From 3fb249f1706c4f08366772897457745f1b20753e Mon Sep 17 00:00:00 2001
From: Tobias Theel <tt@fino.digital>
Date: Thu, 20 Feb 2020 22:29:52 +0100
Subject: [PATCH] wrap errors in jwx.go

---
 go.mod         |  4 ++-
 go.sum         | 13 ++++++++
 golangci.yml   | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++
 pkg/jwx/jwx.go | 37 ++++++++++++++++-----
 4 files changed, 134 insertions(+), 10 deletions(-)
 create mode 100644 golangci.yml

diff --git a/go.mod b/go.mod
index 76974eca..1a45827f 100644
--- a/go.mod
+++ b/go.mod
@@ -1,9 +1,11 @@
 module github.com/Nerzal/gocloak/v3
 
 require (
+	github.com/Nerzal/gocloak/v4 v4.8.0 // indirect
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/go-resty/resty/v2 v2.0.0
-	github.com/stretchr/testify v1.3.0
+	github.com/pkg/errors v0.9.1
+	github.com/stretchr/testify v1.4.0
 )
 
 go 1.13
diff --git a/go.sum b/go.sum
index 030b81b6..3d49443b 100644
--- a/go.sum
+++ b/go.sum
@@ -1,17 +1,30 @@
+github.com/Nerzal/gocloak v1.0.0 h1:WllsbIu1dYvdvka1/BbY7khZBJSTjSkGwyDsHHLQmIw=
+github.com/Nerzal/gocloak/v4 v4.8.0 h1:Ts932I0mbrkvoUxo4U0XmfqiNsbzraq+ZMoKV0KDT64=
+github.com/Nerzal/gocloak/v4 v4.8.0/go.mod h1:/7LwujSlsqBA3haXobPxOPVZMP9iQ9zlQJAbP0ZhO4I=
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/go-resty/resty/v2 v2.0.0 h1:9Nq/U+V4xsoDnDa/iTrABDWUCuk3Ne92XFHPe6dKWUc=
 github.com/go-resty/resty/v2 v2.0.0/go.mod h1:dZGr0i9PLlaaTD4H/hoZIDjQ+r6xq8mgbRzHZf7f2J8=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7 h1:rTIdg5QFRR7XCaK4LCjBiPbx8j4DQRpdYMnGn/bJUEU=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo=
+gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/golangci.yml b/golangci.yml
new file mode 100644
index 00000000..a6a2275e
--- /dev/null
+++ b/golangci.yml
@@ -0,0 +1,90 @@
+linters-settings:
+  govet:
+    check-shadowing: true
+    settings:
+      printf:
+        funcs:
+          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Infof
+          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Warnf
+          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Errorf
+          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Fatalf
+  golint:
+    min-confidence: 0
+  gocyclo:
+    min-complexity: 10
+  maligned:
+    suggest-new: true
+  dupl:
+    threshold: 100
+  goconst:
+    min-len: 3
+    min-occurrences: 3
+  depguard:
+    list-type: blacklist
+    packages:
+      # logging is allowed only by logutils.Log, logrus
+      # is allowed to use only in logutils package
+      - github.com/sirupsen/logrus
+  misspell:
+    locale: US
+  lll:
+    line-length: 170
+  goimports:
+    local-prefixes: github.com/golangci/golangci-lint
+  prealloc:
+    simple: true
+    range-loops: true # Report preallocation suggestions on range loops, true by default
+    for-loops: false # Report preallocation suggestions on for loops, false by default
+  nakedret:
+    # make an issue if func has more lines of code than this setting and it has naked returns; default is 30
+    max-func-lines: 30
+  gocritic:
+    enabled-tags:
+      - performance
+      - style
+      - experimental
+    disabled-checks:
+      - wrapperFunc
+    errcheck:
+    # report about not checking of errors in type assertions: `a := b.(MyStruct)`;
+    # default is false: such cases aren't reported by default.
+    check-type-assertions: false
+  wsl:
+    # If true append is only allowed to be cuddled if appending value is
+    # matching variables, fields or types on line above. Default is true.
+    strict-append: true
+    # Allow calls and assignments to be cuddled as long as the lines have any
+    # matching variables, fields or types. Default is true.
+    allow-assign-and-call: true
+    # Allow multiline assignments to be cuddled. Default is true.
+    allow-multiline-assign: true
+    # Allow declarations (var) to be cuddled.
+    allow-cuddle-declarations: true
+    # Allow trailing comments in ending of blocks
+    allow-trailing-comment: false
+    # Force newlines in end of case at this limit (0 = never).
+    force-case-trailing-whitespace: 0
+linters:
+  enable-all: true
+
+run:
+  skip-dirs:
+    - test/testdata_etc
+    - pkg/golinters/goanalysis/(checker|passes)
+    - docs
+    - coverage
+    - test
+    - configs
+    - cmd
+  tests: false
+issues:
+  exclude-rules:
+    - text: "weak cryptographic primitive"
+      linters:
+        - gosec
+# golangci.com configuration
+# https://github.com/golangci/golangci/wiki/Configuration
+service:
+  golangci-lint-version: 1.23.x # use the fixed version to not introduce new linters unexpectedly
+  prepare:
+#- echo "here I can run custom commands, but no preparation needed for this repo"
\ No newline at end of file
diff --git a/pkg/jwx/jwx.go b/pkg/jwx/jwx.go
index 59396db2..2ca5be24 100644
--- a/pkg/jwx/jwx.go
+++ b/pkg/jwx/jwx.go
@@ -11,38 +11,44 @@ import (
 	"strings"
 
