aboutsummaryrefslogtreecommitdiff
path: root/client
diff options
context:
space:
mode:
Diffstat (limited to 'client')
-rw-r--r--client/client.go19
-rw-r--r--client/keys.go8
2 files changed, 15 insertions, 12 deletions
diff --git a/client/client.go b/client/client.go
index b13c4cb..382c53d 100644
--- a/client/client.go
+++ b/client/client.go
@@ -11,6 +11,7 @@ import (
"time"
"github.com/nsheridan/cashier/lib"
+ "github.com/pkg/errors"
"golang.org/x/crypto/ssh"
"golang.org/x/crypto/ssh/agent"
)
@@ -27,7 +28,7 @@ func InstallCert(a agent.Agent, cert *ssh.Certificate, key Key) error {
LifetimeSecs: uint32(lifetime),
}
if err := a.Add(pubcert); err != nil {
- return fmt.Errorf("error importing certificate: %s", err)
+ return errors.Wrap(err, "unable to add cert to ssh agent")
}
privkey := agent.AddedKey{
PrivateKey: key,
@@ -35,7 +36,7 @@ func InstallCert(a agent.Agent, cert *ssh.Certificate, key Key) error {
LifetimeSecs: uint32(lifetime),
}
if err := a.Add(privkey); err != nil {
- return fmt.Errorf("error importing key: %s", err)
+ return errors.Wrap(err, "unable to add private key to ssh agent")
}
return nil
}
@@ -48,7 +49,7 @@ func send(s []byte, token, ca string, ValidateTLSCertificate bool) (*lib.SignRes
client := &http.Client{Transport: transport}
u, err := url.Parse(ca)
if err != nil {
- return nil, err
+ return nil, errors.Wrap(err, "unable to parse CA url")
}
u.Path = path.Join(u.Path, "/sign")
req, err := http.NewRequest("POST", u.String(), bytes.NewReader(s))
@@ -68,7 +69,7 @@ func send(s []byte, token, ca string, ValidateTLSCertificate bool) (*lib.SignRes
defer resp.Body.Close()
c := &lib.SignResponse{}
if err := json.NewDecoder(resp.Body).Decode(c); err != nil {
- return nil, err
+ return nil, errors.Wrap(err, "unable to decode server response")
}
return c, nil
}
@@ -84,22 +85,22 @@ func Sign(pub ssh.PublicKey, token string, conf *Config) (*ssh.Certificate, erro
ValidUntil: time.Now().Add(validity),
})
if err != nil {
- return nil, err
+ return nil, errors.Wrap(err, "unable to create sign request")
}
resp, err := send(s, token, conf.CA, conf.ValidateTLSCertificate)
if err != nil {
- return nil, err
+ return nil, errors.Wrap(err, "error sending request to CA")
}
if resp.Status != "ok" {
- return nil, fmt.Errorf("error: %s", resp.Response)
+ return nil, fmt.Errorf("bad response from CA: %s", resp.Response)
}
k, _, _, _, err := ssh.ParseAuthorizedKey([]byte(resp.Response))
if err != nil {
- return nil, err
+ return nil, errors.Wrap(err, "unable to parse response")
}
cert, ok := k.(*ssh.Certificate)
if !ok {
- return nil, fmt.Errorf("did not receive a certificate from server")
+ return nil, fmt.Errorf("did not receive a valid certificate from server")
}
return cert, nil
}
diff --git a/client/keys.go b/client/keys.go
index 3d2fb31..73983a8 100644
--- a/client/keys.go
+++ b/client/keys.go
@@ -8,6 +8,8 @@ import (
"crypto/rsa"
"fmt"
+ "github.com/pkg/errors"
+
"golang.org/x/crypto/ed25519"
"golang.org/x/crypto/ssh"
)
@@ -68,7 +70,7 @@ func generateECDSAKey(size int) (Key, error) {
case 521:
curve = elliptic.P521()
default:
- return nil, fmt.Errorf("Unsupported key size: %d. Valid sizes are '256', '384', '521'", size)
+ return nil, fmt.Errorf("Unsupported ECDSA key size: %d. Valid sizes are '256', '384', '521'", size)
}
return ecdsa.GenerateKey(curve, rand.Reader)
}
@@ -101,8 +103,8 @@ func GenerateKey(options ...func(*options)) (Key, ssh.PublicKey, error) {
privkey, err = generateRSAKey(config.size)
}
if err != nil {
- return nil, nil, err
+ return nil, nil, errors.Wrapf(err, "unable to generate %s key-pair", config.keytype)
}
pubkey, err = ssh.NewPublicKey(privkey.Public())
- return privkey, pubkey, err
+ return privkey, pubkey, errors.Wrap(err, "error parsing public key")
}