refator error handling

5d87da64 · Damyan Mitev · c71ba842 · 5d87da64 · 5d87da64 · 5d87da64
Commit 5d87da64 authored 5 years ago by Damyan Mitev
--- a/handler/generate_keypair.go
+++ b/handler/generate_keypair.go
@@ -18,6 +18,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
 package handler

 import (
+	"code.vereign.com/code/viam-apis/errors"
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
@@ -29,7 +30,6 @@ import (

 	keyutils "code.vereign.com/code/key-storage-agent/utils"
 	"code.vereign.com/code/viam-apis/key-storage-agent/api"
-	"code.vereign.com/code/viam-apis/utils"
 	"golang.org/x/net/context"
 )

@@ -41,89 +41,75 @@ func (s *KeyStorageServerImpl) GenerateKeyPair(ctx context.Context,
 	client := keyutils.CreateDataStorageClient(auth)
 	defer client.CloseClient()

-	generateKeyPairResponse := &api.GenerateKeyPairResponse{}
-
 	uuid, err := keyutils.GenerateUnusedUUID(client)
 	if err != nil {
 		log.Printf("Error: %v", err)
-		generateKeyPairResponse.StatusList = utils.AddStatus(generateKeyPairResponse.StatusList,
-			"500", api.StatusType_ERROR, err.Error())
+		return nil, err
 	}

 	privateKeyBytes, publicKeyBytes, err := generateKeyPair(int(in.KeySize))
 	if err != nil {
 		log.Printf("Error: %v", err)
-		generateKeyPairResponse.StatusList = utils.AddStatus(generateKeyPairResponse.StatusList,
-			"500", api.StatusType_ERROR, err.Error())
+		return nil, err
 	}

 	aesKeyBytes, err := generateRandomSequence(256)
 	if err != nil {
 		log.Printf("Error: %v", err)
-		generateKeyPairResponse.StatusList = utils.AddStatus(generateKeyPairResponse.StatusList,
-			"500", api.StatusType_ERROR, err.Error())
+		return nil, err
 	}

 	encryptedPrivateKeyBytes, privateKeyNonce, err := aesEncrypt(aesKeyBytes, privateKeyBytes)
 	if err != nil {
 		log.Printf("Error: %v", err)
-		generateKeyPairResponse.StatusList = utils.AddStatus(generateKeyPairResponse.StatusList,
-			"500", api.StatusType_ERROR, err.Error())
-		return generateKeyPairResponse, nil
+		return nil, err
 	}
 	encryptedPrivateKey := &api.Key{Content: encryptedPrivateKeyBytes}
-	result, errors, err := client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_PRIVATE), encryptedPrivateKey)
-	generateKeyPairResponse.StatusList = keyutils.HandlePutDataErrors(generateKeyPairResponse.StatusList, errors, err)
-
-	if generateKeyPairResponse.StatusList == nil || len(generateKeyPairResponse.StatusList) == 0 {
-		publicKey := &api.Key{Content: publicKeyBytes}
-		result, errors, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_PUBLIC), publicKey)
-		generateKeyPairResponse.StatusList = keyutils.HandlePutDataErrors(generateKeyPairResponse.StatusList, errors, err)
+	_, _, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_PRIVATE), encryptedPrivateKey)
+	if err != nil {
+		return nil, errors.WrapInternalFormat(err, "Could not store key %s", uuid+"/"+api.KeyType.String(api.KeyType_PRIVATE))
 	}

-	//duplicate logic of ReserveKeyUUID
-	if generateKeyPairResponse.StatusList == nil || len(generateKeyPairResponse.StatusList) == 0 {
-		emptyKey := &api.Key{Content: []byte{}}
-		result, errors, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_CERTIFICATE), emptyKey)
-		generateKeyPairResponse.StatusList = keyutils.HandlePutDataErrors(generateKeyPairResponse.StatusList, errors, err)
+
+	publicKey := &api.Key{Content: publicKeyBytes}
+	_, _, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_PUBLIC), publicKey)
+	if err != nil {
+		return nil, errors.WrapInternalFormat(err, "Could not store key %s", uuid+"/"+api.KeyType.String(api.KeyType_PUBLIC))
 	}

