2018-07-25 08:43:58 -04:00
|
|
|
|
use std::error::Error as StdError;
|
|
|
|
|
use std::fmt;
|
|
|
|
|
use std::result;
|
|
|
|
|
|
2017-01-09 00:50:51 -05:00
|
|
|
|
use base64;
|
|
|
|
|
use serde_json;
|
2017-02-22 02:45:28 -05:00
|
|
|
|
|
2018-07-25 08:43:58 -04:00
|
|
|
|
/// A crate private constructor for `Error`.
|
|
|
|
|
pub(crate) fn new_error(kind: ErrorKind) -> Error {
|
|
|
|
|
Error(Box::new(kind))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// A type alias for `Result<T, jsonwebtoken::Error>`.
|
|
|
|
|
pub type Result<T> = result::Result<T, Error>;
|
|
|
|
|
|
|
|
|
|
/// An error that can occur when encoding/decoding JWTs
|
|
|
|
|
#[derive(Debug)]
|
|
|
|
|
pub struct Error(Box<ErrorKind>);
|
|
|
|
|
|
|
|
|
|
impl Error {
|
|
|
|
|
/// Return the specific type of this error.
|
|
|
|
|
pub fn kind(&self) -> &ErrorKind {
|
|
|
|
|
&self.0
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Unwrap this error into its underlying type.
|
|
|
|
|
pub fn into_kind(self) -> ErrorKind {
|
|
|
|
|
*self.0
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// The specific type of an error.
|
|
|
|
|
#[derive(Debug)]
|
|
|
|
|
pub enum ErrorKind {
|
|
|
|
|
/// When a token doesn't have a valid JWT shape
|
|
|
|
|
InvalidToken,
|
|
|
|
|
/// When the signature doesn't match
|
|
|
|
|
InvalidSignature,
|
2019-01-08 20:46:06 -05:00
|
|
|
|
/// When the secret given is not a valid ECDSA key
|
|
|
|
|
InvalidEcdsaKey,
|
2018-07-25 08:43:58 -04:00
|
|
|
|
/// When the secret given is not a valid RSA key
|
|
|
|
|
InvalidRsaKey,
|
2018-08-30 14:53:55 -04:00
|
|
|
|
/// When the algorithm from string doesn't match the one passed to `from_str`
|
|
|
|
|
InvalidAlgorithmName,
|
2019-05-15 10:19:38 -04:00
|
|
|
|
/// When a key is provided with an invalid format
|
|
|
|
|
InvalidKeyFormat,
|
2018-07-25 08:43:58 -04:00
|
|
|
|
|
|
|
|
|
// validation error
|
|
|
|
|
/// When a token’s `exp` claim indicates that it has expired
|
|
|
|
|
ExpiredSignature,
|
|
|
|
|
/// When a token’s `iss` claim does not match the expected issuer
|
|
|
|
|
InvalidIssuer,
|
|
|
|
|
/// When a token’s `aud` claim does not match one of the expected audience values
|
|
|
|
|
InvalidAudience,
|
|
|
|
|
/// When a token’s `aud` claim does not match one of the expected audience values
|
|
|
|
|
InvalidSubject,
|
|
|
|
|
/// When a token’s nbf claim represents a time in the future
|
|
|
|
|
ImmatureSignature,
|
|
|
|
|
/// When the algorithm in the header doesn't match the one passed to `decode`
|
|
|
|
|
InvalidAlgorithm,
|
|
|
|
|
|
|
|
|
|
// 3rd party errors
|
|
|
|
|
/// An error happened when decoding some base64 text
|
|
|
|
|
Base64(base64::DecodeError),
|
|
|
|
|
/// An error happened while serializing/deserializing JSON
|
|
|
|
|
Json(serde_json::Error),
|
|
|
|
|
/// Some of the text was invalid UTF-8
|
|
|
|
|
Utf8(::std::string::FromUtf8Error),
|
2019-01-08 20:46:06 -05:00
|
|
|
|
/// Something unspecified went wrong with crypto
|
|
|
|
|
Crypto(::ring::error::Unspecified),
|
2018-07-25 08:43:58 -04:00
|
|
|
|
|
|
|
|
|
/// Hints that destructuring should not be exhaustive.
|
|
|
|
|
///
|
|
|
|
|
/// This enum may grow additional variants, so this makes sure clients
|
|
|
|
|
/// don't count on exhaustive matching. (Otherwise, adding a new variant
|
|
|
|
|
/// could break existing code.)
