Add special handling for *json.UnmarshalTypeError

This commit is contained in:
Herman Slatman 2022-01-12 11:15:39 +01:00
parent 0475a4d26f
commit a3cf6bac36
No known key found for this signature in database
GPG Key ID: F4D8A44EA0A75A4F
5 changed files with 58 additions and 7 deletions

View File

@ -172,8 +172,12 @@ func TestAuthority_SignSSH(t *testing.T) {
SSH: &provisioner.SSHOptions{Template: `{{ fail "an error"}}`}, SSH: &provisioner.SSHOptions{Template: `{{ fail "an error"}}`},
}, sshutil.CreateTemplateData(sshutil.UserCert, "key-id", []string{"user"})) }, sshutil.CreateTemplateData(sshutil.UserCert, "key-id", []string{"user"}))
assert.FatalError(t, err) assert.FatalError(t, err)
userFailTemplateFile, err := provisioner.TemplateSSHOptions(&provisioner.Options{ userJSONSyntaxErrorTemplateFile, err := provisioner.TemplateSSHOptions(&provisioner.Options{
SSH: &provisioner.SSHOptions{TemplateFile: "./testdata/templates/badjson.tpl"}, SSH: &provisioner.SSHOptions{TemplateFile: "./testdata/templates/badjsonsyntax.tpl"},
}, sshutil.CreateTemplateData(sshutil.UserCert, "key-id", []string{"user"}))
assert.FatalError(t, err)
userJSONValueErrorTemplateFile, err := provisioner.TemplateSSHOptions(&provisioner.Options{
SSH: &provisioner.SSHOptions{TemplateFile: "./testdata/templates/badjsonvalue.tpl"},
}, sshutil.CreateTemplateData(sshutil.UserCert, "key-id", []string{"user"})) }, sshutil.CreateTemplateData(sshutil.UserCert, "key-id", []string{"user"}))
assert.FatalError(t, err) assert.FatalError(t, err)
@ -226,7 +230,8 @@ func TestAuthority_SignSSH(t *testing.T) {
{"fail-no-host-key", fields{signer, nil}, args{pub, provisioner.SignSSHOptions{CertType: "host"}, []provisioner.SignOption{hostTemplate}}, want{}, true}, {"fail-no-host-key", fields{signer, nil}, args{pub, provisioner.SignSSHOptions{CertType: "host"}, []provisioner.SignOption{hostTemplate}}, want{}, true},
{"fail-bad-type", fields{signer, nil}, args{pub, provisioner.SignSSHOptions{}, []provisioner.SignOption{userTemplate, sshTestModifier{CertType: 100}}}, want{}, true}, {"fail-bad-type", fields{signer, nil}, args{pub, provisioner.SignSSHOptions{}, []provisioner.SignOption{userTemplate, sshTestModifier{CertType: 100}}}, want{}, true},
{"fail-custom-template", fields{signer, signer}, args{pub, provisioner.SignSSHOptions{}, []provisioner.SignOption{userFailTemplate, userOptions}}, want{}, true}, {"fail-custom-template", fields{signer, signer}, args{pub, provisioner.SignSSHOptions{}, []provisioner.SignOption{userFailTemplate, userOptions}}, want{}, true},
{"fail-custom-template-file", fields{signer, signer}, args{pub, provisioner.SignSSHOptions{}, []provisioner.SignOption{userFailTemplateFile, userOptions}}, want{}, true}, {"fail-custom-template-syntax-error-file", fields{signer, signer}, args{pub, provisioner.SignSSHOptions{}, []provisioner.SignOption{userJSONSyntaxErrorTemplateFile, userOptions}}, want{}, true},
{"fail-custom-template-syntax-value-file", fields{signer, signer}, args{pub, provisioner.SignSSHOptions{}, []provisioner.SignOption{userJSONValueErrorTemplateFile, userOptions}}, want{}, true},
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {

View File

@ -0,0 +1,10 @@
{
"subject": 1,
"sans": {{ toJson .SANs }},
{{- if typeIs "*rsa.PublicKey" .Insecure.CR.PublicKey }}
"keyUsage": ["keyEncipherment", "digitalSignature"],
{{- else }}
"keyUsage": ["digitalSignature"],
{{- end }}
"extKeyUsage": ["serverAuth", "clientAuth"]
}

View File

@ -566,10 +566,17 @@ func (a *Authority) GetTLSCertificate() (*tls.Certificate, error) {
// this to the error message. // this to the error message.
func templatingError(err error) error { func templatingError(err error) error {
cause := errors.Cause(err) cause := errors.Cause(err)
var syntaxError *json.SyntaxError var (
syntaxError *json.SyntaxError
typeError *json.UnmarshalTypeError
)
if errors.As(err, &syntaxError) { if errors.As(err, &syntaxError) {
// offset is arguably not super clear to the user, but it's the best we can do here // offset is arguably not super clear to the user, but it's the best we can do here
cause = fmt.Errorf("%s at offset %d", cause.Error(), syntaxError.Offset) cause = fmt.Errorf("%s at offset %d", cause.Error(), syntaxError.Offset)
} }
if errors.As(err, &typeError) {
// slightly rewriting the default error message to include the offset
cause = fmt.Errorf("cannot unmarshal %s at offset %d into Go value of type %s", typeError.Value, typeError.Offset, typeError.Type)
}
return errors.Wrap(cause, "error applying certificate template") return errors.Wrap(cause, "error applying certificate template")
} }

View File

@ -396,7 +396,7 @@ ZYtQ9Ot36qc=
code: http.StatusBadRequest, code: http.StatusBadRequest,
} }
}, },
"fail bad JSON template file": func(t *testing.T) *signTest { "fail bad JSON syntax template file": func(t *testing.T) *signTest {
csr := getCSR(t, priv) csr := getCSR(t, priv)
testAuthority := testAuthority(t) testAuthority := testAuthority(t)
p, ok := testAuthority.provisioners.Load("step-cli:4UELJx8e0aS9m0CH3fZ0EB7D5aUPICb759zALHFejvc") p, ok := testAuthority.provisioners.Load("step-cli:4UELJx8e0aS9m0CH3fZ0EB7D5aUPICb759zALHFejvc")
@ -405,7 +405,7 @@ ZYtQ9Ot36qc=
} }
p.(*provisioner.JWK).Options = &provisioner.Options{ p.(*provisioner.JWK).Options = &provisioner.Options{
X509: &provisioner.X509Options{ X509: &provisioner.X509Options{
TemplateFile: "./testdata/templates/badjson.tpl", TemplateFile: "./testdata/templates/badjsonsyntax.tpl",
}, },
} }
testExtraOpts, err := testAuthority.Authorize(ctx, token) testExtraOpts, err := testAuthority.Authorize(ctx, token)
@ -421,7 +421,36 @@ ZYtQ9Ot36qc=
csr: csr, csr: csr,
extraOpts: testExtraOpts, extraOpts: testExtraOpts,
signOpts: signOpts, signOpts: signOpts,
err: errors.New("error applying certificate template"), err: errors.New("error applying certificate template: invalid character"),
code: http.StatusInternalServerError,
}
},
"fail bad JSON value template file": func(t *testing.T) *signTest {
csr := getCSR(t, priv)
testAuthority := testAuthority(t)
p, ok := testAuthority.provisioners.Load("step-cli:4UELJx8e0aS9m0CH3fZ0EB7D5aUPICb759zALHFejvc")
if !ok {
t.Fatal("provisioner not found")
}
p.(*provisioner.JWK).Options = &provisioner.Options{
X509: &provisioner.X509Options{
TemplateFile: "./testdata/templates/badjsonvalue.tpl",
},
}
testExtraOpts, err := testAuthority.Authorize(ctx, token)
assert.FatalError(t, err)
testAuthority.db = &db.MockAuthDB{
MStoreCertificate: func(crt *x509.Certificate) error {
assert.Equals(t, crt.Subject.CommonName, "smallstep test")
return nil
},
}
return &signTest{
auth: testAuthority,
csr: csr,
extraOpts: testExtraOpts,
signOpts: signOpts,
err: errors.New("error applying certificate template: cannot unmarshal"),
code: http.StatusInternalServerError, code: http.StatusInternalServerError,
} }
}, },