From 69fb4ec44439ccc253b748f2e680402b7c47c3f0 Mon Sep 17 00:00:00 2001
From: dovholuknf <46322585+dovholuknf@users.noreply.github.com>
Date: Wed, 20 Nov 2024 19:19:24 -0500
Subject: [PATCH 1/4] add two error mappings and call the callback if the
 enrollment state is invalid

---
 includes/ziti/errors.h | 5 +++++
 library/ziti_ctrl.c    | 2 ++
 library/ziti_enroll.c  | 1 +
 3 files changed, 8 insertions(+)

diff --git a/includes/ziti/errors.h b/includes/ziti/errors.h
index eb478165..ed6046f1 100644
--- a/includes/ziti/errors.h
+++ b/includes/ziti/errors.h
@@ -105,6 +105,11 @@ is offline or did not respond to the request*/
 #define ZITI_INVALID_AUTHENTICATOR_CERT                         (-33)
 /** returned when attempting to set the current certificate and key being used by a ztx when it could not be parsed/applied */
 #define ZITI_INVALID_CERT_KEY_PAIR                              (-34)
+/** returned when attempting to enroll the same key/cert with an external CA as has already been used */
+#define ZITI_CERT_IN_USE                                        (-35)
+/** returned when enrolling a key/cert with an external CA and no CA matches the cert */
+#define ZITI_CERT_FAILED_VALIDATION                             (-36)
+
 
 // Put new error codes here and add error string in error.c
 
diff --git a/library/ziti_ctrl.c b/library/ziti_ctrl.c
index 2d325720..19c1f808 100644
--- a/library/ziti_ctrl.c
+++ b/library/ziti_ctrl.c
@@ -73,6 +73,8 @@ XX(MFA_INVALID_TOKEN, ZITI_MFA_INVALID_TOKEN)           \
 XX(MFA_EXISTS, ZITI_MFA_EXISTS)                         \
 XX(MFA_NOT_ENROLLED, ZITI_MFA_NOT_ENROLLED)             \
 XX(INVALID_ENROLLMENT_TOKEN, ZITI_JWT_INVALID)          \
+XX(CERT_IN_USE, ZITI_CERT_IN_USE)                       \
+XX(CERT_FAILED_VALIDATION, ZITI_CERT_FAILED_VALIDATION) \
 XX(COULD_NOT_VALIDATE, ZITI_NOT_AUTHORIZED)
 
 
diff --git a/library/ziti_enroll.c b/library/ziti_enroll.c
index d35ddb6e..af1e1b37 100644
--- a/library/ziti_enroll.c
+++ b/library/ziti_enroll.c
@@ -127,6 +127,7 @@ int ziti_enroll(const ziti_enroll_opts *opts, uv_loop_t *loop,
 
     if (opts->token == NULL && opts->url == NULL) {
         ZITI_LOG(ERROR, "enrollment JWT or verifiable controller URL is required");
+        enroll_cb(NULL, ZITI_INVALID_STATE, "enrollment JWT or verifiable controller URL is required", enroll_ctx);
         return ZITI_JWT_INVALID;
     }
 

From 19b7f860062a5d9b911a20fe196aae813d3ee656 Mon Sep 17 00:00:00 2001
From: dovholuknf <46322585+dovholuknf@users.noreply.github.com>
Date: Wed, 20 Nov 2024 19:22:17 -0500
Subject: [PATCH 2/4] no need to call the callback

---
 library/ziti_enroll.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/library/ziti_enroll.c b/library/ziti_enroll.c
index af1e1b37..d35ddb6e 100644
--- a/library/ziti_enroll.c
+++ b/library/ziti_enroll.c
@@ -127,7 +127,6 @@ int ziti_enroll(const ziti_enroll_opts *opts, uv_loop_t *loop,
 
     if (opts->token == NULL && opts->url == NULL) {
         ZITI_LOG(ERROR, "enrollment JWT or verifiable controller URL is required");
-        enroll_cb(NULL, ZITI_INVALID_STATE, "enrollment JWT or verifiable controller URL is required", enroll_ctx);
         return ZITI_JWT_INVALID;
     }
 

