errors

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 27, 2021 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package errors provides error types returned in CF SSL.

1. Type Error is intended for errors produced by CF SSL packages. It formats to a json object that consists of an error message and a 4-digit code for error reasoning.

Example: {"code":1002, "message": "Failed to decode certificate"}

The index of codes are listed below:

1XXX: CertificateError
    1000: Unknown
    1001: ReadFailed
    1002: DecodeFailed
    1003: ParseFailed
    1100: SelfSigned
    12XX: VerifyFailed
        121X: CertificateInvalid
            1210: NotAuthorizedToSign
            1211: Expired
            1212: CANotAuthorizedForThisName
            1213: TooManyIntermediates
            1214: IncompatibleUsage
        1220: UnknownAuthority
2XXX: PrivatekeyError
    2000: Unknown
    2001: ReadFailed
    2002: DecodeFailed
    2003: ParseFailed
    2100: Encrypted
    2200: NotRSA
    2300: KeyMismatch
    2400: GenerationFailed
    2500: Unavailable
3XXX: IntermediatesError
4XXX: RootError
5XXX: PolicyError
    5100: NoKeyUsages
    5200: InvalidPolicy
    5300: InvalidRequest
    5400: UnknownProfile
    6XXX: DialError

2. Type HttpError is intended for CF SSL API to consume. It contains a HTTP status code that will be read and returned by the API server.

Index

Constants

View Source
const (
	BundleExpiringBit      int = 1 << iota // 0x01
	BundleNotUbiquitousBit                 // 0x02
)

Warning code for a success

View Source
const (
	// PrecertSubmissionFailed occurs when submitting a precertificate to
	// a log server fails
	PrecertSubmissionFailed = 100 * (iota + 1)
	// CTClientConstructionFailed occurs when the construction of a new
	// github.com/google/certificate-transparency client fails.
	CTClientConstructionFailed
	// PrecertMissingPoison occurs when a precert is passed to SignFromPrecert
	// and is missing the CT poison extension.
	PrecertMissingPoison
	// PrecertInvalidPoison occurs when a precert is passed to SignFromPrecert
	// and has a invalid CT poison extension value or the extension is not
	// critical.
	PrecertInvalidPoison
)

Certificate transparency related errors specified with CTError

View Source
const (
	// InsertionFailed occurs when a SQL insert query failes to complete.
	InsertionFailed = 100 * (iota + 1)
	// RecordNotFound occurs when a SQL query targeting on one unique
	// record failes to update the specified row in the table.
	RecordNotFound
)

Certificate persistence related errors specified with CertStoreError

Variables

This section is empty.

Functions

This section is empty.

Types

type Category

type Category int

Category is the most significant digit of the error code.

const (
	// Success indicates no error occurred.
	Success Category = 1000 * iota // 0XXX

	// CertificateError indicates a fault in a certificate.
	CertificateError // 1XXX

	// PrivateKeyError indicates a fault in a private key.
	PrivateKeyError // 2XXX

	// IntermediatesError indicates a fault in an intermediate.
	IntermediatesError // 3XXX

	// RootError indicates a fault in a root.
	RootError // 4XXX

	// PolicyError indicates an error arising from a malformed or
	// non-existent policy, or a breach of policy.
	PolicyError // 5XXX

	// DialError indicates a network fault.
	DialError // 6XXX

	// APIClientError indicates a problem with the API client.
	APIClientError // 7XXX

	// OCSPError indicates a problem with OCSP signing
	OCSPError // 8XXX

	// CSRError indicates a problem with CSR parsing
	CSRError // 9XXX

	// CTError indicates a problem with the certificate transparency process
	CTError // 10XXX

	// CertStoreError indicates a problem with the certificate store
	CertStoreError // 11XXX
)

type Error

type Error struct {
	ErrorCode int    `json:"code"`
	Message   string `json:"message"`
}

Error is the error type usually returned by functions in CF SSL package. It contains a 4-digit error code where the most significant digit describes the category where the error occurred and the rest 3 digits describe the specific error reason.

func New

func New(category Category, reason Reason) *Error

New returns an error that contains an error code and message derived from the given category, reason. Currently, to avoid confusion, it is not allowed to create an error of category Success

func Wrap

func Wrap(category Category, reason Reason, err error) *Error

Wrap returns an error that contains the given error and an error code derived from the given category, reason and the error. Currently, to avoid confusion, it is not allowed to create an error of category Success

func (*Error) Error

func (e *Error) Error() string

The error interface implementation, which formats to a JSON object string.

