aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/x509
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-11-17 16:23:51 -0500
committerJack Lloyd <[email protected]>2018-11-23 11:15:25 -0500
commitb909778857b3e0b7eb86ac26c818e5f25baaddbd (patch)
treef8a5c9cbec26310bbfc9077563892b04db158a48 /src/lib/x509
parentc20a428ca2f7c1ef96e642f55bb898010444c499 (diff)
Make exceptions easier to translate to error codes
Avoid throwing base Botan::Exception type, as it is difficult to determine what the error is in that case. Add Exception::error_code and Exception::error_type which allows (for error code) more information about the error and (for error type) allows knowing the error type without requiring a sequence of catches. See GH #1742
Diffstat (limited to 'src/lib/x509')
-rw-r--r--src/lib/x509/key_constraint.cpp2
-rw-r--r--src/lib/x509/key_constraint.h2
-rw-r--r--src/lib/x509/ocsp.cpp5
-rw-r--r--src/lib/x509/x509_crl.h7
-rw-r--r--src/lib/x509/x509_ext.h2
-rw-r--r--src/lib/x509/x509_obj.cpp2
-rw-r--r--src/lib/x509/x509path.cpp8
7 files changed, 17 insertions, 11 deletions
diff --git a/src/lib/x509/key_constraint.cpp b/src/lib/x509/key_constraint.cpp
index dfadedac5..95a59d65f 100644
--- a/src/lib/x509/key_constraint.cpp
+++ b/src/lib/x509/key_constraint.cpp
@@ -93,7 +93,7 @@ void verify_cert_constraints_valid_for_key_type(const Public_Key& pub_key,
if((constraints & permitted) != constraints)
{
- throw Exception("Invalid " + name + " constraints " + key_constraints_to_string(constraints));
+ throw Invalid_Argument("Invalid " + name + " constraints " + key_constraints_to_string(constraints));
}
}
diff --git a/src/lib/x509/key_constraint.h b/src/lib/x509/key_constraint.h
index 3d456f6c4..75f9fb82f 100644
--- a/src/lib/x509/key_constraint.h
+++ b/src/lib/x509/key_constraint.h
@@ -37,7 +37,7 @@ class Public_Key;
* Check that key constraints are permitted for a specific public key.
* @param pub_key the public key on which the constraints shall be enforced on
* @param constraints the constraints that shall be enforced on the key
-* @throw Exception if the given constraints are not permitted for this key
+* @throw Invalid_Argument if the given constraints are not permitted for this key
*/
BOTAN_PUBLIC_API(2,0) void verify_cert_constraints_valid_for_key_type(const Public_Key& pub_key,
Key_Constraints constraints);
diff --git a/src/lib/x509/ocsp.cpp b/src/lib/x509/ocsp.cpp
index 115c4117a..62d814702 100644
--- a/src/lib/x509/ocsp.cpp
+++ b/src/lib/x509/ocsp.cpp
@@ -106,8 +106,11 @@ Response::Response(const uint8_t response_bits[], size_t response_bits_len) :
response_outer.decode(resp_status, ENUMERATED, UNIVERSAL);
+ /*
+ * FIXME: properly decode error responses
+ */
if(resp_status != 0)
- throw Exception("OCSP response status " + std::to_string(resp_status));
+ throw Decoding_Error("OCSP response status " + std::to_string(resp_status));
if(response_outer.more_items())
{
diff --git a/src/lib/x509/x509_crl.h b/src/lib/x509/x509_crl.h
index 89925aa04..d52c98e9a 100644
--- a/src/lib/x509/x509_crl.h
+++ b/src/lib/x509/x509_crl.h
@@ -28,12 +28,15 @@ class BOTAN_PUBLIC_API(2,0) X509_CRL final : public X509_Object
public:
/**
* This class represents CRL related errors.
+ *
+ * In a future major release this exception type will be removed and
+ * replaced with Decoding_Error
*/
- class BOTAN_PUBLIC_API(2,0) X509_CRL_Error final : public Exception
+ class BOTAN_PUBLIC_API(2,0) X509_CRL_Error final : public Decoding_Error
{
public:
explicit X509_CRL_Error(const std::string& error) :
- Exception("X509_CRL: " + error) {}
+ Decoding_Error("X509_CRL: " + error) {}
};
/**
diff --git a/src/lib/x509/x509_ext.h b/src/lib/x509/x509_ext.h
index 48a9f338c..11e14e8d6 100644
--- a/src/lib/x509/x509_ext.h
+++ b/src/lib/x509/x509_ext.h
@@ -115,7 +115,7 @@ class BOTAN_PUBLIC_API(2,0) Extensions final : public ASN1_Object
}
else
{
- throw Exception("Exception::get_extension_object_as dynamic_cast failed");
+ throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed");
}
}
diff --git a/src/lib/x509/x509_obj.cpp b/src/lib/x509/x509_obj.cpp
index 49d7fcc60..6c591bde7 100644
--- a/src/lib/x509/x509_obj.cpp
+++ b/src/lib/x509/x509_obj.cpp
@@ -170,7 +170,7 @@ std::string X509_Object::hash_used_for_signature() const
bool X509_Object::check_signature(const Public_Key* pub_key) const
{
if(!pub_key)
- throw Exception("No key provided for " + PEM_label() + " signature check");
+ throw Invalid_Argument("No key provided for " + PEM_label() + " signature check");
std::unique_ptr<const Public_Key> key(pub_key);
return check_signature(*key);
}
diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp
index 8e459e9d2..9fed87f60 100644
--- a/src/lib/x509/x509path.cpp
+++ b/src/lib/x509/x509path.cpp
@@ -452,7 +452,7 @@ PKIX::check_crl_online(const std::vector<std::shared_ptr<const X509_Certificate>
{
// Avoid creating a thread for this case
future_crls.emplace_back(std::async(std::launch::deferred, [&]() -> std::shared_ptr<const X509_CRL> {
- throw Exception("No CRL distribution point for this certificate");
+ throw Not_Implemented("No CRL distribution point for this certificate");
}));
}
else
@@ -741,7 +741,7 @@ PKIX::build_all_certificate_paths(std::vector<std::vector<std::shared_ptr<const
if(cert_paths_out.empty())
{
if(stats.empty())
- throw Exception("X509 path building failed for unknown reasons");
+ throw Internal_Error("X509 path building failed for unknown reasons");
else
// arbitrarily return the first error
return stats[0];
@@ -1005,9 +1005,9 @@ Path_Validation_Result::Path_Validation_Result(CertificatePathStatusCodes status
const X509_Certificate& Path_Validation_Result::trust_root() const
{
if(m_cert_path.empty())
- throw Exception("Path_Validation_Result::trust_root no path set");
+ throw Invalid_State("Path_Validation_Result::trust_root no path set");
if(result() != Certificate_Status_Code::VERIFIED)
- throw Exception("Path_Validation_Result::trust_root meaningless with invalid status");
+ throw Invalid_State("Path_Validation_Result::trust_root meaningless with invalid status");
return *m_cert_path[m_cert_path.size()-1];
}