From 2c673c178fa9bca0976398bc7ac6a38ca99c2faa Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano@smallstep.com>
Date: Mon, 4 Feb 2019 17:12:38 -0800
Subject: [PATCH] add debug messages

---
 errors.go             |  9 +++++++++
 truststore.go         | 12 ------------
 truststore_darwin.go  | 17 ++++++++++-------
 truststore_java.go    |  4 ++++
 truststore_linux.go   |  2 ++
 truststore_nss.go     |  7 +++++++
 truststore_windows.go |  2 ++
 7 files changed, 34 insertions(+), 19 deletions(-)

diff --git a/errors.go b/errors.go
index 1a5fff0..c50d6cc 100644
--- a/errors.go
+++ b/errors.go
@@ -1,3 +1,5 @@
+// Copyright (c) 2018 The truststore Authors. All rights reserved.
+
 package truststore
 
 import (
@@ -65,3 +67,10 @@ func (e *CmdError) Cmd() *exec.Cmd {
 func (e *CmdError) Out() []byte {
 	return e.out
 }
+
+func wrapError(err error, msg string) error {
+	if err == nil {
+		return nil
+	}
+	return fmt.Errorf("%s: %s", msg, err)
+}
diff --git a/truststore.go b/truststore.go
index 86f62b6..d70efca 100644
--- a/truststore.go
+++ b/truststore.go
@@ -6,7 +6,6 @@ import (
 	"bytes"
 	"crypto/x509"
 	"encoding/pem"
-	"fmt"
 	"io"
 	"io/ioutil"
 	"log"
@@ -218,17 +217,6 @@ func uniqueName(cert *x509.Certificate) string {
 	return prefix + cert.SerialNumber.String()
 }
 
-func cmdError(err error, command string, out []byte) error {
-	return fmt.Errorf("failed to execute \"%s\": %s\n\n%s", command, err, out)
-}
-
-func wrapError(err error, msg string) error {
-	if err == nil {
-		return nil
-	}
-	return fmt.Errorf("%s: %s", msg, err)
-}
-
 func saveTempCert(cert *x509.Certificate) (string, func(), error) {
 	f, err := ioutil.TempFile(os.TempDir(), "truststore.*.pem")
 	if err != nil {
diff --git a/truststore_darwin.go b/truststore_darwin.go
index 9dc9ed7..ba62c87 100644
--- a/truststore_darwin.go
+++ b/truststore_darwin.go
@@ -13,7 +13,6 @@ import (
 	"os/exec"
 
 	plist "github.com/DHowett/go-plist"
-	"github.com/pkg/errors"
 )
 
 var (
@@ -53,7 +52,7 @@ func installPlatform(filename string, cert *x509.Certificate) error {
 	cmd := exec.Command("sudo", "security", "add-trusted-cert", "-d", "-k", "/Library/Keychains/System.keychain", filename)
 	out, err := cmd.CombinedOutput()
 	if err != nil {
-		return cmdError(err, "security add-trusted-cert", out)
+		return NewCmdError(err, cmd, out)
 	}
 
 	// Make trustSettings explicit, as older Go does not know the defaults.
@@ -67,7 +66,7 @@ func installPlatform(filename string, cert *x509.Certificate) error {
 	cmd = exec.Command("sudo", "security", "trust-settings-export", "-d", plistFile.Name())
 	out, err = cmd.CombinedOutput()
 	if err != nil {
-		return cmdError(err, "security trust-settings-export", out)
+		return NewCmdError(err, cmd, out)
 	}
 
 	plistData, err := ioutil.ReadFile(plistFile.Name())
@@ -101,19 +100,21 @@ func installPlatform(filename string, cert *x509.Certificate) error {
 
 	plistData, err = plist.MarshalIndent(plistRoot, plist.XMLFormat, "\t")
 	if err != nil {
-		return errors.Wrap(err, "failed to serialize trust settings")
+		return wrapError(err, "failed to serialize trust settings")
 	}
 
 	err = ioutil.WriteFile(plistFile.Name(), plistData, 0600)
 	if err != nil {
-		return errors.Wrap(err, "failed to write trust settings")
+		return wrapError(err, "failed to write trust settings")
 	}
 
 	cmd = exec.Command("sudo", "security", "trust-settings-import", "-d", plistFile.Name())
 	out, err = cmd.CombinedOutput()
 	if err != nil {
-		return errors.Errorf("failed to execute \"security trust-settings-import\": %s\n\n%s", err, out)
+		return NewCmdError(err, cmd, out)
 	}
+
+	debug("certificate installed properly in macOS keychain")
 	return nil
 }
 
