From a8ccff7a1c8b34abbea02182aabc4e86ffdc90b1 Mon Sep 17 00:00:00 2001
From: Dirkjan Ochtman <dirkjan@ochtman.nl>
Date: Wed, 26 Jul 2023 10:27:34 +0200
Subject: [PATCH] Provide better error message after failing to acquire nonce

---
 src/lib.rs | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/lib.rs b/src/lib.rs
index 1d41049..8f6064b 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -14,7 +14,7 @@ use hyper::client::connect::Connect;
 #[cfg(feature = "hyper-rustls")]
 use hyper::client::HttpConnector;
 use hyper::header::{CONTENT_TYPE, LOCATION};
-use hyper::{Body, Method, Request, Response};
+use hyper::{Body, Method, Request, Response, StatusCode};
 use ring::digest::{digest, SHA256};
 use ring::hmac;
 use ring::rand::SystemRandom;
@@ -446,7 +446,17 @@ impl Client {
             .unwrap();
 
         let rsp = self.http.request(request).await?;
-        Ok(nonce_from_response(&rsp).ok_or("no nonce found")?)
+        // https://datatracker.ietf.org/doc/html/rfc8555#section-7.2
+        // "The server's response MUST include a Replay-Nonce header field containing a fresh
+        // nonce and SHOULD have status code 200 (OK)."
+        if rsp.status() != StatusCode::OK {
+            return Err("error response from newNonce resource".into());
+        }
+
+        match nonce_from_response(&rsp) {
+            Some(nonce) => Ok(nonce),
+            None => Err("no nonce found in newNonce response".into()),
+        }
     }
 }