git » kxd » commit 68cb16d

Add comments and adjust variable naming

author Alberto Bertogli
2017-03-14 00:01:27 UTC
committer Alberto Bertogli
2017-03-14 00:01:27 UTC
parent aae3b7b441c00e9acffc3e462ebf0a845754cf5a

Add comments and adjust variable naming

This patch adds some comments and changes the variable naming to conform
to Go's common coding style.

This makes the linter's output clean, so it can be used to identify
suspicious code.

There is no change to logic or functionality.

kxc/kxc.go +11 -11
kxd/email.go +7 -3
kxd/key_config.go +17 -7
kxd/kxd.go +25 -21

diff --git a/kxc/kxc.go b/kxc/kxc.go
index 5d5e02b..955cc3e 100644
--- a/kxc/kxc.go
+++ b/kxc/kxc.go
@@ -20,15 +20,15 @@ import (
 
 const defaultPort = 19840
 
-var server_cert = flag.String(
+var serverCert = flag.String(
 	"server_cert", "", "File containing valid server certificate(s)")
-var client_cert = flag.String(
+var clientCert = flag.String(
 	"client_cert", "", "File containing the client certificate")
-var client_key = flag.String(
+var clientKey = flag.String(
 	"client_key", "", "File containing the client private key")
 
-func LoadServerCerts() (*x509.CertPool, error) {
-	pemData, err := ioutil.ReadFile(*server_cert)
+func loadServerCerts() (*x509.CertPool, error) {
+	pemData, err := ioutil.ReadFile(*serverCert)
 	if err != nil {
 		return nil, err
 	}
@@ -48,7 +48,7 @@ func hasPort(s string) bool {
 	return strings.LastIndex(s, ":") > strings.LastIndex(s, "]")
 }
 
-func ExtractURL(rawurl string) (*url.URL, error) {
+func extractURL(rawurl string) (*url.URL, error) {
 	serverURL, err := url.Parse(rawurl)
 	if err != nil {
 		return nil, err
@@ -78,19 +78,19 @@ func ExtractURL(rawurl string) (*url.URL, error) {
 	return serverURL, nil
 }
 
-func MakeTLSConf() *tls.Config {
+func makeTLSConf() *tls.Config {
 	var err error
 
 	tlsConf := &tls.Config{}
 	tlsConf.Certificates = make([]tls.Certificate, 1)
 	tlsConf.Certificates[0], err = tls.LoadX509KeyPair(
-		*client_cert, *client_key)
+		*clientCert, *clientKey)
 	if err != nil {
 		log.Fatalf("Failed to load keys: %s", err)
 	}
 
 	// Compare against the server certificates.
-	serverCerts, err := LoadServerCerts()
+	serverCerts, err := loadServerCerts()
 	if err != nil {
 		log.Fatalf("Failed to load server certs: %s", err)
 	}
@@ -104,14 +104,14 @@ func main() {
 	flag.Parse()
 
 	tr := &http.Transport{
-		TLSClientConfig: MakeTLSConf(),
+		TLSClientConfig: makeTLSConf(),
 	}
 
 	client := &http.Client{
 		Transport: tr,
 	}
 
-	serverURL, err := ExtractURL(flag.Arg(0))
+	serverURL, err := extractURL(flag.Arg(0))
 	if err != nil {
 		log.Fatalf("Failed to extract the URL: %s", err)
 	}
diff --git a/kxd/email.go b/kxd/email.go
index ea42121..64de4ef 100644
--- a/kxd/email.go
+++ b/kxd/email.go
@@ -11,6 +11,7 @@ import (
 	"time"
 )
 
+// EmailBody represents the body of an email message to sent.
 type EmailBody struct {
 	From       string
 	To         string
@@ -52,6 +53,8 @@ func init() {
 	template.Must(emailTmpl.Parse(emailTmplBody))
 }
 
+// NameToString converts a pkix.Name from a certificate to a human-friendly
+// string.
 func NameToString(name pkix.Name) string {
 	s := make([]string, 0)
 	for _, c := range name.Country {
@@ -71,9 +74,10 @@ func NameToString(name pkix.Name) string {
 	return strings.Join(s, " ")
 }
 
+// SendMail sends an email notifying of an access to the given key.
 func SendMail(kc *KeyConfig, req *Request,
 	chains [][]*x509.Certificate) error {
-	if *smtp_addr == "" {
+	if *smtpAddr == "" {
 		req.Printf("Skipping notifications")
 		return nil
 	}
@@ -94,7 +98,7 @@ func SendMail(kc *KeyConfig, req *Request,
 
 	now := time.Now()
 	body := EmailBody{
-		From:       *email_from,
+		From:       *emailFrom,
 		To:         strings.Join(emailTo, ", "),
 		Key:        keyPath,
 		Time:       now,
@@ -111,6 +115,6 @@ func SendMail(kc *KeyConfig, req *Request,
 		return err
 	}
 
