Skip to content

Commit 55c19b7

Browse files
authored
feat: improve signature logs and errors (#1700)
1 parent 0e3ae39 commit 55c19b7

File tree

2 files changed

+10
-6
lines changed

2 files changed

+10
-6
lines changed

agent-control/src/opamp/remote_config/validators/signature/public_key.rs

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -69,9 +69,9 @@ impl Verifier for PublicKey {
6969
));
7070
}
7171

72-
self.public_key
73-
.verify(msg, signature)
74-
.map_err(|e| PubKeyError::ValidatingSignature(e.to_string()))
72+
self.public_key.verify(msg, signature).map_err(|_| {
73+
PubKeyError::ValidatingSignature("signature verification failed".to_string())
74+
})
7575
}
7676

7777
fn key_id(&self) -> &str {

agent-control/src/opamp/remote_config/validators/signature/validator.rs

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ pub fn build_signature_validator(
5757
CertificateFetcher::PemFile(config.certificate_pem_file_path)
5858
} else {
5959
info!(
60-
"Remote config signature validation is enabled, fetching certificate from: {}",
60+
"Remote config signature validation is enabled (certificate), fetching certificate from: {}",
6161
config.certificate_server_url
6262
);
6363

@@ -87,6 +87,10 @@ pub fn build_signature_validator(
8787
let http_client = HttpClient::new(http_config)
8888
.map_err(|e| SignatureValidatorError::BuildingValidator(e.to_string()))?;
8989

90+
info!(
91+
"Remote config signature validation is (public key), fetching jwks from: {}",
92+
public_key_server_url
93+
);
9094
let public_key_fetcher = PublicKeyFetcher::new(http_client, public_key_server_url);
9195

9296
let pubkey_verifier_store = VerifierStore::try_new(public_key_fetcher)
@@ -225,14 +229,14 @@ impl RemoteConfigValidator for CompositeSignatureValidator {
225229
Ok(()) => return Ok(()),
226230
Err(err) => {
227231
debug!(
228-
"Failed to verify signature using the Configurations Public Key: {}",
232+
"Failed to verify signature using the public key in the configured JWKS: {}",
229233
err
230234
);
231235
}
232236
}
233237
}
234238

235-
debug!("Falling back to signature verification using the Configurations Certificate");
239+
debug!("Falling back to signature verification using the configured Certificate");
236240

237241
self.certificate_store
238242
.verify_signature(

0 commit comments

Comments
 (0)