Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Move the `Init*` functions to their respective packages #2228

Merged
merged 7 commits into from Jun 12, 2019
@@ -34,6 +34,7 @@ import (

"github.com/transcom/mymove/pkg/auth"
"github.com/transcom/mymove/pkg/auth/authentication"
"github.com/transcom/mymove/pkg/certs"
"github.com/transcom/mymove/pkg/cli"
"github.com/transcom/mymove/pkg/db/sequence"
"github.com/transcom/mymove/pkg/dpsauth"
@@ -45,8 +46,11 @@ import (
"github.com/transcom/mymove/pkg/handlers/internalapi"
"github.com/transcom/mymove/pkg/handlers/ordersapi"
"github.com/transcom/mymove/pkg/handlers/publicapi"
"github.com/transcom/mymove/pkg/iws"
"github.com/transcom/mymove/pkg/logging"
"github.com/transcom/mymove/pkg/middleware"
"github.com/transcom/mymove/pkg/notifications"
"github.com/transcom/mymove/pkg/route"
"github.com/transcom/mymove/pkg/server"
"github.com/transcom/mymove/pkg/services"
"github.com/transcom/mymove/pkg/services/invoice"
@@ -391,7 +395,7 @@ func serveFunction(cmd *cobra.Command, args []string) error {
}

// Register Login.gov authentication provider for My.(move.mil)
loginGovProvider, err := cli.InitAuth(v, logger, appnames)
loginGovProvider, err := authentication.InitAuth(v, logger, appnames)
if err != nil {
logger.Fatal("Registering login provider", zap.Error(err))
}
@@ -412,7 +416,7 @@ func serveFunction(cmd *cobra.Command, args []string) error {
}

// Email
notificationSender := cli.InitEmail(v, session, logger)
notificationSender := notifications.InitEmail(v, session, logger)
handlerContext.SetNotificationSender(notificationSender)

build := v.GetString(cli.BuildFlag)
@@ -422,17 +426,17 @@ func serveFunction(cmd *cobra.Command, args []string) error {

// Get route planner for handlers to calculate transit distances
// routePlanner := route.NewBingPlanner(logger, bingMapsEndpoint, bingMapsKey)
routePlanner := cli.InitRoutePlanner(v, logger)
routePlanner := route.InitRoutePlanner(v, logger)
handlerContext.SetPlanner(routePlanner)

// Set SendProductionInvoice for ediinvoice
handlerContext.SetSendProductionInvoice(v.GetBool(cli.GEXSendProdInvoiceFlag))

// Storage
storer := cli.InitStorage(v, session, logger)
storer := storage.InitStorage(v, session, logger)
handlerContext.SetFileStorer(storer)

certificates, rootCAs, err := cli.InitDoDCertificates(v, logger)
certificates, rootCAs, err := certs.InitDoDCertificates(v, logger)
if certificates == nil || rootCAs == nil || err != nil {
logger.Fatal("Failed to initialize DOD certificates", zap.Error(err))
}
@@ -482,7 +486,7 @@ func serveFunction(cmd *cobra.Command, args []string) error {
}
handlerContext.SetICNSequencer(icnSequencer)

rbs, err := cli.InitRBSPersonLookup(v, logger)
rbs, err := iws.InitRBSPersonLookup(v, logger)
if err != nil {
logger.Fatal("Could not instantiate IWS RBS", zap.Error(err))
}
@@ -493,7 +497,7 @@ func serveFunction(cmd *cobra.Command, args []string) error {
dpsCookieSecret := []byte(v.GetString(cli.DPSAuthCookieSecretKeyFlag))
dpsCookieExpires := v.GetInt(cli.DPSCookieExpiresInMinutesFlag)

dpsAuthParams := cli.InitDPSAuthParams(v, appnames)
dpsAuthParams := dpsauth.InitDPSAuthParams(v, appnames)
handlerContext.SetDPSAuthParams(dpsAuthParams)

// Base routes
@@ -16,9 +16,11 @@ import (
"github.com/markbates/goth"
"github.com/markbates/goth/providers/openidConnect"
"github.com/pkg/errors"
"github.com/spf13/viper"
"go.uber.org/zap"

