From 1c7155298b9c39da424c959543a674ef61180ceb Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Wed, 20 Feb 2019 12:34:40 -0800 Subject: [PATCH] Log always the token, even on errors. --- api/api.go | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/api/api.go b/api/api.go index 37a151d6..f8d11ff5 100644 --- a/api/api.go +++ b/api/api.go @@ -259,6 +259,8 @@ func (h *caHandler) Sign(w http.ResponseWriter, r *http.Request) { WriteError(w, BadRequest(errors.Wrap(err, "error reading request body"))) return } + + logOtt(w, body.OTT) if err := body.Validate(); err != nil { WriteError(w, err) return @@ -282,7 +284,7 @@ func (h *caHandler) Sign(w http.ResponseWriter, r *http.Request) { } w.WriteHeader(http.StatusCreated) - logCertificate(w, cert, body.OTT) + logCertificate(w, cert) JSON(w, &SignResponse{ ServerPEM: Certificate{cert}, CaPEM: Certificate{root}, @@ -305,7 +307,7 @@ func (h *caHandler) Renew(w http.ResponseWriter, r *http.Request) { } w.WriteHeader(http.StatusCreated) - logCertificate(w, cert, "") + logCertificate(w, cert) JSON(w, &SignResponse{ ServerPEM: Certificate{cert}, CaPEM: Certificate{root}, @@ -389,7 +391,15 @@ type stepProvisioner struct { CredentialID []byte } -func logCertificate(w http.ResponseWriter, cert *x509.Certificate, token string) { +func logOtt(w http.ResponseWriter, token string) { + if rl, ok := w.(logging.ResponseLogger); ok { + rl.WithFields(map[string]interface{}{ + "ott": token, + }) + } +} + +func logCertificate(w http.ResponseWriter, cert *x509.Certificate) { if rl, ok := w.(logging.ResponseLogger); ok { m := map[string]interface{}{ "serial": cert.SerialNumber, @@ -400,9 +410,6 @@ func logCertificate(w http.ResponseWriter, cert *x509.Certificate, token string) "public-key": fmtPublicKey(cert), "certificate": base64.StdEncoding.EncodeToString(cert.Raw), } - if len(token) > 0 { - m["ott"] = token - } for _, ext := range cert.Extensions { if ext.Id.Equal(oidStepProvisioner) { val := &stepProvisioner{}