From f855d312ff8e0278141aa85c3b928e6929f5cb75 Mon Sep 17 00:00:00 2001
From: dovholuknf <46322585+dovholuknf@users.noreply.github.com>
Date: Wed, 20 Nov 2024 20:31:32 -0500
Subject: [PATCH 3/4] minor grammar tweaks to comments

---
 includes/ziti/errors.h | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/includes/ziti/errors.h b/includes/ziti/errors.h
index ed6046f1..bf926348 100644
--- a/includes/ziti/errors.h
+++ b/includes/ziti/errors.h
@@ -35,9 +35,9 @@ extern "C" {
 #define ZITI_CONFIG_NOT_FOUND                                   (-1)
 /** The provided JWT was not found */
 #define ZITI_JWT_NOT_FOUND                                      (-2)
-/** The provided JWT is not accepted by controller */
+/** The provided JWT is not accepted by the controller */
 #define ZITI_JWT_INVALID                                        (-3)
-/** The provided JWT has invalid format */
+/** The provided JWT has an invalid format */
 #define ZITI_JWT_INVALID_FORMAT                                 (-4)
 /** PKCS7/ASN.1 parsing failed */
 #define ZITI_PKCS7_ASN1_PARSING_FAILED                          (-5)
@@ -49,7 +49,7 @@ extern "C" {
 #define ZITI_ENROLLMENT_METHOD_UNSUPPORTED                      (-8)
 /** enrollment method requires client certificate */
 #define ZITI_ENROLLMENT_CERTIFICATE_REQUIRED                    (-9)
-/** Attempt to generate an private key failed */
+/** Attempt to generate a private key failed */
 #define ZITI_KEY_GENERATION_FAILED                              (-10)
 /** Attempt to load TLS key failed */
 #define ZITI_KEY_LOAD_FAILED                                    (-11)
@@ -79,7 +79,7 @@ is offline or did not respond to the request*/
 #define ZITI_TIMEOUT                                            (-20)
 /** The connection has been closed abnormally. */
 #define ZITI_CONNABORT                                          (-21)
-/** SDK detected invalid state, most likely caaused by improper use. */
+/** SDK detected invalid state, most likely caused by improper use. */
 #define ZITI_INVALID_STATE                                      (-22)
 /** SDK detected invalid cryptographic state of Ziti connection */
 #define ZITI_CRYPTO_FAIL                                        (-23)
@@ -105,7 +105,7 @@ is offline or did not respond to the request*/
 #define ZITI_INVALID_AUTHENTICATOR_CERT                         (-33)
 /** returned when attempting to set the current certificate and key being used by a ztx when it could not be parsed/applied */
 #define ZITI_INVALID_CERT_KEY_PAIR                              (-34)
-/** returned when attempting to enroll the same key/cert with an external CA as has already been used */
+/** returned when attempting to enroll the same key/cert with an external CA that has already been used */
 #define ZITI_CERT_IN_USE                                        (-35)
 /** returned when enrolling a key/cert with an external CA and no CA matches the cert */
 #define ZITI_CERT_FAILED_VALIDATION                             (-36)

From 7156e381cabc5d49c7ba821d66aba6f3a5a96fc2 Mon Sep 17 00:00:00 2001
From: dovholuknf <46322585+dovholuknf@users.noreply.github.com>
Date: Wed, 20 Nov 2024 21:01:16 -0500
Subject: [PATCH 4/4] update the description too

---
 library/errors.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/library/errors.c b/library/errors.c
index 6d21e477..648d7d70 100644
--- a/library/errors.c
+++ b/library/errors.c
@@ -49,7 +49,9 @@
     XX(PARTIALLY_AUTHENTICATED, "api session is partially authenticated, waiting for auth query resolution")               \
     XX(INVALID_AUTHENTICATOR_TYPE, "the authenticator could not be extended as it is the incorrect type")                  \
     XX(INVALID_AUTHENTICATOR_CERT, "the authenticator could not be extended as the current client certificate does not match") \
-    XX(INVALID_CERT_KEY_PAIR, "the active certificate and key could not be set, invalid pair, or could not parse") \
+    XX(INVALID_CERT_KEY_PAIR, "the active certificate and key could not be set, invalid pair, or could not parse")         \
+    XX(CERT_IN_USE,"the provided certificate already in use")       \
+    XX(CERT_FAILED_VALIDATION, "the provided key/cert are invalid") \
     XX(WTF, "WTF: programming error")