forked from TrueCloudLab/certificates
Standardize linting file and fix or ignore lots of linting errors
This commit is contained in:
parent
fcb9d88223
commit
ab0d2503ae
120 changed files with 904 additions and 943 deletions
|
@ -1,74 +0,0 @@
|
||||||
linters-settings:
|
|
||||||
govet:
|
|
||||||
check-shadowing: true
|
|
||||||
settings:
|
|
||||||
printf:
|
|
||||||
funcs:
|
|
||||||
- (github.com/golangci/golangci-lint/pkg/logutils.Log).Infof
|
|
||||||
- (github.com/golangci/golangci-lint/pkg/logutils.Log).Errorf
|
|
||||||
- (github.com/golangci/golangci-lint/pkg/logutils.Log).Warnf
|
|
||||||
- (github.com/golangci/golangci-lint/pkg/logutils.Log).Fatalf
|
|
||||||
revive:
|
|
||||||
min-confidence: 0
|
|
||||||
gocyclo:
|
|
||||||
min-complexity: 10
|
|
||||||
maligned:
|
|
||||||
suggest-new: true
|
|
||||||
dupl:
|
|
||||||
threshold: 100
|
|
||||||
goconst:
|
|
||||||
min-len: 2
|
|
||||||
min-occurrences: 2
|
|
||||||
depguard:
|
|
||||||
list-type: blacklist
|
|
||||||
packages:
|
|
||||||
# logging is allowed only by logutils.Log, logrus
|
|
||||||
# is allowed to use only in logutils package
|
|
||||||
- github.com/sirupsen/logrus
|
|
||||||
misspell:
|
|
||||||
locale: US
|
|
||||||
lll:
|
|
||||||
line-length: 140
|
|
||||||
goimports:
|
|
||||||
local-prefixes: github.com/golangci/golangci-lint
|
|
||||||
gocritic:
|
|
||||||
enabled-tags:
|
|
||||||
- performance
|
|
||||||
- style
|
|
||||||
- experimental
|
|
||||||
- diagnostic
|
|
||||||
disabled-checks:
|
|
||||||
- commentFormatting
|
|
||||||
- commentedOutCode
|
|
||||||
- evalOrder
|
|
||||||
- hugeParam
|
|
||||||
- octalLiteral
|
|
||||||
- rangeValCopy
|
|
||||||
- tooManyResultsChecker
|
|
||||||
- unnamedResult
|
|
||||||
|
|
||||||
linters:
|
|
||||||
disable-all: true
|
|
||||||
enable:
|
|
||||||
- gocritic
|
|
||||||
- gofmt
|
|
||||||
- gosimple
|
|
||||||
- govet
|
|
||||||
- ineffassign
|
|
||||||
- misspell
|
|
||||||
- revive
|
|
||||||
- staticcheck
|
|
||||||
- unused
|
|
||||||
|
|
||||||
run:
|
|
||||||
skip-dirs:
|
|
||||||
- pkg
|
|
||||||
|
|
||||||
issues:
|
|
||||||
exclude:
|
|
||||||
- can't lint
|
|
||||||
- declaration of "err" shadows declaration at line
|
|
||||||
- should have a package comment, unless it's in another file for this package
|
|
||||||
- error strings should not be capitalized or end with punctuation or a newline
|
|
||||||
- Wrapf call needs 1 arg but has 2 args
|
|
||||||
- cs.NegotiatedProtocolIsMutual is deprecated
|
|
4
Makefile
4
Makefile
|
@ -29,7 +29,7 @@ ci: testcgo build
|
||||||
|
|
||||||
bootstra%:
|
bootstra%:
|
||||||
# Using a released version of golangci-lint to take into account custom replacements in their go.mod
|
# Using a released version of golangci-lint to take into account custom replacements in their go.mod
|
||||||
$Q curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(shell go env GOPATH)/bin v1.42.0
|
$Q curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(shell go env GOPATH)/bin v1.48.0
|
||||||
|
|
||||||
.PHONY: bootstra%
|
.PHONY: bootstra%
|
||||||
|
|
||||||
|
@ -151,7 +151,7 @@ integration: bin/$(BINNAME)
|
||||||
#########################################
|
#########################################
|
||||||
|
|
||||||
fmt:
|
fmt:
|
||||||
$Q gofmt -l -s -w $(SRC)
|
$Q goimports -local github.com/golangci/golangci-lint -l -w $(SRC)
|
||||||
|
|
||||||
lint:
|
lint:
|
||||||
$Q golangci-lint run --timeout=30m
|
$Q golangci-lint run --timeout=30m
|
||||||
|
|
|
@ -33,7 +33,7 @@ func (a *Account) ToLog() (interface{}, error) {
|
||||||
|
|
||||||
// IsValid returns true if the Account is valid.
|
// IsValid returns true if the Account is valid.
|
||||||
func (a *Account) IsValid() bool {
|
func (a *Account) IsValid() bool {
|
||||||
return Status(a.Status) == StatusValid
|
return a.Status == StatusValid
|
||||||
}
|
}
|
||||||
|
|
||||||
// KeyToID converts a JWK to a thumbprint.
|
// KeyToID converts a JWK to a thumbprint.
|
||||||
|
|
|
@ -46,14 +46,14 @@ func TestKeyToID(t *testing.T) {
|
||||||
tc := run(t)
|
tc := run(t)
|
||||||
if id, err := KeyToID(tc.jwk); err != nil {
|
if id, err := KeyToID(tc.jwk); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
switch k := err.(type) {
|
var k *Error
|
||||||
case *Error:
|
if errors.As(err, &k) {
|
||||||
assert.Equals(t, k.Type, tc.err.Type)
|
assert.Equals(t, k.Type, tc.err.Type)
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
assert.Equals(t, k.Status, tc.err.Status)
|
assert.Equals(t, k.Status, tc.err.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
default:
|
} else {
|
||||||
assert.FatalError(t, errors.New("unexpected error type"))
|
assert.FatalError(t, errors.New("unexpected error type"))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -131,12 +131,13 @@ func TestExternalAccountKey_BindTo(t *testing.T) {
|
||||||
}
|
}
|
||||||
if wantErr {
|
if wantErr {
|
||||||
assert.NotNil(t, err)
|
assert.NotNil(t, err)
|
||||||
assert.Type(t, &Error{}, err)
|
var ae *Error
|
||||||
ae, _ := err.(*Error)
|
if assert.True(t, errors.As(err, &ae)) {
|
||||||
assert.Equals(t, ae.Type, tt.err.Type)
|
assert.Equals(t, ae.Type, tt.err.Type)
|
||||||
assert.Equals(t, ae.Detail, tt.err.Detail)
|
assert.Equals(t, ae.Detail, tt.err.Detail)
|
||||||
assert.Equals(t, ae.Identifier, tt.err.Identifier)
|
assert.Equals(t, ae.Identifier, tt.err.Identifier)
|
||||||
assert.Equals(t, ae.Subproblems, tt.err.Subproblems)
|
assert.Equals(t, ae.Subproblems, tt.err.Subproblems)
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
assert.Equals(t, eak.AccountID, acct.ID)
|
assert.Equals(t, eak.AccountID, acct.ID)
|
||||||
assert.Equals(t, eak.HmacKey, []byte{})
|
assert.Equals(t, eak.HmacKey, []byte{})
|
||||||
|
|
|
@ -2,6 +2,7 @@ package api
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"github.com/go-chi/chi"
|
"github.com/go-chi/chi"
|
||||||
|
@ -97,8 +98,8 @@ func NewAccount(w http.ResponseWriter, r *http.Request) {
|
||||||
httpStatus := http.StatusCreated
|
httpStatus := http.StatusCreated
|
||||||
acc, err := accountFromContext(ctx)
|
acc, err := accountFromContext(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
acmeErr, ok := err.(*acme.Error)
|
var acmeErr *acme.Error
|
||||||
if !ok || acmeErr.Status != http.StatusBadRequest {
|
if !errors.As(err, &acmeErr) || acmeErr.Status != http.StatusBadRequest {
|
||||||
// Something went wrong ...
|
// Something went wrong ...
|
||||||
render.Error(w, err)
|
render.Error(w, err)
|
||||||
return
|
return
|
||||||
|
|
|
@ -197,12 +197,13 @@ func TestNewAccountRequest_Validate(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
if err := tc.nar.Validate(); err != nil {
|
if err := tc.nar.Validate(); err != nil {
|
||||||
if assert.NotNil(t, err) {
|
if assert.NotNil(t, err) {
|
||||||
ae, ok := err.(*acme.Error)
|
var ae *acme.Error
|
||||||
assert.True(t, ok)
|
if assert.True(t, errors.As(err, &ae)) {
|
||||||
assert.HasPrefix(t, ae.Error(), tc.err.Error())
|
assert.HasPrefix(t, ae.Error(), tc.err.Error())
|
||||||
assert.Equals(t, ae.StatusCode(), tc.err.StatusCode())
|
assert.Equals(t, ae.StatusCode(), tc.err.StatusCode())
|
||||||
assert.Equals(t, ae.Type, tc.err.Type)
|
assert.Equals(t, ae.Type, tc.err.Type)
|
||||||
}
|
}
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
assert.Nil(t, tc.err)
|
assert.Nil(t, tc.err)
|
||||||
}
|
}
|
||||||
|
@ -268,12 +269,13 @@ func TestUpdateAccountRequest_Validate(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
if err := tc.uar.Validate(); err != nil {
|
if err := tc.uar.Validate(); err != nil {
|
||||||
if assert.NotNil(t, err) {
|
if assert.NotNil(t, err) {
|
||||||
ae, ok := err.(*acme.Error)
|
var ae *acme.Error
|
||||||
assert.True(t, ok)
|
if assert.True(t, errors.As(err, &ae)) {
|
||||||
assert.HasPrefix(t, ae.Error(), tc.err.Error())
|
assert.HasPrefix(t, ae.Error(), tc.err.Error())
|
||||||
assert.Equals(t, ae.StatusCode(), tc.err.StatusCode())
|
assert.Equals(t, ae.StatusCode(), tc.err.StatusCode())
|
||||||
assert.Equals(t, ae.Type, tc.err.Type)
|
assert.Equals(t, ae.Type, tc.err.Type)
|
||||||
}
|
}
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
assert.Nil(t, tc.err)
|
assert.Nil(t, tc.err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,6 +3,7 @@ package api
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
|
|
||||||
"go.step.sm/crypto/jose"
|
"go.step.sm/crypto/jose"
|
||||||
|
|
||||||
|
@ -24,6 +25,7 @@ func validateExternalAccountBinding(ctx context.Context, nar *NewAccountRequest)
|
||||||
}
|
}
|
||||||
|
|
||||||
if !acmeProv.RequireEAB {
|
if !acmeProv.RequireEAB {
|
||||||
|
//nolint:nilnil // legacy
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -51,7 +53,8 @@ func validateExternalAccountBinding(ctx context.Context, nar *NewAccountRequest)
|
||||||
db := acme.MustDatabaseFromContext(ctx)
|
db := acme.MustDatabaseFromContext(ctx)
|
||||||
externalAccountKey, err := db.GetExternalAccountKey(ctx, acmeProv.ID, keyID)
|
externalAccountKey, err := db.GetExternalAccountKey(ctx, acmeProv.ID, keyID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if _, ok := err.(*acme.Error); ok {
|
var ae *acme.Error
|
||||||
|
if errors.As(err, &ae) {
|
||||||
return nil, acme.WrapError(acme.ErrorUnauthorizedType, err, "the field 'kid' references an unknown key")
|
return nil, acme.WrapError(acme.ErrorUnauthorizedType, err, "the field 'kid' references an unknown key")
|
||||||
}
|
}
|
||||||
return nil, acme.WrapErrorISE(err, "error retrieving external account key")
|
return nil, acme.WrapErrorISE(err, "error retrieving external account key")
|
||||||
|
|
|
@ -860,13 +860,15 @@ func TestHandler_validateExternalAccountBinding(t *testing.T) {
|
||||||
if wantErr {
|
if wantErr {
|
||||||
assert.NotNil(t, err)
|
assert.NotNil(t, err)
|
||||||
assert.Type(t, &acme.Error{}, err)
|
assert.Type(t, &acme.Error{}, err)
|
||||||
ae, _ := err.(*acme.Error)
|
var ae *acme.Error
|
||||||
|
if assert.True(t, errors.As(err, &ae)) {
|
||||||
assert.Equals(t, ae.Type, tc.err.Type)
|
assert.Equals(t, ae.Type, tc.err.Type)
|
||||||
assert.Equals(t, ae.Status, tc.err.Status)
|
assert.Equals(t, ae.Status, tc.err.Status)
|
||||||
assert.HasPrefix(t, ae.Err.Error(), tc.err.Err.Error())
|
assert.HasPrefix(t, ae.Err.Error(), tc.err.Err.Error())
|
||||||
assert.Equals(t, ae.Detail, tc.err.Detail)
|
assert.Equals(t, ae.Detail, tc.err.Detail)
|
||||||
assert.Equals(t, ae.Identifier, tc.err.Identifier)
|
assert.Equals(t, ae.Identifier, tc.err.Identifier)
|
||||||
assert.Equals(t, ae.Subproblems, tc.err.Subproblems)
|
assert.Equals(t, ae.Subproblems, tc.err.Subproblems)
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
if got == nil {
|
if got == nil {
|
||||||
assert.Nil(t, tc.eak)
|
assert.Nil(t, tc.eak)
|
||||||
|
|
|
@ -518,9 +518,6 @@ func TestHandler_verifyAndExtractJWSPayload(t *testing.T) {
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"ok/empty-algorithm-in-jwk": func(t *testing.T) test {
|
"ok/empty-algorithm-in-jwk": func(t *testing.T) test {
|
||||||
_pub := *pub
|
|
||||||
clone := &_pub
|
|
||||||
clone.Algorithm = ""
|
|
||||||
ctx := context.WithValue(context.Background(), jwsContextKey, parsedJWS)
|
ctx := context.WithValue(context.Background(), jwsContextKey, parsedJWS)
|
||||||
ctx = context.WithValue(ctx, jwkContextKey, pub)
|
ctx = context.WithValue(ctx, jwkContextKey, pub)
|
||||||
return test{
|
return test{
|
||||||
|
|
|
@ -179,12 +179,13 @@ func TestNewOrderRequest_Validate(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
if err := tc.nor.Validate(); err != nil {
|
if err := tc.nor.Validate(); err != nil {
|
||||||
if assert.NotNil(t, err) {
|
if assert.NotNil(t, err) {
|
||||||
ae, ok := err.(*acme.Error)
|
var ae *acme.Error
|
||||||
assert.True(t, ok)
|
if assert.True(t, errors.As(err, &ae)) {
|
||||||
assert.HasPrefix(t, ae.Error(), tc.err.Error())
|
assert.HasPrefix(t, ae.Error(), tc.err.Error())
|
||||||
assert.Equals(t, ae.StatusCode(), tc.err.StatusCode())
|
assert.Equals(t, ae.StatusCode(), tc.err.StatusCode())
|
||||||
assert.Equals(t, ae.Type, tc.err.Type)
|
assert.Equals(t, ae.Type, tc.err.Type)
|
||||||
}
|
}
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
if assert.Nil(t, tc.err) {
|
if assert.Nil(t, tc.err) {
|
||||||
if tc.nbf.IsZero() {
|
if tc.nbf.IsZero() {
|
||||||
|
@ -253,12 +254,13 @@ func TestFinalizeRequestValidate(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
if err := tc.fr.Validate(); err != nil {
|
if err := tc.fr.Validate(); err != nil {
|
||||||
if assert.NotNil(t, err) {
|
if assert.NotNil(t, err) {
|
||||||
ae, ok := err.(*acme.Error)
|
var ae *acme.Error
|
||||||
assert.True(t, ok)
|
if assert.True(t, errors.As(err, &ae)) {
|
||||||
assert.HasPrefix(t, ae.Error(), tc.err.Error())
|
assert.HasPrefix(t, ae.Error(), tc.err.Error())
|
||||||
assert.Equals(t, ae.StatusCode(), tc.err.StatusCode())
|
assert.Equals(t, ae.StatusCode(), tc.err.StatusCode())
|
||||||
assert.Equals(t, ae.Type, tc.err.Type)
|
assert.Equals(t, ae.Type, tc.err.Type)
|
||||||
}
|
}
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
if assert.Nil(t, tc.err) {
|
if assert.Nil(t, tc.err) {
|
||||||
assert.Equals(t, tc.fr.csr.Raw, csr.Raw)
|
assert.Equals(t, tc.fr.csr.Raw, csr.Raw)
|
||||||
|
@ -761,14 +763,14 @@ func TestHandler_newAuthorization(t *testing.T) {
|
||||||
ctx = acme.NewProvisionerContext(ctx, tc.prov)
|
ctx = acme.NewProvisionerContext(ctx, tc.prov)
|
||||||
if err := newAuthorization(ctx, tc.az); err != nil {
|
if err := newAuthorization(ctx, tc.az); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
switch k := err.(type) {
|
var k *acme.Error
|
||||||
case *acme.Error:
|
if assert.True(t, errors.As(err, &k)) {
|
||||||
assert.Equals(t, k.Type, tc.err.Type)
|
assert.Equals(t, k.Type, tc.err.Type)
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
assert.Equals(t, k.Status, tc.err.Status)
|
assert.Equals(t, k.Status, tc.err.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
default:
|
} else {
|
||||||
assert.FatalError(t, errors.New("unexpected error type"))
|
assert.FatalError(t, errors.New("unexpected error type"))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -130,14 +130,14 @@ func TestAuthorization_UpdateStatus(t *testing.T) {
|
||||||
tc := run(t)
|
tc := run(t)
|
||||||
if err := tc.az.UpdateStatus(context.Background(), tc.db); err != nil {
|
if err := tc.az.UpdateStatus(context.Background(), tc.db); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
switch k := err.(type) {
|
var k *Error
|
||||||
case *Error:
|
if errors.As(err, &k) {
|
||||||
assert.Equals(t, k.Type, tc.err.Type)
|
assert.Equals(t, k.Type, tc.err.Type)
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
assert.Equals(t, k.Status, tc.err.Status)
|
assert.Equals(t, k.Status, tc.err.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
default:
|
} else {
|
||||||
assert.FatalError(t, errors.New("unexpected error type"))
|
assert.FatalError(t, errors.New("unexpected error type"))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -188,14 +188,14 @@ func Test_storeError(t *testing.T) {
|
||||||
tc := run(t)
|
tc := run(t)
|
||||||
if err := storeError(context.Background(), tc.db, tc.ch, tc.markInvalid, err); err != nil {
|
if err := storeError(context.Background(), tc.db, tc.ch, tc.markInvalid, err); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
switch k := err.(type) {
|
var k *Error
|
||||||
case *Error:
|
if errors.As(err, &k) {
|
||||||
assert.Equals(t, k.Type, tc.err.Type)
|
assert.Equals(t, k.Type, tc.err.Type)
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
assert.Equals(t, k.Status, tc.err.Status)
|
assert.Equals(t, k.Status, tc.err.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
default:
|
} else {
|
||||||
assert.FatalError(t, errors.New("unexpected error type"))
|
assert.FatalError(t, errors.New("unexpected error type"))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -243,14 +243,14 @@ func TestKeyAuthorization(t *testing.T) {
|
||||||
tc := run(t)
|
tc := run(t)
|
||||||
if ka, err := KeyAuthorization(tc.token, tc.jwk); err != nil {
|
if ka, err := KeyAuthorization(tc.token, tc.jwk); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
switch k := err.(type) {
|
var k *Error
|
||||||
case *Error:
|
if errors.As(err, &k) {
|
||||||
assert.Equals(t, k.Type, tc.err.Type)
|
assert.Equals(t, k.Type, tc.err.Type)
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
assert.Equals(t, k.Status, tc.err.Status)
|
assert.Equals(t, k.Status, tc.err.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
default:
|
} else {
|
||||||
assert.FatalError(t, errors.New("unexpected error type"))
|
assert.FatalError(t, errors.New("unexpected error type"))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -533,14 +533,14 @@ func TestChallenge_Validate(t *testing.T) {
|
||||||
ctx := NewClientContext(context.Background(), tc.vc)
|
ctx := NewClientContext(context.Background(), tc.vc)
|
||||||
if err := tc.ch.Validate(ctx, tc.db, tc.jwk, nil); err != nil {
|
if err := tc.ch.Validate(ctx, tc.db, tc.jwk, nil); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
switch k := err.(type) {
|
var k *Error
|
||||||
case *Error:
|
if errors.As(err, &k) {
|
||||||
assert.Equals(t, k.Type, tc.err.Type)
|
assert.Equals(t, k.Type, tc.err.Type)
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
assert.Equals(t, k.Status, tc.err.Status)
|
assert.Equals(t, k.Status, tc.err.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
default:
|
} else {
|
||||||
assert.FatalError(t, errors.New("unexpected error type"))
|
assert.FatalError(t, errors.New("unexpected error type"))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -928,14 +928,14 @@ func TestHTTP01Validate(t *testing.T) {
|
||||||
ctx := NewClientContext(context.Background(), tc.vc)
|
ctx := NewClientContext(context.Background(), tc.vc)
|
||||||
if err := http01Validate(ctx, tc.ch, tc.db, tc.jwk); err != nil {
|
if err := http01Validate(ctx, tc.ch, tc.db, tc.jwk); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
switch k := err.(type) {
|
var k *Error
|
||||||
case *Error:
|
if errors.As(err, &k) {
|
||||||
assert.Equals(t, k.Type, tc.err.Type)
|
assert.Equals(t, k.Type, tc.err.Type)
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
assert.Equals(t, k.Status, tc.err.Status)
|
assert.Equals(t, k.Status, tc.err.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
default:
|
} else {
|
||||||
assert.FatalError(t, errors.New("unexpected error type"))
|
assert.FatalError(t, errors.New("unexpected error type"))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1228,14 +1228,14 @@ func TestDNS01Validate(t *testing.T) {
|
||||||
ctx := NewClientContext(context.Background(), tc.vc)
|
ctx := NewClientContext(context.Background(), tc.vc)
|
||||||
if err := dns01Validate(ctx, tc.ch, tc.db, tc.jwk); err != nil {
|
if err := dns01Validate(ctx, tc.ch, tc.db, tc.jwk); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
switch k := err.(type) {
|
var k *Error
|
||||||
case *Error:
|
if errors.As(err, &k) {
|
||||||
assert.Equals(t, k.Type, tc.err.Type)
|
assert.Equals(t, k.Type, tc.err.Type)
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
assert.Equals(t, k.Status, tc.err.Status)
|
assert.Equals(t, k.Status, tc.err.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
default:
|
} else {
|
||||||
assert.FatalError(t, errors.New("unexpected error type"))
|
assert.FatalError(t, errors.New("unexpected error type"))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2298,14 +2298,14 @@ func TestTLSALPN01Validate(t *testing.T) {
|
||||||
ctx := NewClientContext(context.Background(), tc.vc)
|
ctx := NewClientContext(context.Background(), tc.vc)
|
||||||
if err := tlsalpn01Validate(ctx, tc.ch, tc.db, tc.jwk); err != nil {
|
if err := tlsalpn01Validate(ctx, tc.ch, tc.db, tc.jwk); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
switch k := err.(type) {
|
var k *Error
|
||||||
case *Error:
|
if errors.As(err, &k) {
|
||||||
assert.Equals(t, k.Type, tc.err.Type)
|
assert.Equals(t, k.Type, tc.err.Type)
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
assert.Equals(t, k.Status, tc.err.Status)
|
assert.Equals(t, k.Status, tc.err.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
default:
|
} else {
|
||||||
assert.FatalError(t, errors.New("unexpected error type"))
|
assert.FatalError(t, errors.New("unexpected error type"))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -95,16 +95,16 @@ func TestDB_getDBAccount(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
if dbacc, err := d.getDBAccount(context.Background(), accID); err != nil {
|
if dbacc, err := d.getDBAccount(context.Background(), accID); err != nil {
|
||||||
switch k := err.(type) {
|
var acmeErr *acme.Error
|
||||||
case *acme.Error:
|
if errors.As(err, &acmeErr) {
|
||||||
if assert.NotNil(t, tc.acmeErr) {
|
if assert.NotNil(t, tc.acmeErr) {
|
||||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
assert.Equals(t, acmeErr.Type, tc.acmeErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
assert.Equals(t, acmeErr.Status, tc.acmeErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
assert.Equals(t, acmeErr.Err.Error(), tc.acmeErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -174,16 +174,16 @@ func TestDB_getAccountIDByKeyID(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
if retAccID, err := d.getAccountIDByKeyID(context.Background(), kid); err != nil {
|
if retAccID, err := d.getAccountIDByKeyID(context.Background(), kid); err != nil {
|
||||||
switch k := err.(type) {
|
var acmeErr *acme.Error
|
||||||
case *acme.Error:
|
if errors.As(err, &acmeErr) {
|
||||||
if assert.NotNil(t, tc.acmeErr) {
|
if assert.NotNil(t, tc.acmeErr) {
|
||||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
assert.Equals(t, acmeErr.Type, tc.acmeErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
assert.Equals(t, acmeErr.Status, tc.acmeErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
assert.Equals(t, acmeErr.Err.Error(), tc.acmeErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -248,16 +248,16 @@ func TestDB_GetAccount(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
if acc, err := d.GetAccount(context.Background(), accID); err != nil {
|
if acc, err := d.GetAccount(context.Background(), accID); err != nil {
|
||||||
switch k := err.(type) {
|
var acmeErr *acme.Error
|
||||||
case *acme.Error:
|
if errors.As(err, &acmeErr) {
|
||||||
if assert.NotNil(t, tc.acmeErr) {
|
if assert.NotNil(t, tc.acmeErr) {
|
||||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
assert.Equals(t, acmeErr.Type, tc.acmeErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
assert.Equals(t, acmeErr.Status, tc.acmeErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
assert.Equals(t, acmeErr.Err.Error(), tc.acmeErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -354,16 +354,16 @@ func TestDB_GetAccountByKeyID(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
if acc, err := d.GetAccountByKeyID(context.Background(), kid); err != nil {
|
if acc, err := d.GetAccountByKeyID(context.Background(), kid); err != nil {
|
||||||
switch k := err.(type) {
|
