Skip to content

Commit

Permalink
Clarify "identity expired" error messages (#2685)
Browse files Browse the repository at this point in the history
Peer and Orderer have several "identity expired" error messages.
Clarify error messages to indicate which identity has expired.

Signed-off-by: David Enyeart <enyeart@us.ibm.com>
(cherry picked from commit fd218eb)
  • Loading branch information
denyeart authored and mergify-bot committed Jun 15, 2021
1 parent f91d82f commit 6399b33
Show file tree
Hide file tree
Showing 9 changed files with 10 additions and 10 deletions.
2 changes: 1 addition & 1 deletion common/deliver/acl.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ type SessionAccessControl struct {
// changes.
func (ac *SessionAccessControl) Evaluate() error {
if !ac.sessionEndTime.IsZero() && time.Now().After(ac.sessionEndTime) {
return errors.Errorf("client identity expired %v before", time.Since(ac.sessionEndTime))
return errors.Errorf("deliver client identity expired %v before", time.Since(ac.sessionEndTime))
}

policyCheckNeeded := !ac.usedAtLeastOnce
Expand Down
2 changes: 1 addition & 1 deletion common/deliver/acl_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ var _ = Describe("SessionAccessControl", func() {
err = sac.Evaluate()
Expect(err).NotTo(HaveOccurred())

Eventually(sac.Evaluate).Should(MatchError(ContainSubstring("client identity expired")))
Eventually(sac.Evaluate).Should(MatchError(ContainSubstring("deliver client identity expired")))
})
})

Expand Down
2 changes: 1 addition & 1 deletion core/handlers/auth/filter/expiration.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ func validateProposal(signedProp *peer.SignedProposal) error {
}
expirationTime := crypto.ExpiresAt(sh.Creator)
if !expirationTime.IsZero() && time.Now().After(expirationTime) {
return errors.New("identity expired")
return errors.New("proposal client identity expired")
}
return nil
}
Expand Down
2 changes: 1 addition & 1 deletion core/handlers/auth/filter/expiration_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ func TestExpirationCheckFilter(t *testing.T) {
// Scenario I: Expired x509 identity
sp := createValidSignedProposal(t, createX509Identity(t, "expiredCert.pem"))
_, err := auth.ProcessProposal(context.Background(), sp)
require.Equal(t, err.Error(), "identity expired")
require.Equal(t, err.Error(), "proposal client identity expired")
require.False(t, nextEndorser.invoked)

// Scenario II: Not expired x509 identity
Expand Down
2 changes: 1 addition & 1 deletion gossip/identity/identity.go
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ func (is *identityMapperImpl) Put(pkiID common.PKIidType, identity api.PeerIdent
var expirationTimer *time.Timer
if !expirationDate.IsZero() {
if time.Now().After(expirationDate) {
return errors.New("identity expired")
return errors.New("gossipping peer identity expired")
}
// Identity would be wiped out a millisecond after its expiration date
timeToLive := time.Until(expirationDate.Add(time.Millisecond))
Expand Down
2 changes: 1 addition & 1 deletion gossip/identity/identity_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -268,7 +268,7 @@ func TestExpiration(t *testing.T) {
err := idStore.Put(x509PkiID, x509Identity)
require.NoError(t, err)
err = idStore.Put(expiredX509PkiID, expiredX509Identity)
require.Equal(t, "identity expired", err.Error())
require.Equal(t, "gossipping peer identity expired", err.Error())
err = idStore.Put(nonX509PkiID, nonX509Identity)
require.NoError(t, err)
err = idStore.Put(notSupportedPkiID, notSupportedIdentity)
Expand Down
4 changes: 2 additions & 2 deletions integration/raft/cft_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -725,7 +725,7 @@ var _ = Describe("EndToEnd Crash Fault Tolerance", func() {
p, err := ordererclient.Broadcast(network, orderer, channelCreateTxn)
Expect(err).NotTo(HaveOccurred())
Expect(p.Status).To(Equal(common.Status_BAD_REQUEST))
Expect(p.Info).To(ContainSubstring("identity expired"))
Expect(p.Info).To(ContainSubstring("broadcast client identity expired"))

By("Attempting to fetch a block from orderer and failing")
denv := CreateDeliverEnvelope(network, orderer, 0, network.SystemChannel.Name)
Expand All @@ -734,7 +734,7 @@ var _ = Describe("EndToEnd Crash Fault Tolerance", func() {
block, err := ordererclient.Deliver(network, orderer, denv)
Expect(err).To(HaveOccurred())
Expect(block).To(BeNil())
Eventually(runner.Err(), time.Minute, time.Second).Should(gbytes.Say("client identity expired"))
Eventually(runner.Err(), time.Minute, time.Second).Should(gbytes.Say("deliver client identity expired"))

By("Killing orderer")
ordererProc.Signal(syscall.SIGTERM)
Expand Down
2 changes: 1 addition & 1 deletion orderer/common/msgprocessor/expiration.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,5 +51,5 @@ func (exp *expirationRejectRule) Apply(message *common.Envelope) error {
if expirationTime.IsZero() || time.Now().Before(expirationTime) {
return nil
}
return errors.New("identity expired")
return errors.New("broadcast client identity expired")
}
2 changes: 1 addition & 1 deletion orderer/common/msgprocessor/expiration_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ func TestExpirationRejectRule(t *testing.T) {
mockCapabilities.ExpirationCheckReturns(true)
err := NewExpirationRejectRule(mockResources).Apply(env)
require.Error(t, err)
require.Equal(t, err.Error(), "identity expired")
require.Equal(t, err.Error(), "broadcast client identity expired")

mockCapabilities.ExpirationCheckReturns(false)
err = NewExpirationRejectRule(mockResources).Apply(env)
Expand Down

0 comments on commit 6399b33

Please sign in to comment.