoader)
 	if err != nil {
 		logrus.Debugf("Failed to initialize PKCS11 environment: %s", err.Error())
@ -771,13 +790,13 @@ func (s *YubiKeyStore) RemoveKey(keyID string) error {
 }
 // ExportKey doesn't work, because you can't export data from a Yubikey
-func (s *YubiKeyStore) ExportKey(keyID string) ([]byte, error) {
+func (s *YubiStore) ExportKey(keyID string) ([]byte, error) {
-	logrus.Debugf("Attempting to export: %s key inside of YubiKeyStore", keyID)
+	logrus.Debugf("Attempting to export: %s key inside of YubiStore", keyID)
 	return nil, errors.New("Keys cannot be exported from a Yubikey.")
 }
-// Not yet implemented
+// GetKeyInfo is not yet implemented
-func (s *YubiKeyStore) GetKeyInfo(keyID string) (trustmanager.KeyInfo, error) {
+func (s *YubiStore) GetKeyInfo(keyID string) (trustmanager.KeyInfo, error) {
 	return trustmanager.KeyInfo{}, fmt.Errorf("Not yet implemented")
 }
@ -802,7 +821,7 @@ func SetupHSMEnv(libraryPath string, libLoader pkcs11LibLoader) (
 	IPKCS11Ctx, pkcs11.SessionHandle, error) {
 	if libraryPath == "" {
-		return nil, 0, errHSMNotPresent{err: "no library found."}
+		return nil, 0, errHSMNotPresent{err: "no library found"}
 	}
 	p := libLoader(libraryPath)
@ -842,8 +861,8 @@ func SetupHSMEnv(libraryPath string, libLoader pkcs11LibLoader) (
 	return p, session, nil
 }
-// YubikeyAccessible returns true if a Yubikey can be accessed
+// IsAccessible returns true if a Yubikey can be accessed
-func YubikeyAccessible() bool {
+func IsAccessible() bool {
 	if pkcs11Lib == "" {
 		return false
 	}
--- a/trustmanager/yubikey/yubikeystore_test.go
+++ b/trustmanager/yubikey/yubikeystore_test.go
@ -21,7 +21,7 @@ var ret = passphrase.ConstantRetriever("passphrase")
 // create a new store for clearing out keys, because we don't want to pollute
 // any cache
 func clearAllKeys(t *testing.T) {
-	store, err := NewYubiKeyStore(trustmanager.NewKeyMemoryStore(ret), ret)
+	store, err := NewYubiStore(trustmanager.NewKeyMemoryStore(ret), ret)
 	require.NoError(t, err)
 	for k := range store.ListKeys() {
@ -78,7 +78,7 @@ func addMaxKeys(t *testing.T, store trustmanager.KeyStore) []string {
 // We can add keys enough times to fill up all the slots in the Yubikey.
 // They are backed up, and we can then list them and get the keys.
 func TestYubiAddKeysAndRetrieve(t *testing.T) {
-	if !YubikeyAccessible() {
+	if !IsAccessible() {
 		t.Skip("Must have Yubikey access.")
 	}
 	clearAllKeys(t)
@ -90,13 +90,13 @@ func TestYubiAddKeysAndRetrieve(t *testing.T) {
 	// create 4 keys on the original store
 	backup := trustmanager.NewKeyMemoryStore(ret)
-	store, err := NewYubiKeyStore(backup, ret)
+	store, err := NewYubiStore(backup, ret)
 	require.NoError(t, err)
 	keys := addMaxKeys(t, store)
 	// create a new store, since we want to be sure the original store's cache
 	// is not masking any issues
-	cleanStore, err := NewYubiKeyStore(trustmanager.NewKeyMemoryStore(ret), ret)
+	cleanStore, err := NewYubiStore(trustmanager.NewKeyMemoryStore(ret), ret)
 	require.NoError(t, err)
 	// All 4 keys should be in the original store, in the clean store (which
@ -118,7 +118,7 @@ func TestYubiAddKeysAndRetrieve(t *testing.T) {
 // Test that we can successfully keys enough times to fill up all the slots in the Yubikey, even without a backup store
 func TestYubiAddKeysWithoutBackup(t *testing.T) {
-	if !YubikeyAccessible() {
+	if !IsAccessible() {
 		t.Skip("Must have Yubikey access.")
