Message canonical key ids on error

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-09 11:29:29 -08:00 · 2016-03-09 11:29:29 -08:00 · 06ba32ea47
parent 00cadc9734
commit 06ba32ea47
1 changed files with 5 additions and 3 deletions
--- a/tuf/tuf.go
+++ b/tuf/tuf.go
@ -577,6 +577,7 @@ func (tr *Repo) VerifyCanSign(roleName string) error {
 	var (
 		role            data.BaseRole
 		err             error
+		canonicalKeyIDs []string
 	)
 	// we only need the BaseRole part of a delegation because we're just
 	// checking KeyIDs
@ -597,6 +598,7 @@ func (tr *Repo) VerifyCanSign(roleName string) error {
 		check := []string{keyID}
 		if canonicalID, err := utils.CanonicalKeyID(k); err == nil {
 			check = append(check, canonicalID)
+			canonicalKeyIDs = append(canonicalKeyIDs, canonicalID)
 		}
 		for _, id := range check {
 			p, _, err := tr.cryptoService.GetPrivateKey(id)
@ -605,7 +607,7 @@ func (tr *Repo) VerifyCanSign(roleName string) error {
 			}
 		}
 	}
-	return signed.ErrNoKeys{KeyIDs: role.ListKeyIDs()}
+	return signed.ErrNoKeys{KeyIDs: canonicalKeyIDs}
 }

 // used for walking the targets/delegations tree, potentially modifying the underlying SignedTargets for the repo