feat: improve signature logs and errors (#1700)

sigilioso · web-flow · commit 55c19b7a2b3f · 2025-09-19T11:24:01.000+02:00
diff --git a/agent-control/src/opamp/remote_config/validators/signature/public_key.rs b/agent-control/src/opamp/remote_config/validators/signature/public_key.rs
@@ -69,9 +69,9 @@ impl Verifier for PublicKey {
             ));
         }
 
-        self.public_key
-            .verify(msg, signature)
-            .map_err(|e| PubKeyError::ValidatingSignature(e.to_string()))
+        self.public_key.verify(msg, signature).map_err(|_| {
+            PubKeyError::ValidatingSignature("signature verification failed".to_string())
+        })
     }
 
     fn key_id(&self) -> &str {
diff --git a/agent-control/src/opamp/remote_config/validators/signature/validator.rs b/agent-control/src/opamp/remote_config/validators/signature/validator.rs
@@ -57,7 +57,7 @@ pub fn build_signature_validator(
         CertificateFetcher::PemFile(config.certificate_pem_file_path)
     } else {
         info!(
-            "Remote config signature validation is enabled, fetching certificate from: {}",
+            "Remote config signature validation is enabled (certificate), fetching certificate from: {}",
             config.certificate_server_url
         );
 
@@ -87,6 +87,10 @@ pub fn build_signature_validator(
             let http_client = HttpClient::new(http_config)
                 .map_err(|e| SignatureValidatorError::BuildingValidator(e.to_string()))?;
 
+            info!(
+                "Remote config signature validation is (public key), fetching jwks from: {}",
+                public_key_server_url
+            );
             let public_key_fetcher = PublicKeyFetcher::new(http_client, public_key_server_url);
 
             let pubkey_verifier_store = VerifierStore::try_new(public_key_fetcher)
@@ -225,14 +229,14 @@ impl RemoteConfigValidator for CompositeSignatureValidator {
                 Ok(()) => return Ok(()),
                 Err(err) => {
                     debug!(
-                        "Failed to verify signature using the Configurations Public Key: {}",
+                        "Failed to verify signature using the public key in the configured JWKS: {}",
                         err
                     );
                 }
             }
         }
 
-        debug!("Falling back to signature verification using the Configurations Certificate");
+        debug!("Falling back to signature verification using the configured Certificate");
 
         self.certificate_store
             .verify_signature(

Original file line number	Diff line number	Diff line change
`@@ -69,9 +69,9 @@ impl Verifier for PublicKey {`
`69`	`69`	`));`
`70`	`70`	`}`
`71`	`71`
`72`		`- self.public_key`
`73`		`- .verify(msg, signature)`
`74`		`- .map_err(\|e\| PubKeyError::ValidatingSignature(e.to_string()))`
	`72`	`+ self.public_key.verify(msg, signature).map_err(\|_\| {`
	`73`	`+ PubKeyError::ValidatingSignature("signature verification failed".to_string())`
	`74`	`+ })`
`75`	`75`	`}`
`76`	`76`
`77`	`77`	`fn key_id(&self) -> &str {`