error message decoding and code cleanup

joevanwanzeeleKF · joevanwanzeeleKF · commit 6f9faa419c7c · 2022-12-06T14:27:17.000-05:00
diff --git a/backend.go b/backend.go
@@ -12,7 +12,6 @@ import (
 	"sync"
 	"time"
 
-	//"github.com/Keyfactor/keyfactor-go-client/api"
 	"github.com/hashicorp/errwrap"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/logical"
@@ -35,7 +34,7 @@ type keyfactorBackend struct {
 	*framework.Backend
 	lock         sync.RWMutex
 	cachedConfig *keyfactorConfig
-	//client       *api.Client
+	client       *keyfactorClient
 }
 
 // keyfactorBackend defines the target API keyfactorBackend
@@ -66,21 +65,39 @@ func backend() *keyfactorBackend {
 	return &b
 }
 
-// func (b *keyfactorBackend) initialize(ctx context.Context, req *logical.InitializationRequest) error {
-// 	err := req.Storage.Delete(ctx, "/ca")
-
-// 	if err != nil {
-// 		b.Logger().Error("Error removing previous stored ca values on init")
-// 		return err
-// 	}
-// 	//confPath := os.Getenv("KF_CONF_PATH")
-// 	//file, _ := ioutil.ReadFile(confPath)
-// 	//config = make(map[string]string)
-// 	//jsonutil.DecodeJSON(file, &config)
-// 	//b.Logger().Debug("INITIALIZE: KF_CONF_PATH = " + confPath)
-// 	//b.Logger().Debug("config file contents = ", config)
-// 	return nil
-// }
+// reset clears any client configuration for a new
+// backend to be configured
+func (b *keyfactorBackend) reset() {
+	b.lock.Lock()
+	defer b.lock.Unlock()
+	b.client = nil
+}
+
+// invalidate clears an existing client configuration in
+// the backend
+func (b *keyfactorBackend) invalidate(ctx context.Context, key string) {
+	if key == "config" {
+		b.reset()
+	}
+}
+
+// getClient locks the backend as it configures and creates a
+// a new client for the target API
+func (b *keyfactorBackend) getClient(ctx context.Context, s logical.Storage) (*keyfactorClient, error) {
+	b.lock.RLock()
+	unlockFunc := b.lock.RUnlock
+	defer func() { unlockFunc() }()
+
+	if b.client != nil {
+		return b.client, nil
+	}
+
+	b.lock.RUnlock()
+	b.lock.Lock()
+	unlockFunc = b.lock.Unlock
+
+	return nil, fmt.Errorf("need to return client")
+}
 
 // Handle interface with Keyfactor API to enroll a certificate with given content
 func (b *keyfactorBackend) submitCSR(ctx context.Context, req *logical.Request, csr string, caName string, templateName string) ([]string, string, error) {
@@ -92,11 +109,6 @@ func (b *keyfactorBackend) submitCSR(ctx context.Context, req *logical.Request,
 		return nil, "", errors.New("configuration is empty.")
 	}
 
-	// host := config["host"]
-	// template := config["template"]
-	// ca := config["CA"]
-	// creds := config["creds"]
-
 	ca := config.CertAuthority
 	template := config.CertTemplate
 
@@ -130,14 +142,14 @@ func (b *keyfactorBackend) submitCSR(ctx context.Context, req *logical.Request,
 	b.Logger().Debug("About to connect to " + config.KeyfactorUrl + "for csr submission")
 	res, err := http.DefaultClient.Do(httpReq)
 	if err != nil {
-		b.Logger().Info("CSR Enrollment failed: {{err}}", err)
+		b.Logger().Info("CSR Enrollment failed: {{err}}", err.Error())
 		return nil, "", err
 	}
 	if res.StatusCode != 200 {
 		b.Logger().Error("CSR Enrollment failed: server returned" + fmt.Sprint(res.StatusCode))
 		defer res.Body.Close()
 		body, _ := ioutil.ReadAll(res.Body)
-		b.Logger().Error("Error response: " + fmt.Sprint(body))
+		b.Logger().Error("Error response: " + string(body[:]))
 		return nil, "", fmt.Errorf("enrollment failed: server returned  %d\n ", res.StatusCode)
 	}
 
@@ -166,7 +178,7 @@ func (b *keyfactorBackend) submitCSR(ctx context.Context, req *logical.Request,
 	kfId := inner["KeyfactorID"].(float64)
 
 	if err != nil {
-		b.Logger().Error("unable to parse ca_chain response", err)
+		b.Logger().Error("unable to parse ca_chain response", fmt.Sprint(err))
 	}
 	caEntry, err := logical.StorageEntryJSON("ca_chain/", certs[1:])
 	if err != nil {
@@ -199,40 +211,6 @@ func (b *keyfactorBackend) submitCSR(ctx context.Context, req *logical.Request,
 	return certs, serial, nil
 }
 