var acmeErr *acme.Error
|
||||||
case *acme.Error:
|
if errors.As(err, &acmeErr) {
|
||||||
if assert.NotNil(t, tc.acmeErr) {
|
if assert.NotNil(t, tc.acmeErr) {
|
||||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
assert.Equals(t, acmeErr.Type, tc.acmeErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
assert.Equals(t, acmeErr.Status, tc.acmeErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
assert.Equals(t, acmeErr.Err.Error(), tc.acmeErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
|
|
@ -101,16 +101,16 @@ func TestDB_getDBAuthz(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
if dbaz, err := d.getDBAuthz(context.Background(), azID); err != nil {
|
if dbaz, err := d.getDBAuthz(context.Background(), azID); err != nil {
|
||||||
switch k := err.(type) {
|
var acmeErr *acme.Error
|
||||||
case *acme.Error:
|
if errors.As(err, &acmeErr) {
|
||||||
if assert.NotNil(t, tc.acmeErr) {
|
if assert.NotNil(t, tc.acmeErr) {
|
||||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
assert.Equals(t, acmeErr.Type, tc.acmeErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
assert.Equals(t, acmeErr.Status, tc.acmeErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
assert.Equals(t, acmeErr.Err.Error(), tc.acmeErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -295,16 +295,16 @@ func TestDB_GetAuthorization(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
if az, err := d.GetAuthorization(context.Background(), azID); err != nil {
|
if az, err := d.GetAuthorization(context.Background(), azID); err != nil {
|
||||||
switch k := err.(type) {
|
var acmeErr *acme.Error
|
||||||
case *acme.Error:
|
if errors.As(err, &acmeErr) {
|
||||||
if assert.NotNil(t, tc.acmeErr) {
|
if assert.NotNil(t, tc.acmeErr) {
|
||||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
assert.Equals(t, acmeErr.Type, tc.acmeErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
assert.Equals(t, acmeErr.Status, tc.acmeErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
assert.Equals(t, acmeErr.Err.Error(), tc.acmeErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -745,16 +745,16 @@ func TestDB_GetAuthorizationsByAccountID(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
if azs, err := d.GetAuthorizationsByAccountID(context.Background(), accountID); err != nil {
|
if azs, err := d.GetAuthorizationsByAccountID(context.Background(), accountID); err != nil {
|
||||||
switch k := err.(type) {
|
var acmeErr *acme.Error
|
||||||
case *acme.Error:
|
if errors.As(err, &acmeErr) {
|
||||||
if assert.NotNil(t, tc.acmeErr) {
|
if assert.NotNil(t, tc.acmeErr) {
|
||||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
assert.Equals(t, acmeErr.Type, tc.acmeErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
assert.Equals(t, acmeErr.Status, tc.acmeErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
assert.Equals(t, acmeErr.Err.Error(), tc.acmeErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
|
|
@ -138,5 +138,4 @@ func parseBundle(b []byte) ([]*x509.Certificate, error) {
|
||||||
return nil, errors.New("error decoding PEM: unexpected data")
|
return nil, errors.New("error decoding PEM: unexpected data")
|
||||||
}
|
}
|
||||||
return bundle, nil
|
return bundle, nil
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -250,16 +250,16 @@ func TestDB_GetCertificate(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
cert, err := d.GetCertificate(context.Background(), certID)
|
cert, err := d.GetCertificate(context.Background(), certID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
switch k := err.(type) {
|
var acmeErr *acme.Error
|
||||||
case *acme.Error:
|
if errors.As(err, &acmeErr) {
|
||||||
if assert.NotNil(t, tc.acmeErr) {
|
if assert.NotNil(t, tc.acmeErr) {
|
||||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
assert.Equals(t, acmeErr.Type, tc.acmeErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
assert.Equals(t, acmeErr.Status, tc.acmeErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
assert.Equals(t, acmeErr.Err.Error(), tc.acmeErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -444,16 +444,16 @@ func TestDB_GetCertificateBySerial(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
cert, err := d.GetCertificateBySerial(context.Background(), serial)
|
cert, err := d.GetCertificateBySerial(context.Background(), serial)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
switch k := err.(type) {
|
var ae *acme.Error
|
||||||
case *acme.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.acmeErr) {
|
if assert.NotNil(t, tc.acmeErr) {
|
||||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
|
|
@ -94,16 +94,16 @@ func TestDB_getDBChallenge(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
if ch, err := d.getDBChallenge(context.Background(), chID); err != nil {
|
if ch, err := d.getDBChallenge(context.Background(), chID); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *acme.Error
|
||||||
case *acme.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.acmeErr) {
|
if assert.NotNil(t, tc.acmeErr) {
|
||||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -286,16 +286,16 @@ func TestDB_GetChallenge(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
if ch, err := d.GetChallenge(context.Background(), chID, azID); err != nil {
|
if ch, err := d.GetChallenge(context.Background(), chID, azID); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *acme.Error
|
||||||
case *acme.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.acmeErr) {
|
if assert.NotNil(t, tc.acmeErr) {
|
||||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
|
|
@ -54,7 +54,6 @@ func (db *DB) getDBExternalAccountKey(ctx context.Context, id string) (*dbExtern
|
||||||
|
|
||||||
// CreateExternalAccountKey creates a new External Account Binding key with a name
|
// CreateExternalAccountKey creates a new External Account Binding key with a name
|
||||||
func (db *DB) CreateExternalAccountKey(ctx context.Context, provisionerID, reference string) (*acme.ExternalAccountKey, error) {
|
func (db *DB) CreateExternalAccountKey(ctx context.Context, provisionerID, reference string) (*acme.ExternalAccountKey, error) {
|
||||||
|
|
||||||
externalAccountKeyMutex.Lock()
|
externalAccountKeyMutex.Lock()
|
||||||
defer externalAccountKeyMutex.Unlock()
|
defer externalAccountKeyMutex.Unlock()
|
||||||
|
|
||||||
|
@ -210,6 +209,7 @@ func (db *DB) GetExternalAccountKeyByReference(ctx context.Context, provisionerI
|
||||||
defer externalAccountKeyMutex.RUnlock()
|
defer externalAccountKeyMutex.RUnlock()
|
||||||
|
|
||||||
if reference == "" {
|
if reference == "" {
|
||||||
|
//nolint:nilnil // legacy
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -228,6 +228,7 @@ func (db *DB) GetExternalAccountKeyByReference(ctx context.Context, provisionerI
|
||||||
}
|
}
|
||||||
|
|
||||||
func (db *DB) GetExternalAccountKeyByAccountID(ctx context.Context, provisionerID, accountID string) (*acme.ExternalAccountKey, error) {
|
func (db *DB) GetExternalAccountKeyByAccountID(ctx context.Context, provisionerID, accountID string) (*acme.ExternalAccountKey, error) {
|
||||||
|
//nolint:nilnil // legacy
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -371,7 +372,6 @@ func sliceIndex(slice []string, item string) int {
|
||||||
// removeElement deletes the item if it exists in the
|
// removeElement deletes the item if it exists in the
|
||||||
// slice. It returns a new slice, keeping the old one intact.
|
// slice. It returns a new slice, keeping the old one intact.
|
||||||
func removeElement(slice []string, item string) []string {
|
func removeElement(slice []string, item string) []string {
|
||||||
|
|
||||||
newSlice := make([]string, 0)
|
newSlice := make([]string, 0)
|
||||||
index := sliceIndex(slice, item)
|
index := sliceIndex(slice, item)
|
||||||
if index < 0 {
|
if index < 0 {
|
||||||
|
|
|
@ -93,16 +93,16 @@ func TestDB_getDBExternalAccountKey(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
if dbeak, err := d.getDBExternalAccountKey(context.Background(), keyID); err != nil {
|
if dbeak, err := d.getDBExternalAccountKey(context.Background(), keyID); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *acme.Error
|
||||||
case *acme.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.acmeErr) {
|
if assert.NotNil(t, tc.acmeErr) {
|
||||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -210,16 +210,16 @@ func TestDB_GetExternalAccountKey(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
if eak, err := d.GetExternalAccountKey(context.Background(), provID, keyID); err != nil {
|
if eak, err := d.GetExternalAccountKey(context.Background(), provID, keyID); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *acme.Error
|
||||||
case *acme.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.acmeErr) {
|
if assert.NotNil(t, tc.acmeErr) {
|
||||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -374,16 +374,16 @@ func TestDB_GetExternalAccountKeyByReference(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
if eak, err := d.GetExternalAccountKeyByReference(context.Background(), provID, tc.ref); err != nil {
|
if eak, err := d.GetExternalAccountKeyByReference(context.Background(), provID, tc.ref); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *acme.Error
|
||||||
case *acme.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.acmeErr) {
|
if assert.NotNil(t, tc.acmeErr) {
|
||||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -580,16 +580,16 @@ func TestDB_GetExternalAccountKeys(t *testing.T) {
|
||||||
cursor, limit := "", 0
|
cursor, limit := "", 0
|
||||||
if eaks, nextCursor, err := d.GetExternalAccountKeys(context.Background(), provID, cursor, limit); err != nil {
|
if eaks, nextCursor, err := d.GetExternalAccountKeys(context.Background(), provID, cursor, limit); err != nil {
|
||||||
assert.Equals(t, "", nextCursor)
|
assert.Equals(t, "", nextCursor)
|
||||||
switch k := err.(type) {
|
var ae *acme.Error
|
||||||
case *acme.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.acmeErr) {
|
if assert.NotNil(t, tc.acmeErr) {
|
||||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.Equals(t, tc.err.Error(), err.Error())
|
assert.Equals(t, tc.err.Error(), err.Error())
|
||||||
}
|
}
|
||||||
|
@ -672,7 +672,7 @@ func TestDB_DeleteExternalAccountKey(t *testing.T) {
|
||||||
return errors.New("force default")
|
return errors.New("force default")
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
MCmpAndSwap: func(bucket, key, old, new []byte) ([]byte, bool, error) {
|
MCmpAndSwap: func(bucket, key, old, nu []byte) ([]byte, bool, error) {
|
||||||
fmt.Println(string(bucket))
|
fmt.Println(string(bucket))
|
||||||
switch string(bucket) {
|
switch string(bucket) {
|
||||||
case string(externalAccountKeyIDsByReferenceTable):
|
case string(externalAccountKeyIDsByReferenceTable):
|
||||||
|
@ -882,16 +882,16 @@ func TestDB_DeleteExternalAccountKey(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
if err := d.DeleteExternalAccountKey(context.Background(), provID, keyID); err != nil {
|
if err := d.DeleteExternalAccountKey(context.Background(), provID, keyID); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *acme.Error
|
||||||
case *acme.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.acmeErr) {
|
if assert.NotNil(t, tc.acmeErr) {
|
||||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.Equals(t, err.Error(), tc.err.Error())
|
assert.Equals(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
|
|
@ -146,16 +146,16 @@ func TestDB_DeleteNonce(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
if err := d.DeleteNonce(context.Background(), acme.Nonce(nonceID)); err != nil {
|
if err := d.DeleteNonce(context.Background(), acme.Nonce(nonceID)); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *acme.Error
|
||||||
case *acme.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.acmeErr) {
|
if assert.NotNil(t, tc.acmeErr) {
|
||||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
|
|
@ -102,16 +102,16 @@ func TestDB_getDBOrder(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
if dbo, err := d.getDBOrder(context.Background(), orderID); err != nil {
|
if dbo, err := d.getDBOrder(context.Background(), orderID); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *acme.Error
|
||||||
case *acme.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.acmeErr) {
|
if assert.NotNil(t, tc.acmeErr) {
|
||||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -206,16 +206,16 @@ func TestDB_GetOrder(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
if o, err := d.GetOrder(context.Background(), orderID); err != nil {
|
if o, err := d.GetOrder(context.Background(), orderID); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *acme.Error
|
||||||
case *acme.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.acmeErr) {
|
if assert.NotNil(t, tc.acmeErr) {
|
||||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -1003,16 +1003,16 @@ func TestDB_updateAddOrderIDs(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
switch k := err.(type) {
|
var ae *acme.Error
|
||||||
case *acme.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.acmeErr) {
|
if assert.NotNil(t, tc.acmeErr) {
|
||||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
|
|
@ -310,10 +310,11 @@ func NewErrorISE(msg string, args ...interface{}) *Error {
|
||||||
|
|
||||||
// WrapError attempts to wrap the internal error.
|
// WrapError attempts to wrap the internal error.
|
||||||
func WrapError(typ ProblemType, err error, msg string, args ...interface{}) *Error {
|
func WrapError(typ ProblemType, err error, msg string, args ...interface{}) *Error {
|
||||||
switch e := err.(type) {
|
var e *Error
|
||||||
case nil:
|
switch {
|
||||||
|
case err == nil:
|
||||||
return nil
|
return nil
|
||||||
case *Error:
|
case errors.As(err, &e):
|
||||||
if e.Err == nil {
|
if e.Err == nil {
|
||||||
e.Err = errors.Errorf(msg+"; "+e.Detail, args...)
|
e.Err = errors.Errorf(msg+"; "+e.Detail, args...)
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -324,7 +324,6 @@ func numberOfIdentifierType(typ IdentifierType, ids []Identifier) int {
|
||||||
// addresses or DNS names slice, depending on whether it can be parsed as an IP
|
// addresses or DNS names slice, depending on whether it can be parsed as an IP
|
||||||
// or not. This might result in an additional SAN in the final certificate.
|
// or not. This might result in an additional SAN in the final certificate.
|
||||||
func canonicalize(csr *x509.CertificateRequest) (canonicalized *x509.CertificateRequest) {
|
func canonicalize(csr *x509.CertificateRequest) (canonicalized *x509.CertificateRequest) {
|
||||||
|
|
||||||
// for clarity only; we're operating on the same object by pointer
|
// for clarity only; we're operating on the same object by pointer
|
||||||
canonicalized = csr
|
canonicalized = csr
|
||||||
|
|
||||||
|
|
|
@ -247,14 +247,14 @@ func TestOrder_UpdateStatus(t *testing.T) {
|
||||||
tc := run(t)
|
tc := run(t)
|
||||||
if err := tc.o.UpdateStatus(context.Background(), tc.db); err != nil {
|
if err := tc.o.UpdateStatus(context.Background(), tc.db); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
switch k := err.(type) {
|
var k *Error
|
||||||
case *Error:
|
if errors.As(err, &k) {
|
||||||
assert.Equals(t, k.Type, tc.err.Type)
|
assert.Equals(t, k.Type, tc.err.Type)
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
assert.Equals(t, k.Status, tc.err.Status)
|
assert.Equals(t, k.Status, tc.err.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
default:
|
} else {
|
||||||
assert.FatalError(t, errors.New("unexpected error type"))
|
assert.FatalError(t, errors.New("unexpected error type"))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -812,14 +812,14 @@ func TestOrder_Finalize(t *testing.T) {
|
||||||
tc := run(t)
|
tc := run(t)
|
||||||
if err := tc.o.Finalize(context.Background(), tc.db, tc.csr, tc.ca, tc.prov); err != nil {
|
if err := tc.o.Finalize(context.Background(), tc.db, tc.csr, tc.ca, tc.prov); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
switch k := err.(type) {
|
var k *Error
|
||||||
case *Error:
|
if errors.As(err, &k) {
|
||||||
assert.Equals(t, k.Type, tc.err.Type)
|
assert.Equals(t, k.Type, tc.err.Type)
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
assert.Equals(t, k.Status, tc.err.Status)
|
assert.Equals(t, k.Status, tc.err.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||||
default:
|
} else {
|
||||||
assert.FatalError(t, errors.New("unexpected error type"))
|
assert.FatalError(t, errors.New("unexpected error type"))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1474,14 +1474,14 @@ func TestOrder_sans(t *testing.T) {
|
||||||
t.Errorf("Order.sans() = %v, want error; got none", got)
|
t.Errorf("Order.sans() = %v, want error; got none", got)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
switch k := err.(type) {
|
var k *Error
|
||||||
case *Error:
|
if errors.As(err, &k) {
|
||||||
assert.Equals(t, k.Type, tt.err.Type)
|
assert.Equals(t, k.Type, tt.err.Type)
|
||||||
assert.Equals(t, k.Detail, tt.err.Detail)
|
assert.Equals(t, k.Detail, tt.err.Detail)
|
||||||
assert.Equals(t, k.Status, tt.err.Status)
|
assert.Equals(t, k.Status, tt.err.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tt.err.Err.Error())
|
assert.Equals(t, k.Err.Error(), tt.err.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tt.err.Detail)
|
assert.Equals(t, k.Detail, tt.err.Detail)
|
||||||
default:
|
} else {
|
||||||
assert.FatalError(t, errors.New("unexpected error type"))
|
assert.FatalError(t, errors.New("unexpected error type"))
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
|
|
|
@ -3,7 +3,7 @@ package api
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"crypto"
|
"crypto"
|
||||||
"crypto/dsa" //nolint
|
"crypto/dsa" //nolint:staticcheck // support legacy algorithms
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
"crypto/ed25519"
|
"crypto/ed25519"
|
||||||
"crypto/rsa"
|
"crypto/rsa"
|
||||||
|
|
|
@ -21,6 +21,16 @@ type StackTracedError interface {
|
||||||
StackTrace() errors.StackTrace
|
StackTrace() errors.StackTrace
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// AsStackTracedError attempts to return the input error cast to a
|
||||||
|
// StackTracedError interface.
|
||||||
|
func AsStackTracedError(err error) (StackTracedError, bool) {
|
||||||
|
//nolint:errorlint // ignore type assertion warning. casting to interface is hard.
|
||||||
|
if st, ok := err.(StackTracedError); ok {
|
||||||
|
return st, ok
|
||||||
|
}
|
||||||
|
return nil, false
|
||||||
|
}
|
||||||
|
|
||||||
// Error adds to the response writer the given error if it implements
|
// Error adds to the response writer the given error if it implements
|
||||||
// logging.ResponseLogger. If it does not implement it, then writes the error
|
// logging.ResponseLogger. If it does not implement it, then writes the error
|
||||||
// using the log package.
|
// using the log package.
|
||||||
|
@ -38,8 +48,9 @@ func Error(rw http.ResponseWriter, err error) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
e, ok := err.(StackTracedError)
|
e, ok := AsStackTracedError(err)
|
||||||
if !ok {
|
if !ok {
|
||||||
|
//nolint:errorlint // ignore type assertion warning. casting to interface is hard.
|
||||||
e, ok = errors.Cause(err).(StackTracedError)
|
e, ok = errors.Cause(err).(StackTracedError)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -41,8 +41,8 @@ func TestJSON(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if tt.wantErr {
|
if tt.wantErr {
|
||||||
e, ok := err.(*errs.Error)
|
var e *errs.Error
|
||||||
if ok {
|
if errors.As(err, &e) {
|
||||||
if code := e.StatusCode(); code != 400 {
|
if code := e.StatusCode(); code != 400 {
|
||||||
t.Errorf("error.StatusCode() = %v, wants 400", code)
|
t.Errorf("error.StatusCode() = %v, wants 400", code)
|
||||||
}
|
}
|
||||||
|
@ -102,15 +102,16 @@ func TestProtoJSON(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if tt.wantErr {
|
if tt.wantErr {
|
||||||
switch err.(type) {
|
var (
|
||||||
case badProtoJSONError:
|
ee *errs.Error
|
||||||
|
bpe badProtoJSONError
|
||||||
|
)
|
||||||
|
switch {
|
||||||
|
case errors.As(err, &bpe):
|
||||||
assert.Contains(t, err.Error(), "syntax error")
|
assert.Contains(t, err.Error(), "syntax error")
|
||||||
case *errs.Error:
|
case errors.As(err, &ee):
|
||||||
var ee *errs.Error
|
|
||||||
if errors.As(err, &ee) {
|
|
||||||
assert.Equal(t, http.StatusBadRequest, ee.Status)
|
assert.Equal(t, http.StatusBadRequest, ee.Status)
|
||||||
}
|
}
|
||||||
}
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -72,12 +72,22 @@ type RenderableError interface {
|
||||||
Render(http.ResponseWriter)
|
Render(http.ResponseWriter)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// AsRenderableError attempts to return an error type that implements the
|
||||||
|
// RenderableError interface.
|
||||||
|
func AsRenderableError(err error) (RenderableError, bool) {
|
||||||
|
//nolint:errorlint // ignore type assertion warning. casting to interface is hard.
|
||||||
|
if r, ok := err.(RenderableError); ok {
|
||||||
|
return r, true
|
||||||
|
}
|
||||||
|
return nil, false
|
||||||
|
}
|
||||||
|
|
||||||
// Error marshals the JSON representation of err to w. In case err implements
|
// Error marshals the JSON representation of err to w. In case err implements
|
||||||
// RenderableError its own Render method will be called instead.
|
// RenderableError its own Render method will be called instead.
|
||||||
func Error(w http.ResponseWriter, err error) {
|
func Error(w http.ResponseWriter, err error) {
|
||||||
log.Error(w, err)
|
log.Error(w, err)
|
||||||
|
|
||||||
if e, ok := err.(RenderableError); ok {
|
if e, ok := AsRenderableError(err); ok {
|
||||||
e.Render(w)
|
e.Render(w)
|
||||||
|
|
||||||
return
|
return
|
||||||
|
@ -97,6 +107,16 @@ type StatusCodedError interface {
|
||||||
StatusCode() int
|
StatusCode() int
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// AsStatusCodedError attempts to return an error type that implements the
|
||||||
|
// StatusCodedError interface.
|
||||||
|
func AsStatusCodedError(err error) (StatusCodedError, bool) {
|
||||||
|
//nolint:errorlint // ignore type assertion warning. casting to interface is hard.
|
||||||
|
if sc, ok := err.(StatusCodedError); ok {
|
||||||
|
return sc, true
|
||||||
|
}
|
||||||
|
return nil, false
|
||||||
|
}
|
||||||
|
|
||||||
func statusCodeFromError(err error) (code int) {
|
func statusCodeFromError(err error) (code int) {
|
||||||
code = http.StatusInternalServerError
|
code = http.StatusInternalServerError
|
||||||
|
|
||||||
|
@ -105,12 +125,13 @@ func statusCodeFromError(err error) (code int) {
|
||||||
}
|
}
|
||||||
|
|
||||||
for err != nil {
|
for err != nil {
|
||||||
if sc, ok := err.(StatusCodedError); ok {
|
if sc, ok := AsStatusCodedError(err); ok {
|
||||||
code = sc.StatusCode()
|
code = sc.StatusCode()
|
||||||
|
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//nolint:errorlint // ignore type assertion warning. casting to interface is hard.
