diff --git a/token/claimBuilder.go b/token/claimBuilder.go index 241fd86..1a0d4da 100644 --- a/token/claimBuilder.go +++ b/token/claimBuilder.go @@ -354,13 +354,13 @@ func NewClaimBuilders(n random.Noncer, client xhttpclient.Interface, o Options) }) } - // NOTE: newClientCertificateClaimBuiler always returns a non-nil builder - if cb, err := newClientCertificateClaimBuiler(o.ClientCertificates); err == nil { + cb, err := newClientCertificateClaimBuiler(o.ClientCertificates) + if err == nil { builders = append( builders, cb, ) } - return builders, nil + return builders, err } diff --git a/token/unmarshal.go b/token/unmarshal.go index 93b622f..625a66e 100644 --- a/token/unmarshal.go +++ b/token/unmarshal.go @@ -9,11 +9,13 @@ import ( "github.com/xmidt-org/themis/xhttp/xhttpclient" "go.uber.org/fx" + "go.uber.org/zap" ) type TokenIn struct { fx.In + Logger *zap.Logger Noncer random.Noncer `optional:"true"` Keys key.Registry Unmarshaller config.Unmarshaller @@ -38,6 +40,12 @@ func Unmarshal(configKey string, b ...RequestBuilder) func(TokenIn) (TokenOut, e return TokenOut{}, err } + if o.ClientCertificates != nil { + in.Logger.Info("trust settings", zap.Reflect("trust", o.ClientCertificates.Trust)) + } else { + in.Logger.Info("trust settings", zap.Reflect("trust", Trust{}.enforceDefaults())) + } + cb, err := NewClaimBuilders(in.Noncer, in.Client, o) if err != nil { return TokenOut{}, err diff --git a/token/unmarshal_test.go b/token/unmarshal_test.go index 4c66ad0..b2d35fc 100644 --- a/token/unmarshal_test.go +++ b/token/unmarshal_test.go @@ -5,6 +5,7 @@ package token import ( "testing" + "github.com/xmidt-org/sallust" "github.com/xmidt-org/themis/config" "github.com/xmidt-org/themis/key" @@ -146,6 +147,7 @@ func testUnmarshalSuccess(t *testing.T) { app = fxtest.New(t, fx.Provide( + sallust.Default, config.ProvideViper( config.Json(` {