Move api errors to their own package and modify the typedef
This commit is contained in:
max furman
parent
6d6f496331
commit
f9ef5070f9
13 changed files with 350 additions and 190 deletions
|
|
@ -7,6 +7,7 @@ import (
|
|||
"github.com/pkg/errors"
|
||||
"github.com/smallstep/certificates/authority"
|
||||
"github.com/smallstep/certificates/authority/provisioner"
|
||||
"github.com/smallstep/certificates/errs"
|
||||
"github.com/smallstep/certificates/logging"
|
||||
"golang.org/x/crypto/ocsp"
|
||||
)
|
||||
|
|
@ -29,13 +30,13 @@ type RevokeRequest struct {
|
|||
// or an error if something is wrong.
|
||||
func (r *RevokeRequest) Validate() (err error) {
|
||||
if r.Serial == "" {
|
||||
return BadRequest(errors.New("missing serial"))
|
||||
return errs.BadRequest(errors.New("missing serial"))
|
||||
}
|
||||
if r.ReasonCode < ocsp.Unspecified || r.ReasonCode > ocsp.AACompromise {
|
||||
return BadRequest(errors.New("reasonCode out of bounds"))
|
||||
return errs.BadRequest(errors.New("reasonCode out of bounds"))
|
||||
}
|
||||
if !r.Passive {
|
||||
return NotImplemented(errors.New("non-passive revocation not implemented"))
|
||||
return errs.NotImplemented(errors.New("non-passive revocation not implemented"))
|
||||
}
|
||||
|
||||
return
|
||||
|
|
@ -49,7 +50,7 @@ func (r *RevokeRequest) Validate() (err error) {
|
|||
func (h *caHandler) Revoke(w http.ResponseWriter, r *http.Request) {
|
||||
var body RevokeRequest
|
||||
if err := ReadJSON(r.Body, &body); err != nil {
|
||||
WriteError(w, BadRequest(errors.Wrap(err, "error reading request body")))
|
||||
WriteError(w, errs.BadRequest(errors.Wrap(err, "error reading request body")))
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -71,7 +72,7 @@ func (h *caHandler) Revoke(w http.ResponseWriter, r *http.Request) {
|
|||
if len(body.OTT) > 0 {
|
||||
logOtt(w, body.OTT)
|
||||
if _, err := h.Authority.Authorize(ctx, body.OTT); err != nil {
|
||||
WriteError(w, Unauthorized(err))
|
||||
WriteError(w, errs.Unauthorized(err))
|
||||
return
|
||||
}
|
||||
opts.OTT = body.OTT
|
||||
|
|
@ -80,12 +81,12 @@ func (h *caHandler) Revoke(w http.ResponseWriter, r *http.Request) {
|
|||
// the client certificate Serial Number must match the serial number
|
||||
// being revoked.
|
||||
if r.TLS == nil || len(r.TLS.PeerCertificates) == 0 {
|
||||
WriteError(w, BadRequest(errors.New("missing ott or peer certificate")))
|
||||
WriteError(w, errs.BadRequest(errors.New("missing ott or peer certificate")))
|
||||
return
|
||||
}
|
||||
opts.Crt = r.TLS.PeerCertificates[0]
|
||||
if opts.Crt.SerialNumber.String() != opts.Serial {
|
||||
WriteError(w, BadRequest(errors.New("revoke: serial number in mtls certificate different than body")))
|
||||
WriteError(w, errs.BadRequest(errors.New("revoke: serial number in mtls certificate different than body")))
|
||||
return
|
||||
}
|
||||
// TODO: should probably be checking if the certificate was revoked here.
|
||||
|
|
@ -96,7 +97,7 @@ func (h *caHandler) Revoke(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
if err := h.Authority.Revoke(ctx, opts); err != nil {
|
||||
WriteError(w, Forbidden(err))
|
||||
WriteError(w, errs.Forbidden(err))
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue