Return a typed error

2 years ago · 495494ce8f
parent 6686f0437d
commit 495494ce8f
2 changed files with 28 additions and 9 deletions
--- a/authority/internal/constraints/constraints.go
+++ b/authority/internal/constraints/constraints.go
@ -10,12 +10,13 @@ import (
 var oidExtensionNameConstraints = []int{2, 5, 29, 30}

 type ConstraintError struct {
-	Type string
-	Name string
+	Type   string
+	Name   string
+	Detail string
 }

 func (e ConstraintError) Error() string {
-	return fmt.Sprintf("%s %q is not allowed", e.Type, e.Name)
+	return e.Detail
 }

 type service struct {
@ -74,7 +75,8 @@ func (s *service) Validate(dnsNames []string, ipAddresses []*net.IP, emailAddres
 		if err := checkNameConstraints("IP address", ip.String(), ip, s.permittedIPRanges, s.excludedIPRanges,
 			func(parsedName, constraint any) (bool, error) {
 				return matchIPConstraint(parsedName.(net.IP), constraint.(*net.IPNet))
-			}); err != nil {
+			},
+		); err != nil {
 			return err
 		}
 	}
@ -97,7 +99,8 @@ func (s *service) Validate(dnsNames []string, ipAddresses []*net.IP, emailAddres
 		if err := checkNameConstraints("URI", uri.String(), uri, s.permittedURIDomains, s.excludedURIDomains,
 			func(parsedName, constraint any) (bool, error) {
 				return matchURIConstraint(parsedName.(*url.URL), constraint.(string))
-			}); err != nil {
+			},
+		); err != nil {
 			return err
 		}
 	}
--- a/authority/internal/constraints/verify.go
+++ b/authority/internal/constraints/verify.go
@ -43,11 +43,19 @@ func checkNameConstraints(nameType string, name string, parsedName any, permitte
 		constraint := excludedValue.Index(i).Interface()
 		match, err := match(parsedName, constraint)
 		if err != nil {
-			return err
+			return ConstraintError{
+				Type:   nameType,
+				Name:   name,
+				Detail: err.Error(),
+			}
 		}

 		if match {
-			return fmt.Errorf("%s %q is excluded by constraint %q", nameType, name, constraint)
+			return ConstraintError{
+				Type:   nameType,
+				Name:   name,
+				Detail: fmt.Sprintf("%s %q is excluded by constraint %q", nameType, name, constraint),
+			}
 		}
 	}

@ -60,14 +68,22 @@ func checkNameConstraints(nameType string, name string, parsedName any, permitte
 	for i := 0; i < permittedValue.Len(); i++ {
 		constraint := permittedValue.Index(i).Interface()
 		if ok, err = match(parsedName, constraint); err != nil {
-			return err
+			return ConstraintError{
+				Type:   nameType,
+				Name:   name,
+				Detail: err.Error(),
+			}
 		}
 		if ok {
 			break
 		}
 	}
 	if !ok {
-		return fmt.Errorf("%s %q is not permitted by any constraint", nameType, name)
+		return ConstraintError{
+			Type:   nameType,
+			Name:   name,
+			Detail: fmt.Sprintf("%s %q is not permitted by any constraint", nameType, name),
+		}
 	}

 	return nil