minor cleanup

cmd/keymaster/testcerts_test.go

@@ -82,5 +82,3 @@ mIFoFLOJ+JZ4nvoNu1uFQCVKH0bARK3t8oWL7ZCRtc8vANiFS8I/JTQVO1HhW3NE
 fjl8EwIhuijeojU23fzVlFdXjGGzXqHO5Bm0nDuRV6XirMF5+Lh6w+y8UYLketwc
 4ru0SF3ayA6bVHGXEeS5TOkv
 -----END PRIVATE KEY-----`
-
-

cmd/keymasterd/2fa_okta_test.go

@@ -53,11 +53,11 @@ func oktaTestAuthnHandler(w http.ResponseWriter, req *http.Request) {
 			Status:          "MFA_REQUIRED",
 			Embedded: okta.OktaApiEmbeddedDataResponseType{
 				Factor: []okta.OktaApiMFAFactorsType{
-					okta.OktaApiMFAFactorsType{
+					{
 						Id:         "someid",
 						FactorType: "token:software:totp",
 						VendorName: "OKTA"},
-					okta.OktaApiMFAFactorsType{
+					{
 						Id:         "anotherid",
 						FactorType: "push",
 						VendorName: "OKTA",
@@ -76,7 +76,7 @@ func oktaTestAuthnHandler(w http.ResponseWriter, req *http.Request) {
 			Status:          "MFA_REQUIRED",
 			Embedded: okta.OktaApiEmbeddedDataResponseType{
 				Factor: []okta.OktaApiMFAFactorsType{
-					okta.OktaApiMFAFactorsType{
+					{
 						Id:         "anotherid",
 						FactorType: "push",
 						VendorName: "OKTA",

cmd/keymasterd/2fa_vip.go

@@ -26,7 +26,7 @@ func (state *RuntimeState) startVIPPush(cookieVal string, username string) error
 	return nil
 }
 
-///
+// /
 const vipAuthPath = "/api/v0/vipAuth"
 
 func (state *RuntimeState) VIPAuthHandler(w http.ResponseWriter, r *http.Request) {
@@ -141,7 +141,7 @@ func (state *RuntimeState) getPushPollTransaction(cookieValue string) (pushPollT
 	return value, ok
 }
 
-///////////////////////////
+// /////////////////////////
 const vipPushStartPath = "/api/v0/vipPushStart"
 
 func (state *RuntimeState) vipPushStartHandler(w http.ResponseWriter, r *http.Request) {
@@ -190,7 +190,7 @@ func (state *RuntimeState) vipPushStartHandler(w http.ResponseWriter, r *http.Re
 	return
 }
 
-////////////////////////////
+// //////////////////////////
 const vipPollCheckPath = "/api/v0/vipPollCheck"
 
 func (state *RuntimeState) VIPPollCheckHandler(w http.ResponseWriter, r *http.Request) {

cmd/keymasterd/certgen_test.go

@@ -234,11 +234,11 @@ func TestExpandSSHExtensionsSimple(t *testing.T) {
 	}
 	defer os.Remove(passwdFile.Name()) // clean up
 	state.Config.Base.SSHCertConfig.Extensions = []sshExtension{
-		sshExtension{
+		{
 			Key:   "user:username",
 			Value: "$USERNAME",
 		},
-		sshExtension{
+		{
 			Key:   "key:$USERNAME",
 			Value: "value:userkey",
 		},
@@ -283,7 +283,7 @@ func TestExpandSSHExtensionsReplace(t *testing.T) {
 	}
 	for username, expected := range expansionTest {
 		state.Config.Base.SSHCertConfig.Extensions = []sshExtension{
-			sshExtension{
+			{
 				Key:   "somekey",
 				Value: "${USERNAME/./-}",
 			},

cmd/keymasterd/config_test.go

@@ -11,7 +11,7 @@ import (
 	"github.com/Cloud-Foundations/golib/pkg/log/testlogger"
 )
 
