feat(client)!: Add support for oauth

BREAKING CHANGE: Convert to using `keyfactor-auth-client-go`
Keyfactor · Oct 21, 2024 · c702078 · c702078
1 parent 76b10d5
commit c702078
Show file tree

Hide file tree

Showing 35 changed files with 5,151 additions and 90 deletions.
diff --git a/v2/api/agent.go b/v2/api/agent.go
@@ -17,12 +17,13 @@ package api
 import (
 	"encoding/json"
 	"fmt"
+	"log"
 	"regexp"
 )
 
 // GetAgentList returns a list of orchestrators registered in the Keyfactor instance
 func (c *Client) GetAgentList() ([]Agent, error) {
-	//log.println("[INFO] Getting a list of agents registered in Keyfactor")
+	log.Println("[INFO] Getting a list of agents registered in Keyfactor")
 
 	// Set Keyfactor-specific headers
 	headers := &apiHeaders{
@@ -53,7 +54,7 @@ func (c *Client) GetAgentList() ([]Agent, error) {
 }
 
 func (c *Client) GetAgent(id string) ([]Agent, error) {
-	//log.println("[INFO] Getting agent by ID or name.")
+	log.Println("[INFO] Getting agent by ID or name.")
 
 	// Set Keyfactor-specific headers
 	headers := &apiHeaders{
@@ -105,7 +106,7 @@ func (c *Client) GetAgent(id string) ([]Agent, error) {
 }
 
 func (c *Client) ApproveAgent(id string) (string, error) {
-	//log.printf("[INFO] Approving agent %s in Keyfactor.\n", id)
+	log.Printf("[INFO] Approving agent %s in Keyfactor.\n", id)
 
 	// Set Keyfactor-specific headers
 	headers := &apiHeaders{
@@ -140,7 +141,7 @@ func (c *Client) ApproveAgent(id string) (string, error) {
 }
 
 func (c *Client) DisApproveAgent(id string) (string, error) {
-	//log.printf("[INFO] Disapproving agent %s in Keyfactor.\n", id)
+	log.Printf("[INFO] Disapproving agent %s in Keyfactor.\n", id)
 
 	// Set Keyfactor-specific headers
 	headers := &apiHeaders{
@@ -175,7 +176,7 @@ func (c *Client) DisApproveAgent(id string) (string, error) {
 }
 
 func (c *Client) ResetAgent(id string) (string, error) {
-	//log.printf("[INFO] Resetting agent %s in Keyfactor.\n", id)
+	log.Printf("[INFO] Resetting agent %s in Keyfactor.\n", id)
 
 	// Set Keyfactor-specific headers
 	headers := &apiHeaders{
@@ -209,7 +210,7 @@ func (c *Client) ResetAgent(id string) (string, error) {
 }
 
 func (c *Client) FetchAgentLogs(id string) (string, error) {
-	//log.printf("[INFO] Fetching agent logs for %s.\n", id)
+	log.Printf("[INFO] Fetching agent logs for %s.\n", id)
 
 	// Set Keyfactor-specific headers
 	headers := &apiHeaders{

diff --git a/v2/api/ca.go b/v2/api/ca.go
@@ -16,11 +16,12 @@ package api
 
 import (
 	"encoding/json"
+	"log"
 )
 
 // GetCAList returns a list of certificate authorities supported by the Keyfactor instance
 func (c *Client) GetCAList() ([]CA, error) {
-	//log.println("[INFO] Getting a list of CAs from Keyfactor instance")
+	log.Println("[INFO] Getting a list of CAs from Keyfactor instance")
 
 	// Set Keyfactor-specific headers
 	headers := &apiHeaders{

diff --git a/v2/api/certificate.go b/v2/api/certificate.go
@@ -21,6 +21,7 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"log"
 	"net/http"
 	"strconv"
 	"strings"
@@ -33,7 +34,7 @@ import (
 // EnrollPFX takes arguments for EnrollPFXFctArgs to facilitate a call to Keyfactor
 // that enrolls a PFX certificate with the supplied arguments.
 func (c *Client) EnrollPFX(ea *EnrollPFXFctArgs) (*EnrollResponse, error) {
-	//log.println("[INFO] Enrolling PFX certificate with Keyfactor")
+	log.Println("[INFO] Enrolling PFX certificate with Keyfactor")
 