-	if generateKeyPairResponse.StatusList == nil || len(generateKeyPairResponse.StatusList) == 0 {
-		encryptedAesKeyBytes, err := rsaEncryptWithServerKey(s.VereignCertPEM, aesKeyBytes, []byte("aeskeys"))
-		if err != nil {
-			log.Printf("Error: %v", err)
-			generateKeyPairResponse.StatusList = utils.AddStatus(generateKeyPairResponse.StatusList,
-				"500", api.StatusType_ERROR, err.Error())
-			return generateKeyPairResponse, nil
-		}
+	//duplicate logic of ReserveKeyUUID

-		encryptedAesKey := &api.Key{Content: encryptedAesKeyBytes}
+	emptyKey := &api.Key{Content: []byte{}}
+	_, _, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_CERTIFICATE), emptyKey)
+	if err != nil {
+		return nil, errors.WrapInternalFormat(err, "Could not store key %s", uuid+"/"+api.KeyType.String(api.KeyType_CERTIFICATE))
+	}

-		result, errors, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_AES), encryptedAesKey)
-		generateKeyPairResponse.StatusList = keyutils.HandlePutDataErrors(generateKeyPairResponse.StatusList, errors, err)
+	encryptedAesKeyBytes, err := rsaEncryptWithServerKey(s.VereignCertPEM, aesKeyBytes, []byte("aeskeys"))
+	if err != nil {
+		return nil, errors.WrapInternal(err, "Could not encrypt")
 	}

-	if generateKeyPairResponse.StatusList == nil || len(generateKeyPairResponse.StatusList) == 0 {
-		encryptedPrivateKeyNonceBytes, err := rsaEncryptWithServerKey(s.VereignCertPEM, privateKeyNonce, []byte("nonce"))
-		if err != nil {
-			log.Printf("Error: %v", err)
-			generateKeyPairResponse.StatusList = utils.AddStatus(generateKeyPairResponse.StatusList,
-				"500", api.StatusType_ERROR, err.Error())
-			return generateKeyPairResponse, nil
-		}
+	encryptedAesKey := &api.Key{Content: encryptedAesKeyBytes}

-		encryptedNonce := &api.Key{Content: encryptedPrivateKeyNonceBytes}
+	_, _, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_AES), encryptedAesKey)
+	if err != nil {
+		return nil, errors.WrapInternalFormat(err, "Could not store key %s", uuid+"/"+api.KeyType.String(api.KeyType_AES))
+	}

-		result, errors, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_NONCE), encryptedNonce)
-		generateKeyPairResponse.StatusList = keyutils.HandlePutDataErrors(generateKeyPairResponse.StatusList, errors, err)
+	encryptedPrivateKeyNonceBytes, err := rsaEncryptWithServerKey(s.VereignCertPEM, privateKeyNonce, []byte("nonce"))
+	if err != nil {
+		return nil, errors.WrapInternal(err, "Could not encrypt private key")
 	}

-	if generateKeyPairResponse.StatusList == nil || len(generateKeyPairResponse.StatusList) == 0 {
-		generateKeyPairResponse.Uuid = uuid
-		generateKeyPairResponse.StatusList = utils.AddStatus(generateKeyPairResponse.StatusList,
-			"200", api.StatusType_INFO, result)
+	encryptedNonce := &api.Key{Content: encryptedPrivateKeyNonceBytes}
+
+	_, _, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_NONCE), encryptedNonce)
+	if err != nil {
+		return nil, errors.WrapInternalFormat(err, "Could not store key %s", uuid+"/"+api.KeyType.String(api.KeyType_NONCE))
 	}

+	generateKeyPairResponse := &api.GenerateKeyPairResponse{Uuid:uuid}
 	return generateKeyPairResponse, nil
 }


--- a/handler/handler.go
+++ b/handler/handler.go
@@ -18,8 +18,8 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
 package handler

 import (
+	"code.vereign.com/code/viam-apis/errors"
 	"encoding/base64"
-	"errors"
 	"log"
 	"strings"