 	}
 	clearAllKeys(t)
@ -129,13 +129,13 @@ func TestYubiAddKeysWithoutBackup(t *testing.T) {
 	}()
 	// create 4 keys on the original store
-	store, err := NewYubiKeyStore(nil, ret)
+	store, err := NewYubiStore(nil, ret)
 	require.NoError(t, err)
 	keys := addMaxKeys(t, store)
 	// create a new store, since we want to be sure the original store's cache
 	// is not masking any issues
-	cleanStore, err := NewYubiKeyStore(trustmanager.NewKeyMemoryStore(ret), ret)
+	cleanStore, err := NewYubiStore(trustmanager.NewKeyMemoryStore(ret), ret)
 	require.NoError(t, err)
 	// All 4 keys should be in the original store, in the clean store (which
@ -157,7 +157,7 @@ func TestYubiAddKeysWithoutBackup(t *testing.T) {
 // We can't add a key if there are no more slots
 func TestYubiAddKeyFailureIfNoMoreSlots(t *testing.T) {
-	if !YubikeyAccessible() {
+	if !IsAccessible() {
 		t.Skip("Must have Yubikey access.")
 	}
 	clearAllKeys(t)
@ -169,7 +169,7 @@ func TestYubiAddKeyFailureIfNoMoreSlots(t *testing.T) {
 	// create 4 keys on the original store
 	backup := trustmanager.NewKeyMemoryStore(ret)
-	store, err := NewYubiKeyStore(backup, ret)
+	store, err := NewYubiStore(backup, ret)
 	require.NoError(t, err)
 	addMaxKeys(t, store)
@ -179,7 +179,7 @@ func TestYubiAddKeyFailureIfNoMoreSlots(t *testing.T) {
 	// create a new store, since we want to be sure the original store's cache
 	// is not masking any issues
-	cleanStore, err := NewYubiKeyStore(trustmanager.NewKeyMemoryStore(ret), ret)
+	cleanStore, err := NewYubiStore(trustmanager.NewKeyMemoryStore(ret), ret)
 	require.NoError(t, err)
 	// The key should not be in the original store, in the new clean store, or
@ -197,7 +197,7 @@ func TestYubiAddKeyFailureIfNoMoreSlots(t *testing.T) {
 // If some random key in the middle was removed, adding a key will work (keys
 // do not have to be deleted/added in order)
 func TestYubiAddKeyCanAddToMiddleSlot(t *testing.T) {
-	if !YubikeyAccessible() {
+	if !IsAccessible() {
 		t.Skip("Must have Yubikey access.")
 	}
 	clearAllKeys(t)
@ -209,7 +209,7 @@ func TestYubiAddKeyCanAddToMiddleSlot(t *testing.T) {
 	// create 4 keys on the original store
 	backup := trustmanager.NewKeyMemoryStore(ret)
-	store, err := NewYubiKeyStore(backup, ret)
+	store, err := NewYubiStore(backup, ret)
 	require.NoError(t, err)
 	keys := addMaxKeys(t, store)
@ -223,7 +223,7 @@ func TestYubiAddKeyCanAddToMiddleSlot(t *testing.T) {
 	// create a new store, since we want to be sure the original store's cache
 	// is not masking any issues
-	cleanStore, err := NewYubiKeyStore(trustmanager.NewKeyMemoryStore(ret), ret)
+	cleanStore, err := NewYubiStore(trustmanager.NewKeyMemoryStore(ret), ret)
 	require.NoError(t, err)
 	// The new key should be in the original store, in the new clean store, and
@ -262,7 +262,7 @@ func (s *nonworkingBackup) AddKey(keyInfo trustmanager.KeyInfo, privKey data.Pri
 // be removed from the Yubikey too because otherwise there is no way for
 // the user to later get a backup of the key.
 func TestYubiAddKeyRollsBackIfCannotBackup(t *testing.T) {
-	if !YubikeyAccessible() {
+	if !IsAccessible() {
 		t.Skip("Must have Yubikey access.")
