| package x509 |
| |
| import "fmt" |
| |
| // To preserve error IDs, only append to this list, never insert. |
| const ( |
| ErrInvalidID ErrorID = iota |
| ErrInvalidCertList |
| ErrTrailingCertList |
| ErrUnexpectedlyCriticalCertListExtension |
| ErrUnexpectedlyNonCriticalCertListExtension |
| ErrInvalidCertListAuthKeyID |
| ErrTrailingCertListAuthKeyID |
| ErrInvalidCertListIssuerAltName |
| ErrInvalidCertListCRLNumber |
| ErrTrailingCertListCRLNumber |
| ErrNegativeCertListCRLNumber |
| ErrInvalidCertListDeltaCRL |
| ErrTrailingCertListDeltaCRL |
| ErrNegativeCertListDeltaCRL |
| ErrInvalidCertListIssuingDP |
| ErrTrailingCertListIssuingDP |
| ErrCertListIssuingDPMultipleTypes |
| ErrCertListIssuingDPInvalidFullName |
| ErrInvalidCertListFreshestCRL |
| ErrInvalidCertListAuthInfoAccess |
| ErrTrailingCertListAuthInfoAccess |
| ErrUnhandledCriticalCertListExtension |
| ErrUnexpectedlyCriticalRevokedCertExtension |
| ErrUnexpectedlyNonCriticalRevokedCertExtension |
| ErrInvalidRevocationReason |
| ErrTrailingRevocationReason |
| ErrInvalidRevocationInvalidityDate |
| ErrTrailingRevocationInvalidityDate |
| ErrInvalidRevocationIssuer |
| ErrUnhandledCriticalRevokedCertExtension |
| |
| ErrMaxID |
| ) |
| |
| // idToError gives a template x509.Error for each defined ErrorID; where the Summary |
| // field may hold format specifiers that take field parameters. |
| var idToError map[ErrorID]Error |
| |
| var errorInfo = []Error{ |
| { |
| ID: ErrInvalidCertList, |
| Summary: "x509: failed to parse CertificateList: %v", |
| Field: "CertificateList", |
| SpecRef: "RFC 5280 s5.1", |
| Category: InvalidASN1Content, |
| Fatal: true, |
| }, |
| { |
| ID: ErrTrailingCertList, |
| Summary: "x509: trailing data after CertificateList", |
| Field: "CertificateList", |
| SpecRef: "RFC 5280 s5.1", |
| Category: InvalidASN1Content, |
| Fatal: true, |
| }, |
| |
| { |
| ID: ErrUnexpectedlyCriticalCertListExtension, |
| Summary: "x509: certificate list extension %v marked critical but expected to be non-critical", |
| Field: "tbsCertList.crlExtensions.*.critical", |
| SpecRef: "RFC 5280 s5.2", |
| Category: MalformedCRL, |
| }, |
| { |
| ID: ErrUnexpectedlyNonCriticalCertListExtension, |
| Summary: "x509: certificate list extension %v marked non-critical but expected to be critical", |
| Field: "tbsCertList.crlExtensions.*.critical", |
| SpecRef: "RFC 5280 s5.2", |
| Category: MalformedCRL, |
| }, |
| |
| { |
| ID: ErrInvalidCertListAuthKeyID, |
| Summary: "x509: failed to unmarshal certificate-list authority key-id: %v", |
| Field: "tbsCertList.crlExtensions.*.AuthorityKeyIdentifier", |
| SpecRef: "RFC 5280 s5.2.1", |
| Category: InvalidASN1Content, |
| Fatal: true, |
| }, |
| { |
| ID: ErrTrailingCertListAuthKeyID, |
| Summary: "x509: trailing data after certificate list auth key ID", |
| Field: "tbsCertList.crlExtensions.*.AuthorityKeyIdentifier", |
| SpecRef: "RFC 5280 s5.2.1", |
| Category: InvalidASN1Content, |
| Fatal: true, |
| }, |
| { |
| ID: ErrInvalidCertListIssuerAltName, |
| Summary: "x509: failed to parse CRL issuer alt name: %v", |
| Field: "tbsCertList.crlExtensions.*.IssuerAltName", |
| SpecRef: "RFC 5280 s5.2.2", |
| Category: InvalidASN1Content, |
| Fatal: true, |
| }, |
| { |
| ID: ErrInvalidCertListCRLNumber, |
| Summary: "x509: failed to unmarshal certificate-list crl-number: %v", |
| Field: "tbsCertList.crlExtensions.*.CRLNumber", |
| SpecRef: "RFC 5280 s5.2.3", |
| Category: InvalidASN1Content, |
| Fatal: true, |
| }, |
| { |
| ID: ErrTrailingCertListCRLNumber, |
| Summary: "x509: trailing data after certificate list crl-number", |
| Field: "tbsCertList.crlExtensions.*.CRLNumber", |
| SpecRef: "RFC 5280 s5.2.3", |
| Category: InvalidASN1Content, |
| Fatal: true, |
| }, |
| { |
| ID: ErrNegativeCertListCRLNumber, |
| Summary: "x509: negative certificate list crl-number: %d", |
| Field: "tbsCertList.crlExtensions.*.CRLNumber", |
| SpecRef: "RFC 5280 s5.2.3", |
| Category: MalformedCRL, |
| Fatal: true, |
| }, |
| { |
| ID: ErrInvalidCertListDeltaCRL, |
| Summary: "x509: failed to unmarshal certificate-list delta-crl: %v", |
| Field: "tbsCertList.crlExtensions.*.BaseCRLNumber", |
| SpecRef: "RFC 5280 s5.2.4", |
| Category: InvalidASN1Content, |
| Fatal: true, |
| }, |
| { |
| ID: ErrTrailingCertListDeltaCRL, |
| Summary: "x509: trailing data after certificate list delta-crl", |
| Field: "tbsCertList.crlExtensions.*.BaseCRLNumber", |
| SpecRef: "RFC 5280 s5.2.4", |
| Category: InvalidASN1Content, |
| Fatal: true, |
| }, |
| { |
| ID: ErrNegativeCertListDeltaCRL, |
| Summary: "x509: negative certificate list base-crl-number: %d", |
| Field: "tbsCertList.crlExtensions.*.BaseCRLNumber", |
| SpecRef: "RFC 5280 s5.2.4", |
| Category: MalformedCRL, |
| Fatal: true, |
| }, |
| { |
| ID: ErrInvalidCertListIssuingDP, |
| Summary: "x509: failed to unmarshal certificate list issuing distribution point: %v", |
| Field: "tbsCertList.crlExtensions.*.IssuingDistributionPoint", |
| SpecRef: "RFC 5280 s5.2.5", |
| Category: InvalidASN1Content, |
| Fatal: true, |
| }, |
| { |
| ID: ErrTrailingCertListIssuingDP, |
| Summary: "x509: trailing data after certificate list issuing distribution point", |
| Field: "tbsCertList.crlExtensions.*.IssuingDistributionPoint", |
| SpecRef: "RFC 5280 s5.2.5", |
| Category: InvalidASN1Content, |
| Fatal: true, |
| }, |
| { |
| ID: ErrCertListIssuingDPMultipleTypes, |
| Summary: "x509: multiple cert types set in issuing-distribution-point: user:%v CA:%v attr:%v", |
| Field: "tbsCertList.crlExtensions.*.IssuingDistributionPoint", |
| SpecRef: "RFC 5280 s5.2.5", |
| SpecText: "at most one of onlyContainsUserCerts, onlyContainsCACerts, and onlyContainsAttributeCerts may be set to TRUE.", |
| Category: MalformedCRL, |
| Fatal: true, |
| }, |
| { |
| ID: ErrCertListIssuingDPInvalidFullName, |
| Summary: "x509: failed to parse CRL issuing-distribution-point fullName: %v", |
| Field: "tbsCertList.crlExtensions.*.IssuingDistributionPoint.distributionPoint", |
| SpecRef: "RFC 5280 s5.2.5", |
| Category: InvalidASN1Content, |
| Fatal: true, |
| }, |
| { |
| ID: ErrInvalidCertListFreshestCRL, |
| Summary: "x509: failed to unmarshal certificate list freshestCRL: %v", |
| Field: "tbsCertList.crlExtensions.*.FreshestCRL", |
| SpecRef: "RFC 5280 s5.2.6", |
| Category: InvalidASN1Content, |
| Fatal: true, |
| }, |
| { |
| ID: ErrInvalidCertListAuthInfoAccess, |
| Summary: "x509: failed to unmarshal certificate list authority info access: %v", |
| Field: "tbsCertList.crlExtensions.*.AuthorityInfoAccess", |
| SpecRef: "RFC 5280 s5.2.7", |
| Category: InvalidASN1Content, |
| Fatal: true, |
| }, |
| { |
| ID: ErrTrailingCertListAuthInfoAccess, |
| Summary: "x509: trailing data after certificate list authority info access", |
| Field: "tbsCertList.crlExtensions.*.AuthorityInfoAccess", |
| SpecRef: "RFC 5280 s5.2.7", |
| Category: InvalidASN1Content, |
| Fatal: true, |
| }, |
| { |
| ID: ErrUnhandledCriticalCertListExtension, |
