mirror of
https://github.com/smallstep/certificates.git
synced 2024-10-31 03:20:16 +00:00
Return a typed error
This commit is contained in:
parent
6686f0437d
commit
495494ce8f
@ -10,12 +10,13 @@ import (
|
||||
var oidExtensionNameConstraints = []int{2, 5, 29, 30}
|
||||
|
||||
type ConstraintError struct {
|
||||
Type string
|
||||
Name string
|
||||
Type string
|
||||
Name string
|
||||
Detail string
|
||||
}
|
||||
|
||||
func (e ConstraintError) Error() string {
|
||||
return fmt.Sprintf("%s %q is not allowed", e.Type, e.Name)
|
||||
return e.Detail
|
||||
}
|
||||
|
||||
type service struct {
|
||||
@ -74,7 +75,8 @@ func (s *service) Validate(dnsNames []string, ipAddresses []*net.IP, emailAddres
|
||||
if err := checkNameConstraints("IP address", ip.String(), ip, s.permittedIPRanges, s.excludedIPRanges,
|
||||
func(parsedName, constraint any) (bool, error) {
|
||||
return matchIPConstraint(parsedName.(net.IP), constraint.(*net.IPNet))
|
||||
}); err != nil {
|
||||
},
|
||||
); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
@ -97,7 +99,8 @@ func (s *service) Validate(dnsNames []string, ipAddresses []*net.IP, emailAddres
|
||||
if err := checkNameConstraints("URI", uri.String(), uri, s.permittedURIDomains, s.excludedURIDomains,
|
||||
func(parsedName, constraint any) (bool, error) {
|
||||
return matchURIConstraint(parsedName.(*url.URL), constraint.(string))
|
||||
}); err != nil {
|
||||
},
|
||||
); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
@ -43,11 +43,19 @@ func checkNameConstraints(nameType string, name string, parsedName any, permitte
|
||||
constraint := excludedValue.Index(i).Interface()
|
||||
match, err := match(parsedName, constraint)
|
||||
if err != nil {
|
||||
return err
|
||||
return ConstraintError{
|
||||
Type: nameType,
|
||||
Name: name,
|
||||
Detail: err.Error(),
|
||||
}
|
||||
}
|
||||
|
||||
if match {
|
||||
return fmt.Errorf("%s %q is excluded by constraint %q", nameType, name, constraint)
|
||||
return ConstraintError{
|
||||
Type: nameType,
|
||||
Name: name,
|
||||
Detail: fmt.Sprintf("%s %q is excluded by constraint %q", nameType, name, constraint),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -60,14 +68,22 @@ func checkNameConstraints(nameType string, name string, parsedName any, permitte
|
||||
for i := 0; i < permittedValue.Len(); i++ {
|
||||
constraint := permittedValue.Index(i).Interface()
|
||||
if ok, err = match(parsedName, constraint); err != nil {
|
||||
return err
|
||||
return ConstraintError{
|
||||
Type: nameType,
|
||||
Name: name,
|
||||
Detail: err.Error(),
|
||||
}
|
||||
}
|
||||
if ok {
|
||||
break
|
||||
}
|
||||
}
|
||||
if !ok {
|
||||
return fmt.Errorf("%s %q is not permitted by any constraint", nameType, name)
|
||||
return ConstraintError{
|
||||
Type: nameType,
|
||||
Name: name,
|
||||
Detail: fmt.Sprintf("%s %q is not permitted by any constraint", nameType, name),
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
|
Loading…
Reference in New Issue
Block a user