"github.com/transcom/mymove/pkg/auth"
"github.com/transcom/mymove/pkg/cli"
"github.com/transcom/mymove/pkg/models"
)

@@ -448,3 +450,25 @@ func fetchToken(logger Logger, code string, clientID string, loginGovProvider Lo
}
return &session, err
}

// InitAuth initializes the Login.gov provider
func InitAuth(v *viper.Viper, logger Logger, appnames auth.ApplicationServername) (LoginGovProvider, error) {
loginGovCallbackProtocol := v.GetString(cli.LoginGovCallbackProtocolFlag)
loginGovCallbackPort := v.GetInt(cli.LoginGovCallbackPortFlag)
loginGovSecretKey := v.GetString(cli.LoginGovSecretKeyFlag)
loginGovHostname := v.GetString(cli.LoginGovHostnameFlag)

loginGovProvider := NewLoginGovProvider(loginGovHostname, loginGovSecretKey, logger)
err := loginGovProvider.RegisterProvider(
appnames.MilServername,
v.GetString(cli.LoginGovMyClientIDFlag),
appnames.OfficeServername,
v.GetString(cli.LoginGovOfficeClientIDFlag),
appnames.TspServername,
v.GetString(cli.LoginGovTSPClientIDFlag),
appnames.AdminServername,
v.GetString(cli.LoginGovAdminClientIDFlag),
loginGovCallbackProtocol,
loginGovCallbackPort)
return loginGovProvider, err
}
@@ -0,0 +1,68 @@
package certs

import (
"crypto/tls"
"crypto/x509"
"fmt"
"io/ioutil"
"strings"

"github.com/pkg/errors"
"github.com/spf13/viper"
"go.uber.org/zap"

"github.com/transcom/mymove/pkg/cli"
"github.com/transcom/mymove/pkg/server"
)

// InitDoDCertificates initializes the DoD Certificates
func InitDoDCertificates(v *viper.Viper, logger Logger) ([]tls.Certificate, *x509.CertPool, error) {

tlsCertString := v.GetString(cli.MoveMilDoDTLSCertFlag)
tlsCerts := cli.ParseCertificates(tlsCertString)
if len(tlsCerts) == 0 {
return make([]tls.Certificate, 0), nil, errors.Errorf("%s is missing certificate PEM block", cli.MoveMilDoDTLSCertFlag)
}
if len(tlsCerts) > 1 {
return make([]tls.Certificate, 0), nil, errors.Errorf("%s has too many certificate PEM blocks", cli.MoveMilDoDTLSCertFlag)
}

logger.Info(fmt.Sprintf("certitficate chain from %s parsed", cli.MoveMilDoDTLSCertFlag), zap.Any("count", len(tlsCerts)))

caCertString := v.GetString(cli.MoveMilDoDCACertFlag)
caCerts := cli.ParseCertificates(caCertString)
if len(caCerts) == 0 {
return make([]tls.Certificate, 0), nil, errors.Errorf("%s is missing certificate PEM block", cli.MoveMilDoDTLSCertFlag)
}

logger.Info(fmt.Sprintf("certitficate chain from %s parsed", cli.MoveMilDoDCACertFlag), zap.Any("count", len(caCerts)))

//Append move.mil cert with intermediate CA to create a validate certificate chain
cert := strings.Join(append(append(make([]string, 0), tlsCerts...), caCerts...), "\n")

key := v.GetString(cli.MoveMilDoDTLSKeyFlag)
keyPair, err := tls.X509KeyPair([]byte(cert), []byte(key))
if err != nil {
return make([]tls.Certificate, 0), nil, errors.Wrap(err, "failed to parse DOD x509 keypair for server")
}

logger.Info("DOD keypair", zap.Any("certificates", len(keyPair.Certificate)))

pathToPackage := v.GetString(cli.DoDCAPackageFlag)
pkcs7Package, err := ioutil.ReadFile(pathToPackage) // #nosec
if err != nil {
return make([]tls.Certificate, 0), nil, errors.Wrap(err, fmt.Sprintf("%s is invalid", cli.DoDCAPackageFlag))
}

if len(pkcs7Package) == 0 {
return make([]tls.Certificate, 0), nil, errors.Wrap(&cli.ErrInvalidPKCS7{Path: pathToPackage}, fmt.Sprintf("%s is an empty file", cli.DoDCAPackageFlag))
}

dodCACertPool, err := server.LoadCertPoolFromPkcs7Package(pkcs7Package)
if err != nil {
return make([]tls.Certificate, 0), dodCACertPool, errors.Wrap(err, "Failed to parse DoD CA certificate package")
}

return []tls.Certificate{keyPair}, dodCACertPool, nil

}
@@ -0,0 +1,73 @@
package certs

import (
"log"
"os"
"strings"
"testing"

