forked from TrueCloudLab/certificates
Add special handling for *json.UnmarshalTypeError
This commit is contained in:
parent
0475a4d26f
commit
a3cf6bac36
5 changed files with 58 additions and 7 deletions
|
@ -172,8 +172,12 @@ func TestAuthority_SignSSH(t *testing.T) {
|
||||||
SSH: &provisioner.SSHOptions{Template: `{{ fail "an error"}}`},
|
SSH: &provisioner.SSHOptions{Template: `{{ fail "an error"}}`},
|
||||||
}, sshutil.CreateTemplateData(sshutil.UserCert, "key-id", []string{"user"}))
|
}, sshutil.CreateTemplateData(sshutil.UserCert, "key-id", []string{"user"}))
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
userFailTemplateFile, err := provisioner.TemplateSSHOptions(&provisioner.Options{
|
userJSONSyntaxErrorTemplateFile, err := provisioner.TemplateSSHOptions(&provisioner.Options{
|
||||||
SSH: &provisioner.SSHOptions{TemplateFile: "./testdata/templates/badjson.tpl"},
|
SSH: &provisioner.SSHOptions{TemplateFile: "./testdata/templates/badjsonsyntax.tpl"},
|
||||||
|
}, sshutil.CreateTemplateData(sshutil.UserCert, "key-id", []string{"user"}))
|
||||||
|
assert.FatalError(t, err)
|
||||||
|
userJSONValueErrorTemplateFile, err := provisioner.TemplateSSHOptions(&provisioner.Options{
|
||||||
|
SSH: &provisioner.SSHOptions{TemplateFile: "./testdata/templates/badjsonvalue.tpl"},
|
||||||
}, sshutil.CreateTemplateData(sshutil.UserCert, "key-id", []string{"user"}))
|
}, sshutil.CreateTemplateData(sshutil.UserCert, "key-id", []string{"user"}))
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
|
|
||||||
|
@ -226,7 +230,8 @@ func TestAuthority_SignSSH(t *testing.T) {
|
||||||
{"fail-no-host-key", fields{signer, nil}, args{pub, provisioner.SignSSHOptions{CertType: "host"}, []provisioner.SignOption{hostTemplate}}, want{}, true},
|
{"fail-no-host-key", fields{signer, nil}, args{pub, provisioner.SignSSHOptions{CertType: "host"}, []provisioner.SignOption{hostTemplate}}, want{}, true},
|
||||||
{"fail-bad-type", fields{signer, nil}, args{pub, provisioner.SignSSHOptions{}, []provisioner.SignOption{userTemplate, sshTestModifier{CertType: 100}}}, want{}, true},
|
{"fail-bad-type", fields{signer, nil}, args{pub, provisioner.SignSSHOptions{}, []provisioner.SignOption{userTemplate, sshTestModifier{CertType: 100}}}, want{}, true},
|
||||||
{"fail-custom-template", fields{signer, signer}, args{pub, provisioner.SignSSHOptions{}, []provisioner.SignOption{userFailTemplate, userOptions}}, want{}, true},
|
{"fail-custom-template", fields{signer, signer}, args{pub, provisioner.SignSSHOptions{}, []provisioner.SignOption{userFailTemplate, userOptions}}, want{}, true},
|
||||||
{"fail-custom-template-file", fields{signer, signer}, args{pub, provisioner.SignSSHOptions{}, []provisioner.SignOption{userFailTemplateFile, userOptions}}, want{}, true},
|
{"fail-custom-template-syntax-error-file", fields{signer, signer}, args{pub, provisioner.SignSSHOptions{}, []provisioner.SignOption{userJSONSyntaxErrorTemplateFile, userOptions}}, want{}, true},
|
||||||
|
{"fail-custom-template-syntax-value-file", fields{signer, signer}, args{pub, provisioner.SignSSHOptions{}, []provisioner.SignOption{userJSONValueErrorTemplateFile, userOptions}}, want{}, true},
|
||||||
}
|
}
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
|
10
authority/testdata/templates/badjsonvalue.tpl
vendored
Normal file
10
authority/testdata/templates/badjsonvalue.tpl
vendored
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"subject": 1,
|
||||||
|
"sans": {{ toJson .SANs }},
|
||||||
|
{{- if typeIs "*rsa.PublicKey" .Insecure.CR.PublicKey }}
|
||||||
|
"keyUsage": ["keyEncipherment", "digitalSignature"],
|
||||||
|
{{- else }}
|
||||||
|
"keyUsage": ["digitalSignature"],
|
||||||
|
{{- end }}
|
||||||
|
"extKeyUsage": ["serverAuth", "clientAuth"]
|
||||||
|
}
|
|
@ -566,10 +566,17 @@ func (a *Authority) GetTLSCertificate() (*tls.Certificate, error) {
|
||||||
// this to the error message.
|
// this to the error message.
