Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: return nil certs on error

Browse Source
pull/1690/head
Panagiotis Siatras 4 months ago
parent de30df6466
commit f44bff7881
No known key found for this signature in database
2 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File

13
authority/ssh.go
Unescape Escape View File

@ -319,7 +319,7 @@ func (a *Authority) SignSSH(_ context.Context, key ssh.PublicKey, opts provision
// User provisioners validators.
for _, v := range validators {
if err = v.Valid(cert, opts); err != nil {
err = errs.ForbiddenErr(err, "error validating ssh certificate")
cert, err = nil, errs.ForbiddenErr(err, "error validating ssh certificate")
return
}
@ -327,7 +327,8 @@ func (a *Authority) SignSSH(_ context.Context, key ssh.PublicKey, opts provision
if err = a.storeSSHCertificate(prov, cert); err != nil {
if !errors.Is(err, db.ErrNotImplemented) {
err = errs.Wrap(http.StatusInternalServerError, err, "authority.SignSSH: error storing certificate in db")
cert, err = nil, errs.Wrap(http.StatusInternalServerError, err,
"authority.SignSSH: error storing certificate in db")
} else {
err = nil
}
@ -412,7 +413,8 @@ func (a *Authority) RenewSSH(ctx context.Context, oldCert *ssh.Certificate) (cer
if err = a.storeRenewedSSHCertificate(prov, oldCert, cert); err != nil {
if !errors.Is(err, db.ErrNotImplemented) {
err = errs.Wrap(http.StatusInternalServerError, err, "renewSSH: error storing certificate in db")
cert, err = nil, errs.Wrap(http.StatusInternalServerError, err,
"renewSSH: error storing certificate in db")
} else {
err = nil
}
@ -505,7 +507,7 @@ func (a *Authority) RekeySSH(ctx context.Context, oldCert *ssh.Certificate, pub
// Apply validators from provisioner.
for _, v := range validators {
if err = v.Valid(cert, provisioner.SignSSHOptions{Backdate: backdate}); err != nil {
err = errs.ForbiddenErr(err, "error validating ssh certificate")
cert, err = nil, errs.ForbiddenErr(err, "error validating ssh certificate")
return
}
@ -513,7 +515,8 @@ func (a *Authority) RekeySSH(ctx context.Context, oldCert *ssh.Certificate, pub
if err = a.storeRenewedSSHCertificate(prov, oldCert, cert); err != nil {
if !errors.Is(err, db.ErrNotImplemented) {
err = errs.Wrap(http.StatusInternalServerError, err, "rekeySSH; error storing certificate in db")
cert, err = nil, errs.Wrap(http.StatusInternalServerError, err,
"rekeySSH; error storing certificate in db")
} else {
err = nil
}

4
authority/tls.go
Unescape Escape View File

@ -316,7 +316,7 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Sign
// Store certificate in the db.
if err = a.storeCertificate(prov, cert); err != nil {
if !errors.Is(err, db.ErrNotImplemented) {
err = errs.Wrap(http.StatusInternalServerError, err,
cert, err = nil, errs.Wrap(http.StatusInternalServerError, err,
"authority.Sign; error storing certificate in db", opts...)
} else {
err = nil
@ -492,7 +492,7 @@ func (a *Authority) RenewContext(ctx context.Context, oldCert *x509.Certificate,
if err = a.storeRenewedCertificate(oldCert, cert); err != nil {
if !errors.Is(err, db.ErrNotImplemented) {
err = errs.StatusCodeError(http.StatusInternalServerError, err, opts...)
cert, err = nil, errs.StatusCodeError(http.StatusInternalServerError, err, opts...)
} else {
err = nil
}

Write Preview
Loading…
Cancel
Save