YGGverse/agate
1
0
Fork 0
mirror of https://github.com/YGGverse/agate.git synced 2026-04-08 20:45:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

better error messages

Browse source
This commit is contained in:
Johann150 2021-03-03 18:46:41 +01:00
parent 06819eeabd
commit 635f7bc1e7
No known key found for this signature in database
GPG key ID: 9EE6577A2A06F8F1
1 changed files with 24 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

35
src/certificates.rs
View file

@ -31,11 +31,14 @@ pub enum CertLoadError {
NoReadCertDir, NoReadCertDir,
/// the specified domain name cannot be processed correctly /// the specified domain name cannot be processed correctly
BadDomain(String), BadDomain(String),
/// The key file for the given domain does not contain any suitable keys.
NoKeys(String),
/// the key file for the specified domain is bad (e.g. does not contain a /// the key file for the specified domain is bad (e.g. does not contain a
/// key or is invalid) /// key or is invalid)
BadKey(String), BadKey(String),
/// the certificate file for the specified domain is bad (e.g. invalid) /// The certificate file for the specified domain is bad (e.g. invalid)
BadCert(String), /// The second parameter is the error message.
BadCert(String, String),
/// the key file for the specified domain is missing (but a certificate /// the key file for the specified domain is missing (but a certificate
/// file was present) /// file was present)
MissingKey(String), MissingKey(String),
@ -57,8 +60,15 @@ impl Display for CertLoadError {
domain domain
), ),
Self::BadDomain(domain) => write!(f, "The domain name {} cannot be processed.", domain), Self::BadDomain(domain) => write!(f, "The domain name {} cannot be processed.", domain),
Self::NoKeys(domain) => write!(
f,
"The key file for {} does not contain any suitable key.",
domain
),
Self::BadKey(domain) => write!(f, "The key file for {} is malformed.", domain), Self::BadKey(domain) => write!(f, "The key file for {} is malformed.", domain),
Self::BadCert(domain) => write!(f, "The certificate file for {} is malformed.", domain), Self::BadCert(domain, e) => {
write!(f, "The certificate file for {} is malformed: {}", domain, e)
}
Self::MissingKey(domain) => write!(f, "The key file for {} is missing.", domain), Self::MissingKey(domain) => write!(f, "The key file for {} is missing.", domain),
Self::MissingCert(domain) => { Self::MissingCert(domain) => {
write!(f, "The certificate file for {} is missing.", domain) write!(f, "The certificate file for {} is missing.", domain)
@ -89,7 +99,7 @@ fn load_domain(certs_dir: &Path, domain: String) -> Result<CertifiedKey, CertLoa
let cert_chain = match certs(&mut BufReader::new(File::open(&path).unwrap())) { let cert_chain = match certs(&mut BufReader::new(File::open(&path).unwrap())) {
Ok(cert) => cert, Ok(cert) => cert,
Err(_) => return Err(CertLoadError::BadCert(domain)), Err(()) => return Err(CertLoadError::BadCert(domain, String::new())),
}; };
// load key from file // load key from file
@ -99,13 +109,14 @@ fn load_domain(certs_dir: &Path, domain: String) -> Result<CertifiedKey, CertLoa
} }
let key = match pkcs8_private_keys(&mut BufReader::new(File::open(&path).unwrap())) { let key = match pkcs8_private_keys(&mut BufReader::new(File::open(&path).unwrap())) {
Ok(mut keys) if !keys.is_empty() => keys.remove(0), Ok(mut keys) if !keys.is_empty() => keys.remove(0),
_ => return Err(CertLoadError::BadKey(domain)), Ok(_) => return Err(CertLoadError::NoKeys(domain)),
Err(()) => return Err(CertLoadError::BadKey(domain)),
}; };
// transform key to correct format // transform key to correct format
let key = match RSASigningKey::new(&key) { let key = match RSASigningKey::new(&key) {
Ok(key) => key, Ok(key) => key,
Err(_) => return Err(CertLoadError::BadKey(domain)), Err(()) => return Err(CertLoadError::BadKey(domain)),
}; };
Ok(CertifiedKey::new(cert_chain, Arc::new(Box::new(key)))) Ok(CertifiedKey::new(cert_chain, Arc::new(Box::new(key))))
} }
@ -127,11 +138,14 @@ impl CertStore {
Err(CertLoadError::EmptyDomain(_)) => { /* there are no fallback keys */ } Err(CertLoadError::EmptyDomain(_)) => { /* there are no fallback keys */ }
Err(CertLoadError::NoReadCertDir) => unreachable!(), Err(CertLoadError::NoReadCertDir) => unreachable!(),
Err(CertLoadError::BadDomain(_)) => unreachable!(), Err(CertLoadError::BadDomain(_)) => unreachable!(),
Err(CertLoadError::NoKeys(_)) => {
return Err(CertLoadError::NoKeys("fallback".to_string()))
}
Err(CertLoadError::BadKey(_)) => { Err(CertLoadError::BadKey(_)) => {
return Err(CertLoadError::BadKey("fallback".to_string())) return Err(CertLoadError::BadKey("fallback".to_string()))
} }
Err(CertLoadError::BadCert(_)) => { Err(CertLoadError::BadCert(_, e)) => {
return Err(CertLoadError::BadCert("fallback".to_string())) return Err(CertLoadError::BadCert("fallback".to_string(), e))
} }
Err(CertLoadError::MissingKey(_)) => { Err(CertLoadError::MissingKey(_)) => {
return Err(CertLoadError::MissingKey("fallback".to_string())) return Err(CertLoadError::MissingKey("fallback".to_string()))
@ -163,9 +177,8 @@ impl CertStore {
}; };
let key = load_domain(certs_dir, filename.clone())?; let key = load_domain(certs_dir, filename.clone())?;
if key.cross_check_end_entity_cert(Some(dns_name)).is_err() { key.cross_check_end_entity_cert(Some(dns_name))
return Err(CertLoadError::BadCert(filename)); .or_else(|e| Err(CertLoadError::BadCert(filename.clone(), e.to_string())))?;
}
certs.push((filename, key)); certs.push((filename, key));
} }