-//openssl genpkey  -algorithm ED25519 -out key.pem
+// openssl genpkey  -algorithm ED25519 -out key.pem
 const pkcs8Ed25519PrivateKey = `-----BEGIN PRIVATE KEY-----
 MC4CAQAwBQYDK2VwBCIEIHoHbl2RwHwmyWtXVLroUZEI+d/SqL3RKmECM5P7o7D5
 -----END PRIVATE KEY-----`

cmd/keymasterd/testcerts_test.go

@@ -82,5 +82,3 @@ mIFoFLOJ+JZ4nvoNu1uFQCVKH0bARK3t8oWL7ZCRtc8vANiFS8I/JTQVO1HhW3NE
 fjl8EwIhuijeojU23fzVlFdXjGGzXqHO5Bm0nDuRV6XirMF5+Lh6w+y8UYLketwc
 4ru0SF3ayA6bVHGXEeS5TOkv
 -----END PRIVATE KEY-----`
-
-

cmd/keymasterd/userProfile.go

@@ -98,7 +98,7 @@ func (u *userProfile) FixupCredential(username string, displayname string) {
 	}
 }
 
-/// next are not actually from there... but make it simpler
+// / next are not actually from there... but make it simpler
 func (u *userProfile) AddWebAuthnCredential(cred webauthn.Credential) error {
 	index := time.Now().Unix()
 	authData := webauthAuthData{

lib/authenticators/okta/okta_test.go

@@ -320,8 +320,8 @@ func TestMfaOTPFailNoValidDevices(t *testing.T) {
 	response := OktaApiPrimaryResponseType{
 		StateToken: "foo", Status: "MFA_REQUIRED",
 		Embedded: OktaApiEmbeddedDataResponseType{Factor: []OktaApiMFAFactorsType{
-			OktaApiMFAFactorsType{Id: "someid", FactorType: "token:software:totp"},
-			OktaApiMFAFactorsType{Id: "someid", VendorName: "OKTA"},
+			{Id: "someid", FactorType: "token:software:totp"},
+			{Id: "someid", VendorName: "OKTA"},
 		}},
 	}
 	expiredUserCachedData := authCacheData{expires: time.Now().Add(60 * time.Second),
@@ -356,7 +356,7 @@ func TestMFAOTPFailInvalidOTP(t *testing.T) {
 		Status:     "MFA_REQUIRED",
 		Embedded: OktaApiEmbeddedDataResponseType{
 			Factor: []OktaApiMFAFactorsType{
-				OktaApiMFAFactorsType{
+				{
 					Id:         "someid",
 					FactorType: "token:software:totp",
 					VendorName: "OKTA"},
@@ -387,7 +387,7 @@ func TestMfaOTPSuccess(t *testing.T) {
 		Status:     "MFA_REQUIRED",
 		Embedded: OktaApiEmbeddedDataResponseType{
 			Factor: []OktaApiMFAFactorsType{
-				OktaApiMFAFactorsType{
+				{
 					Id:         "validId",
 					FactorType: "token:software:totp",
 					VendorName: "OKTA"},
@@ -417,11 +417,11 @@ func TestMfaMutliOTPSuccess(t *testing.T) {
 		Status:     "MFA_REQUIRED",
 		Embedded: OktaApiEmbeddedDataResponseType{
 			Factor: []OktaApiMFAFactorsType{
-				OktaApiMFAFactorsType{
+				{
 					Id:         "invalid",
 					FactorType: "token:software:totp",
 					VendorName: "OKTA"},
-				OktaApiMFAFactorsType{
+				{
 					Id:         "success",
 					FactorType: "token:software:totp",
 					VendorName: "OKTA"},
@@ -485,7 +485,7 @@ func TestMfaPushWaiting(t *testing.T) {
 		Status:     "MFA_REQUIRED",
 		Embedded: OktaApiEmbeddedDataResponseType{
 			Factor: []OktaApiMFAFactorsType{
-				OktaApiMFAFactorsType{
+				{
 					Id:         "someid",
 					FactorType: "push",
 					VendorName: "OKTA"},
@@ -517,7 +517,7 @@ func TestMfaPushAccept(t *testing.T) {
 		Status:     "MFA_REQUIRED",
 		Embedded: OktaApiEmbeddedDataResponseType{
 			Factor: []OktaApiMFAFactorsType{
-				OktaApiMFAFactorsType{
+				{
 					Id:         "someid",
 					FactorType: "push",
 					VendorName: "OKTA"},
@@ -549,11 +549,11 @@ func TestMfaPushAcceptMulti(t *testing.T) {
 		Status:     "MFA_REQUIRED",
 		Embedded: OktaApiEmbeddedDataResponseType{
 			Factor: []OktaApiMFAFactorsType{
-				OktaApiMFAFactorsType{
+				{
 					Id:         "waiting",
 					FactorType: "push",
 					VendorName: "OKTA"},
-				OktaApiMFAFactorsType{
+				{
 					Id:         "success",
 					FactorType: "push",
 					VendorName: "OKTA"},
@@ -585,7 +585,7 @@ func TestMfaPushTimeout(t *testing.T) {
 		Status:     "MFA_REQUIRED",
 		Embedded: OktaApiEmbeddedDataResponseType{
 			Factor: []OktaApiMFAFactorsType{
-				OktaApiMFAFactorsType{
+				{
 					Id:         "someid",
 					FactorType: "push",
 					VendorName: "OKTA"},
@@ -617,7 +617,7 @@ func TestMfaPushInvalidWrapper(t *testing.T) {
 		Status:     "MFA_REQUIRED",
 		Embedded: OktaApiEmbeddedDataResponseType{
 			Factor: []OktaApiMFAFactorsType{
-				OktaApiMFAFactorsType{
+				{
 					Id:         "someid",
 					FactorType: "push",
 					VendorName: "OKTA"},