@@ -29,7 +29,6 @@ import (
 	keyutils "code.vereign.com/code/key-storage-agent/utils"
 	"code.vereign.com/code/viam-apis/authentication"
 	"code.vereign.com/code/viam-apis/key-storage-agent/api"
-	"code.vereign.com/code/viam-apis/utils"
 	"golang.org/x/net/context"
 	"google.golang.org/grpc/metadata"
 )
@@ -73,7 +72,7 @@ func (s *KeyStorageServerImpl) GetKey(ctx context.Context, in *api.GetKeyRequest
 	client := keyutils.CreateDataStorageClient(auth)
 	defer client.CloseClient()

-	getKeyResponse := &api.GetKeyResponse{}
+

 	if in.KeyType == api.KeyType_CERTIFICATE && in.Uuid == "root" {
 		key := &api.Key{}
@@ -89,44 +88,28 @@ func (s *KeyStorageServerImpl) GetKey(ctx context.Context, in *api.GetKeyRequest
 		key.Content = s.VereignCertPEM
 		key.Revoked = false

-		getKeyResponse.Key = key
+		getKeyResponse := &api.GetKeyResponse{Key:key}
 		return getKeyResponse, nil
 	}

 	if in.KeyType == api.KeyType_KT_EMPTY {
-		getKeyResponse.StatusList = utils.AddStatus(getKeyResponse.StatusList,
-			"400", api.StatusType_ERROR, "KeyType cannot be empty")
-		return getKeyResponse, errors.New("KeyType cannot be empty")
+		return nil, errors.NewUser("KeyType cannot be empty")
 	}

 	key := &api.Key{}

-	hasData, errorsString, err := client.GetData("keys", in.Uuid+"/"+api.KeyType.String(in.KeyType), key)
+	hasData, _, err := client.GetData("keys", in.Uuid+"/"+api.KeyType.String(in.KeyType), key)
 	if err != nil {
 		log.Printf("grpc call GetData to DataStorage failed: %s", err)
-		getKeyResponse.Key = nil
-		getKeyResponse.StatusList = utils.AddStatus(getKeyResponse.StatusList,
-			"500", api.StatusType_ERROR, err.Error())
-		return getKeyResponse, err
-	}
-
-	if errorsString != "" {
-		getKeyResponse.Key = nil
-		getKeyResponse.StatusList = utils.AddStatus(getKeyResponse.StatusList,
-			"500", api.StatusType_ERROR, errorsString)
-		return nil, errors.New(errorsString)
+		return nil, err
 	}

 	if !hasData {
 		log.Println("No such key " + in.Uuid)
-		getKeyResponse.Key = nil
-		getKeyResponse.StatusList = utils.AddStatus(getKeyResponse.StatusList,
-			"500", api.StatusType_ERROR, err.Error())
-		return getKeyResponse, err
+		return nil, errors.NewUser("No such key " + in.Uuid)
 	}

-	getKeyResponse.Key = key
-
+	getKeyResponse := &api.GetKeyResponse{Key:key}
 	return getKeyResponse, nil
 }

@@ -136,18 +119,12 @@ func (s *KeyStorageServerImpl) SetKey(ctx context.Context, in *api.SetKeyRequest
 	client := keyutils.CreateDataStorageClient(auth)
 	defer client.CloseClient()

-	setKeyResponse := &api.SetKeyResponse{}
-
 	if in.Uuid == "root" {
-		setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
-			"400", api.StatusType_ERROR, "Can not set root CA keys")
-		return setKeyResponse, errors.New("Can not set root CA keys")
+		return nil, errors.NewUser("Can not set root CA keys")
 	}

 	if in.KeyType == api.KeyType_KT_EMPTY {
-		setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
-			"400", api.StatusType_ERROR, "KeyType cannot be empty")
-		return setKeyResponse, errors.New("KeyType cannot be empty")
+		return nil, errors.NewUser("KeyType cannot be empty")
 	}

 	key := &api.Key{}
@@ -156,24 +133,17 @@ func (s *KeyStorageServerImpl) SetKey(ctx context.Context, in *api.SetKeyRequest
 		_, _, err := client.GetData("keys", in.Uuid+"/"+api.KeyType.String(in.KeyType), key)
 		if err != nil {
 			log.Printf("grpc call GetData to DataStorage failed: %s", err)
-			setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
-				"500", api.StatusType_ERROR, err.Error())
-			return setKeyResponse, err
+			return nil, errors.WrapInternalFormat(err, "grpc call GetData to DataStorage failed: %s", err)
 		}

 		if len(key.Content) > 0 {
-			setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
-				"400", api.StatusType_ERROR, "Key is already set")
-			return setKeyResponse, errors.New("Key is already set")
+			return nil, errors.NewUser("Key is already set")
 		}
 	}