 	/* Ensure required inputs exist */
 	var missingFields []string
@@ -106,7 +107,7 @@ func (c *Client) EnrollPFX(ea *EnrollPFXFctArgs) (*EnrollResponse, error) {
 }
 
 func (c *Client) EnrollPFXV2(ea *EnrollPFXFctArgsV2) (*EnrollResponseV2, error) {
-	//log.println("[INFO] Enrolling PFX certificate with Keyfactor")
+	log.Println("[INFO] Enrolling PFX certificate with Keyfactor")
 
 	/* Ensure required inputs exist */
 	var missingFields []string
@@ -161,6 +162,8 @@ func (c *Client) EnrollPFXV2(ea *EnrollPFXFctArgsV2) (*EnrollResponseV2, error)
 		Payload:  &ea,
 	}
 
+	log.Println("[TRACE] Request: ", keyfactorAPIStruct)
+
 	resp, err := c.sendRequest(keyfactorAPIStruct)
 	if err != nil {
 		return nil, err
@@ -194,7 +197,7 @@ func (c *Client) DownloadCertificate(
 	serialNumber string,
 	issuerDn string,
 ) (*x509.Certificate, []*x509.Certificate, error) {
-	//log.println("[INFO] Downloading certificate")
+	log.Println("[INFO] Downloading certificate")
 
 	/* The download certificate endpoint requires one of the following to retrieve a cert:
 		- CertID
@@ -283,7 +286,7 @@ func (c *Client) DownloadCertificate(
 //   - Template             : string
 //   - CertificateAuthority : string
 func (c *Client) EnrollCSR(ea *EnrollCSRFctArgs) (*EnrollResponse, error) {
-	//log.println("[INFO] Signing CSR with Keyfactor")
+	log.Println("[INFO] Signing CSR with Keyfactor")
 
 	/* Ensure required inputs exist */
 	if (ea.Template == "") || (ea.CertificateAuthority == "") {
@@ -330,9 +333,9 @@ func (c *Client) EnrollCSR(ea *EnrollCSRFctArgs) (*EnrollResponse, error) {
 //   - CertificateIds : []int
 //   - Comment        : string
 func (c *Client) RevokeCert(rvargs *RevokeCertArgs) error {
-	//log.println("[INFO] Revoking certificates")
+	log.Println("[INFO] Revoking certificates")
 	//for _, certs := range rvargs.CertificateIds {
-	//	//log.printf("[TRACE] Revoking ID %d", certs)
+	//	log.Printf("[TRACE] Revoking ID %d", certs)
 	//}
 
 	// Fields required by revoke cert API request are cert ID & comment
@@ -642,8 +645,8 @@ func (c *Client) RecoverCertificate(
 	password string,
 	collectionId int,
 ) (interface{}, *x509.Certificate, []*x509.Certificate, error) {
-	//log.println("[DEBUG] Enter RecoverCertificate")
-	//log.println("[INFO] Recovering certificate ID:", certId)
+	log.Println("[DEBUG] Enter RecoverCertificate")
+	log.Println("[INFO] Recovering certificate ID:", certId)
 	/* The download certificate endpoint requires one of the following to retrieve a cert:
 		- CertID
 		- Thumbprint
@@ -661,10 +664,10 @@ func (c *Client) RecoverCertificate(
 	}
 
 	if !validInput {
-		//log.println("[ERROR] RecoverCertificate: certID, thumbprint, or serial number AND issuer DN required to download certificate")
+		log.Println("[ERROR] RecoverCertificate: certID, thumbprint, or serial number AND issuer DN required to download certificate")
 		return nil, nil, nil, fmt.Errorf("certID, thumbprint, or serial number AND issuer DN required to download certificate")
 	}
-	//log.println("[DEBUG] RecoverCertificate: Valid input")
+	log.Println("[DEBUG] RecoverCertificate: Valid input")
 
 	if password == "" {
 		return nil, nil, nil, fmt.Errorf("password required to recover private key with certificate")
@@ -679,7 +682,7 @@ func (c *Client) RecoverCertificate(
 		IncludeChain: true,
 	}
 
-	//log.println("[DEBUG] RecoverCertificate: Recovering certificate with args:", rca)
+	log.Println("[DEBUG] RecoverCertificate: Recovering certificate with args:", rca)
 	// Set Keyfactor-specific headers
 	headers := &apiHeaders{
 		Headers: []StringTuple{
@@ -694,16 +697,16 @@ func (c *Client) RecoverCertificate(
 		Query: []StringTuple{},
 	}
 	if collectionId > 0 {
-		//log.println("[DEBUG] RecoverCertificate: Collection ID:", collectionId)
+		log.Println("[DEBUG] RecoverCertificate: Collection ID:", collectionId)
 		query.Query = append(
 			query.Query, StringTuple{
 				"collectionId", fmt.Sprintf("%d", collectionId),
 			},
 		)
-		//log.println("[DEBUG] RecoverCertificate: Query:", query)
+		log.Println("[DEBUG] RecoverCertificate: Query:", query)
 	}
 
-	//log.println("[DEBUG] RecoverCertificate: Creating recover certificate request")
+	log.Println("[DEBUG] RecoverCertificate: Creating recover certificate request")
 	keyfactorAPIStruct := &request{
 		Method:   "POST",
 		Endpoint: "Certificates/Recover",
@@ -712,37 +715,37 @@ func (c *Client) RecoverCertificate(
 		Query:    &query,
 	}
 
-	//log.println("[INFO] Attempting to recover certificate from Keyfactor Command")
+	log.Println("[INFO] Attempting to recover certificate from Keyfactor Command")
 	resp, err := c.sendRequest(keyfactorAPIStruct)
 	if err != nil {
-		//log.println("[ERROR] RecoverCertificate: Error recovering certificate from Keyfactor Command", err.Error())
+		log.Println("[ERROR] RecoverCertificate: Error recovering certificate from Keyfactor Command", err.Error())
 		return nil, nil, nil, err
 	}
 
 	jsonResp := &recoverCertResponse{}
-	//log.println("[DEBUG] RecoverCertificate: Decoding response")
+	log.Println("[DEBUG] RecoverCertificate: Decoding response")
 	err = json.NewDecoder(resp.Body).Decode(&jsonResp)
 	if err != nil {
-		//log.println("[ERROR] RecoverCertificate: Error decoding response from Keyfactor Command", err.Error())
+		log.Println("[ERROR] RecoverCertificate: Error decoding response from Keyfactor Command", err.Error())
 		return nil, nil, nil, err
 	}
 
-	//log.println("[DEBUG] RecoverCertificate: Decoding PFX")
+	log.Println("[DEBUG] RecoverCertificate: Decoding PFX")
 	pfxDer, err := base64.StdEncoding.DecodeString(jsonResp.PFX)
 	if err != nil {
-		//log.println("[ERROR] RecoverCertificate: Error decoding PFX", err.Error())
+		log.Println("[ERROR] RecoverCertificate: Error decoding PFX", err.Error())
 		return nil, nil, nil, err
 	}
 
-	//log.println("[DEBUG] RecoverCertificate: Decoding PFX chain")
+	log.Println("[DEBUG] RecoverCertificate: Decoding PFX chain")
 	priv, leaf, chain, err := pkcs12.DecodeChain(pfxDer, rca.Password)
 	if err != nil {
-		//log.println("[ERROR] RecoverCertificate: Error decoding PFX chain", err.Error())
+		log.Println("[ERROR] RecoverCertificate: Error decoding PFX chain", err.Error())
 		return nil, nil, nil, err
 	}
 
-	//log.println("[INFO] Recovered certificate successfully")
-	////log.println("[DEBUG] RecoverCertificate: ", leaf, chain)
+	log.Println("[INFO] Recovered certificate successfully")
+	log.Println("[DEBUG] RecoverCertificate: ", leaf, chain)
 	return priv, leaf, chain, nil
 }
 
@@ -771,7 +774,7 @@ func createSubject(cs CertificateSubject) (string, error) {
 		subject += "C=" + cs.SubjectCountry + ","
 	}
 	subject = strings.TrimRight(subject, ",") // remove trailing comma
-	//log.printf("[DEBUG] createSubject(): Certificate subject created: %s\n", subject)
+	log.Printf("[DEBUG] createSubject(): Certificate subject created: %s\n", subject)
 	return subject, nil
 }
 
@@ -797,7 +800,7 @@ func validateDeployPFXArgs(dpfxa *DeployPFXArgs) error {
 
 // decodePKCS12Blob decodes a PKCS12 blob.
 func decodePKCS12Blob(resp *EnrollResponse) error {
-	//log.println("[TRACE] Decoding certificate")
+	log.Println("[TRACE] Decoding certificate")
 	// Keyfactor returns base-64 PFX (PKCS#12) or zipped certificate. Decode here.
 	if resp.CertificateInformation.PKCS12Blob != "" {
 		cert, err := base64.StdEncoding.DecodeString(resp.CertificateInformation.PKCS12Blob)