 	}
 	clearAllKeys(t)
@ -275,7 +275,7 @@ func TestYubiAddKeyRollsBackIfCannotBackup(t *testing.T) {
 	backup := &nonworkingBackup{
 		KeyMemoryStore: *trustmanager.NewKeyMemoryStore(ret),
 	}
-	store, err := NewYubiKeyStore(backup, ret)
+	store, err := NewYubiStore(backup, ret)
 	require.NoError(t, err)
 	_, err = testAddKey(t, store)
@ -289,7 +289,7 @@ func TestYubiAddKeyRollsBackIfCannotBackup(t *testing.T) {
 // If, when adding a key to the Yubikey, and it already exists, we succeed
 // without adding it to the backup store.
 func TestYubiAddDuplicateKeySucceedsButDoesNotBackup(t *testing.T) {
-	if !YubikeyAccessible() {
+	if !IsAccessible() {
 		t.Skip("Must have Yubikey access.")
 	}
 	clearAllKeys(t)
@ -299,14 +299,14 @@ func TestYubiAddDuplicateKeySucceedsButDoesNotBackup(t *testing.T) {
 		SetYubikeyKeyMode(KeymodeTouch | KeymodePinOnce)
 	}()
-	origStore, err := NewYubiKeyStore(trustmanager.NewKeyMemoryStore(ret), ret)
+	origStore, err := NewYubiStore(trustmanager.NewKeyMemoryStore(ret), ret)
 	require.NoError(t, err)
 	key, err := testAddKey(t, origStore)
 	require.NoError(t, err)
 	backup := trustmanager.NewKeyMemoryStore(ret)
-	cleanStore, err := NewYubiKeyStore(backup, ret)
+	cleanStore, err := NewYubiStore(backup, ret)
 	require.NoError(t, err)
 	require.Len(t, cleanStore.ListKeys(), 1)
@ -321,7 +321,7 @@ func TestYubiAddDuplicateKeySucceedsButDoesNotBackup(t *testing.T) {
 // RemoveKey removes a key from the yubikey, but not from the backup store.
 func TestYubiRemoveKey(t *testing.T) {
-	if !YubikeyAccessible() {
+	if !IsAccessible() {
 		t.Skip("Must have Yubikey access.")
 	}
 	clearAllKeys(t)
@ -332,7 +332,7 @@ func TestYubiRemoveKey(t *testing.T) {
 	}()
 	backup := trustmanager.NewKeyMemoryStore(ret)
-	store, err := NewYubiKeyStore(backup, ret)
+	store, err := NewYubiStore(backup, ret)
 	require.NoError(t, err)
 	key, err := testAddKey(t, store)
@ -348,11 +348,11 @@ func TestYubiRemoveKey(t *testing.T) {
 	// create a new store, since we want to be sure the original store's cache
 	// is not masking any issues
-	cleanStore, err := NewYubiKeyStore(trustmanager.NewKeyMemoryStore(ret), ret)
+	cleanStore, err := NewYubiStore(trustmanager.NewKeyMemoryStore(ret), ret)
 	require.NoError(t, err)
 	// key is not in either the original store or the clean store
-	for _, store := range []*YubiKeyStore{store, cleanStore} {
+	for _, store := range []*YubiStore{store, cleanStore} {
 		_, _, err := store.GetKey(key.ID())
 		require.Error(t, err)
 	}
@ -360,7 +360,7 @@ func TestYubiRemoveKey(t *testing.T) {
 // One cannot export from hardware - it will not export from the backup
 func TestYubiExportKeyFails(t *testing.T) {
-	if !YubikeyAccessible() {
+	if !IsAccessible() {
 		t.Skip("Must have Yubikey access.")
 	}
 	clearAllKeys(t)
@ -370,7 +370,7 @@ func TestYubiExportKeyFails(t *testing.T) {
 		SetYubikeyKeyMode(KeymodeTouch | KeymodePinOnce)
 	}()
-	store, err := NewYubiKeyStore(trustmanager.NewKeyMemoryStore(ret), ret)
+	store, err := NewYubiStore(trustmanager.NewKeyMemoryStore(ret), ret)
 	require.NoError(t, err)
 	key, err := testAddKey(t, store)
@ -384,7 +384,7 @@ func TestYubiExportKeyFails(t *testing.T) {
 // If there are keys in the backup store but no keys in the Yubikey,
 // listing and getting cannot access the keys in the backup store
 func TestYubiListAndGetKeysIgnoresBackup(t *testing.T) {
-	if !YubikeyAccessible() {
+	if !IsAccessible() {
 		t.Skip("Must have Yubikey access.")