|
||||||
cause, ok := err.(causer)
|
cause, ok := err.(causer)
|
||||||
if !ok {
|
if !ok {
|
||||||
break
|
break
|
||||||
|
|
|
@ -62,12 +62,12 @@ func TestRevokeRequestValidate(t *testing.T) {
|
||||||
for name, tc := range tests {
|
for name, tc := range tests {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
if err := tc.rr.Validate(); err != nil {
|
if err := tc.rr.Validate(); err != nil {
|
||||||
switch v := err.(type) {
|
var ee *errs.Error
|
||||||
case *errs.Error:
|
if errors.As(err, &ee) {
|
||||||
assert.HasPrefix(t, v.Error(), tc.err.Error())
|
assert.HasPrefix(t, ee.Error(), tc.err.Error())
|
||||||
assert.Equals(t, v.StatusCode(), tc.err.Status)
|
assert.Equals(t, ee.StatusCode(), tc.err.Status)
|
||||||
default:
|
} else {
|
||||||
t.Errorf("unexpected error type: %T", v)
|
t.Errorf("unexpected error type: %T", err)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
assert.Nil(t, tc.err)
|
assert.Nil(t, tc.err)
|
||||||
|
|
|
@ -84,7 +84,6 @@ func (h *acmeAdminResponder) DeleteExternalAccountKey(w http.ResponseWriter, r *
|
||||||
}
|
}
|
||||||
|
|
||||||
func eakToLinked(k *acme.ExternalAccountKey) *linkedca.EABKey {
|
func eakToLinked(k *acme.ExternalAccountKey) *linkedca.EABKey {
|
||||||
|
|
||||||
if k == nil {
|
if k == nil {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -229,12 +229,14 @@ func TestCreateAdminRequest_Validate(t *testing.T) {
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
assert.Type(t, &admin.Error{}, err)
|
assert.Type(t, &admin.Error{}, err)
|
||||||
adminErr, _ := err.(*admin.Error)
|
var adminErr *admin.Error
|
||||||
|
if assert.True(t, errors.As(err, &adminErr)) {
|
||||||
assert.Equals(t, tt.err.Type, adminErr.Type)
|
assert.Equals(t, tt.err.Type, adminErr.Type)
|
||||||
assert.Equals(t, tt.err.Detail, adminErr.Detail)
|
assert.Equals(t, tt.err.Detail, adminErr.Detail)
|
||||||
assert.Equals(t, tt.err.Status, adminErr.Status)
|
assert.Equals(t, tt.err.Status, adminErr.Status)
|
||||||
assert.Equals(t, tt.err.Message, adminErr.Message)
|
assert.Equals(t, tt.err.Message, adminErr.Message)
|
||||||
}
|
}
|
||||||
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -278,11 +280,13 @@ func TestUpdateAdminRequest_Validate(t *testing.T) {
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
assert.Type(t, &admin.Error{}, err)
|
assert.Type(t, &admin.Error{}, err)
|
||||||
adminErr, _ := err.(*admin.Error)
|
var ae *admin.Error
|
||||||
assert.Equals(t, tt.err.Type, adminErr.Type)
|
if assert.True(t, errors.As(err, &ae)) {
|
||||||
assert.Equals(t, tt.err.Detail, adminErr.Detail)
|
assert.Equals(t, tt.err.Type, ae.Type)
|
||||||
assert.Equals(t, tt.err.Status, adminErr.Status)
|
assert.Equals(t, tt.err.Detail, ae.Detail)
|
||||||
assert.Equals(t, tt.err.Message, adminErr.Message)
|
assert.Equals(t, tt.err.Status, ae.Status)
|
||||||
|
assert.Equals(t, tt.err.Message, ae.Message)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,7 +30,6 @@ func requireAPIEnabled(next http.HandlerFunc) http.HandlerFunc {
|
||||||
// extractAuthorizeTokenAdmin is a middleware that extracts and caches the bearer token.
|
// extractAuthorizeTokenAdmin is a middleware that extracts and caches the bearer token.
|
||||||
func extractAuthorizeTokenAdmin(next http.HandlerFunc) http.HandlerFunc {
|
func extractAuthorizeTokenAdmin(next http.HandlerFunc) http.HandlerFunc {
|
||||||
return func(w http.ResponseWriter, r *http.Request) {
|
return func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
||||||
tok := r.Header.Get("Authorization")
|
tok := r.Header.Get("Authorization")
|
||||||
if tok == "" {
|
if tok == "" {
|
||||||
render.Error(w, admin.NewError(admin.ErrorUnauthorizedType,
|
render.Error(w, admin.NewError(admin.ErrorUnauthorizedType,
|
||||||
|
|
|
@ -50,7 +50,8 @@ func (par *policyAdminResponder) GetAuthorityPolicy(w http.ResponseWriter, r *ht
|
||||||
|
|
||||||
auth := mustAuthority(ctx)
|
auth := mustAuthority(ctx)
|
||||||
authorityPolicy, err := auth.GetAuthorityPolicy(r.Context())
|
authorityPolicy, err := auth.GetAuthorityPolicy(r.Context())
|
||||||
if ae, ok := err.(*admin.Error); ok && !ae.IsType(admin.ErrorNotFoundType) {
|
var ae *admin.Error
|
||||||
|
if errors.As(err, &ae) && !ae.IsType(admin.ErrorNotFoundType) {
|
||||||
render.Error(w, admin.WrapErrorISE(ae, "error retrieving authority policy"))
|
render.Error(w, admin.WrapErrorISE(ae, "error retrieving authority policy"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -74,7 +75,8 @@ func (par *policyAdminResponder) CreateAuthorityPolicy(w http.ResponseWriter, r
|
||||||
auth := mustAuthority(ctx)
|
auth := mustAuthority(ctx)
|
||||||
authorityPolicy, err := auth.GetAuthorityPolicy(ctx)
|
authorityPolicy, err := auth.GetAuthorityPolicy(ctx)
|
||||||
|
|
||||||
if ae, ok := err.(*admin.Error); ok && !ae.IsType(admin.ErrorNotFoundType) {
|
var ae *admin.Error
|
||||||
|
if errors.As(err, &ae) && !ae.IsType(admin.ErrorNotFoundType) {
|
||||||
render.Error(w, admin.WrapErrorISE(err, "error retrieving authority policy"))
|
render.Error(w, admin.WrapErrorISE(err, "error retrieving authority policy"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -125,7 +127,8 @@ func (par *policyAdminResponder) UpdateAuthorityPolicy(w http.ResponseWriter, r
|
||||||
auth := mustAuthority(ctx)
|
auth := mustAuthority(ctx)
|
||||||
authorityPolicy, err := auth.GetAuthorityPolicy(ctx)
|
authorityPolicy, err := auth.GetAuthorityPolicy(ctx)
|
||||||
|
|
||||||
if ae, ok := err.(*admin.Error); ok && !ae.IsType(admin.ErrorNotFoundType) {
|
var ae *admin.Error
|
||||||
|
if errors.As(err, &ae) && !ae.IsType(admin.ErrorNotFoundType) {
|
||||||
render.Error(w, admin.WrapErrorISE(err, "error retrieving authority policy"))
|
render.Error(w, admin.WrapErrorISE(err, "error retrieving authority policy"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -175,7 +178,8 @@ func (par *policyAdminResponder) DeleteAuthorityPolicy(w http.ResponseWriter, r
|
||||||
auth := mustAuthority(ctx)
|
auth := mustAuthority(ctx)
|
||||||
authorityPolicy, err := auth.GetAuthorityPolicy(ctx)
|
authorityPolicy, err := auth.GetAuthorityPolicy(ctx)
|
||||||
|
|
||||||
if ae, ok := err.(*admin.Error); ok && !ae.IsType(admin.ErrorNotFoundType) {
|
var ae *admin.Error
|
||||||
|
if errors.As(err, &ae) && !ae.IsType(admin.ErrorNotFoundType) {
|
||||||
render.Error(w, admin.WrapErrorISE(ae, "error retrieving authority policy"))
|
render.Error(w, admin.WrapErrorISE(ae, "error retrieving authority policy"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -468,7 +472,6 @@ func isBadRequest(err error) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
func validatePolicy(p *linkedca.Policy) error {
|
func validatePolicy(p *linkedca.Policy) error {
|
||||||
|
|
||||||
// convert the policy; return early if nil
|
// convert the policy; return early if nil
|
||||||
options := policy.LinkedToCertificates(p)
|
options := policy.LinkedToCertificates(p)
|
||||||
if options == nil {
|
if options == nil {
|
||||||
|
|
|
@ -111,14 +111,14 @@ func (db *DB) GetAdmins(ctx context.Context) ([]*linkedca.Admin, error) {
|
||||||
for _, entry := range dbEntries {
|
for _, entry := range dbEntries {
|
||||||
adm, err := db.unmarshalAdmin(entry.Value, string(entry.Key))
|
adm, err := db.unmarshalAdmin(entry.Value, string(entry.Key))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if k.IsType(admin.ErrorDeletedType) || k.IsType(admin.ErrorAuthorityMismatchType) {
|
if ae.IsType(admin.ErrorDeletedType) || ae.IsType(admin.ErrorAuthorityMismatchType) {
|
||||||
continue
|
continue
|
||||||
} else {
|
} else {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -68,16 +68,16 @@ func TestDB_getDBAdminBytes(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
if b, err := d.getDBAdminBytes(context.Background(), adminID); err != nil {
|
if b, err := d.getDBAdminBytes(context.Background(), adminID); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -192,16 +192,16 @@ func TestDB_getDBAdmin(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||||
if dba, err := d.getDBAdmin(context.Background(), adminID); err != nil {
|
if dba, err := d.getDBAdmin(context.Background(), adminID); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -280,16 +280,16 @@ func TestDB_unmarshalDBAdmin(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{authorityID: admin.DefaultAuthorityID}
|
d := DB{authorityID: admin.DefaultAuthorityID}
|
||||||
if dba, err := d.unmarshalDBAdmin(tc.in, adminID); err != nil {
|
if dba, err := d.unmarshalDBAdmin(tc.in, adminID); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -355,16 +355,16 @@ func TestDB_unmarshalAdmin(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{authorityID: admin.DefaultAuthorityID}
|
d := DB{authorityID: admin.DefaultAuthorityID}
|
||||||
if adm, err := d.unmarshalAdmin(tc.in, adminID); err != nil {
|
if adm, err := d.unmarshalAdmin(tc.in, adminID); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -509,16 +509,16 @@ func TestDB_GetAdmin(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||||
if adm, err := d.GetAdmin(context.Background(), adminID); err != nil {
|
if adm, err := d.GetAdmin(context.Background(), adminID); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -661,16 +661,16 @@ func TestDB_DeleteAdmin(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||||
if err := d.DeleteAdmin(context.Background(), adminID); err != nil {
|
if err := d.DeleteAdmin(context.Background(), adminID); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -812,16 +812,16 @@ func TestDB_UpdateAdmin(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||||
if err := d.UpdateAdmin(context.Background(), tc.adm); err != nil {
|
if err := d.UpdateAdmin(context.Background(), tc.adm); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -910,16 +910,16 @@ func TestDB_CreateAdmin(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||||
if err := d.CreateAdmin(context.Background(), tc.adm); err != nil {
|
if err := d.CreateAdmin(context.Background(), tc.adm); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -1086,16 +1086,16 @@ func TestDB_GetAdmins(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||||
if admins, err := d.GetAdmins(context.Background()); err != nil {
|
if admins, err := d.GetAdmins(context.Background()); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
|
|
@ -83,6 +83,7 @@ func (db *DB) getDBAuthorityPolicyBytes(ctx context.Context, authorityID string)
|
||||||
|
|
||||||
func (db *DB) unmarshalDBAuthorityPolicy(data []byte) (*dbAuthorityPolicy, error) {
|
func (db *DB) unmarshalDBAuthorityPolicy(data []byte) (*dbAuthorityPolicy, error) {
|
||||||
if len(data) == 0 {
|
if len(data) == 0 {
|
||||||
|
//nolint:nilnil // legacy
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
var dba = new(dbAuthorityPolicy)
|
var dba = new(dbAuthorityPolicy)
|
||||||
|
@ -102,6 +103,7 @@ func (db *DB) getDBAuthorityPolicy(ctx context.Context, authorityID string) (*db
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
if dbap == nil {
|
if dbap == nil {
|
||||||
|
//nolint:nilnil // legacy
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
if dbap.AuthorityID != authorityID {
|
if dbap.AuthorityID != authorityID {
|
||||||
|
@ -112,7 +114,6 @@ func (db *DB) getDBAuthorityPolicy(ctx context.Context, authorityID string) (*db
|
||||||
}
|
}
|
||||||
|
|
||||||
func (db *DB) CreateAuthorityPolicy(ctx context.Context, policy *linkedca.Policy) error {
|
func (db *DB) CreateAuthorityPolicy(ctx context.Context, policy *linkedca.Policy) error {
|
||||||
|
|
||||||
dbap := &dbAuthorityPolicy{
|
dbap := &dbAuthorityPolicy{
|
||||||
ID: db.authorityID,
|
ID: db.authorityID,
|
||||||
AuthorityID: db.authorityID,
|
AuthorityID: db.authorityID,
|
||||||
|
@ -228,7 +229,6 @@ func dbToLinked(p *dbPolicy) *linkedca.Policy {
|
||||||
}
|
}
|
||||||
|
|
||||||
func linkedToDB(p *linkedca.Policy) *dbPolicy {
|
func linkedToDB(p *linkedca.Policy) *dbPolicy {
|
||||||
|
|
||||||
if p == nil {
|
if p == nil {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -72,16 +72,16 @@ func TestDB_getDBAuthorityPolicyBytes(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
if b, err := d.getDBAuthorityPolicyBytes(tc.ctx, tc.authorityID); err != nil {
|
if b, err := d.getDBAuthorityPolicyBytes(tc.ctx, tc.authorityID); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -208,16 +208,16 @@ func TestDB_getDBAuthorityPolicy(t *testing.T) {
|
||||||
dbp, err := d.getDBAuthorityPolicy(tc.ctx, tc.authorityID)
|
dbp, err := d.getDBAuthorityPolicy(tc.ctx, tc.authorityID)
|
||||||
switch {
|
switch {
|
||||||
case err != nil:
|
case err != nil:
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -309,16 +309,16 @@ func TestDB_CreateAuthorityPolicy(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db, authorityID: tc.authorityID}
|
d := DB{db: tc.db, authorityID: tc.authorityID}
|
||||||
if err := d.CreateAuthorityPolicy(tc.ctx, tc.policy); err != nil {
|
if err := d.CreateAuthorityPolicy(tc.ctx, tc.policy); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -406,16 +406,16 @@ func TestDB_GetAuthorityPolicy(t *testing.T) {
|
||||||
d := DB{db: tc.db, authorityID: tc.authorityID}
|
d := DB{db: tc.db, authorityID: tc.authorityID}
|
||||||
got, err := d.GetAuthorityPolicy(tc.ctx)
|
got, err := d.GetAuthorityPolicy(tc.ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -578,16 +578,16 @@ func TestDB_UpdateAuthorityPolicy(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db, authorityID: tc.authorityID}
|
d := DB{db: tc.db, authorityID: tc.authorityID}
|
||||||
if err := d.UpdateAuthorityPolicy(tc.ctx, tc.policy); err != nil {
|
if err := d.UpdateAuthorityPolicy(tc.ctx, tc.policy); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -718,16 +718,16 @@ func TestDB_DeleteAuthorityPolicy(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db, authorityID: tc.authorityID}
|
d := DB{db: tc.db, authorityID: tc.authorityID}
|
||||||
if err := d.DeleteAuthorityPolicy(tc.ctx); err != nil {
|
if err := d.DeleteAuthorityPolicy(tc.ctx); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
|
|
@ -122,14 +122,14 @@ func (db *DB) GetProvisioners(ctx context.Context) ([]*linkedca.Provisioner, err
|
||||||
for _, entry := range dbEntries {
|
for _, entry := range dbEntries {
|
||||||
prov, err := db.unmarshalProvisioner(entry.Value, string(entry.Key))
|
prov, err := db.unmarshalProvisioner(entry.Value, string(entry.Key))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if k.IsType(admin.ErrorDeletedType) || k.IsType(admin.ErrorAuthorityMismatchType) {
|
if ae.IsType(admin.ErrorDeletedType) || ae.IsType(admin.ErrorAuthorityMismatchType) {
|
||||||
continue
|
continue
|
||||||
} else {
|
} else {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -67,16 +67,16 @@ func TestDB_getDBProvisionerBytes(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db}
|
d := DB{db: tc.db}
|
||||||
if b, err := d.getDBProvisionerBytes(context.Background(), provID); err != nil {
|
if b, err := d.getDBProvisionerBytes(context.Background(), provID); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -189,16 +189,16 @@ func TestDB_getDBProvisioner(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||||
if dbp, err := d.getDBProvisioner(context.Background(), provID); err != nil {
|
if dbp, err := d.getDBProvisioner(context.Background(), provID); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -275,16 +275,16 @@ func TestDB_unmarshalDBProvisioner(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{authorityID: admin.DefaultAuthorityID}
|
d := DB{authorityID: admin.DefaultAuthorityID}
|
||||||
if dbp, err := d.unmarshalDBProvisioner(tc.in, provID); err != nil {
|
if dbp, err := d.unmarshalDBProvisioner(tc.in, provID); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -397,16 +397,16 @@ func TestDB_unmarshalProvisioner(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{authorityID: admin.DefaultAuthorityID}
|
d := DB{authorityID: admin.DefaultAuthorityID}
|
||||||
if prov, err := d.unmarshalProvisioner(tc.in, provID); err != nil {
|
if prov, err := d.unmarshalProvisioner(tc.in, provID); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -535,16 +535,16 @@ func TestDB_GetProvisioner(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||||
if prov, err := d.GetProvisioner(context.Background(), provID); err != nil {
|
if prov, err := d.GetProvisioner(context.Background(), provID); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -683,16 +683,16 @@ func TestDB_DeleteProvisioner(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||||
if err := d.DeleteProvisioner(context.Background(), provID); err != nil {
|
if err := d.DeleteProvisioner(context.Background(), provID); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -844,16 +844,16 @@ func TestDB_GetProvisioners(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||||
if provs, err := d.GetProvisioners(context.Background()); err != nil {
|
if provs, err := d.GetProvisioners(context.Background()); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -952,16 +952,16 @@ func TestDB_CreateProvisioner(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||||
if err := d.CreateProvisioner(context.Background(), tc.prov); err != nil {
|
if err := d.CreateProvisioner(context.Background(), tc.prov); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
@ -1188,16 +1188,16 @@ func TestDB_UpdateProvisioner(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||||
if err := d.UpdateProvisioner(context.Background(), tc.prov); err != nil {
|
if err := d.UpdateProvisioner(context.Background(), tc.prov); err != nil {
|
||||||
switch k := err.(type) {
|
var ae *admin.Error
|
||||||
case *admin.Error:
|
if errors.As(err, &ae) {
|
||||||
if assert.NotNil(t, tc.adminErr) {
|
if assert.NotNil(t, tc.adminErr) {
|
||||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||||
}
|
}
|
||||||
default:
|
} else {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
}
|
}
|
||||||
|
|
|
@ -156,16 +156,17 @@ func NewErrorISE(msg string, args ...interface{}) *Error {
|
||||||
|
|
||||||
// WrapError attempts to wrap the internal error.
|
// WrapError attempts to wrap the internal error.
|
||||||
func WrapError(typ ProblemType, err error, msg string, args ...interface{}) *Error {
|
func WrapError(typ ProblemType, err error, msg string, args ...interface{}) *Error {
|
||||||
switch e := err.(type) {
|
var ee *Error
|
||||||
case nil:
|
switch {
|
||||||
|
case err == nil:
|
||||||
return nil
|
return nil
|
||||||
case *Error:
|
case errors.As(err, &ee):
|
||||||
if e.Err == nil {
|
if ee.Err == nil {
|
||||||
e.Err = errors.Errorf(msg+"; "+e.Detail, args...)
|
ee.Err = errors.Errorf(msg+"; "+ee.Detail, args...)
|
||||||
} else {
|
} else {
|
||||||
e.Err = errors.Wrapf(e.Err, msg, args...)
|
ee.Err = errors.Wrapf(ee.Err, msg, args...)
|
||||||
}
|
}
|
||||||
return e
|
return ee
|
||||||
default:
|
default:
|
||||||
return newError(typ, errors.Wrapf(err, msg, args...))
|
return newError(typ, errors.Wrapf(err, msg, args...))
|
||||||
}
|
}
|
||||||
|
|
|
@ -368,7 +368,7 @@ func (a *Authority) init() error {
|
||||||
}
|
}
|
||||||
options.Signer, err = a.keyManager.CreateSigner(&kmsapi.CreateSignerRequest{
|
options.Signer, err = a.keyManager.CreateSigner(&kmsapi.CreateSignerRequest{
|
||||||
SigningKey: a.config.IntermediateKey,
|
SigningKey: a.config.IntermediateKey,
|
||||||
Password: []byte(a.password),
|
Password: a.password,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -434,7 +434,7 @@ func (a *Authority) init() error {
|
||||||
if a.config.SSH.HostKey != "" {
|
if a.config.SSH.HostKey != "" {
|
||||||
signer, err := a.keyManager.CreateSigner(&kmsapi.CreateSignerRequest{
|
signer, err := a.keyManager.CreateSigner(&kmsapi.CreateSignerRequest{
|
||||||
SigningKey: a.config.SSH.HostKey,
|
SigningKey: a.config.SSH.HostKey,
|
||||||
Password: []byte(a.sshHostPassword),
|
Password: a.sshHostPassword,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -460,7 +460,7 @@ func (a *Authority) init() error {
|
||||||
if a.config.SSH.UserKey != "" {
|
if a.config.SSH.UserKey != "" {
|
||||||
signer, err := a.keyManager.CreateSigner(&kmsapi.CreateSignerRequest{
|
signer, err := a.keyManager.CreateSigner(&kmsapi.CreateSignerRequest{
|
||||||
SigningKey: a.config.SSH.UserKey,
|
SigningKey: a.config.SSH.UserKey,
|
||||||
Password: []byte(a.sshUserPassword),
|
Password: a.sshUserPassword,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -545,7 +545,7 @@ func (a *Authority) init() error {
|
||||||
options.CertificateChain = append(options.CertificateChain, a.rootX509Certs...)
|
options.CertificateChain = append(options.CertificateChain, a.rootX509Certs...)
|
||||||
options.Signer, err = a.keyManager.CreateSigner(&kmsapi.CreateSignerRequest{
|
options.Signer, err = a.keyManager.CreateSigner(&kmsapi.CreateSignerRequest{
|
||||||
SigningKey: a.config.IntermediateKey,
|
SigningKey: a.config.IntermediateKey,
|
||||||
Password: []byte(a.password),
|
Password: a.password,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -554,7 +554,7 @@ func (a *Authority) init() error {
|
||||||
if km, ok := a.keyManager.(kmsapi.Decrypter); ok {
|
if km, ok := a.keyManager.(kmsapi.Decrypter); ok {
|
||||||
options.Decrypter, err = km.CreateDecrypter(&kmsapi.CreateDecrypterRequest{
|
options.Decrypter, err = km.CreateDecrypter(&kmsapi.CreateDecrypterRequest{
|
||||||
DecryptionKey: a.config.IntermediateKey,
|
DecryptionKey: a.config.IntermediateKey,
|
||||||
Password: []byte(a.password),
|
Password: a.password,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
|
@ -12,6 +12,7 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/pkg/errors"
|
||||||
"github.com/smallstep/certificates/authority/admin"
|
"github.com/smallstep/certificates/authority/admin"
|
||||||
"github.com/smallstep/certificates/authority/provisioner"
|
"github.com/smallstep/certificates/authority/provisioner"
|
||||||
"github.com/smallstep/certificates/errs"
|
"github.com/smallstep/certificates/errs"
|
||||||
|
@ -416,16 +417,16 @@ func (a *Authority) AuthorizeRenewToken(ctx context.Context, ott string) (*x509.
