From 17b17fc8bb690d1f6344e5af1c62b3b37166bc48 Mon Sep 17 00:00:00 2001 From: Niall Sheridan Date: Sun, 15 Jan 2017 21:50:38 +0000 Subject: Add more context to errors --- client/client.go | 19 ++++++++++--------- client/keys.go | 8 +++++--- 2 files changed, 15 insertions(+), 12 deletions(-) (limited to 'client') diff --git a/client/client.go b/client/client.go index b13c4cb..382c53d 100644 --- a/client/client.go +++ b/client/client.go @@ -11,6 +11,7 @@ import ( "time" "github.com/nsheridan/cashier/lib" + "github.com/pkg/errors" "golang.org/x/crypto/ssh" "golang.org/x/crypto/ssh/agent" ) @@ -27,7 +28,7 @@ func InstallCert(a agent.Agent, cert *ssh.Certificate, key Key) error { LifetimeSecs: uint32(lifetime), } if err := a.Add(pubcert); err != nil { - return fmt.Errorf("error importing certificate: %s", err) + return errors.Wrap(err, "unable to add cert to ssh agent") } privkey := agent.AddedKey{ PrivateKey: key, @@ -35,7 +36,7 @@ func InstallCert(a agent.Agent, cert *ssh.Certificate, key Key) error { LifetimeSecs: uint32(lifetime), } if err := a.Add(privkey); err != nil { - return fmt.Errorf("error importing key: %s", err) + return errors.Wrap(err, "unable to add private key to ssh agent") } return nil } @@ -48,7 +49,7 @@ func send(s []byte, token, ca string, ValidateTLSCertificate bool) (*lib.SignRes client := &http.Client{Transport: transport} u, err := url.Parse(ca) if err != nil { - return nil, err + return nil, errors.Wrap(err, "unable to parse CA url") } u.Path = path.Join(u.Path, "/sign") req, err := http.NewRequest("POST", u.String(), bytes.NewReader(s)) @@ -68,7 +69,7 @@ func send(s []byte, token, ca string, ValidateTLSCertificate bool) (*lib.SignRes defer resp.Body.Close() c := &lib.SignResponse{} if err := json.NewDecoder(resp.Body).Decode(c); err != nil { - return nil, err + return nil, errors.Wrap(err, "unable to decode server response") } return c, nil } @@ -84,22 +85,22 @@ func Sign(pub ssh.PublicKey, token string, conf *Config) (*ssh.Certificate, erro ValidUntil: time.Now().Add(validity), }) if err != nil { - return nil, err + return nil, errors.Wrap(err, "unable to create sign request") } resp, err := send(s, token, conf.CA, conf.ValidateTLSCertificate) if err != nil { - return nil, err + return nil, errors.Wrap(err, "error sending request to CA") } if resp.Status != "ok" { - return nil, fmt.Errorf("error: %s", resp.Response) + return nil, fmt.Errorf("bad response from CA: %s", resp.Response) } k, _, _, _, err := ssh.ParseAuthorizedKey([]byte(resp.Response)) if err != nil { - return nil, err + return nil, errors.Wrap(err, "unable to parse response") } cert, ok := k.(*ssh.Certificate) if !ok { - return nil, fmt.Errorf("did not receive a certificate from server") + return nil, fmt.Errorf("did not receive a valid certificate from server") } return cert, nil } diff --git a/client/keys.go b/client/keys.go index 3d2fb31..73983a8 100644 --- a/client/keys.go +++ b/client/keys.go @@ -8,6 +8,8 @@ import ( "crypto/rsa" "fmt" + "github.com/pkg/errors" + "golang.org/x/crypto/ed25519" "golang.org/x/crypto/ssh" ) @@ -68,7 +70,7 @@ func generateECDSAKey(size int) (Key, error) { case 521: curve = elliptic.P521() default: - return nil, fmt.Errorf("Unsupported key size: %d. Valid sizes are '256', '384', '521'", size) + return nil, fmt.Errorf("Unsupported ECDSA key size: %d. Valid sizes are '256', '384', '521'", size) } return ecdsa.GenerateKey(curve, rand.Reader) } @@ -101,8 +103,8 @@ func GenerateKey(options ...func(*options)) (Key, ssh.PublicKey, error) { privkey, err = generateRSAKey(config.size) } if err != nil { - return nil, nil, err + return nil, nil, errors.Wrapf(err, "unable to generate %s key-pair", config.keytype) } pubkey, err = ssh.NewPublicKey(privkey.Public()) - return privkey, pubkey, err + return privkey, pubkey, errors.Wrap(err, "error parsing public key") } -- cgit v1.2.3