diff --git a/authority/provisioner/sign_options_test.go b/authority/provisioner/sign_options_test.go index cf8f7a54..32b8e3c6 100644 --- a/authority/provisioner/sign_options_test.go +++ b/authority/provisioner/sign_options_test.go @@ -77,12 +77,12 @@ func Test_defaultPublicKeyValidator_Valid(t *testing.T) { { "fail/unrecognized-key-type", &x509.CertificateRequest{PublicKey: "foo"}, - errors.New("unrecognized public key of type 'string' in CSR"), + errors.New("certificate request key of type 'string' is not supported"), }, { "fail/rsa/too-short", shortRSA, - errors.New("rsa key in CSR must be at least 2048 bits (256 bytes)"), + errors.New("certificate request RSA key must be at least 2048 bits (256 bytes)"), }, { "ok/rsa", @@ -303,14 +303,14 @@ func Test_defaultSANsValidator_Valid(t *testing.T) { return test{ csr: &x509.CertificateRequest{EmailAddresses: []string{"max@fx.com", "mariano@fx.com"}}, expectedSANs: []string{"dcow@fx.com"}, - err: errors.New("certificate request does not contain the valid Email Addresses"), + err: errors.New("certificate request does not contain the valid email addresses"), } }, "fail/ipAddressesValidator": func() test { return test{ csr: &x509.CertificateRequest{IPAddresses: []net.IP{net.ParseIP("1.1.1.1"), net.ParseIP("127.0.0.1")}}, expectedSANs: []string{"127.0.0.1"}, - err: errors.New("IP Addresses claim failed"), + err: errors.New("certificate request does not contain the valid IP addresses"), } }, "fail/urisValidator": func() test { @@ -321,7 +321,7 @@ func Test_defaultSANsValidator_Valid(t *testing.T) { return test{ csr: &x509.CertificateRequest{URIs: []*url.URL{u1, u2}}, expectedSANs: []string{"urn:uuid:ddfe62ba-7e99-4bc1-83b3-8f57fe3e9959"}, - err: errors.New("URIs claim failed"), + err: errors.New("certificate request does not contain the valid URIs"), } }, "ok": func() test { @@ -512,7 +512,7 @@ func Test_forceCN_Option(t *testing.T) { Subject: pkix.Name{}, DNSNames: []string{}, }, - err: errors.New("Cannot force CN, DNSNames is empty"), + err: errors.New("cannot force common name, DNS names is empty"), } }, } diff --git a/authority/tls_test.go b/authority/tls_test.go index 03beb5c1..e61025a6 100644 --- a/authority/tls_test.go +++ b/authority/tls_test.go @@ -323,7 +323,7 @@ func TestAuthority_Sign(t *testing.T) { extraOpts: extraOpts, signOpts: signOpts, err: errors.New("authority.Sign: certificate request does not contain the valid DNS names - got [test.smallstep.com smallstep test], want [test.smallstep.com]"), - code: http.StatusUnauthorized, + code: http.StatusBadRequest, } }, "fail rsa key too short": func(t *testing.T) *signTest { @@ -348,8 +348,8 @@ ZYtQ9Ot36qc= csr: csr, extraOpts: extraOpts, signOpts: signOpts, - err: errors.New("authority.Sign: rsa key in CSR must be at least 2048 bits (256 bytes)"), - code: http.StatusUnauthorized, + err: errors.New("authority.Sign: certificate request RSA key must be at least 2048 bits (256 bytes)"), + code: http.StatusForbidden, } }, "fail store cert in db": func(t *testing.T) *signTest { diff --git a/ca/ca_test.go b/ca/ca_test.go index 1271659a..05dca027 100644 --- a/ca/ca_test.go +++ b/ca/ca_test.go @@ -200,8 +200,8 @@ ZEp7knvU2psWRw== return &signTest{ ca: ca, body: string(body), - status: http.StatusUnauthorized, - errMsg: errs.UnauthorizedDefaultMsg, + status: http.StatusBadRequest, + errMsg: errs.BadRequestPrefix, } }, "ok": func(t *testing.T) *signTest {