diff options
author | Jack Lloyd <[email protected]> | 2018-11-17 16:23:51 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2018-11-23 11:15:25 -0500 |
commit | b909778857b3e0b7eb86ac26c818e5f25baaddbd (patch) | |
tree | f8a5c9cbec26310bbfc9077563892b04db158a48 /src/lib/x509 | |
parent | c20a428ca2f7c1ef96e642f55bb898010444c499 (diff) |
Make exceptions easier to translate to error codes
Avoid throwing base Botan::Exception type, as it is difficult to
determine what the error is in that case.
Add Exception::error_code and Exception::error_type which allows
(for error code) more information about the error and (for error type)
allows knowing the error type without requiring a sequence of catches.
See GH #1742
Diffstat (limited to 'src/lib/x509')
-rw-r--r-- | src/lib/x509/key_constraint.cpp | 2 | ||||
-rw-r--r-- | src/lib/x509/key_constraint.h | 2 | ||||
-rw-r--r-- | src/lib/x509/ocsp.cpp | 5 | ||||
-rw-r--r-- | src/lib/x509/x509_crl.h | 7 | ||||
-rw-r--r-- | src/lib/x509/x509_ext.h | 2 | ||||
-rw-r--r-- | src/lib/x509/x509_obj.cpp | 2 | ||||
-rw-r--r-- | src/lib/x509/x509path.cpp | 8 |
7 files changed, 17 insertions, 11 deletions
diff --git a/src/lib/x509/key_constraint.cpp b/src/lib/x509/key_constraint.cpp index dfadedac5..95a59d65f 100644 --- a/src/lib/x509/key_constraint.cpp +++ b/src/lib/x509/key_constraint.cpp @@ -93,7 +93,7 @@ void verify_cert_constraints_valid_for_key_type(const Public_Key& pub_key, if((constraints & permitted) != constraints) { - throw Exception("Invalid " + name + " constraints " + key_constraints_to_string(constraints)); + throw Invalid_Argument("Invalid " + name + " constraints " + key_constraints_to_string(constraints)); } } diff --git a/src/lib/x509/key_constraint.h b/src/lib/x509/key_constraint.h index 3d456f6c4..75f9fb82f 100644 --- a/src/lib/x509/key_constraint.h +++ b/src/lib/x509/key_constraint.h @@ -37,7 +37,7 @@ class Public_Key; * Check that key constraints are permitted for a specific public key. * @param pub_key the public key on which the constraints shall be enforced on * @param constraints the constraints that shall be enforced on the key -* @throw Exception if the given constraints are not permitted for this key +* @throw Invalid_Argument if the given constraints are not permitted for this key */ BOTAN_PUBLIC_API(2,0) void verify_cert_constraints_valid_for_key_type(const Public_Key& pub_key, Key_Constraints constraints); diff --git a/src/lib/x509/ocsp.cpp b/src/lib/x509/ocsp.cpp index 115c4117a..62d814702 100644 --- a/src/lib/x509/ocsp.cpp +++ b/src/lib/x509/ocsp.cpp @@ -106,8 +106,11 @@ Response::Response(const uint8_t response_bits[], size_t response_bits_len) : response_outer.decode(resp_status, ENUMERATED, UNIVERSAL); + /* + * FIXME: properly decode error responses + */ if(resp_status != 0) - throw Exception("OCSP response status " + std::to_string(resp_status)); + throw Decoding_Error("OCSP response status " + std::to_string(resp_status)); if(response_outer.more_items()) { diff --git a/src/lib/x509/x509_crl.h b/src/lib/x509/x509_crl.h index 89925aa04..d52c98e9a 100644 --- a/src/lib/x509/x509_crl.h +++ b/src/lib/x509/x509_crl.h @@ -28,12 +28,15 @@ class BOTAN_PUBLIC_API(2,0) X509_CRL final : public X509_Object public: /** * This class represents CRL related errors. + * + * In a future major release this exception type will be removed and + * replaced with Decoding_Error */ - class BOTAN_PUBLIC_API(2,0) X509_CRL_Error final : public Exception + class BOTAN_PUBLIC_API(2,0) X509_CRL_Error final : public Decoding_Error { public: explicit X509_CRL_Error(const std::string& error) : - Exception("X509_CRL: " + error) {} + Decoding_Error("X509_CRL: " + error) {} }; /** diff --git a/src/lib/x509/x509_ext.h b/src/lib/x509/x509_ext.h index 48a9f338c..11e14e8d6 100644 --- a/src/lib/x509/x509_ext.h +++ b/src/lib/x509/x509_ext.h @@ -115,7 +115,7 @@ class BOTAN_PUBLIC_API(2,0) Extensions final : public ASN1_Object } else { - throw Exception("Exception::get_extension_object_as dynamic_cast failed"); + throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); } } diff --git a/src/lib/x509/x509_obj.cpp b/src/lib/x509/x509_obj.cpp index 49d7fcc60..6c591bde7 100644 --- a/src/lib/x509/x509_obj.cpp +++ b/src/lib/x509/x509_obj.cpp @@ -170,7 +170,7 @@ std::string X509_Object::hash_used_for_signature() const bool X509_Object::check_signature(const Public_Key* pub_key) const { if(!pub_key) - throw Exception("No key provided for " + PEM_label() + " signature check"); + throw Invalid_Argument("No key provided for " + PEM_label() + " signature check"); std::unique_ptr<const Public_Key> key(pub_key); return check_signature(*key); } diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index 8e459e9d2..9fed87f60 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -452,7 +452,7 @@ PKIX::check_crl_online(const std::vector<std::shared_ptr<const X509_Certificate> { // Avoid creating a thread for this case future_crls.emplace_back(std::async(std::launch::deferred, [&]() -> std::shared_ptr<const X509_CRL> { - throw Exception("No CRL distribution point for this certificate"); + throw Not_Implemented("No CRL distribution point for this certificate"); })); } else @@ -741,7 +741,7 @@ PKIX::build_all_certificate_paths(std::vector<std::vector<std::shared_ptr<const if(cert_paths_out.empty()) { if(stats.empty()) - throw Exception("X509 path building failed for unknown reasons"); + throw Internal_Error("X509 path building failed for unknown reasons"); else // arbitrarily return the first error return stats[0]; @@ -1005,9 +1005,9 @@ Path_Validation_Result::Path_Validation_Result(CertificatePathStatusCodes status const X509_Certificate& Path_Validation_Result::trust_root() const { if(m_cert_path.empty()) - throw Exception("Path_Validation_Result::trust_root no path set"); + throw Invalid_State("Path_Validation_Result::trust_root no path set"); if(result() != Certificate_Status_Code::VERIFIED) - throw Exception("Path_Validation_Result::trust_root meaningless with invalid status"); + throw Invalid_State("Path_Validation_Result::trust_root meaningless with invalid status"); return *m_cert_path[m_cert_path.size()-1]; } |