chore: refined error statements

attestation/attestation.go

@@ -8,7 +8,7 @@ import (
 )
 
 const (
-	missingParameterErrStatement = "required parameter missing"
+	missingParameterErrStatement = "required parameter is missing"
 )
 
 // HpcrGetAttestationRecords - function to get attestation records from encrypted data
@@ -20,12 +20,12 @@ func HpcrGetAttestationRecords(data, privateKey string) (string, error) {
 
 	password, err := attest.DecryptPassword(encodedEncryptedPassword, privateKey)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to decrypt password - %v", err)
 	}
 
 	attestationRecords, err := attest.DecryptWorkload(password, encodedEncryptedData)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to decrypt attestation records - %v", err)
 	}
 
 	return attestationRecords, nil

certificate/certificate.go

@@ -11,7 +11,7 @@ import (
 
 const (
 	defaultEncCertUrlTemplate    = "https://cloud.ibm.com/media/docs/downloads/hyper-protect-container-runtime/ibm-hyper-protect-container-runtime-{{.Major}}-{{.Minor}}-s390x-{{.Patch}}-encrypt.crt"
-	missingParameterErrStatement = "required parameter missing"
+	missingParameterErrStatement = "required parameter is missing"
 )
 
 type CertSpec struct {
@@ -43,35 +43,35 @@ func HpcrDownloadEncryptionCertificates(versionList []string) (string, error) {
 		urlTemplate := template.New("url")
 		urlTemplate, err := urlTemplate.Parse(defaultEncCertUrlTemplate)
 		if err != nil {
-			return "", err
+			return "", fmt.Errorf("failed to create url template - %v", err)
 		}
 
 		builder := &strings.Builder{}
 		err = urlTemplate.Execute(builder, CertSpec{verSpec[0], verSpec[1], verSpec[2]})
 		if err != nil {
-			return "", err
+			return "", fmt.Errorf("failed to apply template - %v", err)
 		}
 
 		url := builder.String()
 		status, err := gen.CheckUrlExists(url)
 		if err != nil {
-			return "", err
+			return "", fmt.Errorf("failed to check if URL exists - %v", err)
 		}
 		if !status {
 			return "", fmt.Errorf("encryption certificate doesn't exist in %s", url)
 		}
 
 		cert, err := gen.CertificateDownloader(url)
 		if err != nil {
-			return "", err
+			return "", fmt.Errorf("failed to download encryption certificate - %v", err)
 		}
 
 		verCertMap[version] = cert
 	}
 
 	jsonBytes, err := json.Marshal(verCertMap)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to marshal JSON - %v", err)
 	}
 
 	return string(jsonBytes), nil

common/decrypt/decrypt.go

@@ -1,35 +1,43 @@
 package decrypt
 
 import (
+	"fmt"
+
+	enc "github.com/Sashwat-K/lib-hpcr/common/encrypt"
 	gen "github.com/Sashwat-K/lib-hpcr/common/general"
 )
 
 // DecryptPassword - function to decrypt encrypted string with private key
 func DecryptPassword(base64EncryptedData, privateKey string) (string, error) {
+	err := enc.OpensslCheck()
+	if err != nil {
+		return "", fmt.Errorf("openssl not found - %v", err)
+	}
+
 	decodedEncryptedData, err := gen.DecodeBase64String(base64EncryptedData)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to decode Base64 - %v", err)
 	}
 
 	encryptedDataPath, err := gen.CreateTempFile(decodedEncryptedData)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to generate temp file - %v", err)
 	}
 
 	privateKeyPath, err := gen.CreateTempFile(privateKey)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to create temp file - %v", err)
 	}
 
 	result, err := gen.ExecCommand("openssl", "", "pkeyutl", "-decrypt", "-inkey", privateKeyPath, "-in", encryptedDataPath)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to execute openssl command - %v", err)
 	}
 
 	for _, path := range []string{encryptedDataPath, privateKeyPath} {
 		err := gen.RemoveTempFile(path)
 		if err != nil {
-			return "", err
+			return "", fmt.Errorf("failed to remove tmp file - %v", err)
 		}
 	}
 
