Refactor: Errors to have one custom type that is to be wrapped

- For this an `internal/types` package is created with a custom error type
- This custom error type can give back the cause and traceback of an error

1 files changed, 21 insertions, 0 deletions

diff --git a/internal/verify/verify.go b/internal/verify/verify.go
index 2d53b2e..b159297 100644
--- a/internal/verify/verify.go
+++ b/internal/verify/verify.go
@@ -6,6 +6,7 @@ import (
 	"os"
 
 	"github.com/jedisct1/go-minisign"
+	"github.com/jwijenbergh/eduvpn-common/internal/types"
 )
 
 // getKeys returns keys taken from https://git.sr.ht/~eduvpn/disco.eduvpn.org#public-keys.
@@ -28,16 +29,19 @@ func getKeys() []string {
 //
 // Verify is a wrapper around verifyWithKeys where allowedPublicKeys is set to the list from https://git.sr.ht/~eduvpn/disco.eduvpn.org#public-keys.
 func Verify(signatureFileContent string, signedJson []byte, expectedFileName string, minSignTime uint64, forcePrehash bool) (bool, error) {
+	errorMessage := "failed signature verify"
 	keyStrs := getKeys()
 	if extraKey != "" {
 		keyStrs = append(keyStrs, extraKey)
 		_, err := fmt.Fprintf(os.Stderr, "INSECURE TEST MODE ENABLED WITH KEY %q\n", extraKey)
+		err = &types.WrappedErrorMessage{Message: errorMessage, Err: err}
 		if err != nil {
 			panic(err)
 		}
 	}
 	valid, err := verifyWithKeys(signatureFileContent, signedJson, expectedFileName, minSignTime, keyStrs, forcePrehash)
 	if err != nil {
+		err = &types.WrappedErrorMessage{Message: errorMessage, Err: err}
 		var verifyCreatePublickeyError *VerifyCreatePublicKeyError
 		if errors.As(err, &verifyCreatePublickeyError) {
 			panic(err) // This should not happen unless keyStrs has an invalid key
@@ -67,6 +71,7 @@ func InsecureTestingSetExtraKey(keyString string) {
 // The signature is checked to have a timestamp with a value of at least minSignTime, which is a UNIX timestamp without milliseconds.
 //
 // The return value will either be (true, nil) on success or (false, detailedVerifyError) on failure.
+// Note that every error path is wrapped in a custom type here because minisign does not return custom error types, they use errors.New
 func verifyWithKeys(signatureFileContent string, signedJson []byte, filename string, minSignTime uint64, allowedPublicKeys []string, forcePrehash bool) (bool, error) {
 	switch filename {
 	case "server_list.json", "organization_list.json":
@@ -143,6 +148,10 @@ func (e *VerifyInvalidSignatureFormatError) Error() string {
 	return fmt.Sprintf("invalid signature format with error: %v", e.Err)
 }
 
+func (e *VerifyInvalidSignatureFormatError) Unwrap() error {
+	return e.Err
+}
+
 type VerifyInvalidSignatureAlgorithmError struct {
 	Algorithm       string
 	WantedAlgorithm string
@@ -161,6 +170,10 @@ func (e *VerifyCreatePublicKeyError) Error() string {
 	return fmt.Sprintf("failed to create public key: %s with error: %v", e.PublicKey, e.Err)
 }
 
+func (e *VerifyCreatePublicKeyError) Unwrap() error {
+	return e.Err
+}
+
 type VerifyInvalidSignatureError struct {
 	Err error
 }
@@ -169,6 +182,10 @@ func (e *VerifyInvalidSignatureError) Error() string {
 	return fmt.Sprintf("invalid signature with error: %v", e.Err)
 }
 
+func (e *VerifyInvalidSignatureError) Unwrap() error {
+	return e.Err
+}
+
 type VerifyInvalidTrustedCommentError struct {
 	TrustedComment string
 	Err            error
@@ -178,6 +195,10 @@ func (e *VerifyInvalidTrustedCommentError) Error() string {
 	return fmt.Sprintf("invalid trusted comment: %s with error: %v", e.TrustedComment, e.Err)
 }
 
+func (e *VerifyInvalidTrustedCommentError) Unwrap() error {
+	return e.Err
+}
+
 type VerifyWrongSigFilenameError struct {
 	Filename    string
 	SigFilename string