cleanup

joevanwanzeeleKF · joevanwanzeeleKF · commit 40b90e79061d · 2022-04-25T17:42:47.000-04:00
diff --git a/backend.go b/backend.go
@@ -29,15 +29,12 @@ var config map[string]string
 // Factory configures and returns backend
 func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) {
 	confPath := os.Getenv("KF_CONF_PATH")
+
 	file, _ := ioutil.ReadFile(confPath)
 	config = make(map[string]string)
-	//roles = make(map[string]map[string]bool)
 	jsonutil.DecodeJSON(file, &config)
+
 	var b backend
-	// b := &backend{
-	// 	store:       make(map[string][]byte),
-	// 	crlLifetime: time.Hour * 72,
-	// }
 
 	b.Backend = &framework.Backend{
 		Help:        strings.TrimSpace(keyfactorHelp),
@@ -60,6 +57,8 @@ func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend,
 	}
 
 	b.Backend.Setup(ctx, conf)
+	b.Logger().Debug("KF_CONF_PATH = " + confPath)
+	b.Logger().Debug("config file contents = ", config)
 	return b, nil
 }
 
diff --git a/cert_util.go b/cert_util.go
@@ -164,7 +164,13 @@ func getCAId(ctx context.Context, req *logical.Request, b *backend) (string, err
 	ca := config["CA"]
 	creds := config["creds"]
 	b.Logger().Debug("ca from config = " + ca)
-	ca_name := strings.Split(ca, "\\\\")[1]
+
+	if ca == "" {
+		b.Logger().Error("unable to read CA value from config file")
+		return "", nil
+	}
+
+	ca_name := strings.Split(ca, `\\`)[1]
 
 	// This is only needed when running as a vault extension
 	b.Logger().Debug("Closing idle connections")
diff --git a/path_issue_sign.go b/path_issue_sign.go
@@ -172,134 +172,6 @@ func (b *backend) pathIssueSignCert(ctx context.Context, req *logical.Request, d
 	}
 
 	return response, nil
-
-	// input := &inputBundle{
-	// 	req:     req,
-	// 	apiData: data,
-	// 	role:    role,
-	// }
-	// var parsedBundle *certutil.ParsedCertBundle
-	// var err error
-	// if useCSR {
-	// 	parsedBundle, err = b.generateCSR(cn, ip_sans, dns_sans)(b, input, signingBundle, false, useCSRValues)
-	// } else {
-	// 	parsedBundle, err = generateCert(ctx, b, input, signingBundle, false)
-	// }
-	// if err != nil {
-	// 	switch err.(type) {
-	// 	case errutil.UserError:
-	// 		return logical.ErrorResponse(err.Error()), nil
-	// 	case errutil.InternalError:
-	// 		return nil, err
-	// 	default:
-	// 		return nil, errwrap.Wrapf("error signing/generating certificate: {{err}}", err)
-	// 	}
-	// }
-
-	// signingCB, err := signingBundle.ToCertBundle()
-	// if err != nil {
-	// 	return nil, errwrap.Wrapf("error converting raw signing bundle to cert bundle: {{err}}", err)
-	// }
-
-	// cb, err := parsedBundle.ToCertBundle()
-	// if err != nil {
-	// 	return nil, errwrap.Wrapf("error converting raw cert bundle to cert bundle: {{err}}", err)
-	// }
-
-	// respData := map[string]interface{}{
-	// 	"expiration":    int64(parsedBundle.Certificate.NotAfter.Unix()),
-	// 	"serial_number": cb.SerialNumber,
-	// }
-
-	// switch format {
-	// case "pem":
-	// 	respData["issuing_ca"] = signingCB.Certificate
-	// 	respData["certificate"] = cb.Certificate
-	// 	if cb.CAChain != nil && len(cb.CAChain) > 0 {
-	// 		respData["ca_chain"] = cb.CAChain
-	// 	}
-	// 	if !useCSR {
-	// 		respData["private_key"] = cb.PrivateKey
-	// 		respData["private_key_type"] = cb.PrivateKeyType
-	// 	}
-
-	// case "pem_bundle":
-	// 	respData["issuing_ca"] = signingCB.Certificate
-	// 	respData["certificate"] = cb.ToPEMBundle()
-	// 	if cb.CAChain != nil && len(cb.CAChain) > 0 {
-	// 		respData["ca_chain"] = cb.CAChain
-	// 	}
-	// 	if !useCSR {
-	// 		respData["private_key"] = cb.PrivateKey
-	// 		respData["private_key_type"] = cb.PrivateKeyType
-	// 	}
-
-	// case "der":
-	// 	respData["certificate"] = base64.StdEncoding.EncodeToString(parsedBundle.CertificateBytes)
-	// 	respData["issuing_ca"] = base64.StdEncoding.EncodeToString(key)
-
-	// 	var caChain []string
-	// 	for _, caCert := range parsedBundle.CAChain {
-	// 		caChain = append(caChain, base64.StdEncoding.EncodeToString(caCert.Bytes))
-	// 	}
-	// 	if caChain != nil && len(caChain) > 0 {
-	// 		respData["ca_chain"] = caChain
-	// 	}
-
-	// 	if !useCSR {
-	// 		respData["private_key"] = base64.StdEncoding.EncodeToString(parsedBundle.PrivateKeyBytes)
-	// 		respData["private_key_type"] = cb.PrivateKeyType
-	// 	}
-	// }
-
-	// var resp *logical.Response
-	// switch {
-	// case role.GenerateLease == nil:
-	// 	return nil, fmt.Errorf("generate lease in role is nil")
-	// case *role.GenerateLease == false:
-	// 	// If lease generation is disabled do not populate `Secret` field in
-	// 	// the response
-	// 	resp = &logical.Response{
-	// 		Data: respData,
-	// 	}
-	// default:
-
-	// 	resp = b.Secret("pki").Response(
-	// 		respData,
-	// 		map[string]interface{}{
-	// 			"serial_number": cb.SerialNumber,
-	// 		})
-	// 	resp.Secret.TTL = parsedBundle.Certificate.NotAfter.Sub(time.Now())
-
-	// }
-
-	// if data.Get("private_key_format").(string) == "pkcs8" {
-	// 	err = convertRespToPKCS8(resp)
-	// 	if err != nil {
-	// 		return nil, err
-	// 	}
-	// }
-
-	// if !role.NoStore {
-	// 	err = req.Storage.Put(ctx, &logical.StorageEntry{
-	// 		Key:   "certs/" + normalizeSerial(cb.SerialNumber),
-	// 		Value: parsedBundle.CertificateBytes,
-	// 	})
-	// 	if err != nil {
-	// 		return nil, errwrap.Wrapf("unable to store certificate locally: {{err}}", err)
-	// 	}
-	// }
-
-	// if useCSR {
-	// 	if role.UseCSRCommonName && data.Get("common_name").(string) != "" {
-	// 		resp.AddWarning("the common_name field was provided but the role is set with \"use_csr_common_name\" set to true")
-	// 	}
-	// 	if role.UseCSRSANs && data.Get("alt_names").(string) != "" {
-	// 		resp.AddWarning("the alt_names field was provided but the role is set with \"use_csr_sans\" set to true")
-	// 	}
-	// }
-
-	// return resp, nil
 }
 
 const pathIssueHelpSyn = `
diff --git a/path_revoke.go b/path_revoke.go
@@ -11,16 +11,14 @@ import (
 
 func pathRevoke(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: `revoke/(?P<serial>[0-9A-Fa-f-:]+)`,
+		Pattern: `revoke/?$`,
+
 		Fields: map[string]*framework.FieldSchema{
 			"serial": {
-				Type: framework.TypeString,
-				Description: `Certificate serial number, in colon- or
-hyphen-separated octal`,
-				Required: true,
+				Type:        framework.TypeString,
+				Description: `The cerial number of the certificate to revoke`,
 			},
 		},
-
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.UpdateOperation: b.pathRevokeWrite,
 			logical.CreateOperation: b.pathRevokeWrite,
@@ -32,7 +30,11 @@ hyphen-separated octal`,
 }
 
 func (b *backend) pathRevokeWrite(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
+	//path := data.Get("path").(string)
+	//b.Logger().Debug("path = " + path)
+
 	serial := data.Get("serial").(string)
+	b.Logger().Debug("serial = " + serial)
 
 	if len(serial) == 0 {
 		return logical.ErrorResponse("The serial number must be provided"), nil
