From 9212b5031157773730ea3301bc19eafe605bb0c5 Mon Sep 17 00:00:00 2001 From: Camilo Viecco Date: Wed, 15 May 2024 11:27:42 -0700 Subject: [PATCH] minor cleanup --- cmd/keymaster/testcerts_test.go | 2 -- cmd/keymasterd/2fa_okta_test.go | 6 ++--- cmd/keymasterd/2fa_vip.go | 6 ++--- cmd/keymasterd/binData.go | 17 +++++++------- cmd/keymasterd/certgen_test.go | 6 ++--- cmd/keymasterd/config_test.go | 2 +- cmd/keymasterd/testcerts_test.go | 2 -- cmd/keymasterd/userProfile.go | 2 +- lib/authenticators/okta/okta_test.go | 24 ++++++++++---------- lib/authutil/authutil.go | 2 +- lib/authutil/testcerts_test.go | 2 -- lib/certgen/iprestricted.go | 3 +-- lib/client/sshagent/agent_test.go | 2 +- lib/client/twofa/testcerts_test.go | 2 -- lib/client/twofa/twofa.go | 1 + lib/client/twofa/u2f/u2f.go | 21 ++++++++++------- lib/client/twofa/u2f/u2f_test.go | 8 +++---- lib/instrumentedwriter/instrumentedWriter.go | 2 +- lib/pwauth/ldap/testcerts_test.go | 2 -- lib/vip/testcerts_test.go | 2 -- 20 files changed, 54 insertions(+), 60 deletions(-) diff --git a/cmd/keymaster/testcerts_test.go b/cmd/keymaster/testcerts_test.go index f4d348d2..f51ce5df 100644 --- a/cmd/keymaster/testcerts_test.go +++ b/cmd/keymaster/testcerts_test.go @@ -82,5 +82,3 @@ mIFoFLOJ+JZ4nvoNu1uFQCVKH0bARK3t8oWL7ZCRtc8vANiFS8I/JTQVO1HhW3NE fjl8EwIhuijeojU23fzVlFdXjGGzXqHO5Bm0nDuRV6XirMF5+Lh6w+y8UYLketwc 4ru0SF3ayA6bVHGXEeS5TOkv -----END PRIVATE KEY-----` - - diff --git a/cmd/keymasterd/2fa_okta_test.go b/cmd/keymasterd/2fa_okta_test.go index 25bd5da3..604dad9e 100644 --- a/cmd/keymasterd/2fa_okta_test.go +++ b/cmd/keymasterd/2fa_okta_test.go @@ -53,11 +53,11 @@ func oktaTestAuthnHandler(w http.ResponseWriter, req *http.Request) { Status: "MFA_REQUIRED", Embedded: okta.OktaApiEmbeddedDataResponseType{ Factor: []okta.OktaApiMFAFactorsType{ - okta.OktaApiMFAFactorsType{ + { Id: "someid", FactorType: "token:software:totp", VendorName: "OKTA"}, - okta.OktaApiMFAFactorsType{ + { Id: "anotherid", FactorType: "push", VendorName: "OKTA", @@ -76,7 +76,7 @@ func oktaTestAuthnHandler(w http.ResponseWriter, req *http.Request) { Status: "MFA_REQUIRED", Embedded: okta.OktaApiEmbeddedDataResponseType{ Factor: []okta.OktaApiMFAFactorsType{ - okta.OktaApiMFAFactorsType{ + { Id: "anotherid", FactorType: "push", VendorName: "OKTA", diff --git a/cmd/keymasterd/2fa_vip.go b/cmd/keymasterd/2fa_vip.go index fad3659b..03debe22 100644 --- a/cmd/keymasterd/2fa_vip.go +++ b/cmd/keymasterd/2fa_vip.go @@ -26,7 +26,7 @@ func (state *RuntimeState) startVIPPush(cookieVal string, username string) error return nil } -/// +// / const vipAuthPath = "/api/v0/vipAuth" func (state *RuntimeState) VIPAuthHandler(w http.ResponseWriter, r *http.Request) { @@ -141,7 +141,7 @@ func (state *RuntimeState) getPushPollTransaction(cookieValue string) (pushPollT return value, ok } -/////////////////////////// +// ///////////////////////// const vipPushStartPath = "/api/v0/vipPushStart" func (state *RuntimeState) vipPushStartHandler(w http.ResponseWriter, r *http.Request) { @@ -190,7 +190,7 @@ func (state *RuntimeState) vipPushStartHandler(w http.ResponseWriter, r *http.Re return } -//////////////////////////// +// ////////////////////////// const vipPollCheckPath = "/api/v0/vipPollCheck" func (state *RuntimeState) VIPPollCheckHandler(w http.ResponseWriter, r *http.Request) { diff --git a/cmd/keymasterd/binData.go b/cmd/keymasterd/binData.go index bcada58c..4da01c23 100644 --- a/cmd/keymasterd/binData.go +++ b/cmd/keymasterd/binData.go @@ -7,9 +7,9 @@ import ( "bytes" "compress/gzip" "fmt" - "net/http" "io" "io/ioutil" + "net/http" "os" "path/filepath" "strings" @@ -78,7 +78,6 @@ func (fi bindataFileInfo) Sys() interface{} { return nil } - type assetFile struct { *bytes.Reader name string @@ -244,11 +243,13 @@ var _bindata = map[string]func() (*asset, error){ // directory embedded in the file by go-bindata. // For example if you run go-bindata on data/... and data contains the // following hierarchy: -// data/ -// foo.txt -// img/ -// a.png -// b.png +// +// data/ +// foo.txt +// img/ +// a.png +// b.png +// // then AssetDir("data") would return []string{"foo.txt", "img"} // AssetDir("data/img") would return []string{"a.png", "b.png"} // AssetDir("foo.txt") and AssetDir("notexist") would return an error @@ -281,7 +282,7 @@ type bintree struct { } var _bintree = &bintree{nil, map[string]*bintree{ - "session.js": &bintree{sessionJs, map[string]*bintree{}}, + "session.js": {sessionJs, map[string]*bintree{}}, }} // RestoreAsset restores an asset under the given directory diff --git a/cmd/keymasterd/certgen_test.go b/cmd/keymasterd/certgen_test.go index 9cc0e059..f3806afb 100644 --- a/cmd/keymasterd/certgen_test.go +++ b/cmd/keymasterd/certgen_test.go @@ -234,11 +234,11 @@ func TestExpandSSHExtensionsSimple(t *testing.T) { } defer os.Remove(passwdFile.Name()) // clean up state.Config.Base.SSHCertConfig.Extensions = []sshExtension{ - sshExtension{ + { Key: "user:username", Value: "$USERNAME", }, - sshExtension{ + { Key: "key:$USERNAME", Value: "value:userkey", }, @@ -283,7 +283,7 @@ func TestExpandSSHExtensionsReplace(t *testing.T) { } for username, expected := range expansionTest { state.Config.Base.SSHCertConfig.Extensions = []sshExtension{ - sshExtension{ + { Key: "somekey", Value: "${USERNAME/./-}", }, diff --git a/cmd/keymasterd/config_test.go b/cmd/keymasterd/config_test.go index a73237b2..46b35f57 100644 --- a/cmd/keymasterd/config_test.go +++ b/cmd/keymasterd/config_test.go @@ -11,7 +11,7 @@ import ( "github.com/Cloud-Foundations/golib/pkg/log/testlogger" ) -//openssl genpkey -algorithm ED25519 -out key.pem +// openssl genpkey -algorithm ED25519 -out key.pem const pkcs8Ed25519PrivateKey = `-----BEGIN PRIVATE KEY----- MC4CAQAwBQYDK2VwBCIEIHoHbl2RwHwmyWtXVLroUZEI+d/SqL3RKmECM5P7o7D5 -----END PRIVATE KEY-----` diff --git a/cmd/keymasterd/testcerts_test.go b/cmd/keymasterd/testcerts_test.go index f4d348d2..f51ce5df 100644 --- a/cmd/keymasterd/testcerts_test.go +++ b/cmd/keymasterd/testcerts_test.go @@ -82,5 +82,3 @@ mIFoFLOJ+JZ4nvoNu1uFQCVKH0bARK3t8oWL7ZCRtc8vANiFS8I/JTQVO1HhW3NE fjl8EwIhuijeojU23fzVlFdXjGGzXqHO5Bm0nDuRV6XirMF5+Lh6w+y8UYLketwc 4ru0SF3ayA6bVHGXEeS5TOkv -----END PRIVATE KEY-----` - - diff --git a/cmd/keymasterd/userProfile.go b/cmd/keymasterd/userProfile.go index 25b8c789..dea16c4a 100644 --- a/cmd/keymasterd/userProfile.go +++ b/cmd/keymasterd/userProfile.go @@ -98,7 +98,7 @@ func (u *userProfile) FixupCredential(username string, displayname string) { } } -/// next are not actually from there... but make it simpler +// / next are not actually from there... but make it simpler func (u *userProfile) AddWebAuthnCredential(cred webauthn.Credential) error { index := time.Now().Unix() authData := webauthAuthData{ diff --git a/lib/authenticators/okta/okta_test.go b/lib/authenticators/okta/okta_test.go index 329c39c3..720e9b99 100644 --- a/lib/authenticators/okta/okta_test.go +++ b/lib/authenticators/okta/okta_test.go @@ -320,8 +320,8 @@ func TestMfaOTPFailNoValidDevices(t *testing.T) { response := OktaApiPrimaryResponseType{ StateToken: "foo", Status: "MFA_REQUIRED", Embedded: OktaApiEmbeddedDataResponseType{Factor: []OktaApiMFAFactorsType{ - OktaApiMFAFactorsType{Id: "someid", FactorType: "token:software:totp"}, - OktaApiMFAFactorsType{Id: "someid", VendorName: "OKTA"}, + {Id: "someid", FactorType: "token:software:totp"}, + {Id: "someid", VendorName: "OKTA"}, }}, } expiredUserCachedData := authCacheData{expires: time.Now().Add(60 * time.Second), @@ -356,7 +356,7 @@ func TestMFAOTPFailInvalidOTP(t *testing.T) { Status: "MFA_REQUIRED", Embedded: OktaApiEmbeddedDataResponseType{ Factor: []OktaApiMFAFactorsType{ - OktaApiMFAFactorsType{ + { Id: "someid", FactorType: "token:software:totp", VendorName: "OKTA"}, @@ -387,7 +387,7 @@ func TestMfaOTPSuccess(t *testing.T) { Status: "MFA_REQUIRED", Embedded: OktaApiEmbeddedDataResponseType{ Factor: []OktaApiMFAFactorsType{ - OktaApiMFAFactorsType{ + { Id: "validId", FactorType: "token:software:totp", VendorName: "OKTA"}, @@ -417,11 +417,11 @@ func TestMfaMutliOTPSuccess(t *testing.T) { Status: "MFA_REQUIRED", Embedded: OktaApiEmbeddedDataResponseType{ Factor: []OktaApiMFAFactorsType{ - OktaApiMFAFactorsType{ + { Id: "invalid", FactorType: "token:software:totp", VendorName: "OKTA"}, - OktaApiMFAFactorsType{ + { Id: "success", FactorType: "token:software:totp", VendorName: "OKTA"}, @@ -485,7 +485,7 @@ func TestMfaPushWaiting(t *testing.T) { Status: "MFA_REQUIRED", Embedded: OktaApiEmbeddedDataResponseType{ Factor: []OktaApiMFAFactorsType{ - OktaApiMFAFactorsType{ + { Id: "someid", FactorType: "push", VendorName: "OKTA"}, @@ -517,7 +517,7 @@ func TestMfaPushAccept(t *testing.T) { Status: "MFA_REQUIRED", Embedded: OktaApiEmbeddedDataResponseType{ Factor: []OktaApiMFAFactorsType{ - OktaApiMFAFactorsType{ + { Id: "someid", FactorType: "push", VendorName: "OKTA"}, @@ -549,11 +549,11 @@ func TestMfaPushAcceptMulti(t *testing.T) { Status: "MFA_REQUIRED", Embedded: OktaApiEmbeddedDataResponseType{ Factor: []OktaApiMFAFactorsType{ - OktaApiMFAFactorsType{ + { Id: "waiting", FactorType: "push", VendorName: "OKTA"}, - OktaApiMFAFactorsType{ + { Id: "success", FactorType: "push", VendorName: "OKTA"}, @@ -585,7 +585,7 @@ func TestMfaPushTimeout(t *testing.T) { Status: "MFA_REQUIRED", Embedded: OktaApiEmbeddedDataResponseType{ Factor: []OktaApiMFAFactorsType{ - OktaApiMFAFactorsType{ + { Id: "someid", FactorType: "push", VendorName: "OKTA"}, @@ -617,7 +617,7 @@ func TestMfaPushInvalidWrapper(t *testing.T) { Status: "MFA_REQUIRED", Embedded: OktaApiEmbeddedDataResponseType{ Factor: []OktaApiMFAFactorsType{ - OktaApiMFAFactorsType{ + { Id: "someid", FactorType: "push", VendorName: "OKTA"}, diff --git a/lib/authutil/authutil.go b/lib/authutil/authutil.go index db53989d..92ce0b65 100644 --- a/lib/authutil/authutil.go +++ b/lib/authutil/authutil.go @@ -32,7 +32,7 @@ const argon2m = 20 const argon2p = 2 const argon2l = 32 -//There is no well defined number for argon2. We define our own +// There is no well defined number for argon2. We define our own const argon2dPrefix = "$argon2d$" const randomStringEntropyBytes = 32 diff --git a/lib/authutil/testcerts_test.go b/lib/authutil/testcerts_test.go index d0159c29..1c044bec 100644 --- a/lib/authutil/testcerts_test.go +++ b/lib/authutil/testcerts_test.go @@ -82,5 +82,3 @@ mIFoFLOJ+JZ4nvoNu1uFQCVKH0bARK3t8oWL7ZCRtc8vANiFS8I/JTQVO1HhW3NE fjl8EwIhuijeojU23fzVlFdXjGGzXqHO5Bm0nDuRV6XirMF5+Lh6w+y8UYLketwc 4ru0SF3ayA6bVHGXEeS5TOkv -----END PRIVATE KEY-----` - - diff --git a/lib/certgen/iprestricted.go b/lib/certgen/iprestricted.go index 46f75c97..3f2902f6 100644 --- a/lib/certgen/iprestricted.go +++ b/lib/certgen/iprestricted.go @@ -26,7 +26,7 @@ type IpAdressFamily struct { var oidIPAddressDelegation = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 7} var ipV4FamilyEncoding = []byte{0, 1, 1} -//For now ipv4 only +// For now ipv4 only func encodeIpAddressChoice(netBlock net.IPNet) (asn1.BitString, error) { ones, bits := netBlock.Mask.Size() if bits != 32 { @@ -90,7 +90,6 @@ func decodeIPV4AddressChoice(encodedBlock asn1.BitString) (net.IPNet, error) { return netBlock, nil } -// type subjectPublicKeyInfo struct { Algorithm pkix.AlgorithmIdentifier SubjectPublicKey asn1.BitString diff --git a/lib/client/sshagent/agent_test.go b/lib/client/sshagent/agent_test.go index 1e8b10f0..3e1e469c 100644 --- a/lib/client/sshagent/agent_test.go +++ b/lib/client/sshagent/agent_test.go @@ -139,7 +139,7 @@ func (m *MockExtendedAgent) Signers() ([]ssh.Signer, error) { return nil, fmt.Errorf("not implemented") } -//next are extended +// next are extended func (m *MockExtendedAgent) SignWithFlags(key ssh.PublicKey, data []byte, flags agent.SignatureFlags) (*ssh.Signature, error) { return nil, fmt.Errorf("not implemented") } diff --git a/lib/client/twofa/testcerts_test.go b/lib/client/twofa/testcerts_test.go index 8ae78ffa..2ab2a2ba 100644 --- a/lib/client/twofa/testcerts_test.go +++ b/lib/client/twofa/testcerts_test.go @@ -82,5 +82,3 @@ mIFoFLOJ+JZ4nvoNu1uFQCVKH0bARK3t8oWL7ZCRtc8vANiFS8I/JTQVO1HhW3NE fjl8EwIhuijeojU23fzVlFdXjGGzXqHO5Bm0nDuRV6XirMF5+Lh6w+y8UYLketwc 4ru0SF3ayA6bVHGXEeS5TOkv -----END PRIVATE KEY-----` - - diff --git a/lib/client/twofa/twofa.go b/lib/client/twofa/twofa.go index 3e6f7529..16adda4d 100644 --- a/lib/client/twofa/twofa.go +++ b/lib/client/twofa/twofa.go @@ -299,6 +299,7 @@ func authenticateUser( if err != nil { logger.Printf("Warning: fido2 configured, but Error doing Fido Auth: %s", err) } + logger.Debugf(3, "authenticate user: after tryFidoMFA success=%v", successful2fa) } if allowTOTP && !successful2fa { err = totp.DoTOTPAuthenticate( diff --git a/lib/client/twofa/u2f/u2f.go b/lib/client/twofa/u2f/u2f.go index 84d1fa9f..689d529f 100644 --- a/lib/client/twofa/u2f/u2f.go +++ b/lib/client/twofa/u2f/u2f.go @@ -401,18 +401,23 @@ func