|
||||||
func templatingError(err error) error {
|
func templatingError(err error) error {
|
||||||
cause := errors.Cause(err)
|
cause := errors.Cause(err)
|
||||||
var syntaxError *json.SyntaxError
|
var (
|
||||||
|
syntaxError *json.SyntaxError
|
||||||
|
typeError *json.UnmarshalTypeError
|
||||||
|
)
|
||||||
if errors.As(err, &syntaxError) {
|
if errors.As(err, &syntaxError) {
|
||||||
// offset is arguably not super clear to the user, but it's the best we can do here
|
// offset is arguably not super clear to the user, but it's the best we can do here
|
||||||
cause = fmt.Errorf("%s at offset %d", cause.Error(), syntaxError.Offset)
|
cause = fmt.Errorf("%s at offset %d", cause.Error(), syntaxError.Offset)
|
||||||
}
|
}
|
||||||
|
if errors.As(err, &typeError) {
|
||||||
|
// slightly rewriting the default error message to include the offset
|
||||||
|
cause = fmt.Errorf("cannot unmarshal %s at offset %d into Go value of type %s", typeError.Value, typeError.Offset, typeError.Type)
|
||||||
|
}
|
||||||
return errors.Wrap(cause, "error applying certificate template")
|
return errors.Wrap(cause, "error applying certificate template")
|
||||||
}
|
}
|
||||||
|
|
|
@ -396,7 +396,7 @@ ZYtQ9Ot36qc=
|
||||||
code: http.StatusBadRequest,
|
code: http.StatusBadRequest,
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"fail bad JSON template file": func(t *testing.T) *signTest {
|
"fail bad JSON syntax template file": func(t *testing.T) *signTest {
|
||||||
csr := getCSR(t, priv)
|
csr := getCSR(t, priv)
|
||||||
testAuthority := testAuthority(t)
|
testAuthority := testAuthority(t)
|
||||||
p, ok := testAuthority.provisioners.Load("step-cli:4UELJx8e0aS9m0CH3fZ0EB7D5aUPICb759zALHFejvc")
|
p, ok := testAuthority.provisioners.Load("step-cli:4UELJx8e0aS9m0CH3fZ0EB7D5aUPICb759zALHFejvc")
|
||||||
|
@ -405,7 +405,7 @@ ZYtQ9Ot36qc=
|
||||||
}
|
}
|
||||||
p.(*provisioner.JWK).Options = &provisioner.Options{
|
p.(*provisioner.JWK).Options = &provisioner.Options{
|
||||||
X509: &provisioner.X509Options{
|
X509: &provisioner.X509Options{
|
||||||
TemplateFile: "./testdata/templates/badjson.tpl",
|
TemplateFile: "./testdata/templates/badjsonsyntax.tpl",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
testExtraOpts, err := testAuthority.Authorize(ctx, token)
|
testExtraOpts, err := testAuthority.Authorize(ctx, token)
|
||||||
|
@ -421,7 +421,36 @@ ZYtQ9Ot36qc=
|
||||||
csr: csr,
|
csr: csr,
|
||||||
extraOpts: testExtraOpts,
|
extraOpts: testExtraOpts,
|
||||||
signOpts: signOpts,
|
signOpts: signOpts,
|
||||||
err: errors.New("error applying certificate template"),
|
err: errors.New("error applying certificate template: invalid character"),
|
||||||
|
code: http.StatusInternalServerError,
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"fail bad JSON value template file": func(t *testing.T) *signTest {
|
||||||
|
csr := getCSR(t, priv)
|
||||||
|
testAuthority := testAuthority(t)
|
||||||
|
p, ok := testAuthority.provisioners.Load("step-cli:4UELJx8e0aS9m0CH3fZ0EB7D5aUPICb759zALHFejvc")
|
||||||
|
if !ok {
|
||||||
|
t.Fatal("provisioner not found")
|
||||||
|
}
|
||||||
|
p.(*provisioner.JWK).Options = &provisioner.Options{
|
||||||
|
X509: &provisioner.X509Options{
|
||||||
|
TemplateFile: "./testdata/templates/badjsonvalue.tpl",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
testExtraOpts, err := testAuthority.Authorize(ctx, token)
|
||||||
|
assert.FatalError(t, err)
|
||||||
|
testAuthority.db = &db.MockAuthDB{
|
||||||
|
MStoreCertificate: func(crt *x509.Certificate) error {
|
||||||
|
assert.Equals(t, crt.Subject.CommonName, "smallstep test")
|
||||||
|
return nil
|
||||||
|
},
|
||||||
|
}
|
||||||
|
return &signTest{
|
||||||
|
auth: testAuthority,
|
||||||
|
csr: csr,
|
||||||
|
extraOpts: testExtraOpts,
|
||||||
|
signOpts: signOpts,
|
||||||
|
err: errors.New("error applying certificate template: cannot unmarshal"),
|
||||||
code: http.StatusInternalServerError,
|
code: http.StatusInternalServerError,
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
Loading…
Reference in a new issue