@@ -199,13 +199,13 @@ func (rca *RootCA) Signer() (*LocalSigner, error) {
199199func (rca * RootCA ) IssueAndSaveNewCertificates (kw KeyWriter , cn , ou , org string ) (* tls.Certificate , * IssuerInfo , error ) {
200200 csr , key , err := GenerateNewCSR ()
201201 if err != nil {
202- return nil , nil , errors . Wrap ( err , "error when generating new node certs" )
202+ return nil , nil , fmt . Errorf ( "error when generating new node certs: %w" , err )
203203 }
204204
205205 // Obtain a signed Certificate
206206 certChain , err := rca .ParseValidateAndSignCSR (csr , cn , ou , org )
207207 if err != nil {
208- return nil , nil , errors . Wrap ( err , "failed to sign node certificate" )
208+ return nil , nil , fmt . Errorf ( "failed to sign node certificate: %w" , err )
209209 }
210210 signer , err := rca .Signer ()
211211 if err != nil { // should never happen, since if ParseValidateAndSignCSR did not fail this root CA must have a signer
@@ -235,7 +235,7 @@ func (rca *RootCA) RequestAndSaveNewCertificates(ctx context.Context, kw KeyWrit
235235 // Create a new key/pair and CSR
236236 csr , key , err := GenerateNewCSR ()
237237 if err != nil {
238- return nil , nil , errors . Wrap ( err , "error when generating new node certs" )
238+ return nil , nil , fmt . Errorf ( "error when generating new node certs: %w" , err )
239239 }
240240
241241 // Get the remote manager to issue a CA signed certificate for this node
@@ -397,7 +397,7 @@ func (rca *RootCA) ParseValidateAndSignCSR(csrBytes []byte, cn, ou, org string)
397397 }
398398 cert , err := signer .Sign (signRequest )
399399 if err != nil {
400- return nil , errors . Wrap ( err , "failed to sign node certificate" )
400+ return nil , fmt . Errorf ( "failed to sign node certificate: %w" , err )
401401 }
402402
403403 return append (cert , rca .Intermediates ... ), nil
@@ -423,7 +423,7 @@ func (rca *RootCA) CrossSignCACertificate(otherCAPEM []byte) ([]byte, error) {
423423 template .SignatureAlgorithm = signer .parsedCert .SignatureAlgorithm // make sure we can sign with the signer key
424424 derBytes , err := x509 .CreateCertificate (cryptorand .Reader , template , signer .parsedCert , template .PublicKey , signer .cryptoSigner )
425425 if err != nil {
426- return nil , errors . Wrap ( err , "could not cross-sign new CA certificate using old CA material" )
426+ return nil , fmt . Errorf ( "could not cross-sign new CA certificate using old CA material: %w" , err )
427427 }
428428
429429 return pem .EncodeToMemory (& pem.Block {
@@ -448,7 +448,7 @@ func NewRootCA(rootCertBytes, signCertBytes, signKeyBytes []byte, certExpiry tim
448448 // Parse all the certificates in the cert bundle
449449 parsedCerts , err := helpers .ParseCertificatesPEM (rootCertBytes )
450450 if err != nil {
451- return RootCA {}, errors . Wrap ( err , "invalid root certificates" )
451+ return RootCA {}, fmt . Errorf ( "invalid root certificates: %w" , err )
452452 }
453453 // Check to see if we have at least one valid cert
454454 if len (parsedCerts ) < 1 {
@@ -465,7 +465,7 @@ func NewRootCA(rootCertBytes, signCertBytes, signKeyBytes []byte, certExpiry tim
465465 selfpool := x509 .NewCertPool ()
466466 selfpool .AddCert (cert )
467467 if _ , err := cert .Verify (x509.VerifyOptions {Roots : selfpool }); err != nil {
468- return RootCA {}, errors . Wrap ( err , "error while validating Root CA Certificate" )
468+ return RootCA {}, fmt . Errorf ( "error while validating Root CA Certificate: %w" , err )
469469 }
470470 pool .AddCert (cert )
471471 }
@@ -480,7 +480,7 @@ func NewRootCA(rootCertBytes, signCertBytes, signKeyBytes []byte, certExpiry tim
480480 if len (intermediates ) > 0 {
481481 parsedIntermediates , _ , err = ValidateCertChain (pool , intermediates , false )
482482 if err != nil {
483- return RootCA {}, errors . Wrap ( err , "invalid intermediate chain" )
483+ return RootCA {}, fmt . Errorf ( "invalid intermediate chain: %w" , err )
484484 }
485485 intermediatePool = x509 .NewCertPool ()
486486 for _ , cert := range parsedIntermediates {
@@ -616,7 +616,7 @@ func newLocalSigner(keyBytes, certBytes []byte, certExpiry time.Duration, rootPo
616616
617617 parsedCerts , err := helpers .ParseCertificatesPEM (certBytes )
618618 if err != nil {
619- return nil , errors . Wrap ( err , "invalid signing CA cert" )
619+ return nil , fmt . Errorf ( "invalid signing CA cert: %w" , err )
620620 }
621621 if len (parsedCerts ) == 0 {
622622 return nil , errors .New ("no valid signing CA certificates found" )
@@ -629,13 +629,13 @@ func newLocalSigner(keyBytes, certBytes []byte, certExpiry time.Duration, rootPo
629629 Intermediates : intermediatePool ,
630630 }
631631 if _ , err := parsedCerts [0 ].Verify (opts ); err != nil {
632- return nil , errors . Wrap ( err , "error while validating signing CA certificate against roots and intermediates" )
632+ return nil , fmt . Errorf ( "error while validating signing CA certificate against roots and intermediates: %w" , err )
633633 }
634634
635635 // The key should not be encrypted, but it could be in PKCS8 format rather than PKCS1
636636 priv , err := helpers .ParsePrivateKeyPEM (keyBytes )
637637 if err != nil {
638- return nil , errors . Wrap ( err , "malformed private key" )
638+ return nil , fmt . Errorf ( "malformed private key: %w" , err )
639639 }
640640
641641 // We will always use the first certificate inside of the root bundle as the active one
@@ -748,7 +748,7 @@ func GetRemoteCA(ctx context.Context, d digest.Digest, connBroker *connectionbro
748748 if d != "" {
749749 verifier := d .Verifier ()
750750 if err != nil {
751- return RootCA {}, errors . Wrap ( err , "unexpected error getting digest verifier" )
751+ return RootCA {}, fmt . Errorf ( "unexpected error getting digest verifier: %w" , err )
752752 }
753753
754754 io .Copy (verifier , bytes .NewReader (response .Certificate ))
0 commit comments