-	result, errors, err := client.PutData("keys", in.Uuid+"/"+api.KeyType.String(in.KeyType), in.Key)
-	setKeyResponse.StatusList = keyutils.HandlePutDataErrors(setKeyResponse.StatusList, errors, err)
-
-	if setKeyResponse.StatusList == nil || len(setKeyResponse.StatusList) == 0 {
-		setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
-			"200", api.StatusType_INFO, result)
+	_, _, err := client.PutData("keys", in.Uuid+"/"+api.KeyType.String(in.KeyType), in.Key)
+	if err != nil {
+		return nil, err
 	}

 	if in.KeyType == api.KeyType_PUBLIC {
@@ -182,10 +152,11 @@ func (s *KeyStorageServerImpl) SetKey(ctx context.Context, in *api.SetKeyRequest
 		_, _, err = client.PutString(keyToKeyIdTable, keyContent, in.Uuid)
 		if err != nil {
 			log.Printf("can't PutString: %s", err)
-			return nil, err
+			return nil, errors.WrapInternal(err, "can't PutString")
 		}
 	}

+	setKeyResponse := &api.SetKeyResponse{}
 	return setKeyResponse, nil
 }

@@ -195,38 +166,32 @@ func (s *KeyStorageServerImpl) ReserveKeyUUID(ctx context.Context, in *api.Reser
 	client := keyutils.CreateDataStorageClient(auth)
 	defer client.CloseClient()

-	reserveKeyUUIDResponse := &api.ReserveKeyUUIDResponse{}
-
 	uuid, err := keyutils.GenerateUnusedUUID(client)
 	if err != nil {
 		log.Printf("Error: %v", err)
-		reserveKeyUUIDResponse.StatusList = utils.AddStatus(reserveKeyUUIDResponse.StatusList,
-			"500", api.StatusType_INFO, err.Error())
+		return nil, err
 	}

 	emptyKey := &api.Key{
 		Content: []byte{},
 	}

-	result, errors, err := client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_PRIVATE), emptyKey)
-	reserveKeyUUIDResponse.StatusList = keyutils.HandlePutDataErrors(reserveKeyUUIDResponse.StatusList, errors, err)
-
-	if reserveKeyUUIDResponse.StatusList == nil || len(reserveKeyUUIDResponse.StatusList) == 0 {
-		result, errors, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_PUBLIC), emptyKey)
-		reserveKeyUUIDResponse.StatusList = keyutils.HandlePutDataErrors(reserveKeyUUIDResponse.StatusList, errors, err)
+	_, _, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_PRIVATE), emptyKey)
+	if err != nil {
+		return nil, errors.WrapInternalFormat(err, "Could not store key %s", uuid+"/"+api.KeyType.String(api.KeyType_PRIVATE))
 	}

-	if reserveKeyUUIDResponse.StatusList == nil || len(reserveKeyUUIDResponse.StatusList) == 0 {
-		result, errors, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_CERTIFICATE), emptyKey)
-		reserveKeyUUIDResponse.StatusList = keyutils.HandlePutDataErrors(reserveKeyUUIDResponse.StatusList, errors, err)
+	_, _, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_PUBLIC), emptyKey)
+	if err != nil {
+		return nil, errors.WrapInternalFormat(err, "Could not store key %s", uuid+"/"+api.KeyType.String(api.KeyType_PUBLIC))
 	}

