errors.py revision 5821806d5e7f356e8fa4b058a389a808ea183019
1"""Exception classes. 2@sort: TLSError, TLSAbruptCloseError, TLSAlert, TLSLocalAlert, TLSRemoteAlert, 3TLSAuthenticationError, TLSNoAuthenticationError, TLSAuthenticationTypeError, 4TLSFingerprintError, TLSAuthorizationError, TLSValidationError, TLSFaultError 5""" 6 7from constants import AlertDescription, AlertLevel 8 9class TLSError(Exception): 10 """Base class for all TLS Lite exceptions.""" 11 pass 12 13class TLSAbruptCloseError(TLSError): 14 """The socket was closed without a proper TLS shutdown. 15 16 The TLS specification mandates that an alert of some sort 17 must be sent before the underlying socket is closed. If the socket 18 is closed without this, it could signify that an attacker is trying 19 to truncate the connection. It could also signify a misbehaving 20 TLS implementation, or a random network failure. 21 """ 22 pass 23 24class TLSAlert(TLSError): 25 """A TLS alert has been signalled.""" 26 pass 27 28 _descriptionStr = {\ 29 AlertDescription.close_notify: "close_notify",\ 30 AlertDescription.unexpected_message: "unexpected_message",\ 31 AlertDescription.bad_record_mac: "bad_record_mac",\ 32 AlertDescription.decryption_failed: "decryption_failed",\ 33 AlertDescription.record_overflow: "record_overflow",\ 34 AlertDescription.decompression_failure: "decompression_failure",\ 35 AlertDescription.handshake_failure: "handshake_failure",\ 36 AlertDescription.no_certificate: "no certificate",\ 37 AlertDescription.bad_certificate: "bad_certificate",\ 38 AlertDescription.unsupported_certificate: "unsupported_certificate",\ 39 AlertDescription.certificate_revoked: "certificate_revoked",\ 40 AlertDescription.certificate_expired: "certificate_expired",\ 41 AlertDescription.certificate_unknown: "certificate_unknown",\ 42 AlertDescription.illegal_parameter: "illegal_parameter",\ 43 AlertDescription.unknown_ca: "unknown_ca",\ 44 AlertDescription.access_denied: "access_denied",\ 45 AlertDescription.decode_error: "decode_error",\ 46 AlertDescription.decrypt_error: "decrypt_error",\ 47 AlertDescription.export_restriction: "export_restriction",\ 48 AlertDescription.protocol_version: "protocol_version",\ 49 AlertDescription.insufficient_security: "insufficient_security",\ 50 AlertDescription.internal_error: "internal_error",\ 51 AlertDescription.user_canceled: "user_canceled",\ 52 AlertDescription.no_renegotiation: "no_renegotiation",\ 53 AlertDescription.unknown_srp_username: "unknown_srp_username",\ 54 AlertDescription.missing_srp_username: "missing_srp_username"} 55 56class TLSLocalAlert(TLSAlert): 57 """A TLS alert has been signalled by the local implementation. 58 59 @type description: int 60 @ivar description: Set to one of the constants in 61 L{tlslite.constants.AlertDescription} 62 63 @type level: int 64 @ivar level: Set to one of the constants in 65 L{tlslite.constants.AlertLevel} 66 67 @type message: str 68 @ivar message: Description of what went wrong. 69 """ 70 def __init__(self, alert, message=None): 71 self.description = alert.description 72 self.level = alert.level 73 self.message = message 74 75 def __str__(self): 76 alertStr = TLSAlert._descriptionStr.get(self.description) 77 if alertStr == None: 78 alertStr = str(self.description) 79 if self.message: 80 return alertStr + ": " + self.message 81 else: 82 return alertStr 83 84class TLSRemoteAlert(TLSAlert): 85 """A TLS alert has been signalled by the remote implementation. 86 87 @type description: int 88 @ivar description: Set to one of the constants in 89 L{tlslite.constants.AlertDescription} 90 91 @type level: int 92 @ivar level: Set to one of the constants in 93 L{tlslite.constants.AlertLevel} 94 """ 95 def __init__(self, alert): 96 self.description = alert.description 97 self.level = alert.level 98 99 def __str__(self): 100 alertStr = TLSAlert._descriptionStr.get(self.description) 101 if alertStr == None: 102 alertStr = str(self.description) 103 return alertStr 104 105class TLSAuthenticationError(TLSError): 106 """The handshake succeeded, but the other party's authentication 107 was inadequate. 108 109 This exception will only be raised when a 110 L{tlslite.Checker.Checker} has been passed to a handshake function. 111 The Checker will be invoked once the handshake completes, and if 112 the Checker objects to how the other party authenticated, a 113 subclass of this exception will be raised. 114 """ 115 pass 116 117class TLSNoAuthenticationError(TLSAuthenticationError): 118 """The Checker was expecting the other party to authenticate with a 119 certificate chain, but this did not occur.""" 120 pass 121 122class TLSAuthenticationTypeError(TLSAuthenticationError): 123 """The Checker was expecting the other party to authenticate with a 124 different type of certificate chain.""" 125 pass 126 127class TLSFingerprintError(TLSAuthenticationError): 128 """The Checker was expecting the other party to authenticate with a 129 certificate chain that matches a different fingerprint.""" 130 pass 131 132class TLSAuthorizationError(TLSAuthenticationError): 133 """The Checker was expecting the other party to authenticate with a 134 certificate chain that has a different authorization.""" 135 pass 136 137class TLSValidationError(TLSAuthenticationError): 138 """The Checker has determined that the other party's certificate 139 chain is invalid.""" 140 pass 141 142class TLSFaultError(TLSError): 143 """The other party responded incorrectly to an induced fault. 144 145 This exception will only occur during fault testing, when a 146 TLSConnection's fault variable is set to induce some sort of 147 faulty behavior, and the other party doesn't respond appropriately. 148 """ 149 pass 150