@@ -38,24 +46,29 @@ func DecryptPassword(base64EncryptedData, privateKey string) (string, error) {
 
 // DecryptWorkload - function to decrypt workload using password
 func DecryptWorkload(password, encryptedWorkload string) (string, error) {
+	err := enc.OpensslCheck()
+	if err != nil {
+		return "", fmt.Errorf("openssl not found - %v", err)
+	}
+
 	decodedEncryptedWorkload, err := gen.DecodeBase64String(encryptedWorkload)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to decode base64 data - %v", err)
 	}
 
 	encryptedDataPath, err := gen.CreateTempFile(decodedEncryptedWorkload)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to create temp file - %v", err)
 	}
 
 	result, err := gen.ExecCommand("openssl", password, "aes-256-cbc", "-d", "-pbkdf2", "-in", encryptedDataPath, "-pass", "stdin")
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to execute openssl command - %v", err)
 	}
 
 	err = gen.RemoveTempFile(encryptedDataPath)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to remove temp file - %v", err)
 	}
 
 	return result, nil

common/encrypt/encrypt.go

@@ -24,44 +24,59 @@ func OpensslCheck() error {
 
 // GeneratePublicKey - function to generate public key from private key
 func GeneratePublicKey(privateKey string) (string, error) {
+	err := OpensslCheck()
+	if err != nil {
+		return "", fmt.Errorf("openssl not found - %v", err)
+	}
+
 	privateKeyPath, err := gen.CreateTempFile(privateKey)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to create temp file - %v", err)
 	}
 
 	publicKey, err := gen.ExecCommand("openssl", "", "rsa", "-in", privateKeyPath, "-pubout")
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to execute openssl command - %v", err)
 	}
 
 	return publicKey, nil
 }
 
 // RandomPasswordGenerator - function to generate random password
 func RandomPasswordGenerator() (string, error) {
+	err := OpensslCheck()
+	if err != nil {
+		return "", fmt.Errorf("openssl not found - %v", err)
+	}
+
 	randomPassword, err := gen.ExecCommand("openssl", "", "rand", fmt.Sprint(keylen))
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to execute openssl command - %v", err)
 	}
 
 	return randomPassword, nil
 }
 
 // EncryptPassword - function to encrypt password
 func EncryptPassword(password, cert string) (string, error) {
+	err := OpensslCheck()
+	if err != nil {
+		return "", fmt.Errorf("openssl not found - %v", err)
+	}
+
 	encryptCertPath, err := gen.CreateTempFile(cert)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to create temp file - %v", err)
 	}
 
 	result, err := gen.ExecCommand("openssl", password, "rsautl", "-encrypt", "-inkey", encryptCertPath, "-certin")
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to execute openssl command - %v", err)
 	}
 
 	err = gen.RemoveTempFile(encryptCertPath)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to remove file - %v", err)
 	}
 
 	return gen.EncodeToBase64(result), nil
@@ -71,27 +86,32 @@ func EncryptPassword(password, cert string) (string, error) {
 func EncryptContract(password string, section map[string]interface{}) (string, error) {
 	contract, err := gen.MapToYaml(section)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to convert Map to YAML - %v", err)
 	}
 
 	return EncryptString(password, contract)
 }
 
 // EncryptString - function to encrypt string
 func EncryptString(password, section string) (string, error) {
+	err := OpensslCheck()
+	if err != nil {
+		return "", fmt.Errorf("openssl not found - %v", err)
+	}
+
 	contractPath, err := gen.CreateTempFile(section)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to create temp file - %v", err)
 	}
 
 	result, err := gen.ExecCommand("openssl", password, "enc", "-aes-256-cbc", "-pbkdf2", "-pass", "stdin", "-in", contractPath)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to execute openssl command - %v", err)
 	}
 
 	err = gen.RemoveTempFile(contractPath)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to remove temp file - %v", err)
 	}
 
 	return gen.EncodeToBase64(result), nil
@@ -104,29 +124,34 @@ func EncryptFinalStr(encryptedPassword, encryptedContract string) string {
 
