mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Log always the token, even on errors.

Browse source
This commit is contained in:
Mariano Cano 2019-02-20 12:34:40 -08:00
parent adbc496b40
commit 1c7155298b
1 changed files with 13 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
api/api.go
View file

@ -259,6 +259,8 @@ func (h *caHandler) Sign(w http.ResponseWriter, r *http.Request) {
WriteError(w, BadRequest(errors.Wrap(err, "error reading request body"))) WriteError(w, BadRequest(errors.Wrap(err, "error reading request body")))
return return
} }
logOtt(w, body.OTT)
if err := body.Validate(); err != nil { if err := body.Validate(); err != nil {
WriteError(w, err) WriteError(w, err)
return return
@ -282,7 +284,7 @@ func (h *caHandler) Sign(w http.ResponseWriter, r *http.Request) {
} }
w.WriteHeader(http.StatusCreated) w.WriteHeader(http.StatusCreated)
logCertificate(w, cert, body.OTT) logCertificate(w, cert)
JSON(w, &SignResponse{ JSON(w, &SignResponse{
ServerPEM: Certificate{cert}, ServerPEM: Certificate{cert},
CaPEM: Certificate{root}, CaPEM: Certificate{root},
@ -305,7 +307,7 @@ func (h *caHandler) Renew(w http.ResponseWriter, r *http.Request) {
} }
w.WriteHeader(http.StatusCreated) w.WriteHeader(http.StatusCreated)
logCertificate(w, cert, "") logCertificate(w, cert)
JSON(w, &SignResponse{ JSON(w, &SignResponse{
ServerPEM: Certificate{cert}, ServerPEM: Certificate{cert},
CaPEM: Certificate{root}, CaPEM: Certificate{root},
@ -389,7 +391,15 @@ type stepProvisioner struct {
CredentialID []byte CredentialID []byte
} }
func logCertificate(w http.ResponseWriter, cert *x509.Certificate, token string) { func logOtt(w http.ResponseWriter, token string) {
if rl, ok := w.(logging.ResponseLogger); ok {
rl.WithFields(map[string]interface{}{
"ott": token,
})
}
}
func logCertificate(w http.ResponseWriter, cert *x509.Certificate) {
if rl, ok := w.(logging.ResponseLogger); ok { if rl, ok := w.(logging.ResponseLogger); ok {
m := map[string]interface{}{ m := map[string]interface{}{
"serial": cert.SerialNumber, "serial": cert.SerialNumber,
@ -400,9 +410,6 @@ func logCertificate(w http.ResponseWriter, cert *x509.Certificate, token string)
"public-key": fmtPublicKey(cert), "public-key": fmtPublicKey(cert),
"certificate": base64.StdEncoding.EncodeToString(cert.Raw), "certificate": base64.StdEncoding.EncodeToString(cert.Raw),
} }
if len(token) > 0 {
m["ott"] = token
}
for _, ext := range cert.Extensions { for _, ext := range cert.Extensions {
if ext.Id.Equal(oidStepProvisioner) { if ext.Id.Equal(oidStepProvisioner) {
val := &stepProvisioner{} val := &stepProvisioner{}