|
||||||
Subject: leaf.Subject.CommonName,
|
Subject: leaf.Subject.CommonName,
|
||||||
Time: time.Now().UTC(),
|
Time: time.Now().UTC(),
|
||||||
}, time.Minute); err != nil {
|
}, time.Minute); err != nil {
|
||||||
switch err {
|
switch {
|
||||||
case jose.ErrInvalidIssuer:
|
case errors.Is(err, jose.ErrInvalidIssuer):
|
||||||
return nil, errs.UnauthorizedErr(err, errs.WithMessage("error validating renew token: invalid issuer claim (iss)"))
|
return nil, errs.UnauthorizedErr(err, errs.WithMessage("error validating renew token: invalid issuer claim (iss)"))
|
||||||
case jose.ErrInvalidSubject:
|
case errors.Is(err, jose.ErrInvalidSubject):
|
||||||
return nil, errs.UnauthorizedErr(err, errs.WithMessage("error validating renew token: invalid subject claim (sub)"))
|
return nil, errs.UnauthorizedErr(err, errs.WithMessage("error validating renew token: invalid subject claim (sub)"))
|
||||||
case jose.ErrNotValidYet:
|
case errors.Is(err, jose.ErrNotValidYet):
|
||||||
return nil, errs.UnauthorizedErr(err, errs.WithMessage("error validating renew token: token not valid yet (nbf)"))
|
return nil, errs.UnauthorizedErr(err, errs.WithMessage("error validating renew token: token not valid yet (nbf)"))
|
||||||
case jose.ErrExpired:
|
case errors.Is(err, jose.ErrExpired):
|
||||||
return nil, errs.UnauthorizedErr(err, errs.WithMessage("error validating renew token: token is expired (exp)"))
|
return nil, errs.UnauthorizedErr(err, errs.WithMessage("error validating renew token: token is expired (exp)"))
|
||||||
case jose.ErrIssuedInTheFuture:
|
case errors.Is(err, jose.ErrIssuedInTheFuture):
|
||||||
return nil, errs.UnauthorizedErr(err, errs.WithMessage("error validating renew token: token issued in the future (iat)"))
|
return nil, errs.UnauthorizedErr(err, errs.WithMessage("error validating renew token: token issued in the future (iat)"))
|
||||||
default:
|
default:
|
||||||
return nil, errs.UnauthorizedErr(err, errs.WithMessage("error validating renew token"))
|
return nil, errs.UnauthorizedErr(err, errs.WithMessage("error validating renew token"))
|
||||||
|
|
|
@ -313,7 +313,7 @@ func TestAuthority_authorizeToken(t *testing.T) {
|
||||||
p, err := tc.auth.authorizeToken(context.Background(), tc.token)
|
p, err := tc.auth.authorizeToken(context.Background(), tc.token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
@ -399,7 +399,7 @@ func TestAuthority_authorizeRevoke(t *testing.T) {
|
||||||
|
|
||||||
if err := tc.auth.authorizeRevoke(context.Background(), tc.token); err != nil {
|
if err := tc.auth.authorizeRevoke(context.Background(), tc.token); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
@ -484,7 +484,7 @@ func TestAuthority_authorizeSign(t *testing.T) {
|
||||||
got, err := tc.auth.authorizeSign(context.Background(), tc.token)
|
got, err := tc.auth.authorizeSign(context.Background(), tc.token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
@ -743,13 +743,13 @@ func TestAuthority_Authorize(t *testing.T) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if assert.NotNil(t, tc.err, fmt.Sprintf("unexpected error: %s", err)) {
|
if assert.NotNil(t, tc.err, fmt.Sprintf("unexpected error: %s", err)) {
|
||||||
assert.Nil(t, got)
|
assert.Nil(t, got)
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
|
||||||
ctxErr, ok := err.(*errs.Error)
|
var ctxErr *errs.Error
|
||||||
assert.Fatal(t, ok, "error is not of type *errs.Error")
|
assert.Fatal(t, errors.As(err, &ctxErr), "error is not of type *errs.Error")
|
||||||
assert.Equals(t, ctxErr.Details["token"], tc.token)
|
assert.Equals(t, ctxErr.Details["token"], tc.token)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
@ -879,13 +879,13 @@ func TestAuthority_authorizeRenew(t *testing.T) {
|
||||||
err := tc.auth.authorizeRenew(tc.cert)
|
err := tc.auth.authorizeRenew(tc.cert)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCoder interface")
|
assert.Fatal(t, ok, "error does not implement StatusCoder interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
|
||||||
ctxErr, ok := err.(*errs.Error)
|
var ctxErr *errs.Error
|
||||||
assert.Fatal(t, ok, "error is not of type *errs.Error")
|
assert.Fatal(t, errors.As(err, &ctxErr), "error is not of type *errs.Error")
|
||||||
assert.Equals(t, ctxErr.Details["serialNumber"], tc.cert.SerialNumber.String())
|
assert.Equals(t, ctxErr.Details["serialNumber"], tc.cert.SerialNumber.String())
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
@ -1027,7 +1027,7 @@ func TestAuthority_authorizeSSHSign(t *testing.T) {
|
||||||
got, err := tc.auth.authorizeSSHSign(context.Background(), tc.token)
|
got, err := tc.auth.authorizeSSHSign(context.Background(), tc.token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
@ -1144,7 +1144,7 @@ func TestAuthority_authorizeSSHRenew(t *testing.T) {
|
||||||
got, err := tc.auth.authorizeSSHRenew(context.Background(), tc.token)
|
got, err := tc.auth.authorizeSSHRenew(context.Background(), tc.token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
@ -1244,7 +1244,7 @@ func TestAuthority_authorizeSSHRevoke(t *testing.T) {
|
||||||
|
|
||||||
if err := tc.auth.authorizeSSHRevoke(context.Background(), tc.token); err != nil {
|
if err := tc.auth.authorizeSSHRevoke(context.Background(), tc.token); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
@ -1337,7 +1337,7 @@ func TestAuthority_authorizeSSHRekey(t *testing.T) {
|
||||||
cert, signOpts, err := tc.auth.authorizeSSHRekey(context.Background(), tc.token)
|
cert, signOpts, err := tc.auth.authorizeSSHRekey(context.Background(), tc.token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
|
|
@ -119,7 +119,6 @@ func (a *Authority) RemoveAuthorityPolicy(ctx context.Context) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a *Authority) checkAuthorityPolicy(ctx context.Context, currentAdmin *linkedca.Admin, p *linkedca.Policy) error {
|
func (a *Authority) checkAuthorityPolicy(ctx context.Context, currentAdmin *linkedca.Admin, p *linkedca.Policy) error {
|
||||||
|
|
||||||
// no policy and thus nothing to evaluate; return early
|
// no policy and thus nothing to evaluate; return early
|
||||||
if p == nil {
|
if p == nil {
|
||||||
return nil
|
return nil
|
||||||
|
@ -138,7 +137,6 @@ func (a *Authority) checkAuthorityPolicy(ctx context.Context, currentAdmin *link
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a *Authority) checkProvisionerPolicy(ctx context.Context, provName string, p *linkedca.Policy) error {
|
func (a *Authority) checkProvisionerPolicy(ctx context.Context, provName string, p *linkedca.Policy) error {
|
||||||
|
|
||||||
// no policy and thus nothing to evaluate; return early
|
// no policy and thus nothing to evaluate; return early
|
||||||
if p == nil {
|
if p == nil {
|
||||||
return nil
|
return nil
|
||||||
|
@ -157,7 +155,6 @@ func (a *Authority) checkProvisionerPolicy(ctx context.Context, provName string,
|
||||||
// checkPolicy checks if a new or updated policy configuration results in the user
|
// checkPolicy checks if a new or updated policy configuration results in the user
|
||||||
// locking themselves or other admins out of the CA.
|
// locking themselves or other admins out of the CA.
|
||||||
func (a *Authority) checkPolicy(ctx context.Context, currentAdmin *linkedca.Admin, otherAdmins []*linkedca.Admin, p *linkedca.Policy) error {
|
func (a *Authority) checkPolicy(ctx context.Context, currentAdmin *linkedca.Admin, otherAdmins []*linkedca.Admin, p *linkedca.Policy) error {
|
||||||
|
|
||||||
// convert the policy; return early if nil
|
// convert the policy; return early if nil
|
||||||
policyOptions := authPolicy.LinkedToCertificates(p)
|
policyOptions := authPolicy.LinkedToCertificates(p)
|
||||||
if policyOptions == nil {
|
if policyOptions == nil {
|
||||||
|
@ -216,7 +213,6 @@ func (a *Authority) reloadPolicyEngines(ctx context.Context) error {
|
||||||
)
|
)
|
||||||
|
|
||||||
if a.config.AuthorityConfig.EnableAdmin {
|
if a.config.AuthorityConfig.EnableAdmin {
|
||||||
|
|
||||||
// temporarily disable policy loading when LinkedCA is in use
|
// temporarily disable policy loading when LinkedCA is in use
|
||||||
if _, ok := a.adminDB.(*linkedCaClient); ok {
|
if _, ok := a.adminDB.(*linkedCaClient); ok {
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -17,9 +17,9 @@ type Engine struct {
|
||||||
|
|
||||||
// New returns a new Engine using Options.
|
// New returns a new Engine using Options.
|
||||||
func New(options *Options) (*Engine, error) {
|
func New(options *Options) (*Engine, error) {
|
||||||
|
|
||||||
// if no options provided, return early
|
// if no options provided, return early
|
||||||
if options == nil {
|
if options == nil {
|
||||||
|
//nolint:nilnil // legacy
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -56,7 +56,6 @@ func New(options *Options) (*Engine, error) {
|
||||||
// the X.509 policy (if available) and returns an error if one of the
|
// the X.509 policy (if available) and returns an error if one of the
|
||||||
// names in the certificate is not allowed.
|
// names in the certificate is not allowed.
|
||||||
func (e *Engine) IsX509CertificateAllowed(cert *x509.Certificate) error {
|
func (e *Engine) IsX509CertificateAllowed(cert *x509.Certificate) error {
|
||||||
|
|
||||||
// return early if there's no policy to evaluate
|
// return early if there's no policy to evaluate
|
||||||
if e == nil || e.x509Policy == nil {
|
if e == nil || e.x509Policy == nil {
|
||||||
return nil
|
return nil
|
||||||
|
@ -69,7 +68,6 @@ func (e *Engine) IsX509CertificateAllowed(cert *x509.Certificate) error {
|
||||||
// AreSANsAllowed evaluates the slice of SANs against the X.509 policy
|
// AreSANsAllowed evaluates the slice of SANs against the X.509 policy
|
||||||
// (if available) and returns an error if one of the SANs is not allowed.
|
// (if available) and returns an error if one of the SANs is not allowed.
|
||||||
func (e *Engine) AreSANsAllowed(sans []string) error {
|
func (e *Engine) AreSANsAllowed(sans []string) error {
|
||||||
|
|
||||||
// return early if there's no policy to evaluate
|
// return early if there's no policy to evaluate
|
||||||
if e == nil || e.x509Policy == nil {
|
if e == nil || e.x509Policy == nil {
|
||||||
return nil
|
return nil
|
||||||
|
@ -83,7 +81,6 @@ func (e *Engine) AreSANsAllowed(sans []string) error {
|
||||||
// user or host policy (if configured) and returns an error if one of the
|
// user or host policy (if configured) and returns an error if one of the
|
||||||
// principals in the certificate is not allowed.
|
// principals in the certificate is not allowed.
|
||||||
func (e *Engine) IsSSHCertificateAllowed(cert *ssh.Certificate) error {
|
func (e *Engine) IsSSHCertificateAllowed(cert *ssh.Certificate) error {
|
||||||
|
|
||||||
// return early if there's no policy to evaluate
|
// return early if there's no policy to evaluate
|
||||||
if e == nil || (e.sshHostPolicy == nil && e.sshUserPolicy == nil) {
|
if e == nil || (e.sshHostPolicy == nil && e.sshUserPolicy == nil) {
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -19,7 +19,6 @@ type HostPolicy policy.SSHNamePolicyEngine
|
||||||
|
|
||||||
// NewX509PolicyEngine creates a new x509 name policy engine
|
// NewX509PolicyEngine creates a new x509 name policy engine
|
||||||
func NewX509PolicyEngine(policyOptions X509PolicyOptionsInterface) (X509Policy, error) {
|
func NewX509PolicyEngine(policyOptions X509PolicyOptionsInterface) (X509Policy, error) {
|
||||||
|
|
||||||
// return early if no policy engine options to configure
|
// return early if no policy engine options to configure
|
||||||
if policyOptions == nil {
|
if policyOptions == nil {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
|
@ -92,7 +91,6 @@ func NewSSHHostPolicyEngine(policyOptions SSHPolicyOptionsInterface) (HostPolicy
|
||||||
|
|
||||||
// newSSHPolicyEngine creates a new SSH name policy engine
|
// newSSHPolicyEngine creates a new SSH name policy engine
|
||||||
func newSSHPolicyEngine(policyOptions SSHPolicyOptionsInterface, typ sshPolicyEngineType) (policy.SSHNamePolicyEngine, error) {
|
func newSSHPolicyEngine(policyOptions SSHPolicyOptionsInterface, typ sshPolicyEngineType) (policy.SSHNamePolicyEngine, error) {
|
||||||
|
|
||||||
// return early if no policy engine options to configure
|
// return early if no policy engine options to configure
|
||||||
if policyOptions == nil {
|
if policyOptions == nil {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
|
@ -143,7 +141,6 @@ func newSSHPolicyEngine(policyOptions SSHPolicyOptionsInterface, typ sshPolicyEn
|
||||||
}
|
}
|
||||||
|
|
||||||
func LinkedToCertificates(p *linkedca.Policy) *Options {
|
func LinkedToCertificates(p *linkedca.Policy) *Options {
|
||||||
|
|
||||||
// return early
|
// return early
|
||||||
if p == nil {
|
if p == nil {
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -185,12 +185,12 @@ func TestAuthority_checkPolicy(t *testing.T) {
|
||||||
} else {
|
} else {
|
||||||
assert.IsType(t, &PolicyError{}, err)
|
assert.IsType(t, &PolicyError{}, err)
|
||||||
|
|
||||||
pe, ok := err.(*PolicyError)
|
var pe *PolicyError
|
||||||
assert.True(t, ok)
|
if assert.True(t, errors.As(err, &pe)) {
|
||||||
|
|
||||||
assert.Equal(t, tc.err.Typ, pe.Typ)
|
assert.Equal(t, tc.err.Typ, pe.Typ)
|
||||||
assert.Equal(t, tc.err.Error(), pe.Error())
|
assert.Equal(t, tc.err.Error(), pe.Error())
|
||||||
}
|
}
|
||||||
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1179,10 +1179,11 @@ func TestAuthority_RemoveAuthorityPolicy(t *testing.T) {
|
||||||
}
|
}
|
||||||
err := a.RemoveAuthorityPolicy(tt.args.ctx)
|
err := a.RemoveAuthorityPolicy(tt.args.ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
pe, ok := err.(*PolicyError)
|
var pe *PolicyError
|
||||||
assert.True(t, ok)
|
if assert.True(t, errors.As(err, &pe)) {
|
||||||
assert.Equal(t, tt.wantErr.Typ, pe.Typ)
|
assert.Equal(t, tt.wantErr.Typ, pe.Typ)
|
||||||
assert.Equal(t, tt.wantErr.Err.Error(), pe.Err.Error())
|
assert.Equal(t, tt.wantErr.Err.Error(), pe.Err.Error())
|
||||||
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
@ -1250,10 +1251,11 @@ func TestAuthority_GetAuthorityPolicy(t *testing.T) {
|
||||||
}
|
}
|
||||||
got, err := a.GetAuthorityPolicy(tt.args.ctx)
|
got, err := a.GetAuthorityPolicy(tt.args.ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
pe, ok := err.(*PolicyError)
|
var pe *PolicyError
|
||||||
assert.True(t, ok)
|
if assert.True(t, errors.As(err, &pe)) {
|
||||||
assert.Equal(t, tt.wantErr.Typ, pe.Typ)
|
assert.Equal(t, tt.wantErr.Typ, pe.Typ)
|
||||||
assert.Equal(t, tt.wantErr.Err.Error(), pe.Err.Error())
|
assert.Equal(t, tt.wantErr.Err.Error(), pe.Err.Error())
|
||||||
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if !reflect.DeepEqual(got, tt.want) {
|
if !reflect.DeepEqual(got, tt.want) {
|
||||||
|
@ -1429,10 +1431,11 @@ func TestAuthority_CreateAuthorityPolicy(t *testing.T) {
|
||||||
}
|
}
|
||||||
got, err := a.CreateAuthorityPolicy(tt.args.ctx, tt.args.adm, tt.args.p)
|
got, err := a.CreateAuthorityPolicy(tt.args.ctx, tt.args.adm, tt.args.p)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
pe, ok := err.(*PolicyError)
|
var pe *PolicyError
|
||||||
assert.True(t, ok)
|
if assert.True(t, errors.As(err, &pe)) {
|
||||||
assert.Equal(t, tt.wantErr.Typ, pe.Typ)
|
assert.Equal(t, tt.wantErr.Typ, pe.Typ)
|
||||||
assert.Equal(t, tt.wantErr.Err.Error(), pe.Err.Error())
|
assert.Equal(t, tt.wantErr.Err.Error(), pe.Err.Error())
|
||||||
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if !reflect.DeepEqual(got, tt.want) {
|
if !reflect.DeepEqual(got, tt.want) {
|
||||||
|
@ -1611,10 +1614,11 @@ func TestAuthority_UpdateAuthorityPolicy(t *testing.T) {
|
||||||
}
|
}
|
||||||
got, err := a.UpdateAuthorityPolicy(tt.args.ctx, tt.args.adm, tt.args.p)
|
got, err := a.UpdateAuthorityPolicy(tt.args.ctx, tt.args.adm, tt.args.p)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
pe, ok := err.(*PolicyError)
|
var pe *PolicyError
|
||||||
assert.True(t, ok)
|
if assert.True(t, errors.As(err, &pe)) {
|
||||||
assert.Equal(t, tt.wantErr.Typ, pe.Typ)
|
assert.Equal(t, tt.wantErr.Typ, pe.Typ)
|
||||||
assert.Equal(t, tt.wantErr.Err.Error(), pe.Err.Error())
|
assert.Equal(t, tt.wantErr.Err.Error(), pe.Err.Error())
|
||||||
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if !reflect.DeepEqual(got, tt.want) {
|
if !reflect.DeepEqual(got, tt.want) {
|
||||||
|
|
|
@ -217,7 +217,6 @@ type ACMEIdentifier struct {
|
||||||
// AuthorizeOrderIdentifier verifies the provisioner is allowed to issue a
|
// AuthorizeOrderIdentifier verifies the provisioner is allowed to issue a
|
||||||
// certificate for an ACME Order Identifier.
|
// certificate for an ACME Order Identifier.
|
||||||
func (p *ACME) AuthorizeOrderIdentifier(ctx context.Context, identifier ACMEIdentifier) error {
|
func (p *ACME) AuthorizeOrderIdentifier(ctx context.Context, identifier ACMEIdentifier) error {
|
||||||
|
|
||||||
x509Policy := p.ctl.getPolicy().getX509()
|
x509Policy := p.ctl.getPolicy().getX509()
|
||||||
|
|
||||||
// identifier is allowed if no policy is configured
|
// identifier is allowed if no policy is configured
|
||||||
|
|
|
@ -224,7 +224,7 @@ func TestACME_AuthorizeRenew(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
tc := tt(t)
|
tc := tt(t)
|
||||||
if err := tc.p.AuthorizeRenew(context.Background(), tc.cert); err != nil {
|
if err := tc.p.AuthorizeRenew(context.Background(), tc.cert); err != nil {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
|
@ -259,7 +259,7 @@ func TestACME_AuthorizeSign(t *testing.T) {
|
||||||
tc := tt(t)
|
tc := tt(t)
|
||||||
if opts, err := tc.p.AuthorizeSign(context.Background(), tc.token); err != nil {
|
if opts, err := tc.p.AuthorizeSign(context.Background(), tc.token); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
|
|
@ -35,7 +35,7 @@ const awsIdentityURL = "http://169.254.169.254/latest/dynamic/instance-identity/
|
||||||
const awsSignatureURL = "http://169.254.169.254/latest/dynamic/instance-identity/signature"
|
const awsSignatureURL = "http://169.254.169.254/latest/dynamic/instance-identity/signature"
|
||||||
|
|
||||||
// awsAPITokenURL is the url used to get the IMDSv2 API token
|
// awsAPITokenURL is the url used to get the IMDSv2 API token
|
||||||
// nolint:gosec // no credentials here
|
//nolint:gosec,goimports // no credentials here
|
||||||
const awsAPITokenURL = "http://169.254.169.254/latest/api/token"
|
const awsAPITokenURL = "http://169.254.169.254/latest/api/token"
|
||||||
|
|
||||||
// awsAPITokenTTL is the default TTL to use when requesting IMDSv2 API tokens
|
// awsAPITokenTTL is the default TTL to use when requesting IMDSv2 API tokens
|
||||||
|
@ -43,11 +43,11 @@ const awsAPITokenURL = "http://169.254.169.254/latest/api/token"
|
||||||
const awsAPITokenTTL = "30"
|
const awsAPITokenTTL = "30"
|
||||||
|
|
||||||
// awsMetadataTokenHeader is the header that must be passed with every IMDSv2 request
|
// awsMetadataTokenHeader is the header that must be passed with every IMDSv2 request
|
||||||
// nolint:gosec // no credentials here
|
//nolint:gosec,goimports // no credentials here
|
||||||
const awsMetadataTokenHeader = "X-aws-ec2-metadata-token"
|
const awsMetadataTokenHeader = "X-aws-ec2-metadata-token"
|
||||||
|
|
||||||
// awsMetadataTokenTTLHeader is the header used to indicate the token TTL requested
|
// awsMetadataTokenTTLHeader is the header used to indicate the token TTL requested
|
||||||
// nolint:gosec // no credentials here
|
//nolint:gosec,goimports // no credentials here
|
||||||
const awsMetadataTokenTTLHeader = "X-aws-ec2-metadata-token-ttl-seconds"
|
const awsMetadataTokenTTLHeader = "X-aws-ec2-metadata-token-ttl-seconds"
|
||||||
|
|
||||||
// awsCertificate is the certificate used to validate the instance identity
|
// awsCertificate is the certificate used to validate the instance identity
|
||||||
|
|
|
@ -522,7 +522,7 @@ func TestAWS_authorizeToken(t *testing.T) {
|
||||||
tc := tt(t)
|
tc := tt(t)
|
||||||
if claims, err := tc.p.authorizeToken(tc.token); err != nil {
|
if claims, err := tc.p.authorizeToken(tc.token); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
@ -669,7 +669,7 @@ func TestAWS_AuthorizeSign(t *testing.T) {
|
||||||
t.Errorf("AWS.AuthorizeSign() error = %v, wantErr %v", err, tt.wantErr)
|
t.Errorf("AWS.AuthorizeSign() error = %v, wantErr %v", err, tt.wantErr)
|
||||||
return
|
return
|
||||||
case err != nil:
|
case err != nil:
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.code)
|
assert.Equals(t, sc.StatusCode(), tt.code)
|
||||||
default:
|
default:
|
||||||
|
@ -807,7 +807,7 @@ func TestAWS_AuthorizeSSHSign(t *testing.T) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.code)
|
assert.Equals(t, sc.StatusCode(), tt.code)
|
||||||
assert.Nil(t, got)
|
assert.Nil(t, got)
|
||||||
|
@ -864,7 +864,7 @@ func TestAWS_AuthorizeRenew(t *testing.T) {
|
||||||
if err := tt.aws.AuthorizeRenew(context.Background(), tt.args.cert); (err != nil) != tt.wantErr {
|
if err := tt.aws.AuthorizeRenew(context.Background(), tt.args.cert); (err != nil) != tt.wantErr {
|
||||||
t.Errorf("AWS.AuthorizeRenew() error = %v, wantErr %v", err, tt.wantErr)
|
t.Errorf("AWS.AuthorizeRenew() error = %v, wantErr %v", err, tt.wantErr)
|
||||||
} else if err != nil {
|
} else if err != nil {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.code)
|
assert.Equals(t, sc.StatusCode(), tt.code)
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,8 +24,7 @@ import (
|
||||||
// azureOIDCBaseURL is the base discovery url for Microsoft Azure tokens.
|
// azureOIDCBaseURL is the base discovery url for Microsoft Azure tokens.
|
||||||
const azureOIDCBaseURL = "https://login.microsoftonline.com"
|
const azureOIDCBaseURL = "https://login.microsoftonline.com"
|
||||||
|
|
||||||
// azureIdentityTokenURL is the URL to get the identity token for an instance.
|
//nolint:gosec // azureIdentityTokenURL is the URL to get the identity token for an instance.
|
||||||
// nolint:gosec // no credentials here
|
|
||||||
const azureIdentityTokenURL = "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F"
|
const azureIdentityTokenURL = "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F"
|
||||||
|
|
||||||
// azureDefaultAudience is the default audience used.
|
// azureDefaultAudience is the default audience used.
|
||||||
|
|
|
@ -336,7 +336,7 @@ func TestAzure_authorizeToken(t *testing.T) {
|
||||||
tc := tt(t)
|
tc := tt(t)
|
||||||
if claims, name, group, subscriptionID, objectID, err := tc.p.authorizeToken(tc.token); err != nil {
|
if claims, name, group, subscriptionID, objectID, err := tc.p.authorizeToken(tc.token); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
@ -498,7 +498,7 @@ func TestAzure_AuthorizeSign(t *testing.T) {
|
||||||
t.Errorf("Azure.AuthorizeSign() error = %v, wantErr %v", err, tt.wantErr)
|
t.Errorf("Azure.AuthorizeSign() error = %v, wantErr %v", err, tt.wantErr)
|
||||||
return
|
return
|
||||||
case err != nil:
|
case err != nil:
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.code)
|
assert.Equals(t, sc.StatusCode(), tt.code)
|
||||||
default:
|
default:
|
||||||
|
@ -576,7 +576,7 @@ func TestAzure_AuthorizeRenew(t *testing.T) {
|
||||||
if err := tt.azure.AuthorizeRenew(context.Background(), tt.args.cert); (err != nil) != tt.wantErr {
|
if err := tt.azure.AuthorizeRenew(context.Background(), tt.args.cert); (err != nil) != tt.wantErr {
|
||||||
t.Errorf("Azure.AuthorizeRenew() error = %v, wantErr %v", err, tt.wantErr)
|
t.Errorf("Azure.AuthorizeRenew() error = %v, wantErr %v", err, tt.wantErr)
|
||||||
} else if err != nil {
|
} else if err != nil {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.code)
|
assert.Equals(t, sc.StatusCode(), tt.code)
|
||||||
}
|
}
|
||||||
|
@ -673,7 +673,7 @@ func TestAzure_AuthorizeSSHSign(t *testing.T) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.code)
|
assert.Equals(t, sc.StatusCode(), tt.code)
|
||||||
assert.Nil(t, got)
|
assert.Nil(t, got)
|
||||||
|
|
|
@ -38,7 +38,8 @@ type Claimer struct {
|
||||||
// NewClaimer initializes a new claimer with the given claims.