-	return smtp.SendMail(*smtp_addr, nil, *email_from, emailTo,
+	return smtp.SendMail(*smtpAddr, nil, *emailFrom, emailTo,
 		msg.Bytes())
 }
diff --git a/kxd/key_config.go b/kxd/key_config.go
index b4b191d..48926fd 100644
--- a/kxd/key_config.go
+++ b/kxd/key_config.go
@@ -9,7 +9,7 @@ import (
 	"strings"
 )
 
-func FileStat(path string) (os.FileInfo, error) {
+func fileStat(path string) (os.FileInfo, error) {
 	fd, err := os.Open(path)
 	if err != nil {
 		return nil, err
@@ -18,8 +18,8 @@ func FileStat(path string) (os.FileInfo, error) {
 	return fd.Stat()
 }
 
-func IsDir(path string) (bool, error) {
-	fi, err := FileStat(path)
+func isDir(path string) (bool, error) {
+	fi, err := fileStat(path)
 	if err != nil {
 		return false, err
 	}
@@ -27,8 +27,8 @@ func IsDir(path string) (bool, error) {
 	return fi.IsDir(), nil
 }
 
-func IsRegular(path string) (bool, error) {
-	fi, err := FileStat(path)
+func isRegular(path string) (bool, error) {
+	fi, err := fileStat(path)
 	if err != nil {
 		return false, err
 	}
@@ -54,6 +54,8 @@ type KeyConfig struct {
 	allowedHosts []string
 }
 
+// NewKeyConfig makes a new KeyConfig based on the given path. Note that there
+// is no check about the key existing or being valid.
 func NewKeyConfig(configPath string) *KeyConfig {
 	return &KeyConfig{
 		ConfigPath:         configPath,
@@ -65,8 +67,9 @@ func NewKeyConfig(configPath string) *KeyConfig {
 	}
 }
 
+// Exists checks if this key exists.
 func (kc *KeyConfig) Exists() (bool, error) {
-	isDir, err := IsDir(kc.ConfigPath)
+	isDir, err := isDir(kc.ConfigPath)
 	if os.IsNotExist(err) {
 		return false, nil
 	} else if err != nil {
@@ -76,7 +79,7 @@ func (kc *KeyConfig) Exists() (bool, error) {
 		return false, nil
 	}
 
-	isRegular, err := IsRegular(kc.keyPath)
+	isRegular, err := isRegular(kc.keyPath)
 	if os.IsNotExist(err) {
 		return false, nil
 	} else if err != nil {
@@ -86,6 +89,7 @@ func (kc *KeyConfig) Exists() (bool, error) {
 	return isRegular, nil
 }
 
+// LoadClientCerts loads the client certificates allowed for this key.
 func (kc *KeyConfig) LoadClientCerts() error {
 	rawContents, err := ioutil.ReadFile(kc.allowedClientsPath)
 	if os.IsNotExist(err) {
@@ -101,6 +105,7 @@ func (kc *KeyConfig) LoadClientCerts() error {
 	return nil
 }
 
+// LoadAllowedHosts loads the hosts allowed for this key.
 func (kc *KeyConfig) LoadAllowedHosts() error {
 	contents, err := ioutil.ReadFile(kc.allowedHostsPath)
 	if os.IsNotExist(err) {
@@ -133,6 +138,8 @@ func (kc *KeyConfig) LoadAllowedHosts() error {
 	return nil
 }
 
+// IsAnyCertAllowed checks if any of the given certificates is allowed to
+// access this key. If so, it returns the chain for each of them.
 func (kc *KeyConfig) IsAnyCertAllowed(
 	certs []*x509.Certificate) [][]*x509.Certificate {
 	opts := x509.VerifyOptions{
@@ -147,6 +154,7 @@ func (kc *KeyConfig) IsAnyCertAllowed(
 	return nil
 }
 
+// IsHostAllowed checks if the given host is allowed to access this key.
 func (kc *KeyConfig) IsHostAllowed(addr string) error {
 	if kc.allowedHosts == nil {
 		return nil
@@ -166,10 +174,12 @@ func (kc *KeyConfig) IsHostAllowed(addr string) error {
 	return fmt.Errorf("Host %q not allowed", host)
 }
 
+// Key returns the private key.
 func (kc *KeyConfig) Key() (key []byte, err error) {
 	return ioutil.ReadFile(kc.keyPath)
 }
 
