2018-07-25 08:43:58 -04:00
|
|
|
|
use std::error::Error as StdError;
|
|
|
|
|
|
use std::fmt;
|
|
|
|
|
|
use std::result;
|
2021-11-19 14:05:58 -05:00
|
|
|
|
use std::sync::Arc;
|
2018-07-25 08:43:58 -04:00
|
|
|
|
|
|
|
|
|
|
/// A crate private constructor for `Error`.
|
|
|
|
|
|
pub(crate) fn new_error(kind: ErrorKind) -> Error {
|
|
|
|
|
|
Error(Box::new(kind))
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/// A type alias for `Result<T, jsonwebtoken::Error>`.
|
|
|
|
|
|
pub type Result<T> = result::Result<T, Error>;
|
|
|
|
|
|
|
|
|
|
|
|
/// An error that can occur when encoding/decoding JWTs
|
2021-11-19 14:05:58 -05:00
|
|
|
|
#[derive(Clone, Debug, Eq, PartialEq)]
|
2018-07-25 08:43:58 -04:00
|
|
|
|
pub struct Error(Box<ErrorKind>);
|
|
|
|
|
|
|
|
|
|
|
|
impl Error {
|
|
|
|
|
|
/// Return the specific type of this error.
|
|
|
|
|
|
pub fn kind(&self) -> &ErrorKind {
|
|
|
|
|
|
&self.0
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/// Unwrap this error into its underlying type.
|
|
|
|
|
|
pub fn into_kind(self) -> ErrorKind {
|
|
|
|
|
|
*self.0
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/// The specific type of an error.
|
2020-08-31 06:04:57 -04:00
|
|
|
|
///
|
|
|
|
|
|
/// This enum may grow additional variants, the `#[non_exhaustive]`
|
|
|
|
|
|
/// attribute makes sure clients don't count on exhaustive matching.
|
|
|
|
|
|
/// (Otherwise, adding a new variant could break existing code.)
|
|
|
|
|
|
#[non_exhaustive]
|
2021-11-19 14:05:58 -05:00
|
|
|
|
#[derive(Clone, Debug)]
|
2018-07-25 08:43:58 -04:00
|
|
|
|
pub enum ErrorKind {
|
|
|
|
|
|
/// When a token doesn't have a valid JWT shape
|
|
|
|
|
|
InvalidToken,
|
|
|
|
|
|
/// When the signature doesn't match
|
|
|
|
|
|
InvalidSignature,
|
2019-01-08 20:46:06 -05:00
|
|
|
|
/// When the secret given is not a valid ECDSA key
|
|
|
|
|
|
InvalidEcdsaKey,
|
2018-07-25 08:43:58 -04:00
|
|
|
|
/// When the secret given is not a valid RSA key
|
2021-02-19 15:04:17 -05:00
|
|
|
|
InvalidRsaKey(&'static str),
|
|
|
|
|
|
/// We could not sign with the given key
|
|
|
|
|
|
RsaFailedSigning,
|
2018-08-30 14:53:55 -04:00
|
|
|
|
/// When the algorithm from string doesn't match the one passed to `from_str`
|
|
|
|
|
|
InvalidAlgorithmName,
|
2019-05-15 10:19:38 -04:00
|
|
|
|
/// When a key is provided with an invalid format
|
|
|
|
|
|
InvalidKeyFormat,
|
2018-07-25 08:43:58 -04:00
|
|
|
|
|
2019-11-03 11:13:22 -05:00
|
|
|
|
// Validation errors
|
2021-12-15 13:54:54 -05:00
|
|
|
|
/// When a claim required by the validation is not present
|
|
|
|
|
|
MissingRequiredClaim(String),
|
2018-07-25 08:43:58 -04:00
|
|
|
|
/// When a token’s `exp` claim indicates that it has expired
|
|
|
|
|
|
ExpiredSignature,
|
|
|
|
|
|
/// When a token’s `iss` claim does not match the expected issuer
|
|
|
|
|
|
InvalidIssuer,
|
|
|
|
|
|
/// When a token’s `aud` claim does not match one of the expected audience values
|
|
|
|
|
|
InvalidAudience,
|
2021-07-19 13:37:11 -04:00
|
|
|
|
/// When a token’s `sub` claim does not match one of the expected audience values
|
2018-07-25 08:43:58 -04:00
|
|
|
|
InvalidSubject,
|
|
|
|
|
|
/// When a token’s nbf claim represents a time in the future
|
|
|
|
|
|
ImmatureSignature,
|
2020-01-13 13:38:33 -05:00
|
|
|
|
/// When the algorithm in the header doesn't match the one passed to `decode` or the encoding/decoding key
|
|
|
|
|
|
/// used doesn't match the alg requested
|
2018-07-25 08:43:58 -04:00
|
|
|
|
InvalidAlgorithm,
|
2021-03-22 16:24:20 -04:00
|
|
|
|
/// When the Validation struct does not contain at least 1 algorithm
|
|
|
|
|
|
MissingAlgorithm,
|
2018-07-25 08:43:58 -04:00
|
|
|
|
|
|
|
|
|
|
// 3rd party errors
|
|
|
|
|
|
/// An error happened when decoding some base64 text
|
|
|
|
|
|
Base64(base64::DecodeError),
|
|
|
|
|
|
/// An error happened while serializing/deserializing JSON
|
2021-11-19 14:05:58 -05:00
|
|
|
|
Json(Arc<serde_json::Error>),
|
2018-07-25 08:43:58 -04:00
|
|
|
|
/// Some of the text was invalid UTF-8
|
|
|
|
|
|
Utf8(::std::string::FromUtf8Error),
|
2019-01-08 20:46:06 -05:00
|
|
|
|
/// Something unspecified went wrong with crypto
|
|
|
|
|
|
Crypto(::ring::error::Unspecified),
|
2022-02-27 23:24:26 -05:00
|
|
|
|
|
2022-03-06 12:11:22 -05:00
|
|
|
|
/// Verification is disabled because the target does not support it.
