Skip to content

Commit

Permalink
more debug
Browse files Browse the repository at this point in the history
  • Loading branch information
@cviecco
cviecco committed Jun 2, 2022
1 parent e203507 commit 30236c9
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 0 deletions.
1 change: 1 addition & 0 deletions cmd/keymaster/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -362,6 +362,7 @@ func setupCerts(

}
}
logger.Debugf(1, "SetupCerts: authenticaiton Complete")
if err := signers.Wait(); err != nil {
return err
}
Expand Down
1 change: 1 addition & 0 deletions cmd/keymasterd/2fa_okta.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ func (state *RuntimeState) oktaPushStartHandler(w http.ResponseWriter, r *http.R
state.writeFailureResponse(w, r, http.StatusInternalServerError, "Failure when validating OKTA push")
return
}
logger.Debugf(2, "oktaPushStartHandler: after validating push response=%+v", pushResponse)
switch pushResponse {
case okta.PushResponseWaiting:
w.WriteHeader(http.StatusOK)
Expand Down
1 change: 1 addition & 0 deletions lib/authenticators/okta/impl.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,7 @@ func (pa *PasswordAuthenticator) validateUserPush(username string) (PushResponse
if userResponse == nil {
return PushResponseRejected, nil
}
pa.logger.Debugf(2, "oktaAuthenticator: validsteUserPush: after getting userResponse=%+v", userResponse)
for _, factor := range userResponse.Embedded.Factor {
if !(factor.FactorType == "push" && factor.VendorName == "OKTA") {
continue
Expand Down
14 changes: 14 additions & 0 deletions lib/client/twofa/pushtoken/pushtoken.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package pushtoken

import (
"bufio"
"crypto/x509"
"encoding/json"
"errors"
"fmt"
Expand All @@ -20,6 +21,11 @@ import (

const vipCheckTimeoutSecs = 180

func debugLogCert(messageSuffix string, cert *x509.Certificate, logger log.DebugLogger) {
logger.Debugf(2, "%s.issuer=%+v", messageSuffix, cert.Issuer)
logger.Debugf(2, "%s.subject=%+v", messageSuffix, cert.Subject)
}

func startGenericPush(client *http.Client,
baseURL string,
pushType string,
Expand All @@ -42,6 +48,14 @@ func startGenericPush(client *http.Client,
return err
}
defer pushStartResp.Body.Close()

if pushStartResp.TLS != nil {
debugLogCert("startGenericPush peeerCerts[0]", pushStartResp.TLS.PeerCertificates[0], logger)
if pushStartResp.TLS.VerifiedChains != nil {
debugLogCert("startGenericPush verifiedcerts[0]", pushStartResp.TLS.VerifiedChains[0][0], logger)
}
}

// since we dont care about content we just consume it all.
io.Copy(ioutil.Discard, pushStartResp.Body)
if pushStartResp.StatusCode != 200 {
Expand Down

0 comments on commit 30236c9

Please sign in to comment.