|
// NewClaimer initializes a new claimer with the given claims.
|
||||||
func NewClaimer(claims *Claims, global Claims) (*Claimer, error) {
|
func NewClaimer(claims *Claims, global Claims) (*Claimer, error) {
|
||||||
c := &Claimer{global: global, claims: claims}
|
c := &Claimer{global: global, claims: claims}
|
||||||
return c, c.Validate()
|
err := c.Validate()
|
||||||
|
return c, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// Claims returns the merge of the inner and global claims.
|
// Claims returns the merge of the inner and global claims.
|
||||||
|
|
|
@ -102,7 +102,6 @@ func (p *GCP) GetID() string {
|
||||||
return p.ID
|
return p.ID
|
||||||
}
|
}
|
||||||
return p.GetIDForToken()
|
return p.GetIDForToken()
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetIDForToken returns an identifier that will be used to load the provisioner
|
// GetIDForToken returns an identifier that will be used to load the provisioner
|
||||||
|
|
|
@ -391,7 +391,7 @@ func TestGCP_authorizeToken(t *testing.T) {
|
||||||
tc := tt(t)
|
tc := tt(t)
|
||||||
if claims, err := tc.p.authorizeToken(tc.token); err != nil {
|
if claims, err := tc.p.authorizeToken(tc.token); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
@ -541,7 +541,7 @@ func TestGCP_AuthorizeSign(t *testing.T) {
|
||||||
t.Errorf("GCP.AuthorizeSign() error = %v, wantErr %v", err, tt.wantErr)
|
t.Errorf("GCP.AuthorizeSign() error = %v, wantErr %v", err, tt.wantErr)
|
||||||
return
|
return
|
||||||
case err != nil:
|
case err != nil:
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.code)
|
assert.Equals(t, sc.StatusCode(), tt.code)
|
||||||
default:
|
default:
|
||||||
|
@ -682,7 +682,7 @@ func TestGCP_AuthorizeSSHSign(t *testing.T) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.code)
|
assert.Equals(t, sc.StatusCode(), tt.code)
|
||||||
assert.Nil(t, got)
|
assert.Nil(t, got)
|
||||||
|
@ -739,7 +739,7 @@ func TestGCP_AuthorizeRenew(t *testing.T) {
|
||||||
if err := tt.prov.AuthorizeRenew(context.Background(), tt.args.cert); (err != nil) != tt.wantErr {
|
if err := tt.prov.AuthorizeRenew(context.Background(), tt.args.cert); (err != nil) != tt.wantErr {
|
||||||
t.Errorf("GCP.AuthorizeRenew() error = %v, wantErr %v", err, tt.wantErr)
|
t.Errorf("GCP.AuthorizeRenew() error = %v, wantErr %v", err, tt.wantErr)
|
||||||
} else if err != nil {
|
} else if err != nil {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCoder interface")
|
assert.Fatal(t, ok, "error does not implement StatusCoder interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.code)
|
assert.Equals(t, sc.StatusCode(), tt.code)
|
||||||
}
|
}
|
||||||
|
|
|
@ -185,7 +185,7 @@ func TestJWK_authorizeToken(t *testing.T) {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
if got, err := tt.prov.authorizeToken(tt.args.token, testAudiences.Sign); err != nil {
|
if got, err := tt.prov.authorizeToken(tt.args.token, testAudiences.Sign); err != nil {
|
||||||
if assert.NotNil(t, tt.err) {
|
if assert.NotNil(t, tt.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.code)
|
assert.Equals(t, sc.StatusCode(), tt.code)
|
||||||
assert.HasPrefix(t, err.Error(), tt.err.Error())
|
assert.HasPrefix(t, err.Error(), tt.err.Error())
|
||||||
|
@ -225,7 +225,7 @@ func TestJWK_AuthorizeRevoke(t *testing.T) {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
if err := tt.prov.AuthorizeRevoke(context.Background(), tt.args.token); err != nil {
|
if err := tt.prov.AuthorizeRevoke(context.Background(), tt.args.token); err != nil {
|
||||||
if assert.NotNil(t, tt.err) {
|
if assert.NotNil(t, tt.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.code)
|
assert.Equals(t, sc.StatusCode(), tt.code)
|
||||||
assert.HasPrefix(t, err.Error(), tt.err.Error())
|
assert.HasPrefix(t, err.Error(), tt.err.Error())
|
||||||
|
@ -290,7 +290,7 @@ func TestJWK_AuthorizeSign(t *testing.T) {
|
||||||
ctx := NewContextWithMethod(context.Background(), SignMethod)
|
ctx := NewContextWithMethod(context.Background(), SignMethod)
|
||||||
if got, err := tt.prov.AuthorizeSign(ctx, tt.args.token); err != nil {
|
if got, err := tt.prov.AuthorizeSign(ctx, tt.args.token); err != nil {
|
||||||
if assert.NotNil(t, tt.err) {
|
if assert.NotNil(t, tt.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.code)
|
assert.Equals(t, sc.StatusCode(), tt.code)
|
||||||
assert.HasPrefix(t, err.Error(), tt.err.Error())
|
assert.HasPrefix(t, err.Error(), tt.err.Error())
|
||||||
|
@ -366,7 +366,7 @@ func TestJWK_AuthorizeRenew(t *testing.T) {
|
||||||
if err := tt.prov.AuthorizeRenew(context.Background(), tt.args.cert); (err != nil) != tt.wantErr {
|
if err := tt.prov.AuthorizeRenew(context.Background(), tt.args.cert); (err != nil) != tt.wantErr {
|
||||||
t.Errorf("JWK.AuthorizeRenew() error = %v, wantErr %v", err, tt.wantErr)
|
t.Errorf("JWK.AuthorizeRenew() error = %v, wantErr %v", err, tt.wantErr)
|
||||||
} else if err != nil {
|
} else if err != nil {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.code)
|
assert.Equals(t, sc.StatusCode(), tt.code)
|
||||||
}
|
}
|
||||||
|
@ -461,7 +461,7 @@ func TestJWK_AuthorizeSSHSign(t *testing.T) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.code)
|
assert.Equals(t, sc.StatusCode(), tt.code)
|
||||||
assert.Nil(t, got)
|
assert.Nil(t, got)
|
||||||
|
@ -626,7 +626,7 @@ func TestJWK_AuthorizeSSHRevoke(t *testing.T) {
|
||||||
tc := tt(t)
|
tc := tt(t)
|
||||||
if err := tc.p.AuthorizeSSHRevoke(context.Background(), tc.token); err != nil {
|
if err := tc.p.AuthorizeSSHRevoke(context.Background(), tc.token); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
|
|
@ -93,7 +93,6 @@ func (p *K8sSA) GetEncryptedKey() (string, string, bool) {
|
||||||
|
|
||||||
// Init initializes and validates the fields of a K8sSA type.
|
// Init initializes and validates the fields of a K8sSA type.
|
||||||
func (p *K8sSA) Init(config Config) (err error) {
|
func (p *K8sSA) Init(config Config) (err error) {
|
||||||
|
|
||||||
switch {
|
switch {
|
||||||
case p.Type == "":
|
case p.Type == "":
|
||||||
return errors.New("provisioner type cannot be empty")
|
return errors.New("provisioner type cannot be empty")
|
||||||
|
|
|
@ -118,7 +118,7 @@ func TestK8sSA_authorizeToken(t *testing.T) {
|
||||||
tc := tt(t)
|
tc := tt(t)
|
||||||
if claims, err := tc.p.authorizeToken(tc.token, testAudiences.Sign); err != nil {
|
if claims, err := tc.p.authorizeToken(tc.token, testAudiences.Sign); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
@ -167,7 +167,7 @@ func TestK8sSA_AuthorizeRevoke(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
tc := tt(t)
|
tc := tt(t)
|
||||||
if err := tc.p.AuthorizeRevoke(context.Background(), tc.token); err != nil {
|
if err := tc.p.AuthorizeRevoke(context.Background(), tc.token); err != nil {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
|
@ -223,7 +223,7 @@ func TestK8sSA_AuthorizeRenew(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
tc := tt(t)
|
tc := tt(t)
|
||||||
if err := tc.p.AuthorizeRenew(context.Background(), tc.cert); err != nil {
|
if err := tc.p.AuthorizeRenew(context.Background(), tc.cert); err != nil {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
|
@ -272,7 +272,7 @@ func TestK8sSA_AuthorizeSign(t *testing.T) {
|
||||||
tc := tt(t)
|
tc := tt(t)
|
||||||
if opts, err := tc.p.AuthorizeSign(context.Background(), tc.token); err != nil {
|
if opts, err := tc.p.AuthorizeSign(context.Background(), tc.token); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
@ -360,7 +360,7 @@ func TestK8sSA_AuthorizeSSHSign(t *testing.T) {
|
||||||
tc := tt(t)
|
tc := tt(t)
|
||||||
if opts, err := tc.p.AuthorizeSSHSign(context.Background(), tc.token); err != nil {
|
if opts, err := tc.p.AuthorizeSSHSign(context.Background(), tc.token); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
|
|
@ -54,6 +54,7 @@ func (p *noop) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *noop) AuthorizeSSHRenew(ctx context.Context, token string) (*ssh.Certificate, error) {
|
func (p *noop) AuthorizeSSHRenew(ctx context.Context, token string) (*ssh.Certificate, error) {
|
||||||
|
//nolint:nilnil // fine for noop
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -247,7 +247,7 @@ func TestOIDC_authorizeToken(t *testing.T) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.code)
|
assert.Equals(t, sc.StatusCode(), tt.code)
|
||||||
assert.Nil(t, got)
|
assert.Nil(t, got)
|
||||||
|
@ -318,7 +318,7 @@ func TestOIDC_AuthorizeSign(t *testing.T) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.code)
|
assert.Equals(t, sc.StatusCode(), tt.code)
|
||||||
assert.Nil(t, got)
|
assert.Nil(t, got)
|
||||||
|
@ -406,7 +406,7 @@ func TestOIDC_AuthorizeRevoke(t *testing.T) {
|
||||||
t.Errorf("OIDC.Authorize() error = %v, wantErr %v", err, tt.wantErr)
|
t.Errorf("OIDC.Authorize() error = %v, wantErr %v", err, tt.wantErr)
|
||||||
return
|
return
|
||||||
} else if err != nil {
|
} else if err != nil {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.code)
|
assert.Equals(t, sc.StatusCode(), tt.code)
|
||||||
}
|
}
|
||||||
|
@ -452,7 +452,7 @@ func TestOIDC_AuthorizeRenew(t *testing.T) {
|
||||||
if (err != nil) != tt.wantErr {
|
if (err != nil) != tt.wantErr {
|
||||||
t.Errorf("OIDC.AuthorizeRenew() error = %v, wantErr %v", err, tt.wantErr)
|
t.Errorf("OIDC.AuthorizeRenew() error = %v, wantErr %v", err, tt.wantErr)
|
||||||
} else if err != nil {
|
} else if err != nil {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.code)
|
assert.Equals(t, sc.StatusCode(), tt.code)
|
||||||
}
|
}
|
||||||
|
@ -614,7 +614,7 @@ func TestOIDC_AuthorizeSSHSign(t *testing.T) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.code)
|
assert.Equals(t, sc.StatusCode(), tt.code)
|
||||||
assert.Nil(t, got)
|
assert.Nil(t, got)
|
||||||
|
@ -682,7 +682,7 @@ func TestOIDC_AuthorizeSSHRevoke(t *testing.T) {
|
||||||
if (err != nil) != tt.wantErr {
|
if (err != nil) != tt.wantErr {
|
||||||
t.Errorf("OIDC.AuthorizeSSHRevoke() error = %v, wantErr %v", err, tt.wantErr)
|
t.Errorf("OIDC.AuthorizeSSHRevoke() error = %v, wantErr %v", err, tt.wantErr)
|
||||||
} else if err != nil {
|
} else if err != nil {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.code)
|
assert.Equals(t, sc.StatusCode(), tt.code)
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,8 +9,8 @@ type policyEngine struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func newPolicyEngine(options *Options) (*policyEngine, error) {
|
func newPolicyEngine(options *Options) (*policyEngine, error) {
|
||||||
|
|
||||||
if options == nil {
|
if options == nil {
|
||||||
|
//nolint:nilnil // legacy
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -241,7 +241,7 @@ func TestUnimplementedMethods(t *testing.T) {
|
||||||
default:
|
default:
|
||||||
t.Errorf("unexpected method %s", tt.method)
|
t.Errorf("unexpected method %s", tt.method)
|
||||||
}
|
}
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), http.StatusUnauthorized)
|
assert.Equals(t, sc.StatusCode(), http.StatusUnauthorized)
|
||||||
assert.Equals(t, err.Error(), msg)
|
assert.Equals(t, err.Error(), msg)
|
||||||
|
|
|
@ -310,7 +310,6 @@ func (v profileDefaultDuration) Modify(cert *x509.Certificate, so SignOptions) e
|
||||||
if notBefore.IsZero() {
|
if notBefore.IsZero() {
|
||||||
notBefore = now()
|
notBefore = now()
|
||||||
backdate = -1 * so.Backdate
|
backdate = -1 * so.Backdate
|
||||||
|
|
||||||
}
|
}
|
||||||
notAfter := so.NotAfter.RelativeTime(notBefore)
|
notAfter := so.NotAfter.RelativeTime(notBefore)
|
||||||
if notAfter.IsZero() {
|
if notAfter.IsZero() {
|
||||||
|
|
|
@ -287,7 +287,7 @@ func Test_sshCertTypeModifier_Modify(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
tc := run()
|
tc := run()
|
||||||
if assert.Nil(t, tc.modifier.Modify(tc.cert, SignSSHOptions{})) {
|
if assert.Nil(t, tc.modifier.Modify(tc.cert, SignSSHOptions{})) {
|
||||||
assert.Equals(t, tc.cert.CertType, uint32(tc.expected))
|
assert.Equals(t, tc.cert.CertType, tc.expected)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,6 +2,7 @@ package provisioner
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto"
|
"crypto"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"reflect"
|
"reflect"
|
||||||
|
@ -84,9 +85,10 @@ func signSSHCertificate(key crypto.PublicKey, opts SignSSHOptions, signOpts []Si
|
||||||
// Create certificate from template.
|
// Create certificate from template.
|
||||||
certificate, err := sshutil.NewCertificate(cr, certOptions...)
|
certificate, err := sshutil.NewCertificate(cr, certOptions...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if _, ok := err.(*sshutil.TemplateError); ok {
|
var templErr *sshutil.TemplateError
|
||||||
return nil, errs.NewErr(http.StatusBadRequest, err,
|
if errors.As(err, &templErr) {
|
||||||
errs.WithMessage(err.Error()),
|
return nil, errs.NewErr(http.StatusBadRequest, templErr,
|
||||||
|
errs.WithMessage(templErr.Error()),
|
||||||
errs.WithKeyVal("signOptions", signOpts),
|
errs.WithKeyVal("signOptions", signOpts),
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
|
@ -218,7 +218,7 @@ func TestSSHPOP_authorizeToken(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
tc := tt(t)
|
tc := tt(t)
|
||||||
if claims, err := tc.p.authorizeToken(tc.token, testAudiences.Sign, true); err != nil {
|
if claims, err := tc.p.authorizeToken(tc.token, testAudiences.Sign, true); err != nil {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
|
@ -289,7 +289,7 @@ func TestSSHPOP_AuthorizeSSHRevoke(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
tc := tt(t)
|
tc := tt(t)
|
||||||
if err := tc.p.AuthorizeSSHRevoke(context.Background(), tc.token); err != nil {
|
if err := tc.p.AuthorizeSSHRevoke(context.Background(), tc.token); err != nil {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
|
@ -370,7 +370,7 @@ func TestSSHPOP_AuthorizeSSHRenew(t *testing.T) {
|
||||||
tc := tt(t)
|
tc := tt(t)
|
||||||
if cert, err := tc.p.AuthorizeSSHRenew(context.Background(), tc.token); err != nil {
|
if cert, err := tc.p.AuthorizeSSHRenew(context.Background(), tc.token); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
@ -452,7 +452,7 @@ func TestSSHPOP_AuthorizeSSHRekey(t *testing.T) {
|
||||||
tc := tt(t)
|
tc := tt(t)
|
||||||
if cert, opts, err := tc.p.AuthorizeSSHRekey(context.Background(), tc.token); err != nil {
|
if cert, opts, err := tc.p.AuthorizeSSHRekey(context.Background(), tc.token); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
|
|
@ -100,7 +100,7 @@ func generateJSONWebKey() (*jose.JSONWebKey, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
jwk.KeyID = string(hex.EncodeToString(fp))
|
jwk.KeyID = hex.EncodeToString(fp)
|
||||||
return jwk, nil
|
return jwk, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -389,7 +389,7 @@ lgsqsR63is+0YQ==
|
||||||
tc := tt(t)
|
tc := tt(t)
|
||||||
if claims, err := tc.p.authorizeToken(tc.token, testAudiences.Sign); err != nil {
|
if claims, err := tc.p.authorizeToken(tc.token, testAudiences.Sign); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
@ -460,7 +460,7 @@ func TestX5C_AuthorizeSign(t *testing.T) {
|
||||||
tc := tt(t)
|
tc := tt(t)
|
||||||
if opts, err := tc.p.AuthorizeSign(context.Background(), tc.token); err != nil {
|
if opts, err := tc.p.AuthorizeSign(context.Background(), tc.token); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCoder interface")
|
assert.Fatal(t, ok, "error does not implement StatusCoder interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
@ -545,7 +545,7 @@ func TestX5C_AuthorizeRevoke(t *testing.T) {
|
||||||
tc := tt(t)
|
tc := tt(t)
|
||||||
if err := tc.p.AuthorizeRevoke(context.Background(), tc.token); err != nil {
|
if err := tc.p.AuthorizeRevoke(context.Background(), tc.token); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
@ -595,7 +595,7 @@ func TestX5C_AuthorizeRenew(t *testing.T) {
|
||||||
NotAfter: now.Add(time.Hour),
|
NotAfter: now.Add(time.Hour),
|
||||||
}); err != nil {
|
}); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
@ -756,7 +756,7 @@ func TestX5C_AuthorizeSSHSign(t *testing.T) {
|
||||||
tc := tt(t)
|
tc := tt(t)
|
||||||
if opts, err := tc.p.AuthorizeSSHSign(context.Background(), tc.token); err != nil {
|
if opts, err := tc.p.AuthorizeSSHSign(context.Background(), tc.token); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCoder interface")
|
assert.Fatal(t, ok, "error does not implement StatusCoder interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
|
|
@ -145,7 +145,6 @@ func (a *Authority) generateProvisionerConfig(ctx context.Context) (provisioner.
|
||||||
AuthorizeRenewFunc: a.authorizeRenewFunc,
|
AuthorizeRenewFunc: a.authorizeRenewFunc,
|
||||||
AuthorizeSSHRenewFunc: a.authorizeSSHRenewFunc,
|
AuthorizeSSHRenewFunc: a.authorizeSSHRenewFunc,
|
||||||
}, nil
|
}, nil
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// StoreProvisioner stores a provisioner to the authority.
|
// StoreProvisioner stores a provisioner to the authority.
|
||||||
|
@ -530,6 +529,7 @@ func durationsToLinkedca(d *provisioner.Duration) string {
|
||||||
// certifictes claims type.
|
// certifictes claims type.
|
||||||
func claimsToCertificates(c *linkedca.Claims) (*provisioner.Claims, error) {
|
func claimsToCertificates(c *linkedca.Claims) (*provisioner.Claims, error) {
|
||||||
if c == nil {
|
if c == nil {
|
||||||
|
//nolint:nilnil // legacy
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -57,7 +57,7 @@ func TestGetEncryptedKey(t *testing.T) {
|
||||||
ek, err := tc.a.GetEncryptedKey(tc.kid)
|
ek, err := tc.a.GetEncryptedKey(tc.kid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
@ -107,7 +107,7 @@ func TestGetProvisioners(t *testing.T) {
|
||||||
ps, next, err := tc.a.GetProvisioners("", 0)
|
ps, next, err := tc.a.GetProvisioners("", 0)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
|
|
@ -32,7 +32,7 @@ func TestRoot(t *testing.T) {
|
||||||
crt, err := a.Root(tc.sum)
|
crt, err := a.Root(tc.sum)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCoder interface")
|
assert.Fatal(t, ok, "error does not implement StatusCoder interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
|
|
@ -140,6 +140,7 @@ func (a *Authority) GetSSHBastion(ctx context.Context, user, hostname string) (*
|
||||||
return a.config.SSH.Bastion, nil
|
return a.config.SSH.Bastion, nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
//nolint:nilnil // legacy
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
return nil, errs.NotFound("authority.GetSSHBastion; ssh is not configured")
|
return nil, errs.NotFound("authority.GetSSHBastion; ssh is not configured")
|
||||||
|
@ -202,9 +203,10 @@ func (a *Authority) SignSSH(ctx context.Context, key ssh.PublicKey, opts provisi
|
||||||
// Create certificate from template.
|
// Create certificate from template.
|
||||||
certificate, err := sshutil.NewCertificate(cr, certOptions...)
|
certificate, err := sshutil.NewCertificate(cr, certOptions...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if _, ok := err.(*sshutil.TemplateError); ok {
|
var templErr *sshutil.TemplateError
|
||||||
|
if errors.As(err, &templErr) {
|
||||||
return nil, errs.ApplyOptions(
|
return nil, errs.ApplyOptions(
|
||||||
errs.BadRequestErr(err, err.Error()),
|
errs.BadRequestErr(templErr, templErr.Error()),
|
||||||
errs.WithKeyVal("signOptions", signOpts),
|
errs.WithKeyVal("signOptions", signOpts),
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
@ -281,7 +283,7 @@ func (a *Authority) SignSSH(ctx context.Context, key ssh.PublicKey, opts provisi
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = a.storeSSHCertificate(prov, cert); err != nil && err != db.ErrNotImplemented {
|
if err = a.storeSSHCertificate(prov, cert); err != nil && !errors.Is(err, db.ErrNotImplemented) {
|
||||||
return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.SignSSH: error storing certificate in db")
|
return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.SignSSH: error storing certificate in db")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -351,7 +353,7 @@ func (a *Authority) RenewSSH(ctx context.Context, oldCert *ssh.Certificate) (*ss
|
||||||
return nil, errs.Wrap(http.StatusInternalServerError, err, "signSSH: error signing certificate")
|
return nil, errs.Wrap(http.StatusInternalServerError, err, "signSSH: error signing certificate")
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = a.storeRenewedSSHCertificate(prov, oldCert, cert); err != nil && err != db.ErrNotImplemented {
|
if err = a.storeRenewedSSHCertificate(prov, oldCert, cert); err != nil && !errors.Is(err, db.ErrNotImplemented) {
|
||||||
return nil, errs.Wrap(http.StatusInternalServerError, err, "renewSSH: error storing certificate in db")
|
return nil, errs.Wrap(http.StatusInternalServerError, err, "renewSSH: error storing certificate in db")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -434,7 +436,7 @@ func (a *Authority) RekeySSH(ctx context.Context, oldCert *ssh.Certificate, pub
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = a.storeRenewedSSHCertificate(prov, oldCert, cert); err != nil && err != db.ErrNotImplemented {
|
if err = a.storeRenewedSSHCertificate(prov, oldCert, cert); err != nil && !errors.Is(err, db.ErrNotImplemented) {
|
||||||
return nil, errs.Wrap(http.StatusInternalServerError, err, "rekeySSH; error storing certificate in db")
|
return nil, errs.Wrap(http.StatusInternalServerError, err, "rekeySSH; error storing certificate in db")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -570,7 +572,7 @@ func (a *Authority) SignSSHAddUser(ctx context.Context, key ssh.PublicKey, subje
|
||||||
}
|
}
|
||||||
cert.Signature = sig
|
cert.Signature = sig
|
||||||
|
|
||||||
if err = a.storeRenewedSSHCertificate(prov, subject, cert); err != nil && err != db.ErrNotImplemented {
|
if err = a.storeRenewedSSHCertificate(prov, subject, cert); err != nil && !errors.Is(err, db.ErrNotImplemented) {
|
||||||
return nil, errs.Wrap(http.StatusInternalServerError, err, "signSSHAddUser: error storing certificate in db")
|
return nil, errs.Wrap(http.StatusInternalServerError, err, "signSSHAddUser: error storing certificate in db")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -589,7 +591,7 @@ func (a *Authority) CheckSSHHost(ctx context.Context, principal, token string) (
|
||||||
}
|
}
|
||||||
exists, err := a.db.IsSSHHost(principal)
|
exists, err := a.db.IsSSHHost(principal)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if err == db.ErrNotImplemented {
|
if errors.Is(err, db.ErrNotImplemented) {
|
||||||
return false, errs.Wrap(http.StatusNotImplemented, err,
|
return false, errs.Wrap(http.StatusNotImplemented, err,
|
||||||
"checkSSHHost: isSSHHost is not implemented")
|
"checkSSHHost: isSSHHost is not implemented")
|
||||||
}
|
}
|
||||||
|
|
|
@ -760,7 +760,7 @@ func TestAuthority_GetSSHBastion(t *testing.T) {
|
||||||
t.Errorf("Authority.GetSSHBastion() error = %v, wantErr %v", err, tt.wantErr)
|
t.Errorf("Authority.GetSSHBastion() error = %v, wantErr %v", err, tt.wantErr)
|
||||||
return
|
return
|
||||||
} else if err != nil {
|
} else if err != nil {
|
||||||
_, ok := err.(render.StatusCodedError)
|
_, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
}
|
}
|
||||||
if !reflect.DeepEqual(got, tt.want) {
|
if !reflect.DeepEqual(got, tt.want) {
|
||||||
|
@ -850,7 +850,7 @@ func TestAuthority_GetSSHHosts(t *testing.T) {
|
||||||
hosts, err := auth.GetSSHHosts(context.Background(), tc.cert)
|
hosts, err := auth.GetSSHHosts(context.Background(), tc.cert)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
@ -1077,7 +1077,7 @@ func TestAuthority_RekeySSH(t *testing.T) {
|
||||||
cert, err := auth.RekeySSH(context.Background(), tc.cert, tc.key, tc.signOpts...)
