Skip to content

Commit

Permalink
feat: Gate ECP logs behind ENABLE_ENTERPRISE_CERTIFICATE_LOGS environ…
Browse files Browse the repository at this point in the history
…ment variable.
  • Loading branch information
clundin25 committed Dec 3, 2022
1 parent c8a36c5 commit eaaa786
Show file tree
Hide file tree
Showing 13 changed files with 90 additions and 1 deletion.
14 changes: 14 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,20 @@ ECP relies on the `certificate_config.json` file to read all the metadata inform
}
```

### Logging

To enable logging set the "ENABLE_ENTERPRISE_CERTIFICATE_LOGS" environment
variable.

#### Example

```
export ENABLE_ENTERPRISE_CERTIFICATE_LOGS=1 # Now the
enterprise-certificate-proxy will output logs to stdout.
```



## Build binaries

For amd64 MacOS, run `./build/scripts/darwin_amd64.sh`. The binaries will be placed in `build/bin/darwin_amd64` folder.
Expand Down
2 changes: 2 additions & 0 deletions client/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
"os/exec"

"github.com/googleapis/enterprise-certificate-proxy/client/util"
"github.com/googleapis/enterprise-certificate-proxy/utils"
)

const signAPI = "EnterpriseCertSigner.Sign"
Expand Down Expand Up @@ -105,6 +106,7 @@ func (k *Key) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signed [
//
// The config file also specifies which certificate the signer should use.
func Cred(configFilePath string) (*Key, error) {
utils.EnableECPLogging()
if configFilePath == "" {
configFilePath = util.GetDefaultConfigFilePath()
}
Expand Down
3 changes: 3 additions & 0 deletions cshared/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"unsafe"

"github.com/googleapis/enterprise-certificate-proxy/client"
"github.com/googleapis/enterprise-certificate-proxy/utils"
)

func getCertPem(configFilePath string) []byte {
Expand Down Expand Up @@ -54,6 +55,7 @@ func getCertPem(configFilePath string) []byte {
//
//export GetCertPemForPython
func GetCertPemForPython(configFilePath *C.char, certHolder *byte, certHolderLen int) int {
utils.EnableECPLogging()
pemBytes := getCertPem(C.GoString(configFilePath))
if certHolder != nil {
cert := unsafe.Slice(certHolder, certHolderLen)
Expand All @@ -68,6 +70,7 @@ func GetCertPemForPython(configFilePath *C.char, certHolder *byte, certHolderLen
//export SignForPython
func SignForPython(configFilePath *C.char, digest *byte, digestLen int, sigHolder *byte, sigHolderLen int) int {
// First create a handle around the specified certificate and private key.
utils.EnableECPLogging()
key, err := client.Cred(C.GoString(configFilePath))
if err != nil {
log.Printf("Could not create client using config %s: %v", C.GoString(configFilePath), err)
Expand Down
4 changes: 4 additions & 0 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
module github.com/googleapis/enterprise-certificate-proxy

go 1.18

replace github.com/googleapis/enterprise-certificate-proxy/utils => ./utils

require github.com/googleapis/enterprise-certificate-proxy/utils v0.0.0-00010101000000-000000000000 // indirect
6 changes: 5 additions & 1 deletion internal/signer/darwin/go.mod
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
module signer

go 1.18
go 1.18

replace github.com/googleapis/enterprise-certificate-proxy/utils => ../../../utils

require github.com/googleapis/enterprise-certificate-proxy/utils v0.0.0-00010101000000-000000000000 // indirect
3 changes: 3 additions & 0 deletions internal/signer/darwin/signer.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ import (
"signer/keychain"
"signer/util"
"time"

"github.com/googleapis/enterprise-certificate-proxy/utils"
)

func init() {
Expand Down Expand Up @@ -76,6 +78,7 @@ func (k *EnterpriseCertSigner) Sign(args SignArgs, resp *[]byte) (err error) {
}

func main() {
utils.EnableECPLogging()
if len(os.Args) != 2 {
log.Fatalln("Signer is not meant to be invoked manually, exiting...")
}
Expand Down
4 changes: 4 additions & 0 deletions internal/signer/linux/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,7 @@ module signer
go 1.18

require github.com/google/go-pkcs11 v0.2.0

require github.com/googleapis/enterprise-certificate-proxy/utils v0.0.0-00010101000000-000000000000 // indirect

replace github.com/googleapis/enterprise-certificate-proxy/utils => ../../../utils
3 changes: 3 additions & 0 deletions internal/signer/linux/signer.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ import (
"os"
"signer/util"
"time"

"github.com/googleapis/enterprise-certificate-proxy/utils"
)

func init() {
Expand Down Expand Up @@ -76,6 +78,7 @@ func (k *EnterpriseCertSigner) Sign(args SignArgs, resp *[]byte) (err error) {
}

func main() {
utils.EnableECPLogging()
if len(os.Args) != 2 {
log.Fatalln("Signer is not meant to be invoked manually, exiting...")
}
Expand Down
3 changes: 3 additions & 0 deletions internal/signer/windows/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@ module signer
go 1.18

require (
github.com/googleapis/enterprise-certificate-proxy/utils v0.0.0-00010101000000-000000000000 // indirect
golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect
golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect
)

replace github.com/googleapis/enterprise-certificate-proxy/utils => ../../../utils
3 changes: 3 additions & 0 deletions internal/signer/windows/signer.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ import (
"signer/ncrypt"
"signer/util"
"time"

"github.com/googleapis/enterprise-certificate-proxy/utils"
)

func init() {
Expand Down Expand Up @@ -76,6 +78,7 @@ func (k *EnterpriseCertSigner) Sign(args SignArgs, resp *[]byte) (err error) {
}

func main() {
utils.EnableECPLogging()
if len(os.Args) != 2 {
log.Fatalln("Signer is not meant to be invoked manually, exiting...")
}
Expand Down
3 changes: 3 additions & 0 deletions utils/go.mod
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
module utils

go 1.20
18 changes: 18 additions & 0 deletions utils/util.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
package utils

import (
"io/ioutil"
"log"
"os"
)

// / If ECP Logging is enabled return true
// / Otherwise return false
func EnableECPLogging() bool {
if os.Getenv("ENABLE_ENTERPRISE_CERTIFICATE_LOGS") != "" {
return true
}

log.SetOutput(ioutil.Discard)
return false
}
25 changes: 25 additions & 0 deletions utils/util_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
package utils_test

import (
"testing"

"os"

"github.com/googleapis/enterprise-certificate-proxy/utils"
)

func TestEnabledLogging(t *testing.T) {
os.Setenv("ENABLE_ENTERPRISE_CERTIFICATE_LOGS", "1")

if !utils.EnableECPLogging() {
t.Error("ECP Logging should be enabled if ENABLE_ENTERPRISE_CERTIFICATE_LOGS is set.")
}
}

func TestDisabledLogging(t *testing.T) {
os.Unsetenv("ENABLE_ENTERPRISE_CERTIFICATE_LOGS")

if utils.EnableECPLogging() {
t.Error("ECP Logging should be enabled if ENABLE_ENTERPRISE_CERTIFICATE_LOGS is set.")
}
}

0 comments on commit eaaa786

Please sign in to comment.