-	if reserveKeyUUIDResponse.StatusList == nil || len(reserveKeyUUIDResponse.StatusList) == 0 {
-		reserveKeyUUIDResponse.Uuid = uuid
-		reserveKeyUUIDResponse.StatusList = utils.AddStatus(reserveKeyUUIDResponse.StatusList,
-			"200", api.StatusType_INFO, result)
+	_, _, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_CERTIFICATE), emptyKey)
+	if err != nil {
+		return nil, errors.WrapInternalFormat(err, "Could not store key %s", uuid+"/"+api.KeyType.String(api.KeyType_CERTIFICATE))
 	}

+	reserveKeyUUIDResponse := &api.ReserveKeyUUIDResponse{Uuid:uuid}
 	return reserveKeyUUIDResponse, nil
 }

@@ -302,5 +267,5 @@ func (s *KeyStorageServerImpl) GetKeyId(ctx context.Context, in *api.GetKeyIdByK

 func (s *KeyStorageServerImpl) GetVersionKSA(ctx context.Context, in *api.GetVersionKSAMessage) (*api.GetVersionKSAResponseMessage, error) {
 	log.Println("Version: " + version)
-	return &api.GetVersionKSAResponseMessage{Version: version, Errors: ""}, nil
+	return &api.GetVersionKSAResponseMessage{Version: version}, nil
 }
--- a/handler/manage_device_key.go
+++ b/handler/manage_device_key.go
@@ -20,105 +20,104 @@ package handler
 import (
 	keyutils "code.vereign.com/code/key-storage-agent/utils"
 	"code.vereign.com/code/viam-apis/data-storage-agent/client"
+	"code.vereign.com/code/viam-apis/errors"
 	"code.vereign.com/code/viam-apis/key-storage-agent/api"
-	"code.vereign.com/code/viam-apis/utils"
 	"golang.org/x/net/context"
 )

 func (s *KeyStorageServerImpl) SetAuthorized(ctx context.Context, in *api.SetAuthorizedRequest) (*api.SetAuthorizedResponse, error) {
-	setAuthorizedResponse := &api.SetAuthorizedResponse{}

-	setAuthorizedResponse.StatusList = s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Unauthorized = !in.Value })
-	if setAuthorizedResponse.StatusList != nil {
-		return setAuthorizedResponse, nil
+	err := s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Unauthorized = !in.Value })
+	if err != nil {
+		return nil, errors.WrapInternal(err, "Could not authorize keys")
 	}
-	setAuthorizedResponse.StatusList = utils.AddStatus(setAuthorizedResponse.StatusList, "200", api.StatusType_INFO, "Keys authorization updated")
+
+	setAuthorizedResponse := &api.SetAuthorizedResponse{}
 	return setAuthorizedResponse, nil
 }

 func (s *KeyStorageServerImpl) Destroy(ctx context.Context, in *api.DestroyRequest) (*api.DestroyResponse, error) {
-	destroyResponse := &api.DestroyResponse{}

-	destroyResponse.StatusList = s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Destroyed = true })
-	if destroyResponse.StatusList != nil {
-		return destroyResponse, nil
+	err := s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Destroyed = true })
+	if err != nil {
+		return nil, errors.WrapInternal(err, "Could not destroy keys")
 	}
-	destroyResponse.StatusList = utils.AddStatus(destroyResponse.StatusList, "200", api.StatusType_INFO, "Keys destroyed")
+
+	destroyResponse := &api.DestroyResponse{}
 	return destroyResponse, nil
 }

 func (s *KeyStorageServerImpl) Revoke(ctx context.Context, in *api.RevokeRequest) (*api.RevokeResponse, error) {
-	revokeResponse := &api.RevokeResponse{}

-	revokeResponse.StatusList = s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Revoked = true })
-	if revokeResponse.StatusList != nil {
-		return revokeResponse, nil
+	err := s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Revoked = true })
+	if err != nil {
+		return nil, errors.WrapInternal(err, "Could not revoke keys")
 	}
-	revokeResponse.StatusList = utils.AddStatus(revokeResponse.StatusList, "200", api.StatusType_INFO, "Keys revoked")
+
+	revokeResponse := &api.RevokeResponse{}
 	return revokeResponse, nil
 }

 func (s *KeyStorageServerImpl) Suspend(ctx context.Context, in *api.SuspendRequest) (*api.SuspendResponse, error) {
-	suspendResponse := &api.SuspendResponse{}

