Skip to content

Commit 897bb87

Browse files
salrashid123salrashid123
committed
refactor for better error handling
1 parent f823436 commit 897bb87

File tree

2 files changed

+63
-83
lines changed

2 files changed

+63
-83
lines changed

kms/kms.go

+25-33
Original file line numberDiff line numberDiff line change
@@ -61,67 +61,59 @@ func NewKMSCrypto(conf *KMS) (KMS, error) {
6161
if conf.ProjectId == "" {
6262
return KMS{}, fmt.Errorf("ProjectID cannot be null")
6363
}
64-
return *conf, nil
65-
}
6664

67-
func (t KMS) Public() crypto.PublicKey {
68-
if t.publicKey == nil {
69-
ctx := context.Background()
70-
parentName := fmt.Sprintf("projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s/cryptoKeyVersions/%s", t.ProjectId, t.LocationId, t.KeyRing, t.Key, t.KeyVersion)
65+
ctx := context.Background()
66+
parentName := fmt.Sprintf("projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s/cryptoKeyVersions/%s", conf.ProjectId, conf.LocationId, conf.KeyRing, conf.Key, conf.KeyVersion)
7167

72-
kmsClient, err := cloudkms.NewKeyManagementClient(ctx)
73-
if err != nil {
74-
fmt.Printf("Error getting kms client %v", err)
75-
return nil
76-
}
77-
defer kmsClient.Close()
68+
kmsClient, err := cloudkms.NewKeyManagementClient(ctx)
69+
if err != nil {
70+
return KMS{}, fmt.Errorf("Error getting kms client %v", err)
71+
}
72+
defer kmsClient.Close()
7873

79-
dresp, err := kmsClient.GetPublicKey(ctx, &kmspb.GetPublicKeyRequest{Name: parentName})
80-
if err != nil {
81-
fmt.Printf("Error getting GetPublicKey %v", err)
82-
return nil
83-
}
84-
pubKeyBlock, _ := pem.Decode([]byte(dresp.Pem))
74+
dresp, err := kmsClient.GetPublicKey(ctx, &kmspb.GetPublicKeyRequest{Name: parentName})
75+
if err != nil {
76+
return KMS{}, fmt.Errorf("Error getting GetPublicKey %v", err)
77+
}
78+
pubKeyBlock, _ := pem.Decode([]byte(dresp.Pem))
8579

86-
t.publicKey, err = x509.ParsePKIXPublicKey(pubKeyBlock.Bytes)
87-
if err != nil {
88-
fmt.Printf("Error parsing PublicKey %v", err)
89-
return nil
90-
}
80+
conf.publicKey, err = x509.ParsePKIXPublicKey(pubKeyBlock.Bytes)
81+
if err != nil {
82+
return KMS{}, fmt.Errorf("Error parsing PublicKey %v", err)
9183
}
9284

85+
return *conf, nil
86+
}
87+
88+
func (t KMS) Public() crypto.PublicKey {
9389
return t.publicKey
9490
}
9591

96-
func (t KMS) TLSCertificate() tls.Certificate {
92+
func (t KMS) TLSCertificate() (tls.Certificate, error) {
9793

9894
if t.PublicKeyFile == "" {
99-
fmt.Printf("Public X509 certificate not specified")
100-
return tls.Certificate{}
95+
return tls.Certificate{}, fmt.Errorf("public X509 certificate not specified")
10196
}
10297

10398
pubPEM, err := os.ReadFile(t.PublicKeyFile)
10499
if err != nil {
105-
fmt.Printf("Unable to read keys %v", err)
106-
return tls.Certificate{}
100+
return tls.Certificate{}, fmt.Errorf("unable to read keys %v", err)
107101
}
108102
block, _ := pem.Decode([]byte(pubPEM))
109103
if block == nil {
110-
fmt.Printf("failed to parse PEM block containing the public key")
111-
return tls.Certificate{}
104+
return tls.Certificate{}, fmt.Errorf("failed to parse PEM block containing the public key")
112105
}
113106
pub, err := x509.ParseCertificate(block.Bytes)
114107
if err != nil {
115-
fmt.Printf("failed to parse public key: " + err.Error())
116-
return tls.Certificate{}
108+
return tls.Certificate{}, fmt.Errorf("failed to parse public key: %v ", err)
117109
}
118110
x509Certificate = *pub
119111
var privKey crypto.PrivateKey = t
120112
return tls.Certificate{
121113
PrivateKey: privKey,
122114
Leaf: &x509Certificate,
123115
Certificate: [][]byte{x509Certificate.Raw},
124-
}
116+
}, nil
125117
}
126118

127119
func (t KMS) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error) {

tpm/tpm.go

+38-50
Original file line numberDiff line numberDiff line change
@@ -69,53 +69,45 @@ func NewTPMCrypto(conf *TPM) (TPM, error) {
6969
if conf.TpmPath != "" && conf.KeyHandle == 0 {
7070
return TPM{}, fmt.Errorf("salrashid123/x/oauth2/google: if TPMTokenConfig.TPMPath is specified, a KeyHandle must be set")
7171
}
72-
return *conf, nil
73-
}
7472

