simplify error handling

fixes #6 Signed-off-by: Aleksandar Pesic <peske.nis@gmail.com>
author: Aleksandar Pesic <peske.nis@gmail.com> 2022-12-04 21:48:20 +0100
committer: jwijenbergh <jeroenwijenbergh@protonmail.com> 2022-12-12 13:26:51 +0100
commit: 3ac1d35257b56cca92ad0eb7f4d18abb366cf105 (patch)
tree: 432db14d1f92a252518f371be420fa0d3ef044c8 /internal/verify/verify.go
parent: 37bca013bd4405548b274ac473acf959ad661ee6 (diff)
1 files changed, 17 insertions, 127 deletions
diff --git a/internal/verify/verify.go b/internal/verify/verify.go
index 55b82b6..cd74a2b 100644
--- a/internal/verify/verify.go
+++ b/internal/verify/verify.go
@@ -1,10 +1,10 @@
-// package verify implement signature verification using minisign
+// Package verify implement signature verification using minisign
 package verify
 
 import (
 	"fmt"
 
-	"github.com/eduvpn/eduvpn-common/types"
+	"github.com/go-errors/errors"
 	"github.com/jedisct1/go-minisign"
 )
 
@@ -31,7 +31,7 @@ func Verify(
 		"RWRtBSX1alxyGX+Xn3LuZnWUT0w//B6EmTJvgaAxBMYzlQeI+jdrO6KF", // fkooman@tuxed.net, kolla@uninett.no
 		"RWQKqtqvd0R7rUDp0rWzbtYPA3towPWcLDCl7eY9pBMMI/ohCmrS0WiM", // RoSp
 	}
-	valid, err := verifyWithKeys(
+	return verifyWithKeys(
 		signatureFileContent,
 		signedJSON,
 		expectedFileName,
@@ -39,10 +39,6 @@ func Verify(
 		keyStrs,
 		forcePrehash,
 	)
-	if err != nil {
-		return valid, types.NewWrappedError("failed signature verify", err)
-	}
-	return valid, nil
 }
 
 // verifyWithKeys verifies the Minisign signature in signatureFileContent (minisig file format) over the server_list/organization_list JSON in signedJSON.
@@ -67,23 +63,21 @@ func verifyWithKeys(
 	case "server_list.json", "organization_list.json":
 		break
 	default:
-		return false, &UnknownExpectedFilenameError{
-			Filename: filename,
-			Expected: "server_list.json or organization_list.json",
-		}
+		return false, errors.Errorf(
+			"invalid filename '%s'; expected 'server_list.json' or 'organization_list.json'",
+			filename)
 	}
 
 	sig, err := minisign.DecodeSignature(signatureFileContent)
 	if err != nil {
-		return false, &InvalidSignatureFormatError{Err: err}
+		return false, errors.WrapPrefix(err, "invalid signature format", 0)
 	}
 
 	// Check if signature is prehashed, see https://jedisct1.github.io/minisign/#signature-format
 	if forcePrehash && sig.SignatureAlgorithm != [2]byte{'E', 'D'} {
-		return false, &InvalidSignatureAlgorithmError{
-			Algorithm:       string(sig.SignatureAlgorithm[:]),
-			WantedAlgorithm: "ED (BLAKE2b-prehashed EdDSA)",
-		}
+		return false, errors.Errorf(
+			"invalid signature algorithm '%s'; expected `ED (BLAKE2b-prehashed EdDSA)`",
+			sig.SignatureAlgorithm[:])
 	}
 
 	// Find allowed key used for signature
@@ -91,7 +85,7 @@ func verifyWithKeys(
 		key, err := minisign.NewPublicKey(keyStr)
 		if err != nil {
 			// Should only happen if Verify is wrong or extraKey is invalid
-			return false, &CreatePublicKeyError{PublicKey: keyStr, Err: err}
+			return false, errors.WrapPrefix(err, fmt.Sprintf("failed to create public key '%s'", keyStr), 0)
 		}
 
 		if sig.KeyId != key.KeyId {
@@ -100,7 +94,7 @@ func verifyWithKeys(
 
 		valid, err := key.Verify(signedJSON, sig)
 		if !valid {
-			return false, &InvalidSignatureError{Err: err}
+			return false, errors.WrapPrefix(err, "invalid signature", 0)
 		}
 