| Summary: "x509: unhandled critical extension in certificate list: %v", |
| Field: "tbsCertList.revokedCertificates.crlExtensions.*", |
| SpecRef: "RFC 5280 s5.2", |
| SpecText: "If a CRL contains a critical extension that the application cannot process, then the application MUST NOT use that CRL to determine the status of certificates.", |
| Category: MalformedCRL, |
| Fatal: true, |
| }, |
| |
| { |
| ID: ErrUnexpectedlyCriticalRevokedCertExtension, |
| Summary: "x509: revoked certificate extension %v marked critical but expected to be non-critical", |
| Field: "tbsCertList.revokedCertificates.crlEntryExtensions.*.critical", |
| SpecRef: "RFC 5280 s5.3", |
| Category: MalformedCRL, |
| }, |
| { |
| ID: ErrUnexpectedlyNonCriticalRevokedCertExtension, |
| Summary: "x509: revoked certificate extension %v marked non-critical but expected to be critical", |
| Field: "tbsCertList.revokedCertificates.crlEntryExtensions.*.critical", |
| SpecRef: "RFC 5280 s5.3", |
| Category: MalformedCRL, |
| }, |
| |
| { |
| ID: ErrInvalidRevocationReason, |
| Summary: "x509: failed to parse revocation reason: %v", |
| Field: "tbsCertList.revokedCertificates.crlEntryExtensions.*.CRLReason", |
| SpecRef: "RFC 5280 s5.3.1", |
| Category: InvalidASN1Content, |
| Fatal: true, |
| }, |
| { |
| ID: ErrTrailingRevocationReason, |
| Summary: "x509: trailing data after revoked certificate reason", |
| Field: "tbsCertList.revokedCertificates.crlEntryExtensions.*.CRLReason", |
| SpecRef: "RFC 5280 s5.3.1", |
| Category: InvalidASN1Content, |
| Fatal: true, |
| }, |
| { |
| ID: ErrInvalidRevocationInvalidityDate, |
| Summary: "x509: failed to parse revoked certificate invalidity date: %v", |
| Field: "tbsCertList.revokedCertificates.crlEntryExtensions.*.InvalidityDate", |
| SpecRef: "RFC 5280 s5.3.2", |
| Category: InvalidASN1Content, |
| Fatal: true, |
| }, |
| { |
| ID: ErrTrailingRevocationInvalidityDate, |
| Summary: "x509: trailing data after revoked certificate invalidity date", |
| Field: "tbsCertList.revokedCertificates.crlEntryExtensions.*.InvalidityDate", |
| SpecRef: "RFC 5280 s5.3.2", |
| Category: InvalidASN1Content, |
| Fatal: true, |
| }, |
| { |
| ID: ErrInvalidRevocationIssuer, |
| Summary: "x509: failed to parse revocation issuer %v", |
| Field: "tbsCertList.revokedCertificates.crlEntryExtensions.*.CertificateIssuer", |
| SpecRef: "RFC 5280 s5.3.3", |
| Category: InvalidASN1Content, |
| Fatal: true, |
| }, |
| { |
| ID: ErrUnhandledCriticalRevokedCertExtension, |
| Summary: "x509: unhandled critical extension in revoked certificate: %v", |
| Field: "tbsCertList.revokedCertificates.crlEntryExtensions.*", |
| SpecRef: "RFC 5280 s5.3", |
| SpecText: "If a CRL contains a critical CRL entry extension that the application cannot process, then the application MUST NOT use that CRL to determine the status of any certificates.", |
| Category: MalformedCRL, |
| Fatal: true, |
| }, |
| } |
| |
| func init() { |
| idToError = make(map[ErrorID]Error, len(errorInfo)) |
| for _, info := range errorInfo { |
| idToError[info.ID] = info |
| } |
| } |
| |
| // NewError builds a new x509.Error based on the template for the given id. |
| func NewError(id ErrorID, args ...interface{}) Error { |
| var err Error |
| if id >= ErrMaxID { |
| err.ID = id |
| err.Summary = fmt.Sprintf("Unknown error ID %v: args %+v", id, args) |
| err.Fatal = true |
| } else { |
| err = idToError[id] |
| err.Summary = fmt.Sprintf(err.Summary, args...) |
| } |
| return err |
| } |