"github.com/spf13/pflag"
"github.com/spf13/viper"
"github.com/stretchr/testify/suite"
"go.uber.org/zap"

"github.com/transcom/mymove/pkg/cli"
"github.com/transcom/mymove/pkg/logging"
)

type certTestSuite struct {
suite.Suite
viper *viper.Viper
logger Logger
}

type initFlags func(f *pflag.FlagSet)

func (suite *certTestSuite) Setup(fn initFlags, flagSet []string) {
suite.viper = nil

flag := pflag.NewFlagSet(os.Args[0], pflag.ExitOnError)
fn(flag)
flag.Parse(flagSet)

v := viper.New()
err := v.BindPFlags(flag)
if err != nil {
suite.logger.Fatal("could not bind flags", zap.Error(err))
}
v.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
v.AutomaticEnv()

suite.SetViper(v)
}

func (suite *certTestSuite) SetViper(v *viper.Viper) {
suite.viper = v
}

func TestCertSuite(t *testing.T) {

logger, err := logging.Config("development", true)
if err != nil {
log.Fatalf("Failed to initialize Zap logging due to %v", err)
}
zap.ReplaceGlobals(logger)

ss := &certTestSuite{
logger: logger,
}

suite.Run(t, ss)
}

func (suite *certTestSuite) TestDODCertificates() {

if os.Getenv("TEST_ACC_DOD_CERTIFICATES") != "1" {
suite.logger.Info("skipping TestDODCertificates")
return
}

suite.Setup(cli.InitCertFlags, []string{})
_, _, err := InitDoDCertificates(suite.viper, suite.logger)
suite.Nil(err)
}
@@ -0,0 +1,14 @@
package certs

import (
"go.uber.org/zap"
)

// Logger is an interface that describes the logging requirements of this package.
type Logger interface {
Debug(msg string, fields ...zap.Field)
Info(msg string, fields ...zap.Field)
Error(msg string, fields ...zap.Field)
Warn(msg string, fields ...zap.Field)
Fatal(msg string, fields ...zap.Field)
}
@@ -8,9 +8,6 @@ import (
"github.com/pkg/errors"
"github.com/spf13/pflag"
"github.com/spf13/viper"

"github.com/transcom/mymove/pkg/auth"
"github.com/transcom/mymove/pkg/auth/authentication"
)

const (
@@ -62,28 +59,6 @@ func InitAuthFlags(flag *pflag.FlagSet) {
flag.String(LoginGovHostnameFlag, "secure.login.gov", "Hostname for communicating with login gov.")
}

// InitAuth initializes the Login.gov provider
func InitAuth(v *viper.Viper, logger Logger, appnames auth.ApplicationServername) (authentication.LoginGovProvider, error) {
loginGovCallbackProtocol := v.GetString(LoginGovCallbackProtocolFlag)
loginGovCallbackPort := v.GetInt(LoginGovCallbackPortFlag)
loginGovSecretKey := v.GetString(LoginGovSecretKeyFlag)
loginGovHostname := v.GetString(LoginGovHostnameFlag)

loginGovProvider := authentication.NewLoginGovProvider(loginGovHostname, loginGovSecretKey, logger)
err := loginGovProvider.RegisterProvider(
appnames.MilServername,
v.GetString(LoginGovMyClientIDFlag),
appnames.OfficeServername,
v.GetString(LoginGovOfficeClientIDFlag),
appnames.TspServername,
v.GetString(LoginGovTSPClientIDFlag),
appnames.AdminServername,
v.GetString(LoginGovAdminClientIDFlag),
loginGovCallbackProtocol,
loginGovCallbackPort)
return loginGovProvider, err
}

// CheckAuth validates Auth command line flags
func CheckAuth(v *viper.Viper) error {

ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.