-	suspendResponse.StatusList = s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Suspended = true })
-	if suspendResponse.StatusList != nil {
-		return suspendResponse, nil
+	err := s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Suspended = true })
+	if err != nil {
+		return nil, errors.WrapInternal(err, "Could not suspend keys")
 	}
-	suspendResponse.StatusList = utils.AddStatus(suspendResponse.StatusList, "200", api.StatusType_INFO, "Keys suspended")
+
+	suspendResponse := &api.SuspendResponse{}
 	return suspendResponse, nil
 }

 func (s *KeyStorageServerImpl) Resume(ctx context.Context, in *api.ResumeRequest) (*api.ResumeResponse, error) {
-	resumeResponse := &api.ResumeResponse{}

-	resumeResponse.StatusList = s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Suspended = false })
-	if resumeResponse.StatusList != nil {
-		return resumeResponse, nil
+	err := s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Suspended = false })
+	if err != nil {
+		return nil, errors.WrapInternal(err, "Could not resume keys")
 	}
-	resumeResponse.StatusList = utils.AddStatus(resumeResponse.StatusList, "200", api.StatusType_INFO, "Keys resumed")
+
+	resumeResponse := &api.ResumeResponse{}
 	return resumeResponse, nil
 }

 func (s *KeyStorageServerImpl) Rename(ctx context.Context, in *api.RenameRequest) (*api.RenameResponse, error) {
-	renameResponse := &api.RenameResponse{}

-	renameResponse.StatusList = s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Name = in.Name })
-	if renameResponse.StatusList != nil {
-		return renameResponse, nil
+	err := s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Name = in.Name })
+	if err != nil {
+		return nil, errors.WrapInternal(err, "Could not rename keys")
 	}
-	renameResponse.StatusList = utils.AddStatus(renameResponse.StatusList, "200", api.StatusType_INFO, "Keys renamed")
+
+	renameResponse := &api.RenameResponse{}
 	return renameResponse, nil
 }

-func (s *KeyStorageServerImpl) updateAll(ctx context.Context, uuid string, update func(*api.Key)) []*api.Status {
+func (s *KeyStorageServerImpl) updateAll(ctx context.Context, uuid string, updateFunc func(*api.Key)) error {
 	auth := s.CreateAuthentication(ctx)

 	client := keyutils.CreateDataStorageClient(auth)
 	defer client.CloseClient()

 	for _, kType := range []api.KeyType{api.KeyType_PRIVATE, api.KeyType_PUBLIC, api.KeyType_CERTIFICATE} {
-		statusList := updateKey(client, uuid, kType, update)
-		if statusList != nil {
-			return statusList
+		err := updateKey(client, uuid, kType, updateFunc)
+		if err != nil {
+			return err
 		}
 	}

 	return nil
 }

-func updateKey(client *client.DataStorageClientImpl, uuid string, keyType api.KeyType, update func(*api.Key)) []*api.Status {
-	key, statusList := keyutils.GetKey(client, uuid, keyType)
-	if statusList != nil {
-		return statusList
+func updateKey(client *client.DataStorageClientImpl, uuid string, keyType api.KeyType, updateFunc func(*api.Key)) error {
+	key, err := keyutils.GetKey(client, uuid, keyType)
+	if err != nil {
+		return err
 	}

-	update(key)
+	updateFunc(key)

-	_, errors, err := client.PutData("keys", uuid+"/"+api.KeyType.String(keyType), key)
-	statusList = keyutils.HandlePutDataErrors(statusList, errors, err)
-	if statusList != nil && len(statusList) > 0 {
-		return statusList
+	_, _, err = client.PutData("keys", uuid+"/"+api.KeyType.String(keyType), key)
+	if err != nil {
+		return errors.WrapInternalFormat(err, "Could not store key %s", uuid+"/"+api.KeyType.String(keyType))
 	}

 	return nil

--- a/utils/utils.go
+++ b/utils/utils.go
@@ -18,9 +18,9 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
 package utils

