@@ -21,10 +21,16 @@ contract CertManager is ICertManager {
2121 error InvalidBasicConstraints ();
2222 error InvalidSubjectPublicKey ();
2323 error UnsupportedCriticalExtension ();
24+ error NotOwner ();
25+ error NotRevoker ();
26+ error IncompleteCertChain ();
27+ error DeprecatedEntrypoint ();
28+ error InvalidOwner ();
29+ error InvalidRevoker ();
2430
2531 event CertVerified (bytes32 indexed certHash );
26- event CertRevoked (bytes32 indexed certHash );
27- event CertUnrevoked (bytes32 indexed certHash );
32+ event CertRevoked (bytes32 indexed certHash , address indexed account );
33+ event CertUnrevoked (bytes32 indexed certHash , address indexed account );
2834 event OwnershipTransferred (address indexed previousOwner , address indexed newOwner );
2935 event RevokerUpdated (address indexed previousRevoker , address indexed newRevoker );
3036
@@ -83,11 +89,11 @@ contract CertManager is ICertManager {
8389 }
8490
8591 function _onlyOwner () internal view {
86- require (msg .sender == owner, " not owner " );
92+ if (msg .sender != owner) revert NotOwner ( );
8793 }
8894
8995 function _onlyRevoker () internal view {
90- require (msg .sender == revoker, " not revoker " );
96+ if (msg .sender != revoker) revert NotRevoker ( );
9197 }
9298
9399 constructor (IP384Verifier p384Verifier_ ) {
@@ -112,12 +118,12 @@ contract CertManager is ICertManager {
112118 /// @notice DEPRECATED — always reverts. The fully on-chain (non-hinted) path is too expensive
113119 /// post-Fusaka and has been removed. Use {verifyCACertWithHints}.
114120 function verifyCACert (bytes memory , bytes32 ) external pure returns (bytes32 ) {
115- revert ( " use hinted cert verification " );
121+ revert DeprecatedEntrypoint ( );
116122 }
117123
118124 /// @notice DEPRECATED — always reverts. Use {verifyClientCertWithHints}.
119125 function verifyClientCert (bytes memory , bytes32 ) external pure returns (VerifiedCert memory ) {
120- revert ( " use hinted cert verification " );
126+ revert DeprecatedEntrypoint ( );
121127 }
122128
123129 /// @notice Verify a CA certificate against its (already-cached) parent and cache the result.
@@ -173,13 +179,13 @@ contract CertManager is ICertManager {
173179 }
174180
175181 function transferOwnership (address newOwner ) external onlyOwner {
176- require (newOwner != address (0 ), " invalid owner " );
182+ if (newOwner == address (0 )) revert InvalidOwner ( );
177183 emit OwnershipTransferred (owner, newOwner);
178184 owner = newOwner;
179185 }
180186
181187 function setRevoker (address newRevoker ) external onlyOwner {
182- require (newRevoker != address (0 ), " invalid revoker " );
188+ if (newRevoker == address (0 )) revert InvalidRevoker ( );
183189 emit RevokerUpdated (revoker, newRevoker);
184190 revoker = newRevoker;
185191 }
@@ -200,12 +206,12 @@ contract CertManager is ICertManager {
200206
201207 function unrevokeCert (bytes32 certId ) external onlyOwner {
202208 revoked[certId] = false ;
203- emit CertUnrevoked (certId);
209+ emit CertUnrevoked (certId, msg . sender );
204210 }
205211
206212 function _revokeCert (bytes32 certId ) internal {
207213 revoked[certId] = true ;
208- emit CertRevoked (certId);
214+ emit CertRevoked (certId, msg . sender );
209215 }
210216
211217 function _requireCanRevoke (bytes32 certId ) internal view {
@@ -240,7 +246,7 @@ contract CertManager is ICertManager {
240246 // Fail closed: a chain that terminates at bytes32(0) without reaching the pinned root is
241247 // broken and must not be treated as a verified, non-revoked chain. Reverting here instead
242248 // of returning silently means revocation safety never depends on upstream guards.
243- revert ( " incomplete cert chain " );
249+ revert IncompleteCertChain ( );
244250 }
245251
246252 function _verifyCert (
0 commit comments