+// EmailTo returns the list of addresses to email when this key is accessed.
 func (kc *KeyConfig) EmailTo() ([]string, error) {
 	contents, err := ioutil.ReadFile(kc.emailToPath)
 	if os.IsNotExist(err) {
diff --git a/kxd/kxd.go b/kxd/kxd.go
index db235a9..e8e24bc 100644
--- a/kxd/kxd.go
+++ b/kxd/kxd.go
@@ -24,19 +24,19 @@ import (
 
 var port = flag.Int(
 	"port", 19840, "Port to listen on")
-var ip_addr = flag.String(
+var ipAddr = flag.String(
 	"ip_addr", "", "IP address to listen on")
-var data_dir = flag.String(
+var dataDir = flag.String(
 	"data_dir", "/etc/kxd/data", "Data directory")
-var certfile = flag.String(
+var certFile = flag.String(
 	"cert", "/etc/kxd/cert.pem", "Certificate")
-var keyfile = flag.String(
+var keyFile = flag.String(
 	"key", "/etc/kxd/key.pem", "Private key")
-var smtp_addr = flag.String(
+var smtpAddr = flag.String(
 	"smtp_addr", "", "Address of the SMTP server to use to send emails")
-var email_from = flag.String(
+var emailFrom = flag.String(
 	"email_from", "", "Email address to send email from")
-var logfile = flag.String(
+var logFile = flag.String(
 	"logfile", "", "File to write logs to, use '-' for stdout")
 
 // Logger we will use to log entries.
@@ -48,6 +48,8 @@ type Request struct {
 	*http.Request
 }
 
+// Printf is a wrapper for fmt.Printf+logging.Output, which prefixes a string
+// identifying this request.
 func (req *Request) Printf(format string, a ...interface{}) {
 	msg := fmt.Sprintf(format, a...)
 	msg = fmt.Sprintf("%s %s %s", req.RemoteAddr, req.URL.Path, msg)
@@ -66,16 +68,18 @@ func (req *Request) KeyPath() (string, error) {
 	return strings.Join(s[2:], "/"), nil
 }
 
-func CertToString(cert *x509.Certificate) string {
+func certToString(cert *x509.Certificate) string {
 	return fmt.Sprintf(
 		"(0x%.8s ou:%s)",
 		fmt.Sprintf("%x", cert.Signature),
 		cert.Subject.OrganizationalUnit)
 }
 
+// ChainToString makes a human-readable string out of the given certificate
+// chain.
 func ChainToString(chain []*x509.Certificate) (s string) {
 	for i, cert := range chain {
-		s += CertToString(cert)
+		s += certToString(cert)
 		if i < len(chain)-1 {
 			s += " -> "
 		}
@@ -110,7 +114,7 @@ func HandlerV1(w http.ResponseWriter, httpreq *http.Request) {
 		return
 	}
 
-	realKeyPath := path.Clean(*data_dir + "/" + keyPath)
+	realKeyPath := path.Clean(*dataDir + "/" + keyPath)
 	keyConf := NewKeyConfig(realKeyPath)
 
 	exists, err := keyConf.Exists()
@@ -163,7 +167,7 @@ func HandlerV1(w http.ResponseWriter, httpreq *http.Request) {
 		return
 	}
 
-	req.Printf("Allowing request to %s", CertToString(validChains[0][0]))
+	req.Printf("Allowing request to %s", certToString(validChains[0][0]))
 
 	err = SendMail(keyConf, &req, validChains)
 	if err != nil {
@@ -181,14 +185,14 @@ func initLog() {
 	var err error
 	var logfd io.Writer
 
-	if *logfile == "-" {
+	if *logFile == "-" {
 		logfd = os.Stdout
-	} else if *logfile != "" {
-		logfd, err = os.OpenFile(*logfile,
+	} else if *logFile != "" {
+		logfd, err = os.OpenFile(*logFile,
 			os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0666)
 		if err != nil {
 			log.Fatalf("Error opening log file %s: %s",
-				*logfile, err)
+				*logFile, err)
 		}
 	} else {
 		logfd, err = syslog.New(
@@ -207,19 +211,19 @@ func main() {
 
 	initLog()
 
-	if *smtp_addr == "" {
+	if *smtpAddr == "" {
 		logging.Print(
 			"WARNING: No emails will be sent, use --smtp_addr")
 	}
 
-	if *email_from == "" {
+	if *emailFrom == "" {
 		// Try to get a sane default if not provided, using
 		// kxd@<smtp host>.
-		*email_from = fmt.Sprintf("kxd@%s",
-			strings.Split(*smtp_addr, ":")[0])
+		*emailFrom = fmt.Sprintf("kxd@%s",
+			strings.Split(*smtpAddr, ":")[0])
 	}
 
-	listenAddr := fmt.Sprintf("%s:%d", *ip_addr, *port)
+	listenAddr := fmt.Sprintf("%s:%d", *ipAddr, *port)
 
 	tlsConfig := tls.Config{
 		ClientAuth: tls.RequireAnyClientCert,
@@ -234,7 +238,7 @@ func main() {
 	http.HandleFunc("/v1/", HandlerV1)
 
 	logging.Printf("Listening on %s", listenAddr)
-	err := server.ListenAndServeTLS(*certfile, *keyfile)
+	err := server.ListenAndServeTLS(*certFile, *keyFile)
 	if err != nil {
 		logging.Fatal(err)
 	}