 		// Parse trusted comment
@@ -114,125 +108,21 @@ func verifyWithKeys(
 			&sigFileName,
 		)
 		if err != nil {
-			return false, &InvalidTrustedCommentError{
-				TrustedComment: sig.TrustedComment,
-				Err:            err,
-			}
+			return false, errors.WrapPrefix(err, fmt.Sprintf("invalid trusted comment '%s'", sig.TrustedComment), 0)
 		}
 
 		if sigFileName != filename {
-			return false, &WrongSigFilenameError{Filename: filename, SigFilename: sigFileName}
+			return false, errors.Errorf("wrong filename '%s'; expected filename '%s' for signature",
+				filename, sigFileName)
 		}
 
 		if signTime < minSignTime {
-			return false, &SigTimeEarlierError{SigTime: signTime, MinSigTime: minSignTime}
+			return false, errors.Errorf("sign time %d is before sign tim: %d", signTime, minSignTime)
 		}
 
 		return true, nil
 	}
 
 	// No matching allowed key found
-	return false, &UnknownKeyError{Filename: filename}
-}
-
-type UnknownExpectedFilenameError struct {
-	Filename string
-	Expected string
-}
-
-func (e *UnknownExpectedFilenameError) Error() string {
-	return fmt.Sprintf("invalid filename: %s, expected: %s", e.Filename, e.Expected)
-}
-
-type InvalidSignatureFormatError struct {
-	Err error
-}
-
-func (e *InvalidSignatureFormatError) Error() string {
-	return fmt.Sprintf("invalid signature format with error: %v", e.Err)
-}
-
-func (e *InvalidSignatureFormatError) Unwrap() error {
-	return e.Err
-}
-
-type InvalidSignatureAlgorithmError struct {
-	Algorithm       string
-	WantedAlgorithm string
-}
-
-func (e *InvalidSignatureAlgorithmError) Error() string {
-	return fmt.Sprintf(
-		"invalid signature algorithm: %s, wanted: %s",
-		e.Algorithm,
-		e.WantedAlgorithm,
-	)
-}
-
-type CreatePublicKeyError struct {
-	PublicKey string
-	Err       error
-}
-
-func (e *CreatePublicKeyError) Error() string {
-	return fmt.Sprintf("failed to create public key: %s with error: %v", e.PublicKey, e.Err)
-}
-
-func (e *CreatePublicKeyError) Unwrap() error {
-	return e.Err
-}
-
-type InvalidSignatureError struct {
-	Err error
-}
-
-func (e *InvalidSignatureError) Error() string {
-	return fmt.Sprintf("invalid signature with error: %v", e.Err)
-}
-
-func (e *InvalidSignatureError) Unwrap() error {
-	return e.Err
-}
-
-type InvalidTrustedCommentError struct {
-	TrustedComment string
-	Err            error
-}
-
-func (e *InvalidTrustedCommentError) Error() string {
-	return fmt.Sprintf("invalid trusted comment: %s with error: %v", e.TrustedComment, e.Err)
-}
-
-func (e *InvalidTrustedCommentError) Unwrap() error {
-	return e.Err
-}
-
-type WrongSigFilenameError struct {
-	Filename    string
-	SigFilename string
-}
-
-func (e *WrongSigFilenameError) Error() string {
-	return fmt.Sprintf(
-		"wrong filename: %s, expected filename: %s for signature",
-		e.Filename,
-		e.SigFilename,
-	)
-}
-
-type SigTimeEarlierError struct {
-	SigTime    uint64
-	MinSigTime uint64
-}
-
-func (e *SigTimeEarlierError) Error() string {
-	return fmt.Sprintf("Sign time: %d is earlier than sign time: %d", e.SigTime, e.MinSigTime)
-}
-
-type UnknownKeyError struct {
-	Filename string
-}
-
-func (e *UnknownKeyError) Error() string {
-	return fmt.Sprintf("signature for filename: %s was created with an unknown key", e.Filename)
+	return false, errors.Errorf("signature for filename '%s' was created with an unknown key", filename)
 }
author	Aleksandar Pesic <peske.nis@gmail.com>	2022-12-04 21:48:20 +0100
committer	jwijenbergh <jeroenwijenbergh@protonmail.com>	2022-12-12 13:26:51 +0100
commit	3ac1d35257b56cca92ad0eb7f4d18abb366cf105 (patch)
tree	432db14d1f92a252518f371be420fa0d3ef044c8 /internal/verify/verify.go
parent	37bca013bd4405548b274ac473acf959ad661ee6 (diff)