From 4efa118a0d307ea08d6b941670d610d82cb4af50 Mon Sep 17 00:00:00 2001
From: Dave Mihalcik <dmihalcik@virtru.com>
Date: Wed, 17 Jul 2024 12:04:12 -0400
Subject: [PATCH] fix(logs): Improves on decrypt unsafe fail (#303)

This is a failure before rewrap, not upsert.
---
 lib/tdf3/src/tdf.ts | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/tdf3/src/tdf.ts b/lib/tdf3/src/tdf.ts
index 6876f562..a41d5638 100644
--- a/lib/tdf3/src/tdf.ts
+++ b/lib/tdf3/src/tdf.ts
@@ -41,6 +41,7 @@ import {
   TdfDecryptError,
   TdfError,
   TdfPayloadExtractionError,
+  UnsafeUrlError,
 } from '../../src/errors.js';
 import { htmlWrapperTemplate } from './templates/index.js';
 
@@ -824,7 +825,12 @@ async function unwrapKey({
   const rewrappedKeys = await Promise.all(
     keyAccess.map(async (keySplitInfo) => {
       if (!allowedKases.includes(keySplitInfo.url)) {
-        throw new KasUpsertError(`Unexpected KAS url: [${keySplitInfo.url}]`);
+        throw new UnsafeUrlError(
+          `cannot decrypt TDF: [${keySplitInfo.url}] not on allowlist ${JSON.stringify(
+            allowedKases
+          )}`,
+          keySplitInfo.url
+        );
       }
       const url = `${keySplitInfo.url}/${isAppIdProvider ? '' : 'v2/'}rewrap`;