-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve error types to allow wrapping #31
Conversation
I'm fine with ErrNotFound and improving the error message. Please add a test for that one :) Less convinced that we need to expose so much API surface to deal with errors. Maybe ErrWrongPIN is worth exposing, but what practical program is going to do anything except return that error to the user? Definitely think that we shouldn't expose apduError. It's way too low level, and I'd rather add specific error conditions to the API, like an object not being found. |
piv/piv.go
Outdated
return fmt.Errorf("blocking pin: %v", err) | ||
} | ||
if e.Retries == 0 { | ||
if errors.Is(err, ErrBlocked) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Think this block shows why we should just have one error type. Maybe s/VerifyErr/AuthErr/g (Verify sounds like it's an issue with a signature).
var e *AuthErr
if !errors.As(err, &e) {
return fmt.Errorf("blocking pin: %v", err)
}
if e.Retries == 0 {
break
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I was operating under the belief that you would want to distinguish between the retries==0 case and the blocked case, but I see from experimentation that it goes from retries=2 retries=1 to blocked, so representing blocked as AuthErr(retries=0) seems safe? I'll make that change.
OK, that makes sense. I'll pull this back to expose less, which means the The |
OK I believe I've made all of the changes you suggested and added tests. PTAL. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, one nit
Also can you please squash your commits? I'll merge after
piv/pcsc.go
Outdated
@@ -48,16 +49,92 @@ func (e *scErr) Error() string { | |||
return fmt.Sprintf("unknown pcsc return code 0x%08x", e.rc) | |||
} | |||
|
|||
// AuthErr is an error indicating an authentication error occurred (wrong PIN or blocked). | |||
type AuthErr int |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: can this stay as a struct? don't know if there might be additional data we might want to add, but just to play it safe.
type AuthErr struct {
Retries int
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure.
Changes made and squashed. I also made one additional small change to the error message text returned by |
Thanks for the couple iterations :) If you hit any other use cases where it'd be good to expose another error type, please let me know. Will tag a release later this evening |
I got stymied not having an idiomatic way of seeing whether a smartcard object was not found or not, and I saw the TODO in the code to list error cases, so I thought I'd offer this improvement for comment.
apduError
to a publicApduError
typeUnwrap()
to return a few more accessible/idiomatic Go errors to enable someerrors.Is
anderrors.As
uses, such asErrNotFound
,ErrBlocked
errWrongPin
toVerifyErr
type%v
verbs to%w
when wrapping errors (new in 1.13, which is whatgo.mod
says we are)ykTransmit
unnecessary, so removedI can now do things like:
Fixes #13