@@ -121,7 +122,9 @@ func uninstallPlatform(filename string, cert *x509.Certificate) error {
 	cmd := exec.Command("sudo", "security", "remove-trusted-cert", "-d", filename)
 	out, err := cmd.CombinedOutput()
 	if err != nil {
-		return errors.Errorf("failed to execute \"security remove-trusted-cert\": %s\n\n%s", err, out)
+		return NewCmdError(err, cmd, out)
 	}
+
+	debug("certificate uninstalled properly from macOS keychain")
 	return nil
 }
diff --git a/truststore_java.go b/truststore_java.go
index 444f9a3..0a6ebd8 100644
--- a/truststore_java.go
+++ b/truststore_java.go
@@ -80,6 +80,8 @@ func (t *JavaTrust) Install(filename string, cert *x509.Certificate) error {
 	if out, err := execKeytool(cmd); err != nil {
 		return NewCmdError(err, cmd, out)
 	}
+
+	debug("certificate installed properly in Java keystore")
 	return nil
 }
 
@@ -100,6 +102,8 @@ func (t *JavaTrust) Uninstall(filename string, cert *x509.Certificate) error {
 	if err != nil {
 		return NewCmdError(err, cmd, out)
 	}
+
+	debug("certificate uninstalled properly from the Java keystore")
 	return nil
 }
 
diff --git a/truststore_linux.go b/truststore_linux.go
index 8a22a99..16c511b 100644
--- a/truststore_linux.go
+++ b/truststore_linux.go
@@ -71,6 +71,7 @@ func installPlatform(filename string, cert *x509.Certificate) error {
 		return cmdError(err, strings.Join(SystemTrustCommand, " "), out)
 	}
 
+	debug("certificate installed properly in linux trusts")
 	return nil
 }
 
@@ -91,6 +92,7 @@ func uninstallPlatform(filename string, cert *x509.Certificate) error {
 		return cmdError(err, strings.Join(SystemTrustCommand, " "), out)
 	}
 
+	debug("certificate uninstalled properly from linux trusts")
 	return nil
 }
 
diff --git a/truststore_nss.go b/truststore_nss.go
index eed49e6..54c89c4 100644
--- a/truststore_nss.go
+++ b/truststore_nss.go
@@ -95,6 +95,9 @@ func (t *NSSTrust) Uninstall(filename string, cert *x509.Certificate) (err error
 			err = NewCmdError(err1, cmd, out)
 		}
 	})
+	if err == nil {
+		debug("certificate uninstalled properly from NSS security databases")
+	}
 	return
 }
 
@@ -115,6 +118,10 @@ func (t *NSSTrust) Exists(cert *x509.Certificate) bool {
 
 // PreCheck implements the Trust interface.
 func (t *NSSTrust) PreCheck() error {
+	if t != nil {
+		return nil
+	}
+
 	if CertutilInstallHelp == "" {
 		return fmt.Errorf("Note: NSS support is not available on your platform")
 	} else {
diff --git a/truststore_windows.go b/truststore_windows.go
index 4208e39..70d8176 100644
--- a/truststore_windows.go
+++ b/truststore_windows.go
@@ -40,6 +40,7 @@ func installPlatform(filename string, cert *x509.Certificate) error {
 		return wrapError(err, "add cert failed")
 	}
 
+	debug("certificate installed properly in windows trusts")
 	return nil
 }
 
@@ -61,6 +62,7 @@ func uninstallPlatform(filename string, cert *x509.Certificate) error {
 		return ErrNotFound
 	}
 
+	debug("certificate uninstalled properly from windows trusts")
 	return nil
 }
 
-- 
GitLab