|
|
|
|
|
#[doc(hidden)]
|
|
|
|
|
__Nonexhaustive,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl StdError for Error {
|
|
|
|
|
fn description(&self) -> &str {
|
|
|
|
|
match *self.0 {
|
|
|
|
|
ErrorKind::InvalidToken => "invalid token",
|
|
|
|
|
ErrorKind::InvalidSignature => "invalid signature",
|
2019-01-08 20:46:06 -05:00
|
|
|
|
ErrorKind::InvalidEcdsaKey => "invalid ECDSA key",
|
2018-07-25 08:43:58 -04:00
|
|
|
|
ErrorKind::InvalidRsaKey => "invalid RSA key",
|
|
|
|
|
ErrorKind::ExpiredSignature => "expired signature",
|
|
|
|
|
ErrorKind::InvalidIssuer => "invalid issuer",
|
|
|
|
|
ErrorKind::InvalidAudience => "invalid audience",
|
|
|
|
|
ErrorKind::InvalidSubject => "invalid subject",
|
|
|
|
|
ErrorKind::ImmatureSignature => "immature signature",
|
|
|
|
|
ErrorKind::InvalidAlgorithm => "algorithms don't match",
|
|
|
|
|
ErrorKind::Base64(ref err) => err.description(),
|
|
|
|
|
ErrorKind::Json(ref err) => err.description(),
|
|
|
|
|
ErrorKind::Utf8(ref err) => err.description(),
|
2019-01-08 20:46:06 -05:00
|
|
|
|
ErrorKind::Crypto(ref err) => err.description(),
|
2018-07-25 08:43:58 -04:00
|
|
|
|
_ => unreachable!(),
|
2017-02-22 02:45:28 -05:00
|
|
|
|
}
|
2018-07-25 08:43:58 -04:00
|
|
|
|
}
|
|
|
|
|
|
2019-06-07 14:08:54 -04:00
|
|
|
|
fn cause(&self) -> Option<&dyn StdError> {
|
2018-07-25 08:43:58 -04:00
|
|
|
|
match *self.0 {
|
|
|
|
|
ErrorKind::InvalidToken => None,
|
|
|
|
|
ErrorKind::InvalidSignature => None,
|
2019-01-08 20:46:06 -05:00
|
|
|
|
ErrorKind::InvalidEcdsaKey => None,
|
2018-07-25 08:43:58 -04:00
|
|
|
|
ErrorKind::InvalidRsaKey => None,
|
|
|
|
|
ErrorKind::ExpiredSignature => None,
|
|
|
|
|
ErrorKind::InvalidIssuer => None,
|
|
|
|
|
ErrorKind::InvalidAudience => None,
|
|
|
|
|
ErrorKind::InvalidSubject => None,
|
|
|
|
|
ErrorKind::ImmatureSignature => None,
|
|
|
|
|
ErrorKind::InvalidAlgorithm => None,
|
|
|
|
|
ErrorKind::Base64(ref err) => Some(err),
|
|
|
|
|
ErrorKind::Json(ref err) => Some(err),
|
|
|
|
|
ErrorKind::Utf8(ref err) => Some(err),
|
2019-01-08 20:46:06 -05:00
|
|
|
|
ErrorKind::Crypto(ref err) => Some(err),
|
2018-07-25 08:43:58 -04:00
|
|
|
|
_ => unreachable!(),
|
2017-02-22 02:45:28 -05:00
|
|
|
|
}
|
2018-07-25 08:43:58 -04:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl fmt::Display for Error {
|
|
|
|
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
|
|
|
|
match *self.0 {
|
|
|
|
|
ErrorKind::InvalidToken => write!(f, "invalid token"),
|
|
|
|
|
ErrorKind::InvalidSignature => write!(f, "invalid signature"),
|
2019-01-08 20:46:06 -05:00
|
|
|
|
ErrorKind::InvalidEcdsaKey => write!(f, "invalid ECDSA key"),
|
2018-07-25 08:43:58 -04:00
|
|
|
|
ErrorKind::InvalidRsaKey => write!(f, "invalid RSA key"),
|
|
|
|
|
ErrorKind::ExpiredSignature => write!(f, "expired signature"),
|
|
|
|
|
ErrorKind::InvalidIssuer => write!(f, "invalid issuer"),
|
|
|
|
|
ErrorKind::InvalidAudience => write!(f, "invalid audience"),
|
|
|
|
|
ErrorKind::InvalidSubject => write!(f, "invalid subject"),
|
|
|
|
|
ErrorKind::ImmatureSignature => write!(f, "immature signature"),
|
|
|
|
|
ErrorKind::InvalidAlgorithm => write!(f, "algorithms don't match"),
|
|
|
|
|
ErrorKind::Base64(ref err) => write!(f, "base64 error: {}", err),
|
|
|
|
|
ErrorKind::Json(ref err) => write!(f, "JSON error: {}", err),
|
|
|
|
|
ErrorKind::Utf8(ref err) => write!(f, "UTF-8 error: {}", err),
|
2019-01-08 20:46:06 -05:00
|
|
|
|
ErrorKind::Crypto(ref err) => write!(f, "Crypto error: {}", err),
|
2018-07-25 08:43:58 -04:00
|
|
|
|
_ => unreachable!(),
|
2017-04-22 02:21:16 -04:00
|
|
|
|
}
|
2016-02-28 12:30:39 -05:00
|
|
|
|
}
|
2018-07-25 08:43:58 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl From<base64::DecodeError> for Error {
|
|
|
|
|
fn from(err: base64::DecodeError) -> Error {
|
|
|
|
|
new_error(ErrorKind::Base64(err))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl From<serde_json::Error> for Error {
|
|
|
|
|
fn from(err: serde_json::Error) -> Error {
|
|
|
|
|
new_error(ErrorKind::Json(err))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl From<::std::string::FromUtf8Error> for Error {
|
|
|
|
|
fn from(err: ::std::string::FromUtf8Error) -> Error {
|
|
|
|
|
new_error(ErrorKind::Utf8(err))
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-02-28 12:30:39 -05:00
|
|
|
|
|
2019-01-08 20:46:06 -05:00
|
|
|
|
impl From<::ring::error::Unspecified> for Error {
|
|
|
|
|
fn from(err: ::ring::error::Unspecified) -> Error {
|
|
|
|
|
new_error(ErrorKind::Crypto(err))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl From<::ring::error::KeyRejected> for Error {
|
|
|
|
|
fn from(_err: ::ring::error::KeyRejected) -> Error {
|
|
|
|
|
new_error(ErrorKind::InvalidEcdsaKey)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-25 08:43:58 -04:00
|
|
|
|
impl From<ErrorKind> for Error {
|
|
|
|
|
fn from(kind: ErrorKind) -> Error {
|
|
|
|
|
new_error(kind)
|
2016-02-28 12:30:39 -05:00
|
|
|
|
}
|
|
|
|
|
}
|