1 files changed, 25 insertions, 37 deletions

diff --git a/host/libs/web/credential_source.cc b/host/libs/web/credential_source.cc
index b9a29bff9..b29be8a02 100644
--- a/host/libs/web/credential_source.cc
+++ b/host/libs/web/credential_source.cc
@@ -90,51 +90,39 @@ std::unique_ptr<CredentialSource> FixedCredentialSource::make(
   return std::unique_ptr<CredentialSource>(new FixedCredentialSource(credential));
 }
 
-static int OpenSslPrintErrCallback(const char* str, size_t len, void*) {
-  LOG(ERROR) << std::string(str, len);
-  return 1;  // success
+static std::string CollectSslErrors() {
+  std::stringstream errors;
+  auto callback = [](const char* str, size_t len, void* stream) {
+    ((std::stringstream*)stream)->write(str, len);
+    return 1;  // success
+  };
+  ERR_print_errors_cb(callback, &errors);
+  return errors.str();
 }
 
-std::unique_ptr<ServiceAccountOauthCredentialSource>
+Result<ServiceAccountOauthCredentialSource>
 ServiceAccountOauthCredentialSource::FromJson(CurlWrapper& curl,
                                               const Json::Value& json,
                                               const std::string& scope) {
-  std::unique_ptr<ServiceAccountOauthCredentialSource> source;
-  source.reset(new ServiceAccountOauthCredentialSource(curl));
-
-  if (!json.isMember("client_email")) {
-    LOG(ERROR) << "Service account json missing `client_email` field";
-    return {};
-  } else if (json["client_email"].type() != Json::ValueType::stringValue) {
-    LOG(ERROR) << "Service account `client_email` field was the wrong type";
-    return {};
-  }
-  source->email_ = json["client_email"].asString();
-
-  if (!json.isMember("private_key")) {
-    LOG(ERROR) << "Service account json missing `private_key` field";
-    return {};
-  } else if (json["private_key"].type() != Json::ValueType::stringValue) {
-    LOG(ERROR) << "Service account json `private_key` field was the wrong type";
-    return {};
-  }
-  std::string key_str = json["private_key"].asString();
+  ServiceAccountOauthCredentialSource source(curl);
+  source.scope_ = scope;
 
-  std::unique_ptr<BIO, int (*)(BIO*)> bo(BIO_new(BIO_s_mem()), BIO_free);
-  if (!bo) {
-    LOG(ERROR) << "Failed to create boringssl BIO";
-    return {};
-  }
-  CHECK(BIO_write(bo.get(), key_str.c_str(), key_str.size()) == key_str.size());
+  CF_EXPECT(json.isMember("client_email"));
+  CF_EXPECT(json["client_email"].type() == Json::ValueType::stringValue);
+  source.email_ = json["client_email"].asString();
 
-  source->private_key_.reset(PEM_read_bio_PrivateKey(bo.get(), nullptr, 0, 0));
-  if (!source->private_key_) {
-    LOG(ERROR) << "PEM_read_bio_PrivateKey failed, showing openssl error stack";
-    ERR_print_errors_cb(OpenSslPrintErrCallback, nullptr);
-    return {};
-  }
+  CF_EXPECT(json.isMember("private_key"));
+  CF_EXPECT(json["private_key"].type() == Json::ValueType::stringValue);
+  std::string key_str = json["private_key"].asString();
+
+  std::unique_ptr<BIO, int (*)(BIO*)> bo(CF_EXPECT(BIO_new(BIO_s_mem())),
+                                         BIO_free);
+  CF_EXPECT(BIO_write(bo.get(), key_str.c_str(), key_str.size()) ==
+            key_str.size());
 
-  source->scope_ = scope;
+  auto pkey = CF_EXPECT(PEM_read_bio_PrivateKey(bo.get(), nullptr, 0, 0),
+                        CollectSslErrors());
+  source.private_key_.reset(pkey);
 
   return source;
 }