Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(50)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: tokenserver/appengine/impl/machinetoken/rpc_inspect_machine_token.go

Issue 2951393002: [errors] de-specialize Transient in favor of Tags. (Closed)
Patch Set: copyright Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« grpc/grpcutil/errors.go ('K') | « tokenserver/appengine/impl/machinetoken/machinetoken.go ('k') | tokenserver/appengine/impl/machinetoken/rpc_mint_machine_token.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The LUCI Authors. All rights reserved. 1 // Copyright 2016 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 package machinetoken 5 package machinetoken
6 6
7 import ( 7 import (
8 "fmt" 8 "fmt"
9 "math/big" 9 "math/big"
10 10
11 "golang.org/x/net/context" 11 "golang.org/x/net/context"
12 "google.golang.org/grpc" 12 "google.golang.org/grpc"
13 "google.golang.org/grpc/codes" 13 "google.golang.org/grpc/codes"
14 14
15 » "github.com/luci/luci-go/common/errors" 15 » "github.com/luci/luci-go/common/retry"
16 "github.com/luci/luci-go/server/auth/signing" 16 "github.com/luci/luci-go/server/auth/signing"
17 17
18 tokenserver "github.com/luci/luci-go/tokenserver/api" 18 tokenserver "github.com/luci/luci-go/tokenserver/api"
19 admin "github.com/luci/luci-go/tokenserver/api/admin/v1" 19 admin "github.com/luci/luci-go/tokenserver/api/admin/v1"
20 20
21 "github.com/luci/luci-go/tokenserver/appengine/impl/certchecker" 21 "github.com/luci/luci-go/tokenserver/appengine/impl/certchecker"
22 "github.com/luci/luci-go/tokenserver/appengine/impl/certconfig" 22 "github.com/luci/luci-go/tokenserver/appengine/impl/certconfig"
23 ) 23 )
24 24
25 // InspectMachineTokenRPC implements Admin.InspectMachineToken API method. 25 // InspectMachineTokenRPC implements Admin.InspectMachineToken API method.
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after
88 return nil, grpc.Errorf(codes.Internal, "can't resolve ca_id to CA name - %s", err) 88 return nil, grpc.Errorf(codes.Internal, "can't resolve ca_id to CA name - %s", err)
89 case caName == "": 89 case caName == "":
90 addReason("no CA with given ID") 90 addReason("no CA with given ID")
91 return resp, nil 91 return resp, nil
92 } 92 }
93 resp.CertCaName = caName 93 resp.CertCaName = caName
94 94
95 // Grab CertChecker for this CA. It has CRL cached. 95 // Grab CertChecker for this CA. It has CRL cached.
96 certChecker, err := certchecker.GetCertChecker(c, caName) 96 certChecker, err := certchecker.GetCertChecker(c, caName)
97 switch { 97 switch {
98 » case errors.IsTransient(err): 98 » case retry.Tag.In(err):
99 return nil, grpc.Errorf(codes.Internal, "can't fetch CRL - %s", err) 99 return nil, grpc.Errorf(codes.Internal, "can't fetch CRL - %s", err)
100 case err != nil: 100 case err != nil:
101 addReason(fmt.Sprintf("can't fetch CRL - %s", err)) 101 addReason(fmt.Sprintf("can't fetch CRL - %s", err))
102 return resp, nil 102 return resp, nil
103 } 103 }
104 104
105 // Check that certificate SN is not in the revocation list. 105 // Check that certificate SN is not in the revocation list.
106 sn := big.NewInt(0).SetUint64(body.CertSn) 106 sn := big.NewInt(0).SetUint64(body.CertSn)
107 revoked, err := certChecker.CRL.IsRevokedSN(c, sn) 107 revoked, err := certChecker.CRL.IsRevokedSN(c, sn)
108 if err != nil { 108 if err != nil {
109 return nil, grpc.Errorf(codes.Internal, "can't check CRL - %s", err) 109 return nil, grpc.Errorf(codes.Internal, "can't check CRL - %s", err)
110 } 110 }
111 resp.NonRevoked = !revoked 111 resp.NonRevoked = !revoked
112 112
113 // Note: if Signed or NonExpired is false, InvalidityReason is already s et. 113 // Note: if Signed or NonExpired is false, InvalidityReason is already s et.
114 if resp.Signed && resp.NonExpired { 114 if resp.Signed && resp.NonExpired {
115 if resp.NonRevoked { 115 if resp.NonRevoked {
116 resp.Valid = true 116 resp.Valid = true
117 } else { 117 } else {
118 addReason("corresponding cert was revoked") 118 addReason("corresponding cert was revoked")
119 } 119 }
120 } 120 }
121 121
122 return resp, nil 122 return resp, nil
123 } 123 }
OLDNEW
« grpc/grpcutil/errors.go ('K') | « tokenserver/appengine/impl/machinetoken/machinetoken.go ('k') | tokenserver/appengine/impl/machinetoken/rpc_mint_machine_token.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698