 import (
+	"code.vereign.com/code/viam-apis/errors"
 	"crypto/rand"
 	"crypto/x509"
-	"errors"
 	"fmt"
 	"io"
 	"log"
@@ -35,7 +35,6 @@ import (
 	dsclient "code.vereign.com/code/viam-apis/data-storage-agent/client"
 	emclient "code.vereign.com/code/viam-apis/entities-management-agent/client"
 	"code.vereign.com/code/viam-apis/key-storage-agent/api"
-	"code.vereign.com/code/viam-apis/utils"
 )

 func GenerateUnusedUUID(client *client.DataStorageClientImpl) (string, error) {
@@ -47,7 +46,10 @@ func GenerateUnusedUUID(client *client.DataStorageClientImpl) (string, error) {
 		key := &api.Key{}

 		hasData, _, err := client.GetData("keys", uuid+"/"+api.KeyType.String(api.KeyType_PRIVATE), key)
-		if err != nil || !hasData {
+		if err != nil {
+			return "", errors.WrapInternal(err, "Could not generate unused UUID")
+		}
+		if !hasData {
 			return uuid, nil
 		}
 		if count >= 10 {
@@ -57,6 +59,7 @@ func GenerateUnusedUUID(client *client.DataStorageClientImpl) (string, error) {
 	}
 }

+//TODO create one single function to create UUIDs
 func NewUUID() (string, error) {
 	uuid := make([]byte, 16)
 	n, err := io.ReadFull(rand.Reader, uuid)
@@ -70,16 +73,16 @@ func NewUUID() (string, error) {
 	return fmt.Sprintf("%x-%x-%x-%x-%x", uuid[0:4], uuid[4:6], uuid[6:8], uuid[8:10], uuid[10:]), nil
 }

-func HandlePutDataErrors(statusList []*api.Status, errors string, err error) []*api.Status {
-	if err != nil {
-		log.Printf("Error: %v", err)
-		statusList = utils.AddStatus(statusList, "500", api.StatusType_ERROR, err.Error())
-	} else if errors != "" {
-		statusList = utils.AddStatus(statusList, "400", api.StatusType_ERROR, errors)
-	}
-
-	return statusList
-}
+//func HandlePutDataErrors(statusList []*api.Status, errors string, err error) []*api.Status {
+//	if err != nil {
+//		log.Printf("Error: %v", err)
+//		statusList = utils.AddStatus(statusList, "500", api.StatusType_ERROR, err.Error())
+//	} else if errors != "" {
+//		statusList = utils.AddStatus(statusList, "400", api.StatusType_ERROR, errors)
+//	}
+//
+//	return statusList
+//}

 func ReadCertificateFromPEM(pemString []byte) (*x509.Certificate, error) {
 	certificatePemBlock, err := ReadPemBlockFromBytes(pemString)
@@ -133,28 +136,18 @@ func ReadPemBlockFromFile(fileName string) (*pem.Block, error) {
 	return certificatePemBlock, nil
 }

-func GetKey(client *client.DataStorageClientImpl, uuid string, keyType api.KeyType) (*api.Key, []*api.Status) {
-	statusList := []*api.Status{}
-
+func GetKey(client *client.DataStorageClientImpl, uuid string, keyType api.KeyType) (*api.Key, error) {
 	key := &api.Key{}

-	_, errorsString, err := client.GetData("keys", uuid+"/"+api.KeyType.String(keyType), key)
+	hasData, _, err := client.GetData("keys", uuid+"/"+api.KeyType.String(keyType), key)
 	if err != nil {
-		statusList = utils.AddStatus(statusList, "400", api.StatusType_ERROR, errorsString)
-		return nil, statusList
-	}
-
-	/*
-	if errorsString != "" {
-		statusList = utils.AddStatus(statusList, "400", api.StatusType_ERROR, errorsString)
-		return nil, statusList
+		return nil, errors.WrapInternalFormat(err, "Could not get key %s", uuid+"/"+api.KeyType.String(keyType))
 	}

 	if !hasData {
-		statusList = utils.AddStatus(statusList, "400", api.StatusType_ERROR, errorsString)
-		return nil, statusList
+		err = errors.New("No data")
+		return nil, errors.WrapUserFormat(err, "Could not get key %s", uuid+"/"+api.KeyType.String(keyType))
 	}
-	*/

 	return key, nil
 }