diff --git a/acme/challenge.go b/acme/challenge.go index 74c92ed3..f0ed726a 100644 --- a/acme/challenge.go +++ b/acme/challenge.go @@ -414,7 +414,7 @@ func deviceAttest01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose // Note: We might want to use an external service for this. if data.UDID != ch.Value && data.SerialNumber != ch.Value { subproblem := NewSubproblemWithIdentifier( - ErrorMalformedType, + ErrorRejectedIdentifierType, Identifier{Type: "permanent-identifier", Value: ch.Value}, "challenge identifier %q doesn't match any of the attested hardware identifiers %s", ch.Value, []string{data.UDID, data.SerialNumber}, ) @@ -442,7 +442,7 @@ func deviceAttest01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose // Note: We might want to use an external service for this. if data.SerialNumber != ch.Value { subproblem := NewSubproblemWithIdentifier( - ErrorMalformedType, + ErrorRejectedIdentifierType, Identifier{Type: "permanent-identifier", Value: ch.Value}, "challenge identifier %q doesn't match the attested hardware identifier %q", ch.Value, data.SerialNumber, ) @@ -472,11 +472,11 @@ func deviceAttest01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose // still fail if the challenge value isn't equal to the CSR subject. if len(data.PermanentIdentifiers) > 0 && !slices.Contains(data.PermanentIdentifiers, ch.Value) { // TODO(hs): add support for HardwareModuleName subproblem := NewSubproblemWithIdentifier( - ErrorMalformedType, + ErrorRejectedIdentifierType, Identifier{Type: "permanent-identifier", Value: ch.Value}, - "challenge identifier %q doesn't match any of the attested hardware identifiers %q", ch.Value, data.PermanentIdentifiers, + "challenge identifier %q doesn't match any of the attested hardware identifiers %s", ch.Value, data.PermanentIdentifiers, ) - return storeError(ctx, db, ch, true, NewError(ErrorRejectedIdentifierType, "permanent identifier does not match").WithAdditionalErrorDetail().AddSubproblems(subproblem)) + return storeError(ctx, db, ch, true, NewError(ErrorBadAttestationStatementType, "permanent identifier does not match").WithAdditionalErrorDetail().AddSubproblems(subproblem)) } // Update attestation key fingerprint to compare against the CSR diff --git a/acme/challenge_test.go b/acme/challenge_test.go index e489aac7..2fe3653e 100644 --- a/acme/challenge_test.go +++ b/acme/challenge_test.go @@ -3626,7 +3626,7 @@ func Test_deviceAttest01Validate(t *testing.T) { assert.Equal(t, "non-matching-value", updch.Value) subproblem := NewSubproblemWithIdentifier( - ErrorMalformedType, + ErrorRejectedIdentifierType, Identifier{Type: "permanent-identifier", Value: "non-matching-value"}, `challenge identifier "non-matching-value" doesn't match any of the attested hardware identifiers [udid serial-number]`, ) @@ -3760,7 +3760,7 @@ func Test_deviceAttest01Validate(t *testing.T) { err := NewError(ErrorBadAttestationStatementType, "permanent identifier does not match"). WithAdditionalErrorDetail(). AddSubproblems(NewSubproblemWithIdentifier( - ErrorMalformedType, + ErrorRejectedIdentifierType, Identifier{Type: "permanent-identifier", Value: "12345678"}, "challenge identifier \"12345678\" doesn't match the attested hardware identifier \"87654321\"", )) diff --git a/acme/challenge_tpmsimulator_test.go b/acme/challenge_tpmsimulator_test.go index 18a87e2a..96381b80 100644 --- a/acme/challenge_tpmsimulator_test.go +++ b/acme/challenge_tpmsimulator_test.go @@ -282,12 +282,12 @@ func Test_deviceAttest01ValidateWithTPMSimulator(t *testing.T) { assert.Equal(t, ChallengeType("device-attest-01"), updch.Type) assert.Equal(t, "device.id.99999999", updch.Value) - err := NewError(ErrorRejectedIdentifierType, `permanent identifier does not match`). + err := NewError(ErrorBadAttestationStatementType, `permanent identifier does not match`). WithAdditionalErrorDetail(). AddSubproblems(NewSubproblemWithIdentifier( - ErrorMalformedType, + ErrorRejectedIdentifierType, Identifier{Type: "permanent-identifier", Value: "device.id.99999999"}, - `challenge identifier "device.id.99999999" doesn't match any of the attested hardware identifiers ["device.id.12345678"]`, + `challenge identifier "device.id.99999999" doesn't match any of the attested hardware identifiers [device.id.12345678]`, )) assert.EqualError(t, updch.Error.Err, err.Err.Error())