-// reset clears any client configuration for a new
-// backend to be configured
-func (b *keyfactorBackend) reset() {
-	b.lock.Lock()
-	defer b.lock.Unlock()
-	//b.client = nil
-}
-
-// invalidate clears an existing client configuration in
-// the backend
-func (b *keyfactorBackend) invalidate(ctx context.Context, key string) {
-	if key == "config" {
-		b.reset()
-	}
-}
-
-// getClient locks the backend as it configures and creates a
-// a new client for the target API
-// func (b *keyfactorBackend) getClient(ctx context.Context, s logical.Storage) (*hashiCupsClient, error) {
-// 	b.lock.RLock()
-// 	unlockFunc := b.lock.RUnlock
-// 	defer func() { unlockFunc() }()
-
-// 	// if b.client != nil {
-// 	// 	return b.client, nil
-// 	// }
-
-// 	b.lock.RUnlock()
-// 	b.lock.Lock()
-// 	unlockFunc = b.lock.Unlock
-
-// 	return nil, fmt.Errorf("need to return client")
-// }
-
 const keyfactorHelp = `
 The Keyfactor backend is a pki service that issues and manages certificates.
 `
diff --git a/cert_util.go b/cert_util.go
@@ -25,43 +25,6 @@ import (
 	"github.com/hashicorp/vault/sdk/logical"
 )
 
-// type inputBundle struct {
-// 	role    *roleEntry
-// 	req     *logical.Request
-// 	apiData *framework.FieldData
-// }
-
-// var (
-// 	// A note on hostnameRegex: although we set the StrictDomainName option
-// 	// when doing the idna conversion, this appears to only affect output, not
-// 	// input, so it will allow e.g. host^123.example.com straight through. So
-// 	// we still need to use this to check the output.
-// 	hostnameRegex                = regexp.MustCompile(`^(\*\.)?(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])\.?$`)
-// 	oidExtensionBasicConstraints = []int{2, 5, 29, 19}
-// 	oidExtensionSubjectAltName   = []int{2, 5, 29, 17}
-// )
-
-// func oidInExtensions(oid asn1.ObjectIdentifier, extensions []pkix.Extension) bool {
-// 	for _, e := range extensions {
-// 		if e.Id.Equal(oid) {
-// 			return true
-// 		}
-// 	}
-// 	return false
-// }
-
-// func getFormat(data *framework.FieldData) string {
-// 	format := data.Get("format").(string)
-// 	switch format {
-// 	case "pem":
-// 	case "der":
-// 	case "pem_bundle":
-// 	default:
-// 		format = ""
-// 	}
-// 	return format
-// }
-
 // fetch the CA info from keyfactor
 func fetchCAInfo(ctx context.Context, req *logical.Request, b *keyfactorBackend) (response *logical.Response, retErr error) {
 	// first we see if we have previously retreived the CA or chain
diff --git a/client.go b/client.go
@@ -0,0 +1,53 @@
+package keyfactor
+
+import (
+	"errors"
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/Keyfactor/keyfactor-go-client/api"
+)
+
+type keyfactorClient struct {
+	*api.Client
+}
+
+func newClient(config *keyfactorConfig) (*api.Client, error) {
+	if config == nil {
+		return nil, errors.New("client configuration was nil")
+	}
+
+	if config.Username == "" {
+		return nil, errors.New("client username was not defined")
+	}
+
+	if config.Password == "" {
+		return nil, errors.New("client password was not defined")
+	}
+
+	if config.KeyfactorUrl == "" {
+		return nil, errors.New("client URL was not defined")
+	}
+	username := strings.Split(config.Username, "//")[1]
+	domain := strings.Split(config.Username, "//")[1]
+	hostname := config.KeyfactorUrl
+	if strings.HasPrefix(config.KeyfactorUrl, "http") {
+		hostname = strings.Split(config.KeyfactorUrl, "//")[1] //extract just the domain
+	}
+
+	var clientAuth api.AuthConfig
+	clientAuth.Username = username
+	clientAuth.Password = config.Password
+	clientAuth.Domain = domain
+	clientAuth.Hostname = hostname
+
+	fmt.Printf("clientAuth values: \n %s", clientAuth)
+
+	c, err := api.NewKeyfactorClient(&clientAuth)
+	if err != nil {
+		log.Fatalf("[ERROR] creating Keyfactor client: %s", err)
+	}
+
+	return c, err
+}