|
cert, err := auth.RekeySSH(context.Background(), tc.cert, tc.key, tc.signOpts...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
|
|
@ -142,7 +142,8 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Sign
|
||||||
|
|
||||||
cert, err := x509util.NewCertificate(csr, certOptions...)
|
cert, err := x509util.NewCertificate(csr, certOptions...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if _, ok := err.(*x509util.TemplateError); ok {
|
var te *x509util.TemplateError
|
||||||
|
if errors.As(err, &te) {
|
||||||
return nil, errs.ApplyOptions(
|
return nil, errs.ApplyOptions(
|
||||||
errs.BadRequestErr(err, err.Error()),
|
errs.BadRequestErr(err, err.Error()),
|
||||||
errs.WithKeyVal("csr", csr),
|
errs.WithKeyVal("csr", csr),
|
||||||
|
@ -244,7 +245,7 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Sign
|
||||||
|
|
||||||
fullchain := append([]*x509.Certificate{resp.Certificate}, resp.CertificateChain...)
|
fullchain := append([]*x509.Certificate{resp.Certificate}, resp.CertificateChain...)
|
||||||
if err = a.storeCertificate(prov, fullchain); err != nil {
|
if err = a.storeCertificate(prov, fullchain); err != nil {
|
||||||
if err != db.ErrNotImplemented {
|
if !errors.Is(err, db.ErrNotImplemented) {
|
||||||
return nil, errs.Wrap(http.StatusInternalServerError, err,
|
return nil, errs.Wrap(http.StatusInternalServerError, err,
|
||||||
"authority.Sign; error storing certificate in db", opts...)
|
"authority.Sign; error storing certificate in db", opts...)
|
||||||
}
|
}
|
||||||
|
@ -362,7 +363,7 @@ func (a *Authority) Rekey(oldCert *x509.Certificate, pk crypto.PublicKey) ([]*x5
|
||||||
|
|
||||||
fullchain := append([]*x509.Certificate{resp.Certificate}, resp.CertificateChain...)
|
fullchain := append([]*x509.Certificate{resp.Certificate}, resp.CertificateChain...)
|
||||||
if err = a.storeRenewedCertificate(oldCert, fullchain); err != nil {
|
if err = a.storeRenewedCertificate(oldCert, fullchain); err != nil {
|
||||||
if err != db.ErrNotImplemented {
|
if !errors.Is(err, db.ErrNotImplemented) {
|
||||||
return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.Rekey; error storing certificate in db", opts...)
|
return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.Rekey; error storing certificate in db", opts...)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -542,12 +543,12 @@ func (a *Authority) Revoke(ctx context.Context, revokeOpts *RevokeOptions) error
|
||||||
// Save as revoked in the Db.
|
// Save as revoked in the Db.
|
||||||
err = a.revoke(revokedCert, rci)
|
err = a.revoke(revokedCert, rci)
|
||||||
}
|
}
|
||||||
switch err {
|
switch {
|
||||||
case nil:
|
case err == nil:
|
||||||
return nil
|
return nil
|
||||||
case db.ErrNotImplemented:
|
case errors.Is(err, db.ErrNotImplemented):
|
||||||
return errs.NotImplemented("authority.Revoke; no persistence layer configured", opts...)
|
return errs.NotImplemented("authority.Revoke; no persistence layer configured", opts...)
|
||||||
case db.ErrAlreadyExists:
|
case errors.Is(err, db.ErrAlreadyExists):
|
||||||
return errs.ApplyOptions(
|
return errs.ApplyOptions(
|
||||||
errs.BadRequest("certificate with serial number '%s' is already revoked", rci.Serial),
|
errs.BadRequest("certificate with serial number '%s' is already revoked", rci.Serial),
|
||||||
opts...,
|
opts...,
|
||||||
|
@ -667,7 +668,7 @@ func templatingError(err error) error {
|
||||||
)
|
)
|
||||||
if errors.As(err, &syntaxError) {
|
if errors.As(err, &syntaxError) {
|
||||||
// offset is arguably not super clear to the user, but it's the best we can do here
|
// offset is arguably not super clear to the user, but it's the best we can do here
|
||||||
cause = fmt.Errorf("%s at offset %d", cause.Error(), syntaxError.Offset)
|
cause = fmt.Errorf("%w at offset %d", cause, syntaxError.Offset)
|
||||||
} else if errors.As(err, &typeError) {
|
} else if errors.As(err, &typeError) {
|
||||||
// slightly rewriting the default error message to include the offset
|
// slightly rewriting the default error message to include the offset
|
||||||
cause = fmt.Errorf("cannot unmarshal %s at offset %d into Go value of type %s", typeError.Value, typeError.Offset, typeError.Type)
|
cause = fmt.Errorf("cannot unmarshal %s at offset %d into Go value of type %s", typeError.Value, typeError.Offset, typeError.Type)
|
||||||
|
|
|
@ -730,13 +730,13 @@ ZYtQ9Ot36qc=
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if assert.NotNil(t, tc.err, fmt.Sprintf("unexpected error: %s", err)) {
|
if assert.NotNil(t, tc.err, fmt.Sprintf("unexpected error: %s", err)) {
|
||||||
assert.Nil(t, certChain)
|
assert.Nil(t, certChain)
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
|
||||||
ctxErr, ok := err.(*errs.Error)
|
var ctxErr *errs.Error
|
||||||
assert.Fatal(t, ok, "error is not of type *errs.Error")
|
assert.Fatal(t, errors.As(err, &ctxErr), "error is not of type *errs.Error")
|
||||||
assert.Equals(t, ctxErr.Details["csr"], tc.csr)
|
assert.Equals(t, ctxErr.Details["csr"], tc.csr)
|
||||||
assert.Equals(t, ctxErr.Details["signOptions"], tc.signOpts)
|
assert.Equals(t, ctxErr.Details["signOptions"], tc.signOpts)
|
||||||
}
|
}
|
||||||
|
@ -929,13 +929,13 @@ func TestAuthority_Renew(t *testing.T) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if assert.NotNil(t, tc.err, fmt.Sprintf("unexpected error: %s", err)) {
|
if assert.NotNil(t, tc.err, fmt.Sprintf("unexpected error: %s", err)) {
|
||||||
assert.Nil(t, certChain)
|
assert.Nil(t, certChain)
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
|
||||||
ctxErr, ok := err.(*errs.Error)
|
var ctxErr *errs.Error
|
||||||
assert.Fatal(t, ok, "error is not of type *errs.Error")
|
assert.Fatal(t, errors.As(err, &ctxErr), "error is not of type *errs.Error")
|
||||||
assert.Equals(t, ctxErr.Details["serialNumber"], tc.cert.SerialNumber.String())
|
assert.Equals(t, ctxErr.Details["serialNumber"], tc.cert.SerialNumber.String())
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
@ -1136,13 +1136,13 @@ func TestAuthority_Rekey(t *testing.T) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if assert.NotNil(t, tc.err, fmt.Sprintf("unexpected error: %s", err)) {
|
if assert.NotNil(t, tc.err, fmt.Sprintf("unexpected error: %s", err)) {
|
||||||
assert.Nil(t, certChain)
|
assert.Nil(t, certChain)
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
|
||||||
ctxErr, ok := err.(*errs.Error)
|
var ctxErr *errs.Error
|
||||||
assert.Fatal(t, ok, "error is not of type *errs.Error")
|
assert.Fatal(t, errors.As(err, &ctxErr), "error is not of type *errs.Error")
|
||||||
assert.Equals(t, ctxErr.Details["serialNumber"], tc.cert.SerialNumber.String())
|
assert.Equals(t, ctxErr.Details["serialNumber"], tc.cert.SerialNumber.String())
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
@ -1566,13 +1566,13 @@ func TestAuthority_Revoke(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
if err := tc.auth.Revoke(tc.ctx, tc.opts); err != nil {
|
if err := tc.auth.Revoke(tc.ctx, tc.opts); err != nil {
|
||||||
if assert.NotNil(t, tc.err, fmt.Sprintf("unexpected error: %s", err)) {
|
if assert.NotNil(t, tc.err, fmt.Sprintf("unexpected error: %s", err)) {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tc.code)
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||||
|
|
||||||
ctxErr, ok := err.(*errs.Error)
|
var ctxErr *errs.Error
|
||||||
assert.Fatal(t, ok, "error is not of type *errs.Error")
|
assert.Fatal(t, errors.As(err, &ctxErr), "error is not of type *errs.Error")
|
||||||
assert.Equals(t, ctxErr.Details["serialNumber"], tc.opts.Serial)
|
assert.Equals(t, ctxErr.Details["serialNumber"], tc.opts.Serial)
|
||||||
assert.Equals(t, ctxErr.Details["reasonCode"], tc.opts.ReasonCode)
|
assert.Equals(t, ctxErr.Details["reasonCode"], tc.opts.ReasonCode)
|
||||||
assert.Equals(t, ctxErr.Details["reason"], tc.opts.Reason)
|
assert.Equals(t, ctxErr.Details["reason"], tc.opts.Reason)
|
||||||
|
|
|
@ -52,6 +52,7 @@ func NewACMEClient(endpoint string, contact []string, opts ...ClientOption) (*AC
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.Wrapf(err, "client GET %s failed", endpoint)
|
return nil, errors.Wrapf(err, "client GET %s failed", endpoint)
|
||||||
}
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
if resp.StatusCode >= 400 {
|
if resp.StatusCode >= 400 {
|
||||||
return nil, readACMEError(resp.Body)
|
return nil, readACMEError(resp.Body)
|
||||||
}
|
}
|
||||||
|
@ -80,6 +81,7 @@ func NewACMEClient(endpoint string, contact []string, opts ...ClientOption) (*AC
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
if resp.StatusCode >= 400 {
|
if resp.StatusCode >= 400 {
|
||||||
return nil, readACMEError(resp.Body)
|
return nil, readACMEError(resp.Body)
|
||||||
}
|
}
|
||||||
|
@ -111,6 +113,7 @@ func (c *ACMEClient) GetNonce() (string, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", errors.Wrapf(err, "client GET %s failed", c.dir.NewNonce)
|
return "", errors.Wrapf(err, "client GET %s failed", c.dir.NewNonce)
|
||||||
}
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
if resp.StatusCode >= 400 {
|
if resp.StatusCode >= 400 {
|
||||||
return "", readACMEError(resp.Body)
|
return "", readACMEError(resp.Body)
|
||||||
}
|
}
|
||||||
|
@ -198,6 +201,7 @@ func (c *ACMEClient) NewOrder(payload []byte) (*acme.Order, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
if resp.StatusCode >= 400 {
|
if resp.StatusCode >= 400 {
|
||||||
return nil, readACMEError(resp.Body)
|
return nil, readACMEError(resp.Body)
|
||||||
}
|
}
|
||||||
|
@ -218,6 +222,7 @@ func (c *ACMEClient) GetChallenge(url string) (*acme.Challenge, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
if resp.StatusCode >= 400 {
|
if resp.StatusCode >= 400 {
|
||||||
return nil, readACMEError(resp.Body)
|
return nil, readACMEError(resp.Body)
|
||||||
}
|
}
|
||||||
|
@ -237,6 +242,7 @@ func (c *ACMEClient) ValidateChallenge(url string) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
if resp.StatusCode >= 400 {
|
if resp.StatusCode >= 400 {
|
||||||
return readACMEError(resp.Body)
|
return readACMEError(resp.Body)
|
||||||
}
|
}
|
||||||
|
@ -262,6 +268,7 @@ func (c *ACMEClient) GetAuthz(url string) (*acme.Authorization, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
if resp.StatusCode >= 400 {
|
if resp.StatusCode >= 400 {
|
||||||
return nil, readACMEError(resp.Body)
|
return nil, readACMEError(resp.Body)
|
||||||
}
|
}
|
||||||
|
@ -279,6 +286,7 @@ func (c *ACMEClient) GetOrder(url string) (*acme.Order, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
if resp.StatusCode >= 400 {
|
if resp.StatusCode >= 400 {
|
||||||
return nil, readACMEError(resp.Body)
|
return nil, readACMEError(resp.Body)
|
||||||
}
|
}
|
||||||
|
@ -302,6 +310,7 @@ func (c *ACMEClient) FinalizeOrder(url string, csr *x509.CertificateRequest) err
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
if resp.StatusCode >= 400 {
|
if resp.StatusCode >= 400 {
|
||||||
return readACMEError(resp.Body)
|
return readACMEError(resp.Body)
|
||||||
}
|
}
|
||||||
|
@ -314,6 +323,7 @@ func (c *ACMEClient) GetCertificate(url string) (*x509.Certificate, []*x509.Cert
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, err
|
return nil, nil, err
|
||||||
}
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
if resp.StatusCode >= 400 {
|
if resp.StatusCode >= 400 {
|
||||||
return nil, nil, readACMEError(resp.Body)
|
return nil, nil, readACMEError(resp.Body)
|
||||||
}
|
}
|
||||||
|
@ -350,6 +360,7 @@ func (c *ACMEClient) GetAccountOrders() ([]string, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
if resp.StatusCode >= 400 {
|
if resp.StatusCode >= 400 {
|
||||||
return nil, readACMEError(resp.Body)
|
return nil, readACMEError(resp.Body)
|
||||||
}
|
}
|
||||||
|
|
|
@ -116,7 +116,6 @@ func (c *AdminClient) generateAdminToken(aud *url.URL) (string, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
return tok.SignedString(c.x5cJWK.Algorithm, c.x5cJWK.Key)
|
return tok.SignedString(c.x5cJWK.Algorithm, c.x5cJWK.Key)
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *AdminClient) retryOnError(r *http.Response) bool {
|
func (c *AdminClient) retryOnError(r *http.Response) bool {
|
||||||
|
|
|
@ -246,6 +246,7 @@ func TestBootstrapServerWithoutMTLS(t *testing.T) {
|
||||||
expected := &http.Server{
|
expected := &http.Server{
|
||||||
TLSConfig: got.TLSConfig,
|
TLSConfig: got.TLSConfig,
|
||||||
}
|
}
|
||||||
|
//nolint:govet // not comparing errors
|
||||||
if !reflect.DeepEqual(got, expected) {
|
if !reflect.DeepEqual(got, expected) {
|
||||||
t.Errorf("BootstrapServer() = %v, want %v", got, expected)
|
t.Errorf("BootstrapServer() = %v, want %v", got, expected)
|
||||||
}
|
}
|
||||||
|
@ -303,6 +304,7 @@ func TestBootstrapServerWithMTLS(t *testing.T) {
|
||||||
expected := &http.Server{
|
expected := &http.Server{
|
||||||
TLSConfig: got.TLSConfig,
|
TLSConfig: got.TLSConfig,
|
||||||
}
|
}
|
||||||
|
//nolint:govet // not comparing errors
|
||||||
if !reflect.DeepEqual(got, expected) {
|
if !reflect.DeepEqual(got, expected) {
|
||||||
t.Errorf("BootstrapServer() = %v, want %v", got, expected)
|
t.Errorf("BootstrapServer() = %v, want %v", got, expected)
|
||||||
}
|
}
|
||||||
|
|
4
ca/ca.go
4
ca/ca.go
|
@ -529,9 +529,9 @@ func (ca *CA) shouldServeSCEPEndpoints() bool {
|
||||||
return ca.auth.GetSCEPService() != nil
|
return ca.auth.GetSCEPService() != nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// nolint // ignore linters to allow keeping this function around for debugging
|
//nolint:unused,deadcode // useful for debugging
|
||||||
func dumpRoutes(mux chi.Routes) {
|
func dumpRoutes(mux chi.Routes) {
|
||||||
// helpful routine for logging all routes //
|
// helpful routine for logging all routes
|
||||||
walkFunc := func(method string, route string, handler http.Handler, middlewares ...func(http.Handler) http.Handler) error {
|
walkFunc := func(method string, route string, handler http.Handler, middlewares ...func(http.Handler) http.Handler) error {
|
||||||
fmt.Printf("%s %s\n", method, route)
|
fmt.Printf("%s %s\n", method, route)
|
||||||
return nil
|
return nil
|
||||||
|
|
21
ca/client.go
21
ca/client.go
|
@ -120,9 +120,7 @@ type clientOptions struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (o *clientOptions) apply(opts []ClientOption) (err error) {
|
func (o *clientOptions) apply(opts []ClientOption) (err error) {
|
||||||
if err = o.applyDefaultIdentity(); err != nil {
|
o.applyDefaultIdentity()
|
||||||
return
|
|
||||||
}
|
|
||||||
for _, fn := range opts {
|
for _, fn := range opts {
|
||||||
if err = fn(o); err != nil {
|
if err = fn(o); err != nil {
|
||||||
return
|
return
|
||||||
|
@ -133,26 +131,25 @@ func (o *clientOptions) apply(opts []ClientOption) (err error) {
|
||||||
|
|
||||||
// applyDefaultIdentity sets the options for the default identity if the
|
// applyDefaultIdentity sets the options for the default identity if the
|
||||||
// identity file is present. The identity is enabled by default.
|
// identity file is present. The identity is enabled by default.
|
||||||
func (o *clientOptions) applyDefaultIdentity() error {
|
func (o *clientOptions) applyDefaultIdentity() {
|
||||||
if DisableIdentity {
|
if DisableIdentity {
|
||||||
return nil
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Do not load an identity if something fails
|
// Do not load an identity if something fails
|
||||||
i, err := identity.LoadDefaultIdentity()
|
i, err := identity.LoadDefaultIdentity()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil
|
return
|
||||||
}
|
}
|
||||||
if err := i.Validate(); err != nil {
|
if err := i.Validate(); err != nil {
|
||||||
return nil
|
return
|
||||||
}
|
}
|
||||||
crt, err := i.TLSCertificate()
|
crt, err := i.TLSCertificate()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil
|
return
|
||||||
}
|
}
|
||||||
o.certificate = crt
|
o.certificate = crt
|
||||||
o.getClientCertificate = i.GetClientCertificateFunc()
|
o.getClientCertificate = i.GetClientCertificateFunc()
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// checkTransport checks if other ways to set up a transport have been provided.
|
// checkTransport checks if other ways to set up a transport have been provided.
|
||||||
|
@ -241,13 +238,13 @@ func WithTransport(tr http.RoundTripper) ClientOption {
|
||||||
}
|
}
|
||||||
|
|
||||||
// WithInsecure adds a insecure transport that bypasses TLS verification.
|
// WithInsecure adds a insecure transport that bypasses TLS verification.
|
||||||
// nolint:gosec // insecure option
|
|
||||||
func WithInsecure() ClientOption {
|
func WithInsecure() ClientOption {
|
||||||
return func(o *clientOptions) error {
|
return func(o *clientOptions) error {
|
||||||
o.transport = &http.Transport{
|
o.transport = &http.Transport{
|
||||||
Proxy: http.ProxyFromEnvironment,
|
Proxy: http.ProxyFromEnvironment,
|
||||||
TLSClientConfig: &tls.Config{
|
TLSClientConfig: &tls.Config{
|
||||||
MinVersion: tls.VersionTLS12,
|
MinVersion: tls.VersionTLS12,
|
||||||
|
//nolint:gosec // insecure option
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -1138,8 +1135,7 @@ retry:
|
||||||
}
|
}
|
||||||
var check api.SSHCheckPrincipalResponse
|
var check api.SSHCheckPrincipalResponse
|
||||||
if err := readJSON(resp.Body, &check); err != nil {
|
if err := readJSON(resp.Body, &check); err != nil {
|
||||||
return nil, errs.Wrapf(http.StatusInternalServerError, err, "error reading %s response",
|
return nil, errs.Wrapf(http.StatusInternalServerError, err, "error reading %s response", u)
|
||||||
[]interface{}{u, errs.WithMessage("Failed to parse response from /ssh/check-host endpoint")})
|
|
||||||
}
|
}
|
||||||
return &check, nil
|
return &check, nil
|
||||||
}
|
}
|
||||||
|
@ -1203,6 +1199,7 @@ func (c *Client) RootFingerprint() (string, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", errors.Wrapf(err, "client GET %s failed", u)
|
return "", errors.Wrapf(err, "client GET %s failed", u)
|
||||||
}
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
if resp.TLS == nil || len(resp.TLS.VerifiedChains) == 0 {
|
if resp.TLS == nil || len(resp.TLS.VerifiedChains) == 0 {
|
||||||
return "", errors.New("missing verified chains")
|
return "", errors.New("missing verified chains")
|
||||||
}
|
}
|
||||||
|
|
|
@ -519,7 +519,7 @@ func TestClient_Renew(t *testing.T) {
|
||||||
t.Errorf("Client.Renew() = %v, want nil", got)
|
t.Errorf("Client.Renew() = %v, want nil", got)
|
||||||
}
|
}
|
||||||
|
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.responseCode)
|
assert.Equals(t, sc.StatusCode(), tt.responseCode)
|
||||||
assert.HasPrefix(t, err.Error(), tt.err.Error())
|
assert.HasPrefix(t, err.Error(), tt.err.Error())
|
||||||
|
@ -587,7 +587,7 @@ func TestClient_RenewWithToken(t *testing.T) {
|
||||||
t.Errorf("Client.RenewWithToken() = %v, want nil", got)
|
t.Errorf("Client.RenewWithToken() = %v, want nil", got)
|
||||||
}
|
}
|
||||||
|
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.responseCode)
|
assert.Equals(t, sc.StatusCode(), tt.responseCode)
|
||||||
assert.HasPrefix(t, err.Error(), tt.err.Error())
|
assert.HasPrefix(t, err.Error(), tt.err.Error())
|
||||||
|
@ -656,7 +656,7 @@ func TestClient_Rekey(t *testing.T) {
|
||||||
t.Errorf("Client.Renew() = %v, want nil", got)
|
t.Errorf("Client.Renew() = %v, want nil", got)
|
||||||
}
|
}
|
||||||
|
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.responseCode)
|
assert.Equals(t, sc.StatusCode(), tt.responseCode)
|
||||||
assert.HasPrefix(t, err.Error(), tt.err.Error())
|
assert.HasPrefix(t, err.Error(), tt.err.Error())
|
||||||
|
@ -777,7 +777,7 @@ func TestClient_ProvisionerKey(t *testing.T) {
|
||||||
t.Errorf("Client.ProvisionerKey() = %v, want nil", got)
|
t.Errorf("Client.ProvisionerKey() = %v, want nil", got)
|
||||||
}
|
}
|
||||||
|
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.responseCode)
|
assert.Equals(t, sc.StatusCode(), tt.responseCode)
|
||||||
assert.HasPrefix(t, tt.err.Error(), err.Error())
|
assert.HasPrefix(t, tt.err.Error(), err.Error())
|
||||||
|
@ -836,7 +836,7 @@ func TestClient_Roots(t *testing.T) {
|
||||||
if got != nil {
|
if got != nil {
|
||||||
t.Errorf("Client.Roots() = %v, want nil", got)
|
t.Errorf("Client.Roots() = %v, want nil", got)
|
||||||
}
|
}
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.responseCode)
|
assert.Equals(t, sc.StatusCode(), tt.responseCode)
|
||||||
assert.HasPrefix(t, err.Error(), tt.err.Error())
|
assert.HasPrefix(t, err.Error(), tt.err.Error())
|
||||||
|
@ -894,7 +894,7 @@ func TestClient_Federation(t *testing.T) {
|
||||||
if got != nil {
|
if got != nil {
|
||||||
t.Errorf("Client.Federation() = %v, want nil", got)
|
t.Errorf("Client.Federation() = %v, want nil", got)
|
||||||
}
|
}
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.responseCode)
|
assert.Equals(t, sc.StatusCode(), tt.responseCode)
|
||||||
assert.HasPrefix(t, tt.err.Error(), err.Error())
|
assert.HasPrefix(t, tt.err.Error(), err.Error())
|
||||||
|
@ -956,7 +956,7 @@ func TestClient_SSHRoots(t *testing.T) {
|
||||||
if got != nil {
|
if got != nil {
|
||||||
t.Errorf("Client.SSHKeys() = %v, want nil", got)
|
t.Errorf("Client.SSHKeys() = %v, want nil", got)
|
||||||
}
|
}
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.responseCode)
|
assert.Equals(t, sc.StatusCode(), tt.responseCode)
|
||||||
assert.HasPrefix(t, tt.err.Error(), err.Error())
|
assert.HasPrefix(t, tt.err.Error(), err.Error())
|
||||||
|
@ -1118,7 +1118,7 @@ func TestClient_SSHBastion(t *testing.T) {
|
||||||
t.Errorf("Client.SSHBastion() = %v, want nil", got)
|
t.Errorf("Client.SSHBastion() = %v, want nil", got)
|
||||||
}
|
}
|
||||||
if tt.responseCode != 200 {
|
if tt.responseCode != 200 {
|
||||||
sc, ok := err.(render.StatusCodedError)
|
sc, ok := render.AsStatusCodedError(err)
|
||||||
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
||||||
assert.Equals(t, sc.StatusCode(), tt.responseCode)
|
assert.Equals(t, sc.StatusCode(), tt.responseCode)
|
||||||
assert.HasPrefix(t, err.Error(), tt.err.Error())
|
assert.HasPrefix(t, err.Error(), tt.err.Error())
|
||||||
|
|
|
@ -82,7 +82,6 @@ func LoadClient() (*Client, error) {
|
||||||
Transport: tr,
|
Transport: tr,
|
||||||
},
|
},
|
||||||
}, nil
|
}, nil
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type defaultsConfig struct {
|
type defaultsConfig struct {
|
||||||
|
|
|
@ -261,6 +261,7 @@ func (i *Identity) GetClientCertificateFunc() func(*tls.CertificateRequestInfo)
|
||||||
// GetCertPool returns a x509.CertPool if the identity defines a custom root.