|
2022-02-27 23:24:26 -05:00
|
|
|
|
VerificationNotSupported,
|
2018-07-25 08:43:58 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
impl StdError for Error {
|
2019-06-07 14:08:54 -04:00
|
|
|
|
fn cause(&self) -> Option<&dyn StdError> {
|
2018-07-25 08:43:58 -04:00
|
|
|
|
match *self.0 {
|
|
|
|
|
|
ErrorKind::InvalidToken => None,
|
|
|
|
|
|
ErrorKind::InvalidSignature => None,
|
2019-01-08 20:46:06 -05:00
|
|
|
|
ErrorKind::InvalidEcdsaKey => None,
|
2021-02-19 15:04:17 -05:00
|
|
|
|
ErrorKind::RsaFailedSigning => None,
|
|
|
|
|
|
ErrorKind::InvalidRsaKey(_) => None,
|
2018-07-25 08:43:58 -04:00
|
|
|
|
ErrorKind::ExpiredSignature => None,
|
2021-03-22 16:24:20 -04:00
|
|
|
|
ErrorKind::MissingAlgorithm => None,
|
2021-12-15 13:54:54 -05:00
|
|
|
|
ErrorKind::MissingRequiredClaim(_) => None,
|
2018-07-25 08:43:58 -04:00
|
|
|
|
ErrorKind::InvalidIssuer => None,
|
|
|
|
|
|
ErrorKind::InvalidAudience => None,
|
|
|
|
|
|
ErrorKind::InvalidSubject => None,
|
|
|
|
|
|
ErrorKind::ImmatureSignature => None,
|
|
|
|
|
|
ErrorKind::InvalidAlgorithm => None,
|
2019-11-03 11:13:22 -05:00
|
|
|
|
ErrorKind::InvalidAlgorithmName => None,
|
2019-11-06 17:32:13 -05:00
|
|
|
|
ErrorKind::InvalidKeyFormat => None,
|
2018-07-25 08:43:58 -04:00
|
|
|
|
ErrorKind::Base64(ref err) => Some(err),
|
2021-11-19 14:05:58 -05:00
|
|
|
|
ErrorKind::Json(ref err) => Some(err.as_ref()),
|
2018-07-25 08:43:58 -04:00
|
|
|
|
ErrorKind::Utf8(ref err) => Some(err),
|
2019-01-08 20:46:06 -05:00
|
|
|
|
ErrorKind::Crypto(ref err) => Some(err),
|
2022-02-27 23:24:26 -05:00
|
|
|
|
ErrorKind::VerificationNotSupported => None,
|
2017-02-22 02:45:28 -05:00
|
|
|
|
}
|
2018-07-25 08:43:58 -04:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
impl fmt::Display for Error {
|
|
|
|
|
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
|
|
|
|
|
match *self.0 {
|
2019-11-03 11:13:22 -05:00
|
|
|
|
ErrorKind::InvalidToken
|
|
|
|
|
|
| ErrorKind::InvalidSignature
|
|
|
|
|
|
| ErrorKind::InvalidEcdsaKey
|
|
|
|
|
|
| ErrorKind::ExpiredSignature
|
2021-02-19 15:04:17 -05:00
|
|
|
|
| ErrorKind::RsaFailedSigning
|
2021-03-22 16:24:20 -04:00
|
|
|
|
| ErrorKind::MissingAlgorithm
|
2019-11-03 11:13:22 -05:00
|
|
|
|
| ErrorKind::InvalidIssuer
|
|
|
|
|
|
| ErrorKind::InvalidAudience
|
|
|
|
|
|
| ErrorKind::InvalidSubject
|
|
|
|
|
|
| ErrorKind::ImmatureSignature
|
|
|
|
|
|
| ErrorKind::InvalidAlgorithm
|
2019-11-06 17:32:13 -05:00
|
|
|
|
| ErrorKind::InvalidKeyFormat
|
2020-01-31 00:11:40 -05:00
|
|
|
|
| ErrorKind::InvalidAlgorithmName => write!(f, "{:?}", self.0),
|
2021-12-15 13:54:54 -05:00
|
|
|
|
ErrorKind::MissingRequiredClaim(ref c) => write!(f, "Missing required claim: {}", c),
|
2021-02-19 15:04:17 -05:00
|
|
|
|
ErrorKind::InvalidRsaKey(ref msg) => write!(f, "RSA key invalid: {}", msg),
|
2018-07-25 08:43:58 -04:00
|
|
|
|
