Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clarify "identity expired" error messages #2685

Merged
merged 1 commit into from
Jun 15, 2021
Merged

Clarify "identity expired" error messages #2685

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion common/deliver/acl.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ type SessionAccessControl struct {
// changes.
func (ac *SessionAccessControl) Evaluate() error {
if !ac.sessionEndTime.IsZero() && time.Now().After(ac.sessionEndTime) {
return errors.Errorf("client identity expired %v before", time.Since(ac.sessionEndTime))
return errors.Errorf("deliver client identity expired %v before", time.Since(ac.sessionEndTime))
}

policyCheckNeeded := !ac.usedAtLeastOnce
Expand Down
2 changes: 1 addition & 1 deletion common/deliver/acl_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ var _ = Describe("SessionAccessControl", func() {
err = sac.Evaluate()
Expect(err).NotTo(HaveOccurred())

Eventually(sac.Evaluate).Should(MatchError(ContainSubstring("client identity expired")))
Eventually(sac.Evaluate).Should(MatchError(ContainSubstring("deliver client identity expired")))
})
})

Expand Down
2 changes: 1 addition & 1 deletion core/handlers/auth/filter/expiration.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ func validateProposal(signedProp *peer.SignedProposal) error {
}
expirationTime := crypto.ExpiresAt(sh.Creator)
if !expirationTime.IsZero() && time.Now().After(expirationTime) {
return errors.New("identity expired")
return errors.New("proposal client identity expired")
}
return nil
}
Expand Down
2 changes: 1 addition & 1 deletion core/handlers/auth/filter/expiration_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ func TestExpirationCheckFilter(t *testing.T) {
// Scenario I: Expired x509 identity
sp := createValidSignedProposal(t, createX509Identity(t, "expiredCert.pem"))
_, err := auth.ProcessProposal(context.Background(), sp)
require.Equal(t, err.Error(), "identity expired")
require.Equal(t, err.Error(), "proposal client identity expired")
require.False(t, nextEndorser.invoked)

// Scenario II: Not expired x509 identity
Expand Down
2 changes: 1 addition & 1 deletion gossip/identity/identity.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ func (is *identityMapperImpl) Put(pkiID common.PKIidType, identity api.PeerIdent
var expirationTimer *time.Timer
if !expirationDate.IsZero() {
if time.Now().After(expirationDate) {
return errors.New("identity expired")
return errors.New("gossipping peer identity expired")
}
// Identity would be wiped out a millisecond after its expiration date
timeToLive := time.Until(expirationDate.Add(time.Millisecond))
Expand Down
2 changes: 1 addition & 1 deletion gossip/identity/identity_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -268,7 +268,7 @@ func TestExpiration(t *testing.T) {
err := idStore.Put(x509PkiID, x509Identity)
require.NoError(t, err)
err = idStore.Put(expiredX509PkiID, expiredX509Identity)
require.Equal(t, "identity expired", err.Error())
require.Equal(t, "gossipping peer identity expired", err.Error())
err = idStore.Put(nonX509PkiID, nonX509Identity)
require.NoError(t, err)
err = idStore.Put(notSupportedPkiID, notSupportedIdentity)
Expand Down
4 changes: 2 additions & 2 deletions integration/raft/cft_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -724,7 +724,7 @@ var _ = Describe("EndToEnd Crash Fault Tolerance", func() {
p, err := ordererclient.Broadcast(network, orderer, channelCreateTxn)
Expect(err).NotTo(HaveOccurred())
Expect(p.Status).To(Equal(common.Status_BAD_REQUEST))
Expect(p.Info).To(ContainSubstring("identity expired"))
Expect(p.Info).To(ContainSubstring("broadcast client identity expired"))

By("Attempting to fetch a block from orderer and failing")
denv := CreateDeliverEnvelope(network, orderer, 0, network.SystemChannel.Name)
Expand All @@ -733,7 +733,7 @@ var _ = Describe("EndToEnd Crash Fault Tolerance", func() {
block, err := ordererclient.Deliver(network, orderer, denv)
Expect(err).To(HaveOccurred())
Expect(block).To(BeNil())
Eventually(runner.Err(), time.Minute, time.Second).Should(gbytes.Say("client identity expired"))
Eventually(runner.Err(), time.Minute, time.Second).Should(gbytes.Say("deliver client identity expired"))

By("Killing orderer")
ordererProc.Signal(syscall.SIGTERM)
Expand Down
2 changes: 1 addition & 1 deletion orderer/common/msgprocessor/expiration.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,5 +50,5 @@ func (exp *expirationRejectRule) Apply(message *common.Envelope) error {
if expirationTime.IsZero() || time.Now().Before(expirationTime) {
return nil
}
return errors.New("identity expired")
return errors.New("broadcast client identity expired")
}
2 changes: 1 addition & 1 deletion orderer/common/msgprocessor/expiration_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ func TestExpirationRejectRule(t *testing.T) {
mockCapabilities.ExpirationCheckReturns(true)
err := NewExpirationRejectRule(mockResources).Apply(env)
require.Error(t, err)
require.Equal(t, err.Error(), "identity expired")
require.Equal(t, err.Error(), "broadcast client identity expired")

mockCapabilities.ExpirationCheckReturns(false)
err = NewExpirationRejectRule(mockResources).Apply(env)
Expand Down