From 668b0a5f407199406b7aa9d009511168f566a09e Mon Sep 17 00:00:00 2001
From: Stephen J Day <stephen.day@docker.com>
Date: Fri, 2 Sep 2016 15:24:35 -0700
Subject: [PATCH] handlers: provide better log message on mismatched secret

Signed-off-by: Stephen J Day <stephen.day@docker.com>
---
 registry/handlers/hmac.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/registry/handlers/hmac.go b/registry/handlers/hmac.go
index 1725d240b..94ed9fda5 100644
--- a/registry/handlers/hmac.go
+++ b/registry/handlers/hmac.go
@@ -26,6 +26,8 @@ type blobUploadState struct {
 
 type hmacKey string
 
+var errInvalidSecret = fmt.Errorf("invalid secret")
+
 // unpackUploadState unpacks and validates the blob upload state from the
 // token, using the hmacKey secret.
 func (secret hmacKey) unpackUploadState(token string) (blobUploadState, error) {
@@ -38,7 +40,7 @@ func (secret hmacKey) unpackUploadState(token string) (blobUploadState, error) {
 	mac := hmac.New(sha256.New, []byte(secret))
 
 	if len(tokenBytes) < mac.Size() {
-		return state, fmt.Errorf("Invalid token")
+		return state, errInvalidSecret
 	}
 
 	macBytes := tokenBytes[:mac.Size()]
@@ -46,7 +48,7 @@ func (secret hmacKey) unpackUploadState(token string) (blobUploadState, error) {
 
 	mac.Write(messageBytes)
 	if !hmac.Equal(mac.Sum(nil), macBytes) {
-		return state, fmt.Errorf("Invalid token")
+		return state, errInvalidSecret
 	}
 
 	if err := json.Unmarshal(messageBytes, &state); err != nil {