 	}
 	clearAllKeys(t)
@ -398,7 +398,7 @@ func TestYubiListAndGetKeysIgnoresBackup(t *testing.T) {
 	key, err := testAddKey(t, backup)
 	require.NoError(t, err)
-	store, err := NewYubiKeyStore(trustmanager.NewKeyMemoryStore(ret), ret)
+	store, err := NewYubiStore(trustmanager.NewKeyMemoryStore(ret), ret)
 	require.Len(t, store.ListKeys(), 0)
 	_, _, err = store.GetKey(key.ID())
 	require.Error(t, err)
@ -408,7 +408,7 @@ func TestYubiListAndGetKeysIgnoresBackup(t *testing.T) {
 // specifically that you cannot get the private bytes out.  Assume we can
 // sign something.
 func TestYubiKeyAndSign(t *testing.T) {
-	if !YubikeyAccessible() {
+	if !IsAccessible() {
 		t.Skip("Must have Yubikey access.")
 	}
 	clearAllKeys(t)
@ -418,7 +418,7 @@ func TestYubiKeyAndSign(t *testing.T) {
 		SetYubikeyKeyMode(KeymodeTouch | KeymodePinOnce)
 	}()
-	store, err := NewYubiKeyStore(trustmanager.NewKeyMemoryStore(ret), ret)
+	store, err := NewYubiStore(trustmanager.NewKeyMemoryStore(ret), ret)
 	require.NoError(t, err)
 	ecdsaPrivateKey, err := testAddKey(t, store)
@ -449,7 +449,7 @@ var setupErrors = []string{"Initialize", "GetSlotList", "OpenSession"}
 // Create a new store, so that we avoid any cache issues, and list keys
 func cleanListKeys(t *testing.T) map[string]trustmanager.KeyInfo {
-	cleanStore, err := NewYubiKeyStore(trustmanager.NewKeyMemoryStore(ret), ret)
+	cleanStore, err := NewYubiStore(trustmanager.NewKeyMemoryStore(ret), ret)
 	require.NoError(t, err)
 	return cleanStore.ListKeys()
 }
@ -507,7 +507,7 @@ func testYubiFunctionCleansUpOnSpecifiedErrors(t *testing.T,
 }
 func TestYubiAddKeyCleansUpOnError(t *testing.T) {
-	if !YubikeyAccessible() {
+	if !IsAccessible() {
 		t.Skip("Must have Yubikey access.")
 	}
 	clearAllKeys(t)
@ -518,7 +518,7 @@ func TestYubiAddKeyCleansUpOnError(t *testing.T) {
 	}()
 	backup := trustmanager.NewKeyMemoryStore(ret)
-	store, err := NewYubiKeyStore(backup, ret)
+	store, err := NewYubiStore(backup, ret)
 	require.NoError(t, err)
 	var _addkey = func() error {
@ -571,7 +571,7 @@ func TestYubiAddKeyCleansUpOnError(t *testing.T) {
 }
 func TestYubiGetKeyCleansUpOnError(t *testing.T) {
-	if !YubikeyAccessible() {
+	if !IsAccessible() {
 		t.Skip("Must have Yubikey access.")
 	}
 	clearAllKeys(t)
@ -581,7 +581,7 @@ func TestYubiGetKeyCleansUpOnError(t *testing.T) {
 		SetYubikeyKeyMode(KeymodeTouch | KeymodePinOnce)
 	}()
-	store, err := NewYubiKeyStore(trustmanager.NewKeyMemoryStore(ret), ret)
+	store, err := NewYubiStore(trustmanager.NewKeyMemoryStore(ret), ret)
 	require.NoError(t, err)
 	key, err := testAddKey(t, store)
 	require.NoError(t, err)
@ -603,7 +603,7 @@ func TestYubiGetKeyCleansUpOnError(t *testing.T) {
 }
 func TestYubiRemoveKeyCleansUpOnError(t *testing.T) {
-	if !YubikeyAccessible() {
+	if !IsAccessible() {
 		t.Skip("Must have Yubikey access.")
 	}
 	clearAllKeys(t)
@ -613,7 +613,7 @@ func TestYubiRemoveKeyCleansUpOnError(t *testing.T) {
 		SetYubikeyKeyMode(KeymodeTouch | KeymodePinOnce)
 	}()
-	store, err := NewYubiKeyStore(trustmanager.NewKeyMemoryStore(ret), ret)
+	store, err := NewYubiStore(trustmanager.NewKeyMemoryStore(ret), ret)
 	require.NoError(t, err)
 	key, err := testAddKey(t, store)
 	require.NoError(t, err)
@ -646,7 +646,7 @@ func TestYubiRemoveKeyCleansUpOnError(t *testing.T) {
 }
 func TestYubiListKeyCleansUpOnError(t *testing.T) {
-	if !YubikeyAccessible() {
+	if !IsAccessible() {
 		t.Skip("Must have Yubikey access.")
 	}
 	clearAllKeys(t)
@ -656,9 +656,9 @@ func TestYubiListKeyCleansUpOnError(t *testing.T) {
 		SetYubikeyKeyMode(KeymodeTouch | KeymodePinOnce)
 	}()
-	// Do not call NewYubiKeyStore, because it list keys immediately to
+	// Do not call NewYubiStore, because it list keys immediately to
 	// build the cache.
-	store := &YubiKeyStore{
+	store := &YubiStore{
 		passRetriever: ret,
 		keys:          make(map[string]yubiSlot),
 		backupStore:   trustmanager.NewKeyMemoryStore(ret),
@ -685,7 +685,7 @@ func TestYubiListKeyCleansUpOnError(t *testing.T) {
 // export key fails anyway, don't bother testing
 func TestYubiSignCleansUpOnError(t *testing.T) {
-	if !YubikeyAccessible() {
+	if !IsAccessible() {
 		t.Skip("Must have Yubikey access.")
 	}
 	clearAllKeys(t)
@ -695,7 +695,7 @@ func TestYubiSignCleansUpOnError(t *testing.T) {
 		SetYubikeyKeyMode(KeymodeTouch | KeymodePinOnce)
 	}()
-	store, err := NewYubiKeyStore(trustmanager.NewKeyMemoryStore(ret), ret)
+	store, err := NewYubiStore(trustmanager.NewKeyMemoryStore(ret), ret)
 	require.NoError(t, err)
 	key, err := testAddKey(t, store)
@ -732,7 +732,7 @@ func TestYubiSignCleansUpOnError(t *testing.T) {
 // If Sign gives us an invalid signature, we retry until successful up to
 // a maximum of 5 times.
 func TestYubiRetrySignUntilSuccess(t *testing.T) {
-	if !YubikeyAccessible() {
+	if !IsAccessible() {
 		t.Skip("Must have Yubikey access.")
 	}
 	clearAllKeys(t)
@ -742,7 +742,7 @@ func TestYubiRetrySignUntilSuccess(t *testing.T) {
 		SetYubikeyKeyMode(KeymodeTouch | KeymodePinOnce)
 	}()
-	store, err := NewYubiKeyStore(trustmanager.NewKeyMemoryStore(ret), ret)
+	store, err := NewYubiStore(trustmanager.NewKeyMemoryStore(ret), ret)
 	require.NoError(t, err)
 	key, err := testAddKey(t, store)
@ -777,7 +777,7 @@ func TestYubiRetrySignUntilSuccess(t *testing.T) {
 // If Sign gives us an invalid signature, we retry until up to a maximum of 5
 // times, and if it's still invalid, fail.
 func TestYubiRetrySignUntilFail(t *testing.T) {
-	if !YubikeyAccessible() {
+	if !IsAccessible() {
 		t.Skip("Must have Yubikey access.")
 	}
 	clearAllKeys(t)
@ -787,7 +787,7 @@ func TestYubiRetrySignUntilFail(t *testing.T) {
 		SetYubikeyKeyMode(KeymodeTouch | KeymodePinOnce)
 	}()
-	store, err := NewYubiKeyStore(trustmanager.NewKeyMemoryStore(ret), ret)
+	store, err := NewYubiStore(trustmanager.NewKeyMemoryStore(ret), ret)
 	require.NoError(t, err)
 	key, err := testAddKey(t, store)