type HTTPError

type HTTPError struct {
	StatusCode int
	// contains filtered or unexported fields
}

HTTPError is an augmented error with a HTTP status code.

func NewBadRequest

func NewBadRequest(err error) *HTTPError

NewBadRequest creates a HttpError with the given error and error code 400.

func NewBadRequestMissingParameter

func NewBadRequestMissingParameter(s string) *HTTPError

NewBadRequestMissingParameter returns a 400 HttpError as a required parameter is missing in the HTTP request.

func NewBadRequestString

func NewBadRequestString(s string) *HTTPError

NewBadRequestString returns a HttpError with the supplied message and error code 400.

func NewBadRequestUnwantedParameter

func NewBadRequestUnwantedParameter(s string) *HTTPError

NewBadRequestUnwantedParameter returns a 400 HttpError as a unnecessary parameter is present in the HTTP request.

func NewMethodNotAllowed

func NewMethodNotAllowed(method string) *HTTPError

NewMethodNotAllowed returns an appropriate error in the case that an HTTP client uses an invalid method (i.e. a GET in place of a POST) on an API endpoint.

func (*HTTPError) Error

func (e *HTTPError) Error() string

Error implements the error interface.

type Reason

type Reason int

Reason is the last 3 digits of the error code.

const (
	Unknown      Reason = iota // X000
	ReadFailed                 // X001
	DecodeFailed               // X002
	ParseFailed                // X003
)

Parsing errors

const (
	// SelfSigned indicates that a certificate is self-signed and
	// cannot be used in the manner being attempted.
	SelfSigned Reason = 100 * (iota + 1) // Code 11XX

	// VerifyFailed is an X.509 verification failure. The least two
	// significant digits of 12XX is determined as the actual x509
	// error is examined.
	VerifyFailed // Code 12XX

	// BadRequest indicates that the certificate request is invalid.
	BadRequest // Code 13XX

	// MissingSerial indicates that the profile specified
	// 'ClientProvidesSerialNumbers', but the SignRequest did not include a serial
	// number.
	MissingSerial // Code 14XX
)

The following represent certificate non-parsing errors, and must be specified along with CertificateError.

const (
	// Encrypted indicates that the private key is a PKCS #8 encrypted
	// private key. At this time, CFSSL does not support decrypting
	// these keys.
	Encrypted Reason = 100 * (iota + 1) //21XX

	// NotRSAOrECC indicates that they key is not an RSA or ECC
	// private key; these are the only two private key types supported
	// at this time by CFSSL.
	NotRSAOrECC //22XX

	// KeyMismatch indicates that the private key does not match
	// the public key or certificate being presented with the key.
	KeyMismatch //23XX

	// GenerationFailed indicates that a private key could not
	// be generated.
	GenerationFailed //24XX

	// Unavailable indicates that a private key mechanism (such as
	// PKCS #11) was requested but support for that mechanism is
	// not available.
	Unavailable
)

The following represent private-key non-parsing errors, and must be specified with PrivateKeyError.

const (
	// NoKeyUsages indicates that the profile does not permit any
	// key usages for the certificate.
	NoKeyUsages Reason = 100 * (iota + 1) // 51XX

	// InvalidPolicy indicates that policy being requested is not
	// a valid policy or does not exist.
	InvalidPolicy // 52XX

	// InvalidRequest indicates a certificate request violated the
	// constraints of the policy being applied to the request.
	InvalidRequest // 53XX

	// UnknownProfile indicates that the profile does not exist.
	UnknownProfile // 54XX

	UnmatchedWhitelist // 55xx
)

The following are policy-related non-parsing errors, and must be specified along with PolicyError.

const (
	// AuthenticationFailure occurs when the client is unable
	// to obtain an authentication token for the request.
	AuthenticationFailure Reason = 100 * (iota + 1)

	// JSONError wraps an encoding/json error.
	JSONError

	// IOError wraps an io/ioutil error.
	IOError

	// ClientHTTPError wraps a net/http error.
	ClientHTTPError

	// ServerRequestFailed covers any other failures from the API
	// client.
	ServerRequestFailed
)

The following are API client related errors, and should be specified with APIClientError.

const (
	// IssuerMismatch ocurs when the certificate in the OCSP signing
	// request was not issued by the CA that this responder responds for.
	IssuerMismatch Reason = 100 * (iota + 1) // 81XX

	// InvalidStatus occurs when the OCSP signing requests includes an
	// invalid value for the certificate status.
	InvalidStatus
)

The following are OCSP related errors, and should be specified with OCSPError

const (
	None Reason = iota
)

None is a non-specified error.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL