harald/vault-auth-tee
1
0
Fork 0
mirror of https://github.com/matter-labs/vault-auth-tee.git synced 2025-07-21 07:43:57 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

all: use errors.New() which has no param instead of fmt.Errorf()

Browse source
This commit is contained in:
yzb@example.cn 2024-03-02 15:57:34 +08:00 committed by yasyzb
parent f0ea96f2e4
commit f62d3e0d0f
No known key found for this signature in database
GPG key ID: EB61E18B54E78C76
3 changed files with 14 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

3
backend_test.go
View file

@ -7,6 +7,7 @@ package vault_auth_tee
import ( import (
"context" "context"
"crypto/tls" "crypto/tls"
"errors"
"fmt" "fmt"
"io" "io"
"testing" "testing"
@ -189,7 +190,7 @@ func testAccStepTEE(_ *testing.T, name string, types string, mrSigner string, mr
Data: data, Data: data,
Check: func(resp *logical.Response) error { Check: func(resp *logical.Response) error {
if resp == nil && expectError { if resp == nil && expectError {
return fmt.Errorf("expected error but received nil") return errors.New("expected error but received nil")
} }
return nil return nil
}, },

11
path_login.go
View file

@ -13,6 +13,7 @@ import (
"encoding/binary" "encoding/binary"
"encoding/hex" "encoding/hex"
"encoding/json" "encoding/json"
"errors"
"fmt" "fmt"
"strings" "strings"
"time" "time"
@ -73,7 +74,7 @@ func (b *backend) loginPathWrapper(wrappedOp func(ctx context.Context, req *logi
func (b *backend) pathLoginResolveRole(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) { func (b *backend) pathLoginResolveRole(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
quoteBase64 := data.Get("quote").(string) quoteBase64 := data.Get("quote").(string)
if quoteBase64 == "" { if quoteBase64 == "" {
return nil, fmt.Errorf("missing quote") return nil, errors.New("missing quote")
} }
quoteBytes, err := base64.StdEncoding.DecodeString(quoteBase64) quoteBytes, err := base64.StdEncoding.DecodeString(quoteBase64)
@ -127,7 +128,7 @@ func (b *backend) pathLoginResolveRole(ctx context.Context, req *logical.Request
func (b *backend) pathLoginAliasLookahead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) { func (b *backend) pathLoginAliasLookahead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := d.Get("name").(string) name := d.Get("name").(string)
if name == "" { if name == "" {
return nil, fmt.Errorf("missing name") return nil, errors.New("missing name")
} }
return &logical.Response{ return &logical.Response{
@ -161,7 +162,7 @@ func Contains[T comparable](s []T, e T) bool {
func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) { func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
name := data.Get("name").(string) name := data.Get("name").(string)
if name == "" { if name == "" {
return nil, fmt.Errorf("missing name") return nil, errors.New("missing name")
} }
// Allow constraining the login request to a single TeeEntry // Allow constraining the login request to a single TeeEntry
@ -371,7 +372,7 @@ func (b *backend) pathLoginRenew(ctx context.Context, req *logical.Request, d *f
// Certificate should not only match a registered tee policy. // Certificate should not only match a registered tee policy.
// Also, the identity of the certificate presented should match the identity of the certificate used during login // Also, the identity of the certificate presented should match the identity of the certificate used during login
if req.Auth.InternalData["subject_key_id"] != skid && req.Auth.InternalData["authority_key_id"] != akid && req.Auth.InternalData["hash_public_key"] != pkid { if req.Auth.InternalData["subject_key_id"] != skid && req.Auth.InternalData["authority_key_id"] != akid && req.Auth.InternalData["hash_public_key"] != pkid {
return nil, fmt.Errorf("client identity during renewal not matching client identity used during login") return nil, errors.New("client identity during renewal not matching client identity used during login")
} }
// Get the tee and use its TTL // Get the tee and use its TTL
@ -385,7 +386,7 @@ func (b *backend) pathLoginRenew(ctx context.Context, req *logical.Request, d *f
} }
if !policyutil.EquivalentPolicies(tee.TokenPolicies, req.Auth.TokenPolicies) { if !policyutil.EquivalentPolicies(tee.TokenPolicies, req.Auth.TokenPolicies) {
return nil, fmt.Errorf("policies have changed, not renewing") return nil, errors.New("policies have changed, not renewing")
} }
expirationDate, err := time.Parse(time.RFC3339, req.Auth.Metadata["collateral_expiration_date"]) expirationDate, err := time.Parse(time.RFC3339, req.Auth.Metadata["collateral_expiration_date"])

11
roughntstime.go
View file

@ -9,12 +9,13 @@ package vault_auth_tee
import ( import (
"crypto/tls" "crypto/tls"
"fmt" "errors"
"gitlab.com/hacklunch/ntp"
"gitlab.com/hacklunch/ntske"
"log" "log"
"math/rand" "math/rand"
"time" "time"
"gitlab.com/hacklunch/ntp"
"gitlab.com/hacklunch/ntske"
) )
// Gets the rough network time using NTS-KE. // Gets the rough network time using NTS-KE.
@ -105,11 +106,11 @@ func getRoughNtsUnixTime() (time.Time, error) {
} }
if queried < numToQuery { if queried < numToQuery {
return retTime, fmt.Errorf("failed to query enough servers") return retTime, errors.New("failed to query enough servers")
} }
if sumOffset > time.Minute { if sumOffset > time.Minute {
return retTime, fmt.Errorf("queried time fluctuates too much") return retTime, errors.New("queried time fluctuates too much")
} }
return retTime, nil return retTime, nil