 	jwt "github.com/dgrijalva/jwt-go"
+	"github.com/pkg/errors"
 )
 
 // DecodeAccessTokenHeader decodes the header of the accessToken
 func DecodeAccessTokenHeader(token string) (*DecodedAccessTokenHeader, error) {
+	const errMessage = "could not decode access token header"
 	token = strings.Replace(token, "Bearer ", "", 1)
 	headerString := strings.Split(token, ".")
 	decodedData, err := base64.RawStdEncoding.DecodeString(headerString[0])
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, errMessage)
 	}
 
 	result := &DecodedAccessTokenHeader{}
 	err = json.Unmarshal(decodedData, result)
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, errMessage)
 	}
 
 	return result, nil
 }
 
 func decodePublicKey(e, n *string) (*rsa.PublicKey, error) {
+	const errMessage = "could not decode public key"
+
 	decN, err := base64.RawURLEncoding.DecodeString(*n)
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, errMessage)
 	}
+
 	nInt := big.NewInt(0)
 	nInt.SetBytes(decN)
 
 	decE, err := base64.RawURLEncoding.DecodeString(*e)
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, errMessage)
 	}
+
 	var eBytes []byte
 	if len(decE) < 8 {
 		eBytes = make([]byte, 8-len(decE), 8)
@@ -55,17 +61,20 @@ func decodePublicKey(e, n *string) (*rsa.PublicKey, error) {
 	var eInt uint64
 	err = binary.Read(eReader, binary.BigEndian, &eInt)
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, errMessage)
 	}
+
 	pKey := rsa.PublicKey{N: nInt, E: int(eInt)}
 	return &pKey, nil
 }
 
 // DecodeAccessToken currently only supports RSA - sorry for that
 func DecodeAccessToken(accessToken string, e, n *string) (*jwt.Token, *jwt.MapClaims, error) {
+	const errMessage = "could not decode accessToken"
+
 	rsaPublicKey, err := decodePublicKey(e, n)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, errors.Wrap(err, errMessage)
 	}
 
 	claims := &jwt.MapClaims{}
@@ -77,14 +86,20 @@ func DecodeAccessToken(accessToken string, e, n *string) (*jwt.Token, *jwt.MapCl
 		return rsaPublicKey, nil
 	})
 
-	return token2, claims, err
+	if err != nil {
+		return nil, nil, errors.Wrap(err, errMessage)
+	}
+
+	return token2, claims, nil
 }
 
 // DecodeAccessTokenCustomClaims currently only supports RSA - sorry for that
 func DecodeAccessTokenCustomClaims(accessToken string, e, n *string, customClaims jwt.Claims) (*jwt.Token, error) {
+	const errMessage = "could not decode accessToken with custom claims"
+
 	rsaPublicKey, err := decodePublicKey(e, n)
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, errMessage)
 	}
 
 	token2, err := jwt.ParseWithClaims(accessToken, customClaims, func(token *jwt.Token) (interface{}, error) {
@@ -95,5 +110,9 @@ func DecodeAccessTokenCustomClaims(accessToken string, e, n *string, customClaim
 		return rsaPublicKey, nil
 	})
 
-	return token2, err
+	if err != nil {
+		return nil, errors.Wrap(err, errMessage)
+	}
+
+	return token2, nil
 }