lib/authutil/authutil.go

@@ -32,7 +32,7 @@ const argon2m = 20
 const argon2p = 2
 const argon2l = 32
 
-//There is no well defined number for argon2. We define our own
+// There is no well defined number for argon2. We define our own
 const argon2dPrefix = "$argon2d$"
 
 const randomStringEntropyBytes = 32

lib/authutil/testcerts_test.go

@@ -82,5 +82,3 @@ mIFoFLOJ+JZ4nvoNu1uFQCVKH0bARK3t8oWL7ZCRtc8vANiFS8I/JTQVO1HhW3NE
 fjl8EwIhuijeojU23fzVlFdXjGGzXqHO5Bm0nDuRV6XirMF5+Lh6w+y8UYLketwc
 4ru0SF3ayA6bVHGXEeS5TOkv
 -----END PRIVATE KEY-----`
-
-

lib/certgen/iprestricted.go

@@ -26,7 +26,7 @@ type IpAdressFamily struct {
 var oidIPAddressDelegation = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 7}
 var ipV4FamilyEncoding = []byte{0, 1, 1}
 
-//For now ipv4 only
+// For now ipv4 only
 func encodeIpAddressChoice(netBlock net.IPNet) (asn1.BitString, error) {
 	ones, bits := netBlock.Mask.Size()
 	if bits != 32 {
@@ -90,7 +90,6 @@ func decodeIPV4AddressChoice(encodedBlock asn1.BitString) (net.IPNet, error) {
 	return netBlock, nil
 }
 
-//
 type subjectPublicKeyInfo struct {
 	Algorithm        pkix.AlgorithmIdentifier
 	SubjectPublicKey asn1.BitString

lib/client/sshagent/agent_test.go

@@ -139,7 +139,7 @@ func (m *MockExtendedAgent) Signers() ([]ssh.Signer, error) {
 	return nil, fmt.Errorf("not implemented")
 }
 
-//next are extended
+// next are extended
 func (m *MockExtendedAgent) SignWithFlags(key ssh.PublicKey, data []byte, flags agent.SignatureFlags) (*ssh.Signature, error) {
 	return nil, fmt.Errorf("not implemented")
 }

lib/client/twofa/testcerts_test.go

@@ -82,5 +82,3 @@ mIFoFLOJ+JZ4nvoNu1uFQCVKH0bARK3t8oWL7ZCRtc8vANiFS8I/JTQVO1HhW3NE
 fjl8EwIhuijeojU23fzVlFdXjGGzXqHO5Bm0nDuRV6XirMF5+Lh6w+y8UYLketwc
 4ru0SF3ayA6bVHGXEeS5TOkv
 -----END PRIVATE KEY-----`
-
-

