fix(logs): Improves on decrypt unsafe fail (#303)

This is a failure before rewrap, not upsert.
opentdf · Jul 17, 2024 · 4efa118 · 4efa118
1 parent 0e1426b
commit 4efa118
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/lib/tdf3/src/tdf.ts b/lib/tdf3/src/tdf.ts
@@ -41,6 +41,7 @@ import {
   TdfDecryptError,
   TdfError,
   TdfPayloadExtractionError,
+  UnsafeUrlError,
 } from '../../src/errors.js';
 import { htmlWrapperTemplate } from './templates/index.js';
 
@@ -824,7 +825,12 @@ async function unwrapKey({
   const rewrappedKeys = await Promise.all(
     keyAccess.map(async (keySplitInfo) => {
       if (!allowedKases.includes(keySplitInfo.url)) {
-        throw new KasUpsertError(`Unexpected KAS url: [${keySplitInfo.url}]`);
+        throw new UnsafeUrlError(
+          `cannot decrypt TDF: [${keySplitInfo.url}] not on allowlist ${JSON.stringify(
+            allowedKases
+          )}`,
+          keySplitInfo.url
+        );
       }
       const url = `${keySplitInfo.url}/${isAppIdProvider ? '' : 'v2/'}rewrap`;