authenticateHelper(req *u2fhost.AuthenticateRequest, devices []*u2fhost.Hid case <-interval.C: for handleReq, device := range registeredDevices { response, err := device.Authenticate(&handleReq) - if err == nil { - logger.Debugf(1, "device.Authenticate retured non error %s", err) - return response, nil - } else if err.Error() == u2fHostTestUserPresenceError.Error() && !prompted { - logger.Printf("\nTouch the flashing U2F device to authenticate...") - prompted = true - } else { - logger.Debugf(3, "Got status response %s", err) + logger.Debugf(4, "authenticateHelper, device.Authenticate") + if err != nil { + logger.Debugf(3, "Got status response err=%s", err) + if err.Error() == u2fHostTestUserPresenceError.Error() && !prompted { + logger.Printf("\nTouch the flashing U2F device to authenticate...") + prompted = true + + } + continue } + + logger.Debugf(1, "device.Authenticate retured non error %s", err) + return response, nil } } } + logger.Debugf(3, "End of auhtenticateHelper loop") return nil, fmt.Errorf("impossible Error") } diff --git a/lib/client/twofa/u2f/u2f_test.go b/lib/client/twofa/u2f/u2f_test.go index 26430a89..ad5fe908 100644 --- a/lib/client/twofa/u2f/u2f_test.go +++ b/lib/client/twofa/u2f/u2f_test.go @@ -6,21 +6,21 @@ import ( func TestVerifyAppId(t *testing.T) { passingData := map[string][]string{ - "https://good.example.com/": []string{ + "https://good.example.com/": { "good.example.com", "https://good.example.com/", }, - "https://good.example.com:443/": []string{ + "https://good.example.com:443/": { "good.example.com", "https://good.example.com/", }, } invalidAppid := map[string][]string{ - "https://good.example.com/": []string{ + "https://good.example.com/": { "evil.example.com", "https://evil.example.com/", }, - "https://good.example.com:443/": []string{ + "https://good.example.com:443/": { "evil.example.com", "https://evil.example.com/", }, diff --git a/lib/instrumentedwriter/instrumentedWriter.go b/lib/instrumentedwriter/instrumentedWriter.go index c44e2b11..56ece4ff 100644 --- a/lib/instrumentedwriter/instrumentedWriter.go +++ b/lib/instrumentedwriter/instrumentedWriter.go @@ -79,7 +79,7 @@ func (r *LoggingWriter) SetCustomLogRecord(key, value string) { r.logRecord.CustomRecords[key] = value } -// w.(accesslogger.LoggingWriter).SetUsername("alice") +// w.(accesslogger.LoggingWriter).SetUsername("alice") func (r *LoggingWriter) SetUsername(username string) { r.logRecord.Username = username } diff --git a/lib/pwauth/ldap/testcerts_test.go b/lib/pwauth/ldap/testcerts_test.go index 03f0c219..c7f59317 100644 --- a/lib/pwauth/ldap/testcerts_test.go +++ b/lib/pwauth/ldap/testcerts_test.go @@ -82,5 +82,3 @@ mIFoFLOJ+JZ4nvoNu1uFQCVKH0bARK3t8oWL7ZCRtc8vANiFS8I/JTQVO1HhW3NE fjl8EwIhuijeojU23fzVlFdXjGGzXqHO5Bm0nDuRV6XirMF5+Lh6w+y8UYLketwc 4ru0SF3ayA6bVHGXEeS5TOkv -----END PRIVATE KEY-----` - - diff --git a/lib/vip/testcerts_test.go b/lib/vip/testcerts_test.go index a8bc6e4c..32e50a10 100644 --- a/lib/vip/testcerts_test.go +++ b/lib/vip/testcerts_test.go @@ -82,5 +82,3 @@ mIFoFLOJ+JZ4nvoNu1uFQCVKH0bARK3t8oWL7ZCRtc8vANiFS8I/JTQVO1HhW3NE fjl8EwIhuijeojU23fzVlFdXjGGzXqHO5Bm0nDuRV6XirMF5+Lh6w+y8UYLketwc 4ru0SF3ayA6bVHGXEeS5TOkv -----END PRIVATE KEY-----` - -