use correct error on banned (#2344)

nuts-foundation · Jul 14, 2023 · c3f476c · c3f476c
1 parent 8aa3d9b
commit c3f476c
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/pki/denylist.go b/pki/denylist.go
@@ -142,7 +142,7 @@ func (b *denylistImpl) ValidateCert(cert *x509.Certificate) error {
 				Debug("Rejecting banned certificate")
 
 			// Return an error indicating the certificate has been denylisted
-			return fmt.Errorf("%w: %s", ErrCertBanned, entry.Reason)
+			return ErrCertBanned
 		}
 	}
 

diff --git a/pki/denylist_test.go b/pki/denylist_test.go
@@ -425,7 +425,7 @@ func TestDenylistedCertificateBlocked(t *testing.T) {
 
 	// Ensure the validation returned an error, meaning the certificate is banned
 	assert.Error(t, err)
-	assert.Equal(t, fmt.Errorf("%w: %s", ErrCertBanned, "baz3"), err)
+	assert.Equal(t, ErrCertBanned, err)
 }
 
 // TestEmptyFieldsDoNotBlock ensures empty fields in a denylist entry cannot block certificates
@@ -456,7 +456,7 @@ func TestEmptyFieldsDoNotBlock(t *testing.T) {
 
 	// Ensure the validation returned an error, meaning the certificate is banned
 	assert.Error(t, err)
-	assert.Equal(t, fmt.Errorf("%w: %s", ErrCertBanned, "baz3"), err)
+	assert.Equal(t, ErrCertBanned, err)
 }
 
 // TestRSACertificateJWKThumbprint ensures ceritficate thumbprints are correctly computed