|
// GetCertPool returns a x509.CertPool if the identity defines a custom root.
|
||||||
func (i *Identity) GetCertPool() (*x509.CertPool, error) {
|
func (i *Identity) GetCertPool() (*x509.CertPool, error) {
|
||||||
if i.Root == "" {
|
if i.Root == "" {
|
||||||
|
//nolint:nilnil // legacy
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
b, err := os.ReadFile(i.Root)
|
b, err := os.ReadFile(i.Root)
|
||||||
|
|
|
@ -182,19 +182,17 @@ func loadProvisionerJWKByKid(client *Client, kid string, password []byte) (*jose
|
||||||
// loadProvisionerJWKByName retrieves the list of provisioners and encrypted key then
|
// loadProvisionerJWKByName retrieves the list of provisioners and encrypted key then
|
||||||
// returns the key of the first provisioner with a matching name that can be successfully
|
// returns the key of the first provisioner with a matching name that can be successfully
|
||||||
// decrypted with the specified password.
|
// decrypted with the specified password.
|
||||||
func loadProvisionerJWKByName(client *Client, name string, password []byte) (key *jose.JSONWebKey, err error) {
|
func loadProvisionerJWKByName(client *Client, name string, password []byte) (*jose.JSONWebKey, error) {
|
||||||
provisioners, err := getProvisioners(client)
|
provisioners, err := getProvisioners(client)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
err = errors.Wrap(err, "error getting the provisioners")
|
return nil, errors.Wrap(err, "error getting the provisioners")
|
||||||
return
|
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, provisioner := range provisioners {
|
for _, provisioner := range provisioners {
|
||||||
if provisioner.GetName() == name {
|
if provisioner.GetName() == name {
|
||||||
if _, encryptedKey, ok := provisioner.GetEncryptedKey(); ok {
|
if _, encryptedKey, ok := provisioner.GetEncryptedKey(); ok {
|
||||||
key, err = decryptProvisionerJWK(encryptedKey, password)
|
if key, err := decryptProvisionerJWK(encryptedKey, password); err == nil {
|
||||||
if err == nil {
|
return key, nil
|
||||||
return
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
14
ca/tls.go
14
ca/tls.go
|
@ -105,8 +105,8 @@ func (c *Client) getClientTLSConfig(ctx context.Context, sign *api.SignResponse,
|
||||||
}
|
}
|
||||||
|
|
||||||
tr := getDefaultTransport(tlsConfig)
|
tr := getDefaultTransport(tlsConfig)
|
||||||
// Use mutable tls.Config on renew
|
//nolint:staticcheck // Use mutable tls.Config on renew
|
||||||
tr.DialTLS = c.buildDialTLS(tlsCtx) // nolint:staticcheck,gocritic
|
tr.DialTLS = c.buildDialTLS(tlsCtx)
|
||||||
// tr.DialTLSContext = c.buildDialTLSContext(tlsCtx)
|
// tr.DialTLSContext = c.buildDialTLSContext(tlsCtx)
|
||||||
renewer.RenewCertificate = getRenewFunc(tlsCtx, c, tr, pk)
|
renewer.RenewCertificate = getRenewFunc(tlsCtx, c, tr, pk)
|
||||||
|
|
||||||
|
@ -153,8 +153,8 @@ func (c *Client) GetServerTLSConfig(ctx context.Context, sign *api.SignResponse,
|
||||||
|
|
||||||
// Update renew function with transport
|
// Update renew function with transport
|
||||||
tr := getDefaultTransport(tlsConfig)
|
tr := getDefaultTransport(tlsConfig)
|
||||||
// Use mutable tls.Config on renew
|
//nolint:staticcheck // Use mutable tls.Config on renew
|
||||||
tr.DialTLS = c.buildDialTLS(tlsCtx) // nolint:staticcheck,gocritic
|
tr.DialTLS = c.buildDialTLS(tlsCtx)
|
||||||
// tr.DialTLSContext = c.buildDialTLSContext(tlsCtx)
|
// tr.DialTLSContext = c.buildDialTLSContext(tlsCtx)
|
||||||
renewer.RenewCertificate = getRenewFunc(tlsCtx, c, tr, pk)
|
renewer.RenewCertificate = getRenewFunc(tlsCtx, c, tr, pk)
|
||||||
|
|
||||||
|
@ -194,8 +194,7 @@ func (c *Client) buildDialTLS(ctx *TLSOptionCtx) func(network, addr string) (net
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// buildDialTLSContext returns an implementation of DialTLSContext callback in http.Transport.
|
//nolint:unused // buildDialTLSContext returns an implementation of DialTLSContext callback in http.Transport.
|
||||||
// nolint:unused,gocritic
|
|
||||||
func (c *Client) buildDialTLSContext(tlsCtx *TLSOptionCtx) func(ctx context.Context, network, addr string) (net.Conn, error) {
|
func (c *Client) buildDialTLSContext(tlsCtx *TLSOptionCtx) func(ctx context.Context, network, addr string) (net.Conn, error) {
|
||||||
return func(ctx context.Context, network, addr string) (net.Conn, error) {
|
return func(ctx context.Context, network, addr string) (net.Conn, error) {
|
||||||
d := getDefaultDialer()
|
d := getDefaultDialer()
|
||||||
|
@ -253,8 +252,7 @@ func TLSCertificate(sign *api.SignResponse, pk crypto.PrivateKey) (*tls.Certific
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// nolint:gocritic
|
//nolint:gocritic // using a new variable for clarity
|
||||||
// using a new variable for clarity
|
|
||||||
chain := append(certPEM, caPEM...)
|
chain := append(certPEM, caPEM...)
|
||||||
cert, err := tls.X509KeyPair(chain, keyPEM)
|
cert, err := tls.X509KeyPair(chain, keyPEM)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -59,9 +59,9 @@ func (t Type) String() string {
|
||||||
return strings.ToLower(string(t))
|
return strings.ToLower(string(t))
|
||||||
}
|
}
|
||||||
|
|
||||||
// ErrNotImplemented is the type of error returned if an operation is not
|
// ErrNotImplemented is the type of error returned if an operation is not implemented.
|
||||||
// implemented.
|
type ErrNotImplemented struct { //nolint:errname // ignore error name warning
|
||||||
type ErrNotImplemented struct {
|
|
||||||
Message string
|
Message string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -104,7 +104,7 @@ MHcCAQEEIN51Rgg6YcQVLeCRzumdw4pjM3VWqFIdCbnsV3Up1e/goAoGCCqGSM49
|
||||||
AwEHoUQDQgAEjJIcDhvvxi7gu4aFkiW/8+E3BfPhmhXU5RlDQusre+MHXc7XYMtk
|
AwEHoUQDQgAEjJIcDhvvxi7gu4aFkiW/8+E3BfPhmhXU5RlDQusre+MHXc7XYMtk
|
||||||
Lm6PXPeTF1DNdS21Ju1G/j1yUykGJOmxkg==
|
Lm6PXPeTF1DNdS21Ju1G/j1yUykGJOmxkg==
|
||||||
-----END EC PRIVATE KEY-----`
|
-----END EC PRIVATE KEY-----`
|
||||||
// nolint:unused,deadcode,gocritic
|
//nolint:unused,deadcode,gocritic,varcheck
|
||||||
testIntermediateKey = `-----BEGIN EC PRIVATE KEY-----
|
testIntermediateKey = `-----BEGIN EC PRIVATE KEY-----
|
||||||
MHcCAQEEIMMX/XkXGnRDD4fYu7Z4rHACdJn/iyOy2UTwsv+oZ0C+oAoGCCqGSM49
|
MHcCAQEEIMMX/XkXGnRDD4fYu7Z4rHACdJn/iyOy2UTwsv+oZ0C+oAoGCCqGSM49
|
||||||
AwEHoUQDQgAE8u6rGAFj5CZpdzzMogLwUyCMnp0X9wtv4OKDRcpzkYf9PU5GuGA6
|
AwEHoUQDQgAE8u6rGAFj5CZpdzzMogLwUyCMnp0X9wtv4OKDRcpzkYf9PU5GuGA6
|
||||||
|
@ -399,7 +399,7 @@ func TestNew_real(t *testing.T) {
|
||||||
if v, ok := os.LookupEnv("GOOGLE_APPLICATION_CREDENTIALS"); ok {
|
if v, ok := os.LookupEnv("GOOGLE_APPLICATION_CREDENTIALS"); ok {
|
||||||
os.Unsetenv("GOOGLE_APPLICATION_CREDENTIALS")
|
os.Unsetenv("GOOGLE_APPLICATION_CREDENTIALS")
|
||||||
t.Cleanup(func() {
|
t.Cleanup(func() {
|
||||||
os.Setenv("GOOGLE_APPLICATION_CREDENTIALS", v)
|
t.Setenv("GOOGLE_APPLICATION_CREDENTIALS", v)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -881,12 +881,12 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
fake.LROClient = client
|
fake.LROClient = client
|
||||||
|
|
||||||
// Configure mocks
|
// Configure mocks
|
||||||
any := gomock.Any()
|
anee := gomock.Any()
|
||||||
|
|
||||||
// ok root
|
// ok root
|
||||||
m.EXPECT().GetCaPool(any, any).Return(nil, status.Error(codes.NotFound, "not found"))
|
m.EXPECT().GetCaPool(anee, anee).Return(nil, status.Error(codes.NotFound, "not found"))
|
||||||
m.EXPECT().CreateCaPool(any, any).Return(fake.CreateCaPoolOperation("CreateCaPool"), nil)
|
m.EXPECT().CreateCaPool(anee, anee).Return(fake.CreateCaPoolOperation("CreateCaPool"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "CreateCaPool",
|
Name: "CreateCaPool",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -895,8 +895,8 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
})).(*anypb.Any),
|
})).(*anypb.Any),
|
||||||
},
|
},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
m.EXPECT().CreateCertificateAuthority(anee, anee).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "CreateCertificateAuthority",
|
Name: "CreateCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -906,8 +906,8 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
})).(*anypb.Any),
|
})).(*anypb.Any),
|
||||||
},
|
},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().EnableCertificateAuthority(any, any).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
|
m.EXPECT().EnableCertificateAuthority(anee, anee).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "EnableCertificateAuthority",
|
Name: "EnableCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -919,9 +919,9 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
}, nil)
|
}, nil)
|
||||||
|
|
||||||
// ok intermediate
|
// ok intermediate
|
||||||
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
m.EXPECT().GetCaPool(anee, anee).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
||||||
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
m.EXPECT().CreateCertificateAuthority(anee, anee).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "CreateCertificateAuthority",
|
Name: "CreateCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -930,15 +930,15 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
})).(*anypb.Any),
|
})).(*anypb.Any),
|
||||||
},
|
},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().FetchCertificateAuthorityCsr(any, any).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
m.EXPECT().FetchCertificateAuthorityCsr(anee, anee).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
||||||
PemCsr: testIntermediateCsr,
|
PemCsr: testIntermediateCsr,
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().CreateCertificate(any, any).Return(&pb.Certificate{
|
m.EXPECT().CreateCertificate(anee, anee).Return(&pb.Certificate{
|
||||||
PemCertificate: testIntermediateCertificate,
|
PemCertificate: testIntermediateCertificate,
|
||||||
PemCertificateChain: []string{testRootCertificate},
|
PemCertificateChain: []string{testRootCertificate},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().ActivateCertificateAuthority(any, any).Return(fake.ActivateCertificateAuthorityOperation("ActivateCertificateAuthority"), nil)
|
m.EXPECT().ActivateCertificateAuthority(anee, anee).Return(fake.ActivateCertificateAuthorityOperation("ActivateCertificateAuthority"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "ActivateCertificateAuthority",
|
Name: "ActivateCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -948,8 +948,8 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
})).(*anypb.Any),
|
})).(*anypb.Any),
|
||||||
},
|
},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().EnableCertificateAuthority(any, any).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
|
m.EXPECT().EnableCertificateAuthority(anee, anee).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "EnableCertificateAuthority",
|
Name: "EnableCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -961,9 +961,9 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
}, nil)
|
}, nil)
|
||||||
|
|
||||||
// ok intermediate local signer
|
// ok intermediate local signer
|
||||||
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
m.EXPECT().GetCaPool(anee, anee).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
||||||
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
m.EXPECT().CreateCertificateAuthority(anee, anee).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "CreateCertificateAuthority",
|
Name: "CreateCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -972,11 +972,11 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
})).(*anypb.Any),
|
})).(*anypb.Any),
|
||||||
},
|
},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().FetchCertificateAuthorityCsr(any, any).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
m.EXPECT().FetchCertificateAuthorityCsr(anee, anee).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
||||||
PemCsr: testIntermediateCsr,
|
PemCsr: testIntermediateCsr,
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().ActivateCertificateAuthority(any, any).Return(fake.ActivateCertificateAuthorityOperation("ActivateCertificateAuthority"), nil)
|
m.EXPECT().ActivateCertificateAuthority(anee, anee).Return(fake.ActivateCertificateAuthorityOperation("ActivateCertificateAuthority"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "ActivateCertificateAuthority",
|
Name: "ActivateCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -986,8 +986,8 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
})).(*anypb.Any),
|
})).(*anypb.Any),
|
||||||
},
|
},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().EnableCertificateAuthority(any, any).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
|
m.EXPECT().EnableCertificateAuthority(anee, anee).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "EnableCertificateAuthority",
|
Name: "EnableCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -999,9 +999,9 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
}, nil)
|
}, nil)
|
||||||
|
|
||||||
// ok create key
|
// ok create key
|
||||||
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
m.EXPECT().GetCaPool(anee, anee).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
||||||
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
m.EXPECT().CreateCertificateAuthority(anee, anee).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "CreateCertificateAuthority",
|
Name: "CreateCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -1011,8 +1011,8 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
})).(*anypb.Any),
|
})).(*anypb.Any),
|
||||||
},
|
},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().EnableCertificateAuthority(any, any).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
|
m.EXPECT().EnableCertificateAuthority(anee, anee).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "EnableCertificateAuthority",
|
Name: "EnableCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -1024,30 +1024,30 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
}, nil)
|
}, nil)
|
||||||
|
|
||||||
// fail GetCaPool
|
// fail GetCaPool
|
||||||
m.EXPECT().GetCaPool(any, any).Return(nil, errTest)
|
m.EXPECT().GetCaPool(anee, anee).Return(nil, errTest)
|
||||||
|
|
||||||
// fail CreateCaPool
|
// fail CreateCaPool
|
||||||
m.EXPECT().GetCaPool(any, any).Return(nil, status.Error(codes.NotFound, "not found"))
|
m.EXPECT().GetCaPool(anee, anee).Return(nil, status.Error(codes.NotFound, "not found"))
|
||||||
m.EXPECT().CreateCaPool(any, any).Return(nil, errTest)
|
m.EXPECT().CreateCaPool(anee, anee).Return(nil, errTest)
|
||||||
|
|
||||||
// fail CreateCaPool.Wait
|
// fail CreateCaPool.Wait
|
||||||
m.EXPECT().GetCaPool(any, any).Return(nil, status.Error(codes.NotFound, "not found"))
|
m.EXPECT().GetCaPool(anee, anee).Return(nil, status.Error(codes.NotFound, "not found"))
|
||||||
m.EXPECT().CreateCaPool(any, any).Return(fake.CreateCaPoolOperation("CreateCaPool"), nil)
|
m.EXPECT().CreateCaPool(anee, anee).Return(fake.CreateCaPoolOperation("CreateCaPool"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(nil, errTest)
|
mos.EXPECT().GetOperation(anee, anee).Return(nil, errTest)
|
||||||
|
|
||||||
// fail CreateCertificateAuthority
|
// fail CreateCertificateAuthority
|
||||||
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
m.EXPECT().GetCaPool(anee, anee).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
||||||
m.EXPECT().CreateCertificateAuthority(any, any).Return(nil, errTest)
|
m.EXPECT().CreateCertificateAuthority(anee, anee).Return(nil, errTest)
|
||||||
|
|
||||||
// fail CreateCertificateAuthority.Wait
|
// fail CreateCertificateAuthority.Wait
|
||||||
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
m.EXPECT().GetCaPool(anee, anee).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
||||||
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
m.EXPECT().CreateCertificateAuthority(anee, anee).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(nil, errTest)
|
mos.EXPECT().GetOperation(anee, anee).Return(nil, errTest)
|
||||||
|
|
||||||
// fail EnableCertificateAuthority
|
// fail EnableCertificateAuthority
|
||||||
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
m.EXPECT().GetCaPool(anee, anee).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
||||||
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
m.EXPECT().CreateCertificateAuthority(anee, anee).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "CreateCertificateAuthority",
|
Name: "CreateCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -1057,12 +1057,12 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
})).(*anypb.Any),
|
})).(*anypb.Any),
|
||||||
},
|
},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().EnableCertificateAuthority(any, any).Return(nil, errTest)
|
m.EXPECT().EnableCertificateAuthority(anee, anee).Return(nil, errTest)
|
||||||
|
|
||||||
// fail EnableCertificateAuthority.Wait
|
// fail EnableCertificateAuthority.Wait
|
||||||
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
m.EXPECT().GetCaPool(anee, anee).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
||||||
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
m.EXPECT().CreateCertificateAuthority(anee, anee).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "CreateCertificateAuthority",
|
Name: "CreateCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -1072,13 +1072,13 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
})).(*anypb.Any),
|
})).(*anypb.Any),
|
||||||
},
|
},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().EnableCertificateAuthority(any, any).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
|
m.EXPECT().EnableCertificateAuthority(anee, anee).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(nil, errTest)
|
mos.EXPECT().GetOperation(anee, anee).Return(nil, errTest)
|
||||||
|
|
||||||
// fail EnableCertificateAuthority intermediate
|
// fail EnableCertificateAuthority intermediate
|
||||||
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
m.EXPECT().GetCaPool(anee, anee).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
||||||
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
m.EXPECT().CreateCertificateAuthority(anee, anee).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "CreateCertificateAuthority",
|
Name: "CreateCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -1087,15 +1087,15 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
})).(*anypb.Any),
|
})).(*anypb.Any),
|
||||||
},
|
},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().FetchCertificateAuthorityCsr(any, any).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
m.EXPECT().FetchCertificateAuthorityCsr(anee, anee).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
||||||
PemCsr: testIntermediateCsr,
|
PemCsr: testIntermediateCsr,
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().CreateCertificate(any, any).Return(&pb.Certificate{
|
m.EXPECT().CreateCertificate(anee, anee).Return(&pb.Certificate{
|
||||||
PemCertificate: testIntermediateCertificate,
|
PemCertificate: testIntermediateCertificate,
|
||||||
PemCertificateChain: []string{testRootCertificate},
|
PemCertificateChain: []string{testRootCertificate},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().ActivateCertificateAuthority(any, any).Return(fake.ActivateCertificateAuthorityOperation("ActivateCertificateAuthority"), nil)
|
m.EXPECT().ActivateCertificateAuthority(anee, anee).Return(fake.ActivateCertificateAuthorityOperation("ActivateCertificateAuthority"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "ActivateCertificateAuthority",
|
Name: "ActivateCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -1105,12 +1105,12 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
})).(*anypb.Any),
|
})).(*anypb.Any),
|
||||||
},
|
},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().EnableCertificateAuthority(any, any).Return(nil, errTest)
|
m.EXPECT().EnableCertificateAuthority(anee, anee).Return(nil, errTest)
|
||||||
|
|
||||||
// fail EnableCertificateAuthority.Wait intermediate
|
// fail EnableCertificateAuthority.Wait intermediate
|
||||||
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
m.EXPECT().GetCaPool(anee, anee).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
||||||
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
m.EXPECT().CreateCertificateAuthority(anee, anee).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "CreateCertificateAuthority",
|
Name: "CreateCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -1119,15 +1119,15 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
})).(*anypb.Any),
|
})).(*anypb.Any),
|
||||||
},
|
},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().FetchCertificateAuthorityCsr(any, any).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
m.EXPECT().FetchCertificateAuthorityCsr(anee, anee).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
||||||
PemCsr: testIntermediateCsr,
|
PemCsr: testIntermediateCsr,
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().CreateCertificate(any, any).Return(&pb.Certificate{
|
m.EXPECT().CreateCertificate(anee, anee).Return(&pb.Certificate{
|
||||||
PemCertificate: testIntermediateCertificate,
|
PemCertificate: testIntermediateCertificate,
|
||||||
PemCertificateChain: []string{testRootCertificate},
|
PemCertificateChain: []string{testRootCertificate},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().ActivateCertificateAuthority(any, any).Return(fake.ActivateCertificateAuthorityOperation("ActivateCertificateAuthority"), nil)
|
m.EXPECT().ActivateCertificateAuthority(anee, anee).Return(fake.ActivateCertificateAuthorityOperation("ActivateCertificateAuthority"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "ActivateCertificateAuthority",
|
Name: "ActivateCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -1137,13 +1137,13 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
})).(*anypb.Any),
|
})).(*anypb.Any),
|
||||||
},
|
},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().EnableCertificateAuthority(any, any).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
|
m.EXPECT().EnableCertificateAuthority(anee, anee).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(nil, errTest)
|
mos.EXPECT().GetOperation(anee, anee).Return(nil, errTest)
|
||||||
|
|
||||||
// fail FetchCertificateAuthorityCsr
|
// fail FetchCertificateAuthorityCsr
|
||||||
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
m.EXPECT().GetCaPool(anee, anee).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
||||||
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
m.EXPECT().CreateCertificateAuthority(anee, anee).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "CreateCertificateAuthority",
|
Name: "CreateCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -1152,12 +1152,12 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
})).(*anypb.Any),
|
})).(*anypb.Any),
|
||||||
},
|
},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().FetchCertificateAuthorityCsr(any, any).Return(nil, errTest)
|
m.EXPECT().FetchCertificateAuthorityCsr(anee, anee).Return(nil, errTest)
|
||||||
|
|
||||||
// fail CreateCertificate
|
// fail CreateCertificate
|
||||||
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
m.EXPECT().GetCaPool(anee, anee).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
||||||
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
m.EXPECT().CreateCertificateAuthority(anee, anee).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "CreateCertificateAuthority",
|
Name: "CreateCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -1166,15 +1166,15 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
})).(*anypb.Any),
|
})).(*anypb.Any),
|
||||||
},
|
},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().FetchCertificateAuthorityCsr(any, any).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
m.EXPECT().FetchCertificateAuthorityCsr(anee, anee).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
||||||
PemCsr: testIntermediateCsr,
|
PemCsr: testIntermediateCsr,
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().CreateCertificate(any, any).Return(nil, errTest)
|
m.EXPECT().CreateCertificate(anee, anee).Return(nil, errTest)
|
||||||
|
|
||||||
// fail ActivateCertificateAuthority
|
// fail ActivateCertificateAuthority
|
||||||
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
m.EXPECT().GetCaPool(anee, anee).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
||||||
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
m.EXPECT().CreateCertificateAuthority(anee, anee).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "CreateCertificateAuthority",
|
Name: "CreateCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -1183,19 +1183,19 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
})).(*anypb.Any),
|
})).(*anypb.Any),
|
||||||
},
|
},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().FetchCertificateAuthorityCsr(any, any).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
m.EXPECT().FetchCertificateAuthorityCsr(anee, anee).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
||||||
PemCsr: testIntermediateCsr,
|
PemCsr: testIntermediateCsr,
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().CreateCertificate(any, any).Return(&pb.Certificate{
|
m.EXPECT().CreateCertificate(anee, anee).Return(&pb.Certificate{
|
||||||
PemCertificate: testIntermediateCertificate,
|
PemCertificate: testIntermediateCertificate,
|
||||||
PemCertificateChain: []string{testRootCertificate},
|
PemCertificateChain: []string{testRootCertificate},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().ActivateCertificateAuthority(any, any).Return(nil, errTest)
|
m.EXPECT().ActivateCertificateAuthority(anee, anee).Return(nil, errTest)
|
||||||
|
|
||||||
// fail ActivateCertificateAuthority.Wait
|
// fail ActivateCertificateAuthority.Wait
|
||||||
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
m.EXPECT().GetCaPool(anee, anee).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
||||||
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
m.EXPECT().CreateCertificateAuthority(anee, anee).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "CreateCertificateAuthority",
|
Name: "CreateCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -1204,20 +1204,20 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
})).(*anypb.Any),
|
})).(*anypb.Any),
|
||||||
},
|
},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().FetchCertificateAuthorityCsr(any, any).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
m.EXPECT().FetchCertificateAuthorityCsr(anee, anee).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
||||||
PemCsr: testIntermediateCsr,
|
PemCsr: testIntermediateCsr,
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().CreateCertificate(any, any).Return(&pb.Certificate{
|
m.EXPECT().CreateCertificate(anee, anee).Return(&pb.Certificate{
|
||||||
PemCertificate: testIntermediateCertificate,
|
PemCertificate: testIntermediateCertificate,
|
||||||
PemCertificateChain: []string{testRootCertificate},
|
PemCertificateChain: []string{testRootCertificate},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().ActivateCertificateAuthority(any, any).Return(fake.ActivateCertificateAuthorityOperation("ActivateCertificateAuthority"), nil)
|
m.EXPECT().ActivateCertificateAuthority(anee, anee).Return(fake.ActivateCertificateAuthorityOperation("ActivateCertificateAuthority"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(nil, errTest)
|
mos.EXPECT().GetOperation(anee, anee).Return(nil, errTest)
|
||||||
|
|
||||||
// fail x509util.CreateCertificate
|
// fail x509util.CreateCertificate
|
||||||
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
m.EXPECT().GetCaPool(anee, anee).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
||||||
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
m.EXPECT().CreateCertificateAuthority(anee, anee).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "CreateCertificateAuthority",
|
Name: "CreateCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -1226,14 +1226,14 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
})).(*anypb.Any),
|
})).(*anypb.Any),
|
||||||
},
|
},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().FetchCertificateAuthorityCsr(any, any).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
m.EXPECT().FetchCertificateAuthorityCsr(anee, anee).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
||||||
PemCsr: testIntermediateCsr,
|
PemCsr: testIntermediateCsr,
|
||||||
}, nil)
|
}, nil)
|
||||||
|
|
||||||
// fail parseCertificateRequest
|
// fail parseCertificateRequest
|
||||||
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
m.EXPECT().GetCaPool(anee, anee).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
||||||
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
m.EXPECT().CreateCertificateAuthority(anee, anee).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
||||||
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
mos.EXPECT().GetOperation(anee, anee).Return(&longrunningpb.Operation{
|
||||||
Name: "CreateCertificateAuthority",
|
Name: "CreateCertificateAuthority",
|
||||||
Done: true,
|
Done: true,
|
||||||
Result: &longrunningpb.Operation_Response{
|
Result: &longrunningpb.Operation_Response{
|
||||||
|
@ -1242,7 +1242,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||||
})).(*anypb.Any),
|
})).(*anypb.Any),
|
||||||
},
|
},
|
||||||
}, nil)
|
}, nil)
|
||||||
m.EXPECT().FetchCertificateAuthorityCsr(any, any).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
m.EXPECT().FetchCertificateAuthorityCsr(anee, anee).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
||||||
PemCsr: "Not a CSR",
|
PemCsr: "Not a CSR",
|
||||||
}, nil)
|
}, nil)
|
||||||
|
|
||||||
|
|
|
@ -215,7 +215,6 @@ func (c *SoftCAS) getCertSigner() ([]*x509.Certificate, crypto.Signer, error) {
|
||||||
return c.CertificateSigner()
|
return c.CertificateSigner()
|
||||||
}
|
}
|
||||||
return c.CertificateChain, c.Signer, nil
|
return c.CertificateChain, c.Signer, nil
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// createKey uses the configured kms to create a key.
