alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Return a typed error

Browse source
This commit is contained in:
Mariano Cano 2022-09-20 10:36:44 -07:00
parent 6686f0437d
commit 495494ce8f
2 changed files with 28 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
authority/internal/constraints/constraints.go
View file

@ -10,12 +10,13 @@ import (
var oidExtensionNameConstraints = []int{2, 5, 29, 30} var oidExtensionNameConstraints = []int{2, 5, 29, 30}
type ConstraintError struct { type ConstraintError struct {
Type string Type string
Name string Name string
Detail string
} }
func (e ConstraintError) Error() string { func (e ConstraintError) Error() string {
return fmt.Sprintf("%s %q is not allowed", e.Type, e.Name) return e.Detail
} }
type service struct { type service struct {
@ -74,7 +75,8 @@ func (s *service) Validate(dnsNames []string, ipAddresses []*net.IP, emailAddres
if err := checkNameConstraints("IP address", ip.String(), ip, s.permittedIPRanges, s.excludedIPRanges, if err := checkNameConstraints("IP address", ip.String(), ip, s.permittedIPRanges, s.excludedIPRanges,
func(parsedName, constraint any) (bool, error) { func(parsedName, constraint any) (bool, error) {
return matchIPConstraint(parsedName.(net.IP), constraint.(*net.IPNet)) return matchIPConstraint(parsedName.(net.IP), constraint.(*net.IPNet))
}); err != nil { },
); err != nil {
return err return err
} }
} }
@ -97,7 +99,8 @@ func (s *service) Validate(dnsNames []string, ipAddresses []*net.IP, emailAddres
if err := checkNameConstraints("URI", uri.String(), uri, s.permittedURIDomains, s.excludedURIDomains, if err := checkNameConstraints("URI", uri.String(), uri, s.permittedURIDomains, s.excludedURIDomains,
func(parsedName, constraint any) (bool, error) { func(parsedName, constraint any) (bool, error) {
return matchURIConstraint(parsedName.(*url.URL), constraint.(string)) return matchURIConstraint(parsedName.(*url.URL), constraint.(string))
}); err != nil { },
); err != nil {
return err return err
} }
} }

24
authority/internal/constraints/verify.go
View file

@ -43,11 +43,19 @@ func checkNameConstraints(nameType string, name string, parsedName any, permitte
constraint := excludedValue.Index(i).Interface() constraint := excludedValue.Index(i).Interface()
match, err := match(parsedName, constraint) match, err := match(parsedName, constraint)
if err != nil { if err != nil {
return err return ConstraintError{
Type: nameType,
Name: name,
Detail: err.Error(),
}
} }
if match { if match {
return fmt.Errorf("%s %q is excluded by constraint %q", nameType, name, constraint) return ConstraintError{
Type: nameType,
Name: name,
Detail: fmt.Sprintf("%s %q is excluded by constraint %q", nameType, name, constraint),
}
} }
} }
@ -60,14 +68,22 @@ func checkNameConstraints(nameType string, name string, parsedName any, permitte
for i := 0; i < permittedValue.Len(); i++ { for i := 0; i < permittedValue.Len(); i++ {
constraint := permittedValue.Index(i).Interface() constraint := permittedValue.Index(i).Interface()
if ok, err = match(parsedName, constraint); err != nil { if ok, err = match(parsedName, constraint); err != nil {
return err return ConstraintError{
Type: nameType,
Name: name,
Detail: err.Error(),
}
} }
if ok { if ok {
break break
} }
} }
if !ok { if !ok {
return fmt.Errorf("%s %q is not permitted by any constraint", nameType, name) return ConstraintError{
Type: nameType,
Name: name,
Detail: fmt.Sprintf("%s %q is not permitted by any constraint", nameType, name),
}
} }
return nil return nil