75-
func (t TPM) Public() crypto.PublicKey {
76-
if t.publicKey == nil {
77-
t.refreshMutex.Lock()
78-
defer t.refreshMutex.Unlock()
79-
80-
var rwc io.ReadWriteCloser
81-
var k *client.Key
82-
if t.TpmDevice == nil {
83-
var err error
84-
rwc, err = tpm2.OpenTPM(t.TpmPath)
85-
if err != nil {
86-
fmt.Printf("google: Unable to Read Public data from TPM: %v", err)
87-
return nil
88-
}
89-
defer rwc.Close()
90-
pcrsession, err := client.NewPCRSession(rwc, tpm2.PCRSelection{tpm2.AlgSHA256, t.PCRs})
91-
if err != nil {
92-
fmt.Printf("google: Unable to Read Public data from TPM: %v", err)
93-
return nil
94-
}
95-
k, err = client.LoadCachedKey(rwc, tpmutil.Handle(t.KeyHandle), pcrsession)
96-
if err != nil {
97-
fmt.Printf("google: Unable to Read Public data from TPM: %v", err)
98-
return nil
99-
}
100-
defer pcrsession.Close()
101-
defer k.Close()
102-
} else {
103-
rwc = t.TpmDevice
104-
k = t.Key
73+
var rwc io.ReadWriteCloser
74+
var k *client.Key
75+
if conf.TpmDevice == nil {
76+
var err error
77+
rwc, err = tpm2.OpenTPM(conf.TpmPath)
78+
if err != nil {
79+
return TPM{}, fmt.Errorf("google: Unable to Read Public data from TPM: %v", err)
10580
}
106-
107-
pub, _, _, err := tpm2.ReadPublic(rwc, k.Handle())
81+
defer rwc.Close()
82+
pcrsession, err := client.NewPCRSession(rwc, tpm2.PCRSelection{tpm2.AlgSHA256, conf.PCRs})
10883
if err != nil {
109-
fmt.Printf("google: Unable to Read Public data from TPM: %v", err)
110-
return nil
84+
return TPM{}, fmt.Errorf("google: Unable to Read Public data from TPM: %v", err)
11185
}
112-
pubKey, err := pub.Key()
86+
k, err = client.LoadCachedKey(rwc, tpmutil.Handle(conf.KeyHandle), pcrsession)
11387
if err != nil {
114-
fmt.Printf("google: Unable to Read Public data from TPM: %v", err)
115-
return nil
88+
return TPM{}, fmt.Errorf("google: Unable to Read Public data from TPM: %v", err)
11689
}
117-
t.publicKey = pubKey
90+
defer pcrsession.Close()
91+
defer k.Close()
92+
} else {
93+
rwc = conf.TpmDevice
94+
k = conf.Key
95+
}
96+
97+
pub, _, _, err := tpm2.ReadPublic(rwc, k.Handle())
98+
if err != nil {
99+
return TPM{}, fmt.Errorf("google: Unable to Read Public data from TPM: %v", err)
100+
}
101+
pubKey, err := pub.Key()
102+
if err != nil {
103+
return TPM{}, fmt.Errorf("google: Unable to Read Public data from TPM: %v", err)
118104
}
105+
conf.publicKey = pubKey
106+
107+
return *conf, nil
108+
}
109+
110+
func (t TPM) Public() crypto.PublicKey {
119111
return t.publicKey
120112
}
121113

@@ -196,27 +188,23 @@ func (t TPM) Sign(rr io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte,
196188
}
197189
}
198190

199-
func (t TPM) TLSCertificate() tls.Certificate {
191+
func (t TPM) TLSCertificate() (tls.Certificate, error) {
200192

201193
if t.PublicCertFile == "" {
202-
fmt.Printf("Public X509 certificate not specified")
203-
return tls.Certificate{}
194+
return tls.Certificate{}, fmt.Errorf("Public X509 certificate not specified")
204195
}
205196

206197
pubPEM, err := os.ReadFile(t.PublicCertFile)
207198
if err != nil {
208-
fmt.Printf("Unable to read keys %v", err)
209-
return tls.Certificate{}
199+
return tls.Certificate{}, fmt.Errorf("Unable to read public certificate file %v", err)
210200
}
211201
block, _ := pem.Decode([]byte(pubPEM))
212202
if block == nil {
213-
fmt.Printf("failed to parse PEM block containing the public key")
214-
return tls.Certificate{}
203+
return tls.Certificate{}, fmt.Errorf("failed to parse PEM block containing the public key")
215204
}
216205
pub, err := x509.ParseCertificate(block.Bytes)
217206
if err != nil {
218-
fmt.Printf("failed to parse public key: " + err.Error())
219-
return tls.Certificate{}
207+
return tls.Certificate{}, fmt.Errorf("Unable to read public certificate file %v", err)
220208
}
221209

222210
t.x509Certificate = *pub
@@ -225,5 +213,5 @@ func (t TPM) TLSCertificate() tls.Certificate {
225213
PrivateKey: privKey,
226214
Leaf: &t.x509Certificate,
227215
Certificate: [][]byte{t.x509Certificate.Raw},
228-
}
216+
}, nil
229217
}

0 commit comments

Comments
 (0)