ErrorKind::Json(ref err) => write!(f, "JSON error: {}", err),
|
|
|
|
|
|
ErrorKind::Utf8(ref err) => write!(f, "UTF-8 error: {}", err),
|
2019-01-08 20:46:06 -05:00
|
|
|
|
ErrorKind::Crypto(ref err) => write!(f, "Crypto error: {}", err),
|
2019-11-06 17:32:13 -05:00
|
|
|
|
ErrorKind::Base64(ref err) => write!(f, "Base64 error: {}", err),
|
2022-02-27 23:24:26 -05:00
|
|
|
|
ErrorKind::VerificationNotSupported => write!(f, "{:?}", self.0),
|
2017-04-22 02:21:16 -04:00
|
|
|
|
}
|
2016-02-28 12:30:39 -05:00
|
|
|
|
}
|
2018-07-25 08:43:58 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-02-19 15:13:20 -05:00
|
|
|
|
impl PartialEq for ErrorKind {
|
|
|
|
|
|
fn eq(&self, other: &Self) -> bool {
|
|
|
|
|
|
format!("{:?}", self) == format!("{:?}", other)
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-11-19 14:05:58 -05:00
|
|
|
|
// Equality of ErrorKind is an equivalence relation: it is reflexive, symmetric and transitive.
|
|
|
|
|
|
impl Eq for ErrorKind {}
|
|
|
|
|
|
|
2018-07-25 08:43:58 -04:00
|
|
|
|
impl From<base64::DecodeError> for Error {
|
|
|
|
|
|
fn from(err: base64::DecodeError) -> Error {
|
|
|
|
|
|
new_error(ErrorKind::Base64(err))
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
impl From<serde_json::Error> for Error {
|
|
|
|
|
|
fn from(err: serde_json::Error) -> Error {
|
2021-11-19 14:05:58 -05:00
|
|
|
|
new_error(ErrorKind::Json(Arc::new(err)))
|
2018-07-25 08:43:58 -04:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
impl From<::std::string::FromUtf8Error> for Error {
|
|
|
|
|
|
fn from(err: ::std::string::FromUtf8Error) -> Error {
|
|
|
|
|
|
new_error(ErrorKind::Utf8(err))
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2016-02-28 12:30:39 -05:00
|
|
|
|
|
2019-01-08 20:46:06 -05:00
|
|
|
|
impl From<::ring::error::Unspecified> for Error {
|
|
|
|
|
|
fn from(err: ::ring::error::Unspecified) -> Error {
|
|
|
|
|
|
new_error(ErrorKind::Crypto(err))
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
impl From<::ring::error::KeyRejected> for Error {
|
|
|
|
|
|
fn from(_err: ::ring::error::KeyRejected) -> Error {
|
|
|
|
|
|
new_error(ErrorKind::InvalidEcdsaKey)
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2018-07-25 08:43:58 -04:00
|
|
|
|
impl From<ErrorKind> for Error {
|
|
|
|
|
|
fn from(kind: ErrorKind) -> Error {
|
|
|
|
|
|
new_error(kind)
|
2016-02-28 12:30:39 -05:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2020-01-31 00:11:40 -05:00
|
|
|
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
|
|
mod tests {
|
|
|
|
|
|
use super::*;
|
|
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
|
fn test_error_rendering() {
|
2020-02-27 12:26:58 -05:00
|
|
|
|
assert_eq!(
|
|
|
|
|
|
"InvalidAlgorithmName",
|
|
|
|
|
|
Error::from(ErrorKind::InvalidAlgorithmName).to_string()
|
|
|
|
|
|
);
|
2020-01-31 00:11:40 -05:00
|
|
|
|
}
|
2020-02-27 12:26:58 -05:00
|
|
|
|
}
|