|
// createKey uses the configured kms to create a key.
|
||||||
|
|
|
@ -261,9 +261,6 @@ func TestSoftCAS_CreateCertificate(t *testing.T) {
|
||||||
tmplNotBefore := *testTemplate
|
tmplNotBefore := *testTemplate
|
||||||
tmplNotBefore.NotBefore = testNow
|
tmplNotBefore.NotBefore = testNow
|
||||||
|
|
||||||
tmplNotAfter := *testTemplate
|
|
||||||
tmplNotAfter.NotAfter = testNow.Add(24 * time.Hour)
|
|
||||||
|
|
||||||
tmplWithLifetime := *testTemplate
|
tmplWithLifetime := *testTemplate
|
||||||
tmplWithLifetime.NotBefore = testNow
|
tmplWithLifetime.NotBefore = testNow
|
||||||
tmplWithLifetime.NotAfter = testNow.Add(24 * time.Hour)
|
tmplWithLifetime.NotAfter = testNow.Add(24 * time.Hour)
|
||||||
|
|
|
@ -196,7 +196,7 @@ To get a linked authority token:
|
||||||
}
|
}
|
||||||
|
|
||||||
go ca.StopReloaderHandler(srv)
|
go ca.StopReloaderHandler(srv)
|
||||||
if err = srv.Run(); err != nil && err != http.ErrServerClosed {
|
if err = srv.Run(); err != nil && !errors.Is(err, http.ErrServerClosed) {
|
||||||
fatal(err)
|
fatal(err)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -97,6 +97,7 @@ func onboardAction(ctx *cli.Context) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "error connecting onboarding guide")
|
return errors.Wrap(err, "error connecting onboarding guide")
|
||||||
}
|
}
|
||||||
|
defer res.Body.Close()
|
||||||
if res.StatusCode >= 400 {
|
if res.StatusCode >= 400 {
|
||||||
var msg onboardingError
|
var msg onboardingError
|
||||||
if err := readJSON(res.Body, &msg); err != nil {
|
if err := readJSON(res.Body, &msg); err != nil {
|
||||||
|
@ -158,7 +159,7 @@ func onboardAction(ctx *cli.Context) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
go ca.StopReloaderHandler(srv)
|
go ca.StopReloaderHandler(srv)
|
||||||
if err := srv.Run(); err != nil && err != http.ErrServerClosed {
|
if err := srv.Run(); err != nil && !errors.Is(err, http.ErrServerClosed) {
|
||||||
fatal(err)
|
fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -92,7 +92,8 @@ func Wrap(status int, e error, m string, args ...interface{}) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
_, opts := splitOptionArgs(args)
|
_, opts := splitOptionArgs(args)
|
||||||
if err, ok := e.(*Error); ok {
|
var err *Error
|
||||||
|
if ok := errors.As(e, &err); ok {
|
||||||
err.Err = errors.Wrap(err.Err, m)
|
err.Err = errors.Wrap(err.Err, m)
|
||||||
e = err
|
e = err
|
||||||
} else {
|
} else {
|
||||||
|
@ -108,7 +109,8 @@ func Wrapf(status int, e error, format string, args ...interface{}) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
as, opts := splitOptionArgs(args)
|
as, opts := splitOptionArgs(args)
|
||||||
if err, ok := e.(*Error); ok {
|
var err *Error
|
||||||
|
if ok := errors.As(e, &err); ok {
|
||||||
err.Err = errors.Wrapf(err.Err, format, args...)
|
err.Err = errors.Wrapf(err.Err, format, args...)
|
||||||
e = err
|
e = err
|
||||||
} else {
|
} else {
|
||||||
|
@ -141,6 +143,7 @@ func (e *Error) UnmarshalJSON(data []byte) error {
|
||||||
|
|
||||||
// Format implements the fmt.Formatter interface.
|
// Format implements the fmt.Formatter interface.
|
||||||
func (e *Error) Format(f fmt.State, c rune) {
|
func (e *Error) Format(f fmt.State, c rune) {
|
||||||
|
//nolint:errorlint // ignore type assertion warning. casting to interface is hard.
|
||||||
if err, ok := e.Err.(fmt.Formatter); ok {
|
if err, ok := e.Err.(fmt.Formatter); ok {
|
||||||
err.Format(f, c)
|
err.Format(f, c)
|
||||||
return
|
return
|
||||||
|
@ -246,11 +249,12 @@ func New(status int, format string, args ...interface{}) error {
|
||||||
|
|
||||||
// NewError creates a new http error with the given error and message.
|
// NewError creates a new http error with the given error and message.
|
||||||
func NewError(status int, err error, format string, args ...interface{}) error {
|
func NewError(status int, err error, format string, args ...interface{}) error {
|
||||||
if _, ok := err.(*Error); ok {
|
var e *Error
|
||||||
|
if errors.As(err, &e) {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
msg := fmt.Sprintf(format, args...)
|
msg := fmt.Sprintf(format, args...)
|
||||||
if _, ok := err.(log.StackTracedError); !ok {
|
if _, ok := log.AsStackTracedError(err); !ok {
|
||||||
err = errors.Wrap(err, msg)
|
err = errors.Wrap(err, msg)
|
||||||
}
|
}
|
||||||
return &Error{
|
return &Error{
|
||||||
|
@ -263,16 +267,13 @@ func NewError(status int, err error, format string, args ...interface{}) error {
|
||||||
// NewErr returns a new Error. If the given error implements the StatusCoder
|
// NewErr returns a new Error. If the given error implements the StatusCoder
|
||||||
// interface we will ignore the given status.
|
// interface we will ignore the given status.
|
||||||
func NewErr(status int, err error, opts ...Option) error {
|
func NewErr(status int, err error, opts ...Option) error {
|
||||||
var (
|
var e *Error
|
||||||
e *Error
|
if !errors.As(err, &e) {
|
||||||
ok bool
|
if sc, ok := render.AsStatusCodedError(err); ok {
|
||||||
)
|
|
||||||
if e, ok = err.(*Error); !ok {
|
|
||||||
if sc, ok := err.(render.StatusCodedError); ok {
|
|
||||||
e = &Error{Status: sc.StatusCode(), Err: err}
|
e = &Error{Status: sc.StatusCode(), Err: err}
|
||||||
} else {
|
} else {
|
||||||
cause := errors.Cause(err)
|
cause := errors.Cause(err)
|
||||||
if sc, ok := cause.(render.StatusCodedError); ok {
|
if sc, ok := render.AsStatusCodedError(cause); ok {
|
||||||
e = &Error{Status: sc.StatusCode(), Err: err}
|
e = &Error{Status: sc.StatusCode(), Err: err}
|
||||||
} else {
|
} else {
|
||||||
e = &Error{Status: status, Err: err}
|
e = &Error{Status: status, Err: err}
|
||||||
|
@ -299,7 +300,8 @@ func Errorf(code int, format string, args ...interface{}) error {
|
||||||
// ApplyOptions applies the given options to the error if is the type *Error.
|
// ApplyOptions applies the given options to the error if is the type *Error.
|
||||||
// TODO(mariano): try to get rid of this.
|
// TODO(mariano): try to get rid of this.
|
||||||
func ApplyOptions(err error, opts ...interface{}) error {
|
func ApplyOptions(err error, opts ...interface{}) error {
|
||||||
if e, ok := err.(*Error); ok {
|
var e *Error
|
||||||
|
if ok := errors.As(err, &e); ok {
|
||||||
_, o := splitOptionArgs(opts)
|
_, o := splitOptionArgs(opts)
|
||||||
for _, fn := range o {
|
for _, fn := range o {
|
||||||
fn(e)
|
fn(e)
|
||||||
|
|
|
@ -57,6 +57,7 @@ func TestError_UnmarshalJSON(t *testing.T) {
|
||||||
if err := e.UnmarshalJSON(tt.args.data); (err != nil) != tt.wantErr {
|
if err := e.UnmarshalJSON(tt.args.data); (err != nil) != tt.wantErr {
|
||||||
t.Errorf("Error.UnmarshalJSON() error = %v, wantErr %v", err, tt.wantErr)
|
t.Errorf("Error.UnmarshalJSON() error = %v, wantErr %v", err, tt.wantErr)
|
||||||
}
|
}
|
||||||
|
//nolint:govet // best option
|
||||||
if !reflect.DeepEqual(tt.expected, e) {
|
if !reflect.DeepEqual(tt.expected, e) {
|
||||||
t.Errorf("Error.UnmarshalJSON() wants = %+v, got %+v", tt.expected, e)
|
t.Errorf("Error.UnmarshalJSON() wants = %+v, got %+v", tt.expected, e)
|
||||||
}
|
}
|
||||||
|
|
|
@ -389,7 +389,7 @@ func New(o apiv1.Options, opts ...Option) (*PKI, error) {
|
||||||
if port == "443" || p.options.isHelm {
|
if port == "443" || p.options.isHelm {
|
||||||
p.Defaults.CaUrl = fmt.Sprintf("https://%s", p.Defaults.CaUrl)
|
p.Defaults.CaUrl = fmt.Sprintf("https://%s", p.Defaults.CaUrl)
|
||||||
} else {
|
} else {
|
||||||
p.Defaults.CaUrl = fmt.Sprintf("https://%s:%s", p.Defaults.CaUrl, port)
|
p.Defaults.CaUrl = fmt.Sprintf("https://%s", net.JoinHostPort(p.Defaults.CaUrl, port))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -73,7 +73,6 @@ func (e *NamePolicyError) Detail() string {
|
||||||
// TODO(hs): implement matching URI schemes, paths, etc; not just the domain part of URI domains
|
// TODO(hs): implement matching URI schemes, paths, etc; not just the domain part of URI domains
|
||||||
|
|
||||||
type NamePolicyEngine struct {
|
type NamePolicyEngine struct {
|
||||||
|
|
||||||
// verifySubjectCommonName is set when Subject Common Name must be verified
|
// verifySubjectCommonName is set when Subject Common Name must be verified
|
||||||
verifySubjectCommonName bool
|
verifySubjectCommonName bool
|
||||||
// allowLiteralWildcardNames allows literal wildcard DNS domains
|
// allowLiteralWildcardNames allows literal wildcard DNS domains
|
||||||
|
@ -107,7 +106,6 @@ type NamePolicyEngine struct {
|
||||||
|
|
||||||
// NewNamePolicyEngine creates a new NamePolicyEngine with NamePolicyOptions
|
// NewNamePolicyEngine creates a new NamePolicyEngine with NamePolicyOptions
|
||||||
func New(opts ...NamePolicyOption) (*NamePolicyEngine, error) {
|
func New(opts ...NamePolicyOption) (*NamePolicyEngine, error) {
|
||||||
|
|
||||||
e := &NamePolicyEngine{}
|
e := &NamePolicyEngine{}
|
||||||
for _, option := range opts {
|
for _, option := range opts {
|
||||||
if err := option(e); err != nil {
|
if err := option(e); err != nil {
|
||||||
|
@ -153,7 +151,6 @@ func New(opts ...NamePolicyOption) (*NamePolicyEngine, error) {
|
||||||
// duplicate values removed. It retains the order of elements
|
// duplicate values removed. It retains the order of elements
|
||||||
// in the source slice.
|
// in the source slice.
|
||||||
func removeDuplicates(items []string) (ret []string) {
|
func removeDuplicates(items []string) (ret []string) {
|
||||||
|
|
||||||
// no need to remove dupes; return original
|
// no need to remove dupes; return original
|
||||||
if len(items) <= 1 {
|
if len(items) <= 1 {
|
||||||
return items
|
return items
|
||||||
|
@ -179,7 +176,6 @@ func removeDuplicates(items []string) (ret []string) {
|
||||||
// the source slice. An IPNet is considered duplicate if its CIDR
|
// the source slice. An IPNet is considered duplicate if its CIDR
|
||||||
// notation exists multiple times in the slice.
|
// notation exists multiple times in the slice.
|
||||||
func removeDuplicateIPNets(items []*net.IPNet) (ret []*net.IPNet) {
|
func removeDuplicateIPNets(items []*net.IPNet) (ret []*net.IPNet) {
|
||||||
|
|
||||||
// no need to remove dupes; return original
|
// no need to remove dupes; return original
|
||||||
if len(items) <= 1 {
|
if len(items) <= 1 {
|
||||||
return items
|
return items
|
||||||
|
|
|
@ -8,6 +8,7 @@ package policy
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
@ -21,7 +22,6 @@ import (
|
||||||
|
|
||||||
// validateNames verifies that all names are allowed.
|
// validateNames verifies that all names are allowed.
|
||||||
func (e *NamePolicyEngine) validateNames(dnsNames []string, ips []net.IP, emailAddresses []string, uris []*url.URL, principals []string) error {
|
func (e *NamePolicyEngine) validateNames(dnsNames []string, ips []net.IP, emailAddresses []string, uris []*url.URL, principals []string) error {
|
||||||
|
|
||||||
// nothing to compare against; return early
|
// nothing to compare against; return early
|
||||||
if e.totalNumberOfConstraints == 0 {
|
if e.totalNumberOfConstraints == 0 {
|
||||||
return nil
|
return nil
|
||||||
|
@ -182,7 +182,6 @@ func (e *NamePolicyEngine) validateNames(dnsNames []string, ips []net.IP, emailA
|
||||||
|
|
||||||
// validateCommonName verifies that the Subject Common Name is allowed
|
// validateCommonName verifies that the Subject Common Name is allowed
|
||||||
func (e *NamePolicyEngine) validateCommonName(commonName string) error {
|
func (e *NamePolicyEngine) validateCommonName(commonName string) error {
|
||||||
|
|
||||||
// nothing to compare against; return early
|
// nothing to compare against; return early
|
||||||
if e.totalNumberOfConstraints == 0 {
|
if e.totalNumberOfConstraints == 0 {
|
||||||
return nil
|
return nil
|
||||||
|
@ -212,7 +211,8 @@ func (e *NamePolicyEngine) validateCommonName(commonName string) error {
|
||||||
|
|
||||||
err := e.validateNames(dnsNames, ips, emails, uris, []string{})
|
err := e.validateNames(dnsNames, ips, emails, uris, []string{})
|
||||||
|
|
||||||
if pe, ok := err.(*NamePolicyError); ok {
|
var pe *NamePolicyError
|
||||||
|
if errors.As(err, &pe) {
|
||||||
// override the name type with CN
|
// override the name type with CN
|
||||||
pe.NameType = CNNameType
|
pe.NameType = CNNameType
|
||||||
}
|
}
|
||||||
|
@ -229,7 +229,6 @@ func checkNameConstraints(
|
||||||
parsedName interface{},
|
parsedName interface{},
|
||||||
match func(parsedName, constraint interface{}) (match bool, err error),
|
match func(parsedName, constraint interface{}) (match bool, err error),
|
||||||
permitted, excluded interface{}) error {
|
permitted, excluded interface{}) error {
|
||||||
|
|
||||||
excludedValue := reflect.ValueOf(excluded)
|
excludedValue := reflect.ValueOf(excluded)
|
||||||
|
|
||||||
for i := 0; i < excludedValue.Len(); i++ {
|
for i := 0; i < excludedValue.Len(); i++ {
|
||||||
|
@ -552,7 +551,6 @@ func (e *NamePolicyEngine) matchDomainConstraint(domain, constraint string) (boo
|
||||||
|
|
||||||
// SOURCE: https://cs.opensource.google/go/go/+/refs/tags/go1.17.5:src/crypto/x509/verify.go
|
// SOURCE: https://cs.opensource.google/go/go/+/refs/tags/go1.17.5:src/crypto/x509/verify.go
|
||||||
func matchIPConstraint(ip net.IP, constraint *net.IPNet) (bool, error) {
|
func matchIPConstraint(ip net.IP, constraint *net.IPNet) (bool, error) {
|
||||||
|
|
||||||
// TODO(hs): this is code from Go library, but I got some unexpected result:
|
// TODO(hs): this is code from Go library, but I got some unexpected result:
|
||||||
// with permitted net 127.0.0.0/24, 127.0.0.1 is NOT allowed. When parsing 127.0.0.1 as net.IP
|
// with permitted net 127.0.0.0/24, 127.0.0.1 is NOT allowed. When parsing 127.0.0.1 as net.IP
|
||||||
// which is in the IPAddresses slice, the underlying length is 16. The contraint.IP has a length
|
// which is in the IPAddresses slice, the underlying length is 16. The contraint.IP has a length
|
||||||
|
|
|
@ -350,7 +350,6 @@ func formatCapabilities(caps []string) []byte {
|
||||||
|
|
||||||
// writeResponse writes a SCEP response back to the SCEP client.
|
// writeResponse writes a SCEP response back to the SCEP client.
|
||||||
func writeResponse(w http.ResponseWriter, res Response) {
|
func writeResponse(w http.ResponseWriter, res Response) {
|
||||||
|
|
||||||
if res.Error != nil {
|
if res.Error != nil {
|
||||||
log.Error(w, res.Error)
|
log.Error(w, res.Error)
|
||||||
}
|
}
|
||||||
|
|
|
@ -71,7 +71,6 @@ type SignAuthority interface {
|
||||||
|
|
||||||
// New returns a new Authority that implements the SCEP interface.
|
// New returns a new Authority that implements the SCEP interface.
|
||||||
func New(signAuth SignAuthority, ops AuthorityOptions) (*Authority, error) {
|
func New(signAuth SignAuthority, ops AuthorityOptions) (*Authority, error) {
|
||||||
|
|
||||||
authority := &Authority{
|
authority := &Authority{
|
||||||
prefix: ops.Prefix,
|
prefix: ops.Prefix,
|
||||||
dns: ops.DNS,
|
dns: ops.DNS,
|
||||||
|
@ -145,7 +144,6 @@ func (a *Authority) getLinkExplicit(provisionerName string, abs bool, baseURL *u
|
||||||
|
|
||||||
// GetCACertificates returns the certificate (chain) for the CA
|
// GetCACertificates returns the certificate (chain) for the CA
|
||||||
func (a *Authority) GetCACertificates(ctx context.Context) ([]*x509.Certificate, error) {
|
func (a *Authority) GetCACertificates(ctx context.Context) ([]*x509.Certificate, error) {
|
||||||
|
|
||||||
// TODO: this should return: the "SCEP Server (RA)" certificate, the issuing CA up to and excl. the root
|
// TODO: this should return: the "SCEP Server (RA)" certificate, the issuing CA up to and excl. the root
|
||||||
// Some clients do need the root certificate however; also see: https://github.com/openxpki/openxpki/issues/73
|
// Some clients do need the root certificate however; also see: https://github.com/openxpki/openxpki/issues/73
|
||||||
//
|
//
|
||||||
|
@ -385,7 +383,6 @@ func (a *Authority) SignCSR(ctx context.Context, csr *x509.CertificateRequest, m
|
||||||
|
|
||||||
// CreateFailureResponse creates an appropriately signed reply for PKI operations
|
// CreateFailureResponse creates an appropriately signed reply for PKI operations
|
||||||
func (a *Authority) CreateFailureResponse(ctx context.Context, csr *x509.CertificateRequest, msg *PKIMessage, info FailInfoName, infoText string) (*PKIMessage, error) {
|
func (a *Authority) CreateFailureResponse(ctx context.Context, csr *x509.CertificateRequest, msg *PKIMessage, info FailInfoName, infoText string) (*PKIMessage, error) {
|
||||||
|
|
||||||
config := pkcs7.SignerInfoConfig{
|
config := pkcs7.SignerInfoConfig{
|
||||||
ExtraSignedAttributes: []pkcs7.Attribute{
|
ExtraSignedAttributes: []pkcs7.Attribute{
|
||||||
{
|
{
|
||||||
|
@ -471,7 +468,6 @@ func (a *Authority) MatchChallengePassword(ctx context.Context, password string)
|
||||||
|
|
||||||
// GetCACaps returns the CA capabilities
|
// GetCACaps returns the CA capabilities
|
||||||
func (a *Authority) GetCACaps(ctx context.Context) []string {
|
func (a *Authority) GetCACaps(ctx context.Context) []string {
|
||||||
|
|
||||||
p, err := provisionerFromContext(ctx)
|
p, err := provisionerFromContext(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return defaultCapabilities
|
return defaultCapabilities
|
||||||
|
|
|
@ -20,7 +20,6 @@ type Options struct {
|
||||||
|
|
||||||
// Validate checks the fields in Options.
|
// Validate checks the fields in Options.
|
||||||
func (o *Options) Validate() error {
|
func (o *Options) Validate() error {
|
||||||
|
|
||||||
if o.CertificateChain == nil {
|
if o.CertificateChain == nil {
|
||||||
return errors.New("certificate chain not configured correctly")
|
return errors.New("certificate chain not configured correctly")
|
||||||
}
|
}
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue