From 7597c1552d636712391d7269d0373747384ced0d Mon Sep 17 00:00:00 2001 From: Kiran Kamineni Date: Thu, 19 Apr 2018 21:27:01 -0700 Subject: Refactor logger and use it everywhere Refactored the logger to print the right line number. This is done by using the runtime.caller function within the logger.output function Issue-ID: AAF-257 Change-Id: Ie26de43ca74c71f382d3b5f93ebd4eaf6d51e2b4 Signed-off-by: Kiran Kamineni --- sms-service/doc/coverage.html | 861 ++++++++++++++++++--------- sms-service/doc/coverage.md | 41 ++ sms-service/src/quorumclient/quorumclient.go | 22 +- sms-service/src/sms/Gopkg.lock | 2 +- sms-service/src/sms/auth/auth.go | 82 +-- sms-service/src/sms/backend/backend.go | 3 +- sms-service/src/sms/backend/vault.go | 105 ++-- sms-service/src/sms/backend/vault_test.go | 38 ++ sms-service/src/sms/coverage.md | 41 -- sms-service/src/sms/handler/handler.go | 54 +- sms-service/src/sms/handler/handler_test.go | 45 +- sms-service/src/sms/log/logger.go | 73 ++- 12 files changed, 850 insertions(+), 517 deletions(-) create mode 100644 sms-service/doc/coverage.md delete mode 100644 sms-service/src/sms/coverage.md (limited to 'sms-service') diff --git a/sms-service/doc/coverage.html b/sms-service/doc/coverage.html index d03ddde..39ee191 100644 --- a/sms-service/doc/coverage.html +++ b/sms-service/doc/coverage.html @@ -54,19 +54,19 @@ @@ -109,6 +109,7 @@ package auth import ( "bytes" + "crypto" "crypto/tls" "crypto/x509" "encoding/base64" @@ -119,63 +120,63 @@ import ( smslogger "sms/log" ) -var tlsConfig *tls.Config - // GetTLSConfig initializes a tlsConfig using the CA's certificate // This config is then used to enable the server for mutual TLS func GetTLSConfig(caCertFile string) (*tls.Config, error) { + // Initialize tlsConfig once - if tlsConfig == nil { - caCert, err := ioutil.ReadFile(caCertFile) + caCert, err := ioutil.ReadFile(caCertFile) - if err != nil { - return nil, err - } + if err != nil { + return nil, err + } - caCertPool := x509.NewCertPool() - caCertPool.AppendCertsFromPEM(caCert) + caCertPool := x509.NewCertPool() + caCertPool.AppendCertsFromPEM(caCert) - tlsConfig = &tls.Config{ - ClientAuth: tls.RequireAndVerifyClientCert, - ClientCAs: caCertPool, - MinVersion: tls.VersionTLS12, - } - tlsConfig.BuildNameToCertificate() + tlsConfig := &tls.Config{ + // Change to RequireAndVerify once we have mandatory certs + ClientAuth: tls.VerifyClientCertIfGiven, + ClientCAs: caCertPool, + MinVersion: tls.VersionTLS12, } - return tlsConfig, nil + tlsConfig.BuildNameToCertificate() + return tlsConfig, nil } // GeneratePGPKeyPair produces a PGP key pair and returns // two things: // A base64 encoded form of the public part of the entity // A base64 encoded form of the private key -func GeneratePGPKeyPair() (string, string, error) { +func GeneratePGPKeyPair() (string, string, error) { + var entity *openpgp.Entity - entity, err := openpgp.NewEntity("aaf.sms.init", "PGP Key for unsealing", "", nil) - if err != nil { - smslogger.WriteError(err.Error()) + config := &packet.Config{ + DefaultHash: crypto.SHA256, + } + + entity, err := openpgp.NewEntity("aaf.sms.init", "PGP Key for unsealing", "", config) + if smslogger.CheckError(err, "Create Entity") != nil { return "", "", err } // Sign the identity in the entity - for _, id := range entity.Identities { + for _, id := range entity.Identities { err = id.SelfSignature.SignUserId(id.UserId.Id, entity.PrimaryKey, entity.PrivateKey, nil) - if err != nil { - smslogger.WriteError(err.Error()) + if smslogger.CheckError(err, "Sign Entity") != nil { return "", "", err } } // Sign the subkey in the entity - for _, subkey := range entity.Subkeys { + for _, subkey := range entity.Subkeys { err := subkey.Sig.SignKey(subkey.PublicKey, entity.PrivateKey, nil) - if err != nil { - smslogger.WriteError(err.Error()) + if smslogger.CheckError(err, "Sign Subkey") != nil { return "", "", err } } - buffer := new(bytes.Buffer) + buffer := new(bytes.Buffer) entity.Serialize(buffer) pbkey := base64.StdEncoding.EncodeToString(buffer.Bytes()) @@ -186,40 +187,96 @@ func GeneratePGPKeyPair() (string, string, error) { return pbkey, prkey, nil } -// DecryptPGPBytes decrypts a PGP encoded input string and returns +// EncryptPGPString takes data and a public key and encrypts using that +// public key +func EncryptPGPString(data string, pbKey string) (string, error) { + + pbKeyBytes, err := base64.StdEncoding.DecodeString(pbKey) + if smslogger.CheckError(err, "Decoding Base64 Public Key") != nil { + return "", err + } + + dataBytes := []byte(data) + + pbEntity, err := openpgp.ReadEntity(packet.NewReader(bytes.NewBuffer(pbKeyBytes))) + if smslogger.CheckError(err, "Reading entity from PGP key") != nil { + return "", err + } + + // encrypt string + buf := new(bytes.Buffer) + out, err := openpgp.Encrypt(buf, []*openpgp.Entity{pbEntity}, nil, nil, nil) + if smslogger.CheckError(err, "Creating Encryption Pipe") != nil { + return "", err + } + + _, err = out.Write(dataBytes) + if smslogger.CheckError(err, "Writing to Encryption Pipe") != nil { + return "", err + } + + err = out.Close() + if smslogger.CheckError(err, "Closing Encryption Pipe") != nil { + return "", err + } + + crp := base64.StdEncoding.EncodeToString(buf.Bytes()) + return crp, nil +} + +// DecryptPGPString decrypts a PGP encoded input string and returns // a base64 representation of the decoded string -func DecryptPGPBytes(data string, prKey string) (string, error) { +func DecryptPGPString(data string, prKey string) (string, error) { + // Convert private key to bytes from base64 prKeyBytes, err := base64.StdEncoding.DecodeString(prKey) - if err != nil { - smslogger.WriteError("Error Decoding base64 private key: " + err.Error()) + if smslogger.CheckError(err, "Decoding Base64 Private Key") != nil { return "", err } - dataBytes, err := base64.StdEncoding.DecodeString(data) - if err != nil { - smslogger.WriteError("Error Decoding base64 data: " + err.Error()) + dataBytes, err := base64.StdEncoding.DecodeString(data) + if smslogger.CheckError(err, "Decoding base64 data") != nil { return "", err } - prEntity, err := openpgp.ReadEntity(packet.NewReader(bytes.NewBuffer(prKeyBytes))) - if err != nil { - smslogger.WriteError("Error reading entity from PGP key: " + err.Error()) + prEntity, err := openpgp.ReadEntity(packet.NewReader(bytes.NewBuffer(prKeyBytes))) + if smslogger.CheckError(err, "Read Entity") != nil { return "", err } - prEntityList := &openpgp.EntityList{prEntity} + prEntityList := &openpgp.EntityList{prEntity} message, err := openpgp.ReadMessage(bytes.NewBuffer(dataBytes), prEntityList, nil, nil) - if err != nil { - smslogger.WriteError("Error Decrypting message: " + err.Error()) + if smslogger.CheckError(err, "Decrypting Message") != nil { return "", err } - var retBuf bytes.Buffer + var retBuf bytes.Buffer retBuf.ReadFrom(message.UnverifiedBody) return retBuf.String(), nil } + +// ReadFromFile reads a file and loads the PGP key into +// a string +func ReadFromFile(fileName string) (string, error) { + + data, err := ioutil.ReadFile(fileName) + if smslogger.CheckError(err, "Read from file") != nil { + return "", err + } + return string(data), nil +} + +// WriteToFile writes a PGP key into a file. +// It will truncate the file if it exists +func WriteToFile(data string, fileName string) error { + + err := ioutil.WriteFile(fileName, []byte(data), 0600) + if smslogger.CheckError(err, "Write to file") != nil { + return err + } + return nil +}