improved INFO logger messages for router package

cmd/ztsfc_http_pep/main.go

@@ -50,7 +50,7 @@ func init() {
 	proxies.PdpClientPool = proxies.NewClientPool(config.Config.Pdp.PdpClientPoolSize, config.Config.Pdp.X509KeyPairShownByPepToPdp)
 	proxies.SfpLogicClientPool = proxies.NewClientPool(config.Config.SfpLogic.SfplClientPoolSize, config.Config.SfpLogic.X509KeyPairShownByPepToSfpl)
 
-	sysLogger.Infof("Initializing PEP from %s - OK", confFilePath)
+	sysLogger.Infof("main: init(): Initializing PEP from %s - OK", confFilePath)
 }
 
 func main() {

internal/app/metadata/metadata.go

@@ -103,6 +103,8 @@ func CollectMetadata(clientReq *http.Request, cpm *CpMetadata) {
 	collectConnectionSecurity(clientReq, cpm)
 	collectUserAgent(clientReq, cpm)
 	collectRequestProtocol(clientReq, cpm)
+	// SFC is defined by PerformAuthorization()
+	// SFP is defined by TransformSFCIntoSFP()
 }
 
 func collectResource(clientReq *http.Request, cpm *CpMetadata) {
@@ -124,9 +126,6 @@ func collectDevice(clientReq *http.Request, cpm *CpMetadata) {
 		return
 	}
 	cpm.Device = clientCert.Subject.CommonName
-	// "github.com/mileusna/useragent"
-	// ua := ua.Parse(clientReq.Header.Get("User-Agent"))
-	// cpm.Device = ua.Device + ";" + ua.Name + ";" + ua.OS + ";" + ua.OSVersion
 }
 
 // TODO: Harden this function

internal/app/router/router.go

@@ -49,18 +49,18 @@ func NewRouter(logger *logger.Logger) (*Router, error) {
 			// use SNI map to load suitable certificate
 			service, ok := config.Config.ServiceSniMap[cli.ServerName]
 			if !ok {
-				return nil, fmt.Errorf("error: could not serve a suitable certificate for %s", cli.ServerName)
+				return nil, fmt.Errorf("router: GetCertificate(): could not serve a suitable certificate for %s", cli.ServerName)
 			}
 			return &service.X509KeyPairShownByPepToClient, nil
 		},
 		VerifyConnection: func(con tls.ConnectionState) error {
 			if len(con.VerifiedChains) == 0 || len(con.VerifiedChains[0]) == 0 {
-				return fmt.Errorf("VerifyConnection(): error: verified chains does not hold a valid client certificate")
+				return fmt.Errorf("router: VerifyConnection(): error: verified chains does not hold a valid client certificate")
 			}
 
 			for _, revokedCertificateEntry := range config.Config.CRLForExt.RevokedCertificateEntries {
 				if con.VerifiedChains[0][0].SerialNumber.Cmp(revokedCertificateEntry.SerialNumber) == 0 {
-					return fmt.Errorf("VerifyConnection(): client '%s' certificate is revoked", con.VerifiedChains[0][0].Subject.CommonName)
+					return fmt.Errorf("router: VerifyConnection(): client '%s' certificate is revoked", con.VerifiedChains[0][0].Subject.CommonName)
 				}
 			}
 
@@ -85,21 +85,6 @@ func NewRouter(logger *logger.Logger) (*Router, error) {
 	return router, nil
 }
 
-func addHSTSHeader(w http.ResponseWriter) {
-	w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
-}
-
-func prepareSfMdHeader(req *http.Request, cpm *metadata.CpMetadata) {
-	for _, sf := range cpm.SFC {
-		switch sf.Name {
-		case "logger":
-			req.Header.Set("Logger_MD", sf.Md)
-		case "ips":
-			req.Header.Set("ips_md", sf.Md)
-		}
-	}
-}
-
 // ServeHTTP gets called if a request receives the PEP. The function implements
 // the PEP's main routine: It performs basic authentication, authorization with
 // help of the PEP, transformation from SFCs into SFPs with help of the SFP
@@ -297,3 +282,18 @@ func (router *Router) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 func (router *Router) ListenAndServeTLS() error {
 	return router.frontend.ListenAndServeTLS("", "")
 }
+
+func addHSTSHeader(w http.ResponseWriter) {
+	w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
+}
+
+func prepareSfMdHeader(req *http.Request, cpm *metadata.CpMetadata) {
+	for _, sf := range cpm.SFC {
+		switch sf.Name {
+		case "logger":
+			req.Header.Set("logger_md", sf.Md)
+		case "ips":
+			req.Header.Set("ips_md", sf.Md)
+		}
+	}
+}