summaryrefslogtreecommitdiff
path: root/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go')
-rw-r--r--vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go37
1 files changed, 20 insertions, 17 deletions
diff --git a/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go b/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go
index aecaff5..b3283b8 100644
--- a/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go
+++ b/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go
@@ -1,6 +1,15 @@
// Copyright 2022 Google LLC.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
// Package client is a cross-platform client for the signer binary (a.k.a."EnterpriseCertSigner").
//
@@ -13,10 +22,9 @@ import (
"crypto/rsa"
"crypto/x509"
"encoding/gob"
+ "errors"
"fmt"
"io"
- "io/ioutil"
- "log"
"net/rpc"
"os"
"os/exec"
@@ -44,17 +52,6 @@ func (c *Connection) Close() error {
return werr
}
-// If ECP Logging is enabled return true
-// Otherwise return false
-func enableECPLogging() bool {
- if os.Getenv("ENABLE_ENTERPRISE_CERTIFICATE_LOGS") != "" {
- return true
- }
-
- log.SetOutput(ioutil.Discard)
- return false
-}
-
func init() {
gob.Register(crypto.SHA256)
gob.Register(&rsa.PSSOptions{})
@@ -87,7 +84,7 @@ func (k *Key) Close() error {
}
// Wait for cmd to exit and release resources. Since the process is forcefully killed, this
// will return a non-nil error (varies by OS), which we will ignore.
- k.cmd.Wait()
+ _ = k.cmd.Wait()
// The Pipes connecting the RPC client should have been closed when the signer subprocess was killed.
// Calling `k.client.Close()` before `k.cmd.Process.Kill()` or `k.cmd.Wait()` _will_ cause a segfault.
if err := k.client.Close(); err.Error() != "close |0: file already closed" {
@@ -110,6 +107,10 @@ func (k *Key) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signed [
return
}
+// ErrCredUnavailable is a sentinel error that indicates ECP Cred is unavailable,
+// possibly due to missing config or missing binary path.
+var ErrCredUnavailable = errors.New("Cred is unavailable")
+
// Cred spawns a signer subprocess that listens on stdin/stdout to perform certificate
// related operations, including signing messages with the private key.
//
@@ -118,12 +119,14 @@ func (k *Key) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signed [
//
// The config file also specifies which certificate the signer should use.
func Cred(configFilePath string) (*Key, error) {
- enableECPLogging()
if configFilePath == "" {
configFilePath = util.GetDefaultConfigFilePath()
}
enterpriseCertSignerPath, err := util.LoadSignerBinaryPath(configFilePath)
if err != nil {
+ if errors.Is(err, util.ErrConfigUnavailable) {
+ return nil, ErrCredUnavailable
+ }
return nil, err
}
k := &Key{