Merge pull request #126 from ARGOeu/devel

Version 0.1.5

Author: themiszamani

README.md

@@ -32,10 +32,8 @@ Before you start, you need to issue a valid certificate.
 
 4. Get dependencies(If you plan on contributing to the project else skip this step):
 
-   Argo-api-authN uses the dep tool for dependency handling.
+   Argo-api-authN uses the go modules tool for dependency handling.
 
-    - Install the dep tool. You can find instructions depending on your platform at [Dep](https://github.com/golang/dep).
-
 5. To build the service use the following command:
 
       `go build`
@@ -83,7 +81,8 @@ Before you start, you need to issue a valid certificate.
    "service_types_retrieval_fields": {
    "ams": "token",
    "web-api": "api_key"
-   }
+   },
+   "syslog_enabled": true
  }
  ```
 

argo-api-authn.spec

@@ -3,7 +3,7 @@
 
 Name: argo-api-authn
 Summary: ARGO Authentication API. Map X509, OICD to token.
-Version: 0.1.4
+Version: 0.1.5
 Release: 1%{?dist}
 License: ASL 2.0
 Buildroot: %{_tmppath}/%{name}-buildroot
@@ -57,6 +57,8 @@ go clean
 %attr(0644,root,root) /usr/lib/systemd/system/argo-api-authn.service
 
 %changelog
+* Wed Nov 18 2020 Agelos Tsalapatis  <agelos.tsal@gmail    .com> - 0.1.5-1%{?dist}
+- Release of argo-api-authn version 0.1.5
 * Thu Jun 13 2019 Agelos Tsalapatis  <agelos.tsal@gmail.com> - 0.1.4-1%{?dist}
 - Release of argo-api-authn version 0.1.4
 * Thu Jun 13 2019 Agelos Tsalapatis  <agelos.tsal@gmail.com> - 0.1.3-1%{?dist}

auth/revoke.go

@@ -3,6 +3,7 @@ package auth
 import (
 	"crypto/x509"
 	"crypto/x509/pkix"
+	"fmt"
 	"github.com/ARGOeu/argo-api-authn/utils"
 	LOGGER "github.com/sirupsen/logrus"
 	"io/ioutil"
@@ -17,7 +18,7 @@ func CRLCheckRevokedCert(cert *x509.Certificate) error {
 
 	var err error
 	var goMaxP, psi, csi int
-	var crtList *pkix.TBSCertificateList
+	var crtList pkix.TBSCertificateList
 	var errChan = make(chan error)
 	var doneChan = make(chan bool, 1)
 
@@ -118,30 +119,37 @@ loop:
 }
 
 // FetchCRL fetches the CRL
-func FetchCRL(url string) (*pkix.TBSCertificateList, error) {
+func FetchCRL(url string) (pkix.TBSCertificateList, error) {
 
 	var err error
-	var crtList *pkix.CertificateList
 	var resp *http.Response
 	var crlBytes []byte
 
+	var crtList = &pkix.CertificateList{}
+
 	// initialize the client and perform a get request to grab the crl
-	client := &http.Client{Timeout: time.Duration(60 * time.Second)}
+	client := &http.Client{Timeout: time.Duration(30 * time.Second)}
 	if resp, err = client.Get(url); err != nil {
-		return &crtList.TBSCertList, err
+		LOGGER.Error(fmt.Errorf("Request to CRL: %v produced the following error, %v", url, err.Error()))
+		err := fmt.Errorf("Could not access CRL %v", url)
+		return pkix.TBSCertificateList{}, err
 	}
 
 	// read the response
 	if crlBytes, err = ioutil.ReadAll(resp.Body); err != nil {
-		return &crtList.TBSCertList, err
+		err := fmt.Errorf("Reading CRL data: %v produced the following error, %v", url, err.Error())
+		LOGGER.Error(err)
+		return pkix.TBSCertificateList{}, err
 	}
 
 	defer resp.Body.Close()
 
 	// create the crl from the byte slice
 	if crtList, err = x509.ParseCRL(crlBytes); err != nil {
-		return &crtList.TBSCertList, err
+		err := fmt.Errorf("Parsing CRL data: %v produced the following error, %v", url, err.Error())
+		LOGGER.Error(err)
+		return pkix.TBSCertificateList{}, err
 	}
 
-	return &crtList.TBSCertList, err
+	return crtList.TBSCertList, err
 }

auth/revoke_test.go

@@ -3,7 +3,9 @@ package auth
 import (
 	"crypto/x509"
 	"encoding/pem"
+	LOGGER "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/suite"
+	"io/ioutil"
 	"testing"
 )
 
@@ -124,8 +126,16 @@ func (suite *RevokeTestSuite) TestCRLCheckRevokedCert() {
 	err3 := CRLCheckRevokedCert(crt)
 
 	suite.Equal("Your certificate is invalid. No CRLDistributionPoints found on the certificate", err3.Error())
+
+	// test the case of an invalid CRL URL
+	crt = ParseCert(goodComodoCA)
+	crt.CRLDistributionPoints = []string{"https://unknown/unknown"}
+	err4 := CRLCheckRevokedCert(crt)
+
+	suite.Equal("Could not access CRL https://unknown/unknown", err4.Error())
 }
 
 func TestRevokeTestSuite(t *testing.T) {
+	LOGGER.SetOutput(ioutil.Discard)
 	suite.Run(t, new(RevokeTestSuite))
 }

authmethods/authmethods_test.go

@@ -7,7 +7,6 @@ import (
 	"github.com/stretchr/testify/suite"
 	"io"
 	"io/ioutil"
-	"reflect"
 	"testing"
 )
 
@@ -149,7 +148,8 @@ func (suite *AuthMethodsTestSuite) TestAuthMethodFIndAll() {
 	mockstore.AuthMethods = []stores.QAuthMethod{}
 	aMList2, err2 := AuthMethodFindAll(mockstore)
 
-	suite.True(reflect.DeepEqual(expAmList, aMList))
+	suite.Equal(am1, aMList.AuthMethods[0])
+	suite.Equal(am2, aMList.AuthMethods[1])
 	suite.Equal(0, len(aMList2.AuthMethods))
 
 	suite.Nil(err1)

conf/argo-api-authn-config.template

@@ -13,5 +13,6 @@
   "trust_unknown_cas": true,
   "verify_certificate": false,
   "service_types_paths": {"ams": "/v1/users:byUUID/{{identifier}}?key={{access_key}}"},
-  "service_types_retrieval_fields": {"ams": "token"}
+  "service_types_retrieval_fields": {"ams": "token"},
+  "syslog_enabled": false
 }

config.json

@@ -19,5 +19,6 @@
   "service_types_retrieval_fields": {
     "ams": "token",
     "web-api": "api_key"
-  }
+  },
+  "syslog_enabled" : false
 }

config/config.go

@@ -6,7 +6,9 @@ import (
 	"errors"
 	"github.com/ARGOeu/argo-api-authn/utils"
 	LOGGER "github.com/sirupsen/logrus"
+	lSyslog "github.com/sirupsen/logrus/hooks/syslog"
 	"io/ioutil"
+	"log/syslog"
 	"reflect"
 )
 
@@ -26,6 +28,7 @@ type Config struct {
 	VerifyCertificate           bool              `json:"verify_certificate"`
 	ServiceTypesPaths           map[string]string `json:"service_types_paths" required:"true"`
 	ServiceTypesRetrievalFields map[string]string `json:"service_types_retrieval_fields" required:"true"`
+	SyslogEnabled               bool              `json:"syslog_enabled"`
 }
 
 // ConfigSetUp unmarshals a json file specified by the input parameter into the config object
@@ -42,6 +45,13 @@ func (cfg *Config) ConfigSetUp(path string) error {
 		return errors.New("Something went wrong while marshaling the json data. Error: " + err.Error())
 	}
 
+	if cfg.SyslogEnabled {
+		hook, err := lSyslog.NewSyslogHook("", "", syslog.LOG_INFO, "")
+		if err == nil {
+			LOGGER.AddHook(hook)
+		}
+	}
+
 	if err = utils.ValidateRequired(*cfg); err != nil {
 		return utils.StructGenericEmptyRequiredField("config", err.Error())
 	}

config/config_test.go

@@ -42,6 +42,7 @@ func (suite *ConfigTestSuite) TestConfigSetUp() {
 			"ams":     "token",
 			"web-api": "api_key",
 		},
+		SyslogEnabled: true,
 	}
 
 	//tests the case of a malformed json

config/configuration-test-files/test-conf.json

@@ -19,5 +19,6 @@
   "service_types_retrieval_fields": {
     "ams": "token",
     "web-api": "api_key"
-  }
+  },
+  "syslog_enabled": true
 }