From 11637b57930cae1a4fa2c4fda1acc6ffed969863 Mon Sep 17 00:00:00 2001
From: Chris Crook <643732+Cpcrook@users.noreply.github.com>
Date: Fri, 4 Feb 2022 17:53:58 -0500
Subject: [PATCH] Add descriptive provisioner JWK decryption error messages

Wrap other errors in decryption process with more helpful messaging.  This should help users troubleshoot misconfiguration more easily.

Fixes #816
---
 ca/provisioner.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ca/provisioner.go b/ca/provisioner.go
index 25e5e8ae..c1879c86 100644
--- a/ca/provisioner.go
+++ b/ca/provisioner.go
@@ -155,11 +155,11 @@ func (p *Provisioner) SSHToken(certType, keyID string, principals []string) (str
 func decryptProvisionerJWK(encryptedKey string, password []byte) (*jose.JSONWebKey, error) {
 	enc, err := jose.ParseEncrypted(encryptedKey)
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, "error parsing provisioner encrypted key")
 	}
 	data, err := enc.Decrypt(password)
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, "error decrypting provisioner key with provided password")
 	}
 	jwk := new(jose.JSONWebKey)
 	if err := json.Unmarshal(data, jwk); err != nil {