 // CreateSigningCert - function to generate Signing Certificate
 func CreateSigningCert(privateKey, cacert, cakey, csrData, csrPemData string, expiryDays int) (string, error) {
+	err := OpensslCheck()
+	if err != nil {
+		return "", fmt.Errorf("openssl not found - %v", err)
+	}
+
 	var csr string
 	if csrPemData == "" {
 		privateKeyPath, err := gen.CreateTempFile(privateKey)
 		if err != nil {
-			return "", err
+			return "", fmt.Errorf("failed to create temp file - %v", err)
 		}
 
 		var csrDataMap map[string]interface{}
 		err = json.Unmarshal([]byte(csrData), &csrDataMap)
 		if err != nil {
-			return "", err
+			return "", fmt.Errorf("failed to unmarshal JSON - %v", err)
 		}
 
 		csrParam := fmt.Sprintf("/C=%s/ST=%s/L=%s/O=%s/OU=%s/CN=%sC/emailAddress=%s", csrDataMap["country"], csrDataMap["state"], csrDataMap["location"], csrDataMap["org"], csrDataMap["unit"], csrDataMap["domain"], csrDataMap["mail"])
 
 		csr, err = gen.ExecCommand("openssl", "", "req", "-new", "-key", privateKeyPath, "-subj", csrParam)
 		if err != nil {
-			return "", err
+			return "", fmt.Errorf("failed to execute openssl command - %v", err)
 		}
 
 		err = gen.RemoveTempFile(privateKeyPath)
 		if err != nil {
-			return "", err
+			return "", fmt.Errorf("failed to remove temp file - %v", err)
 		}
 
 	} else {
@@ -135,27 +160,27 @@ func CreateSigningCert(privateKey, cacert, cakey, csrData, csrPemData string, ex
 
 	csrPath, err := gen.CreateTempFile(csr)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to create temp file - %v", err)
 	}
 
 	caCertPath, err := gen.CreateTempFile(cacert)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to create temp file - %v", err)
 	}
 	caKeyPath, err := gen.CreateTempFile(cakey)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to create temp file - %v", err)
 	}
 
 	signingCert, err := CreateCert(csrPath, caCertPath, caKeyPath, expiryDays)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to create signing certificate - %v", err)
 	}
 
 	for _, path := range []string{csrPath, caCertPath, caKeyPath} {
 		err := gen.RemoveTempFile(path)
 		if err != nil {
-			return "", err
+			return "", fmt.Errorf("failed to remove temp file - %v", err)
 		}
 	}
 
@@ -166,29 +191,34 @@ func CreateSigningCert(privateKey, cacert, cakey, csrData, csrPemData string, ex
 func CreateCert(csrPath, caCertPath, caKeyPath string, expiryDays int) (string, error) {
 	signingCert, err := gen.ExecCommand("openssl", "", "x509", "-req", "-in", csrPath, "-CA", caCertPath, "-CAkey", caKeyPath, "-CAcreateserial", "-days", fmt.Sprintf("%d", expiryDays))
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to execute openssl command - %v", err)
 	}
 
 	return signingCert, nil
 }
 
 // SignContract - function to sign encrypted contract
 func SignContract(encryptedWorkload, encryptedEnv, privateKey string) (string, error) {
+	err := OpensslCheck()
+	if err != nil {
+		return "", fmt.Errorf("openssl not found - %v", err)
+	}
+
 	combinedContract := encryptedWorkload + encryptedEnv
 
 	privateKeyPath, err := gen.CreateTempFile(privateKey)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to create temp file - %v", err)
 	}
 
 	workloadEnvSignature, err := gen.ExecCommand("openssl", combinedContract, "dgst", "-sha256", "-sign", privateKeyPath)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to execute openssl command - %v", err)
 	}
 
 	err = gen.RemoveTempFile(privateKeyPath)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to remove temp file - %v", err)
 	}
 
 	return gen.EncodeToBase64(workloadEnvSignature), nil
@@ -204,7 +234,7 @@ func GenFinalSignedContract(workload, env, workloadEnvSig string) (string, error
 
 	finalContract, err := gen.MapToYaml(contract)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to convert MAP to YAML - %v", err)
 	}
 
 	return finalContract, nil