lib/client/twofa/twofa.go

@@ -299,6 +299,7 @@ func authenticateUser(
 			if err != nil {
 				logger.Printf("Warning: fido2 configured, but Error doing Fido Auth: %s", err)
 			}
+			logger.Debugf(3, "authenticate user: after tryFidoMFA success=%v", successful2fa)
 		}
 		if allowTOTP && !successful2fa {
 			err = totp.DoTOTPAuthenticate(

lib/client/twofa/u2f/u2f.go

@@ -401,18 +401,23 @@ func authenticateHelper(req *u2fhost.AuthenticateRequest, devices []*u2fhost.Hid
 		case <-interval.C:
 			for handleReq, device := range registeredDevices {
 				response, err := device.Authenticate(&handleReq)
-				if err == nil {
-					logger.Debugf(1, "device.Authenticate retured non error %s", err)
-					return response, nil
-				} else if err.Error() == u2fHostTestUserPresenceError.Error() && !prompted {
-					logger.Printf("\nTouch the flashing U2F device to authenticate...")
-					prompted = true
-				} else {
-					logger.Debugf(3, "Got status response %s", err)
+				logger.Debugf(4, "authenticateHelper, device.Authenticate")
+				if err != nil {
+					logger.Debugf(3, "Got status response err=%s", err)
+					if err.Error() == u2fHostTestUserPresenceError.Error() && !prompted {
+						logger.Printf("\nTouch the flashing U2F device to authenticate...")
+						prompted = true
+
+					}
+					continue
 				}
+
+				logger.Debugf(1, "device.Authenticate retured non error %s", err)
+				return response, nil
 			}
 		}
 	}
+	logger.Debugf(3, "End of auhtenticateHelper loop")
 	return nil, fmt.Errorf("impossible Error")
 }
 

lib/client/twofa/u2f/u2f_test.go

@@ -6,21 +6,21 @@ import (
 
 func TestVerifyAppId(t *testing.T) {
 	passingData := map[string][]string{
-		"https://good.example.com/": []string{
+		"https://good.example.com/": {
 			"good.example.com",
 			"https://good.example.com/",
 		},
-		"https://good.example.com:443/": []string{
+		"https://good.example.com:443/": {
 			"good.example.com",
 			"https://good.example.com/",
 		},
 	}
 	invalidAppid := map[string][]string{
-		"https://good.example.com/": []string{
+		"https://good.example.com/": {
 			"evil.example.com",
 			"https://evil.example.com/",
 		},
-		"https://good.example.com:443/": []string{
+		"https://good.example.com:443/": {
 			"evil.example.com",
 			"https://evil.example.com/",
 		},

lib/instrumentedwriter/instrumentedWriter.go

@@ -79,7 +79,7 @@ func (r *LoggingWriter) SetCustomLogRecord(key, value string) {
 	r.logRecord.CustomRecords[key] = value
 }
 
-//  w.(accesslogger.LoggingWriter).SetUsername("alice")
+// w.(accesslogger.LoggingWriter).SetUsername("alice")
 func (r *LoggingWriter) SetUsername(username string) {
 	r.logRecord.Username = username
 }

lib/pwauth/ldap/testcerts_test.go

@@ -82,5 +82,3 @@ mIFoFLOJ+JZ4nvoNu1uFQCVKH0bARK3t8oWL7ZCRtc8vANiFS8I/JTQVO1HhW3NE
 fjl8EwIhuijeojU23fzVlFdXjGGzXqHO5Bm0nDuRV6XirMF5+Lh6w+y8UYLketwc
 4ru0SF3ayA6bVHGXEeS5TOkv
 -----END PRIVATE KEY-----`
-
-

lib/vip/testcerts_test.go

@@ -82,5 +82,3 @@ mIFoFLOJ+JZ4nvoNu1uFQCVKH0bARK3t8oWL7ZCRtc8vANiFS8I/JTQVO1HhW3NE
 fjl8EwIhuijeojU23fzVlFdXjGGzXqHO5Bm0nDuRV6XirMF5+Lh6w+y8UYLketwc
 4ru0SF3ayA6bVHGXEeS5TOkv
 -----END PRIVATE KEY-----`
-
-