letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

PA: restructure error for single bad name in multi-name req (#4319)

This commit is contained in:
Roland Bracewell Shoemaker 2019-07-03 10:47:31 -07:00 committed by Daniel McCarney
parent c8dbbf005d
commit 0d9b48e280
4 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
policy/pa.go
View File

@ -346,16 +346,22 @@ func (pa *AuthorityImpl) WillingToIssueWildcards(idents []identifier.ACMEIdentif
}
}
if len(subErrors) > 0 {
var detail string
// If there was only one error, then use it as the top level error that is
// returned.
if len(subErrors) == 1 {
return subErrors[0].BoulderError
return berrors.RejectedIdentifierError(
"Cannot issue for %q: %s",
subErrors[0].Identifier.Value,
subErrors[0].BoulderError.Detail,
)
}
detail = fmt.Sprintf("Policy forbids issuing for %q and %d more identifiers. "+
"Refer to sub-problems for more information",
firstBadIdent.Value, len(subErrors)-1)
detail := fmt.Sprintf(
"Cannot issue for %q: %s (and %d more problems. Refer to sub-problems for more information.)",
firstBadIdent.Value,
subErrors[0].BoulderError.Detail,
len(subErrors)-1,
)
return (&berrors.BoulderError{
Type: berrors.RejectedIdentifier,
Detail: detail,

2
policy/pa_test.go
View File

@ -338,6 +338,7 @@ func TestWillingToIssueWildcards(t *testing.T) {
berr, ok := err.(*berrors.BoulderError)
test.AssertEquals(t, ok, true)
test.AssertEquals(t, len(berr.SubErrors), 2)
test.AssertEquals(t, berr.Error(), "Cannot issue for \"ok.*.this.is.a.*.weird.one.com\": Policy forbids issuing for name (and 1 more problems. Refer to sub-problems for more information.)")
subErrMap := make(map[string]berrors.SubBoulderError, len(berr.SubErrors))
@ -364,6 +365,7 @@ func TestWillingToIssueWildcards(t *testing.T) {
test.AssertEquals(t, ok, true)
// There should be *no* suberrors because there was only one error overall.
test.AssertEquals(t, len(berr.SubErrors), 0)
test.AssertEquals(t, berr.Error(), "Cannot issue for \"letsdecrypt.org\": Policy forbids issuing for name")
}
var accountKeyJSON = `{

4
ra/ra_test.go
View File

@ -2092,7 +2092,7 @@ func TestNewOrder(t *testing.T) {
Names: []string{"a"},
})
test.AssertError(t, err, "NewOrder with invalid names did not error")
test.AssertEquals(t, err.Error(), "DNS name does not have enough labels")
test.AssertEquals(t, err.Error(), "Cannot issue for \"a\": DNS name does not have enough labels")
}
// TestNewOrderLegacyAuthzReuse tests that a legacy acme v1 authorization from
@ -3110,7 +3110,7 @@ func TestFinalizeOrder(t *testing.T) {
},
Csr: policyForbidCSR,
},
ExpectedErrMsg: "Policy forbids issuing for name",
ExpectedErrMsg: "Cannot issue for \"example.org\": Policy forbids issuing for name",
},
{
Name: "Order with missing registration",

2
test/v2_integration.py
View File

@ -935,7 +935,7 @@ def test_new_order_policy_errs():
ok = True
if e.typ != "urn:ietf:params:acme:error:rejectedIdentifier":
raise(Exception('Expected rejectedIdentifier type problem, got {0}'.format(e.typ)))
if e.detail != 'Error creating new order :: Policy forbids issuing for "out-addr.in-addr.arpa" and 1 more identifiers. Refer to sub-problems for more information':
if e.detail != 'Error creating new order :: Cannot issue for "out-addr.in-addr.arpa": Policy forbids issuing for name (and 1 more problems. Refer to sub-problems for more information.)':
raise(Exception('Order problem detail did not match expected'))
if not ok:
raise(Exception('Expected problem, got no error'))