# Authors:
# Trevor Perrin
# Dave Baggett (Arcode Corporation) - Added TLSUnsupportedError.
#
# See the LICENSE file for legal information regarding use of this file.
"""Exception classes."""
import socket
from .constants import AlertDescription, AlertLevel
[docs]
class BaseTLSException(Exception):
"""
Metaclass for TLS Lite exceptions.
Look to :py:class:`tlslite.errors.TLSError` for exceptions that should be
caught by tlslite
consumers
"""
pass
[docs]
class EncryptionError(BaseTLSException):
"""Base class for exceptions thrown while encrypting."""
pass
[docs]
class TLSError(BaseTLSException):
"""Base class for all TLS Lite exceptions."""
[docs]
def __str__(self):
"""At least print out the Exception time for str(...)."""
return repr(self)
[docs]
class TLSClosedConnectionError(TLSError, socket.error):
"""An attempt was made to use the connection after it was closed."""
pass
[docs]
class TLSAbruptCloseError(TLSError):
"""The socket was closed without a proper TLS shutdown.
The TLS specification mandates that an alert of some sort
must be sent before the underlying socket is closed. If the socket
is closed without this, it could signify that an attacker is trying
to truncate the connection. It could also signify a misbehaving
TLS implementation, or a random network failure.
"""
pass
[docs]
class TLSAlert(TLSError):
"""A TLS alert has been signalled."""
pass
[docs]
class TLSLocalAlert(TLSAlert):
"""A TLS alert has been signalled by the local implementation.
:vartype description: int
:ivar description: Set to one of the constants in
:py:class:`tlslite.constants.AlertDescription`
:vartype level: int
:ivar level: Set to one of the constants in
:py:class:`tlslite.constants.AlertLevel`
:vartype message: str
:ivar message: Description of what went wrong.
"""
[docs]
def __init__(self, alert, message=None):
self.description = alert.description
self.level = alert.level
self.message = message
[docs]
def __str__(self):
alertStr = AlertDescription.toStr(self.description)
if self.message:
return alertStr + ": " + self.message
else:
return alertStr
[docs]
class TLSRemoteAlert(TLSAlert):
"""
A TLS alert has been signalled by the remote implementation.
:vartype description: int
:ivar description: Set to one of the constants in
:py:class:`tlslite.constants.AlertDescription`
:vartype level: int
:ivar level: Set to one of the constants in
:py:class:`tlslite.constants.AlertLevel`
"""
[docs]
def __init__(self, alert):
self.description = alert.description
self.level = alert.level
[docs]
def __str__(self):
alertStr = AlertDescription.toStr(self.description)
return alertStr
[docs]
class TLSAuthenticationError(TLSError):
"""
The handshake succeeded, but the other party's authentication
was inadequate.
This exception will only be raised when a
:py:class:`tlslite.Checker.Checker` has been passed to a handshake
function.
The Checker will be invoked once the handshake completes, and if
the Checker objects to how the other party authenticated, a
subclass of this exception will be raised.
"""
pass
[docs]
class TLSNoAuthenticationError(TLSAuthenticationError):
"""The Checker was expecting the other party to authenticate with a
certificate chain, but this did not occur."""
pass
[docs]
class TLSAuthenticationTypeError(TLSAuthenticationError):
"""The Checker was expecting the other party to authenticate with a
different type of certificate chain."""
pass
[docs]
class TLSFingerprintError(TLSAuthenticationError):
"""The Checker was expecting the other party to authenticate with a
certificate chain that matches a different fingerprint."""
pass
[docs]
class TLSAuthorizationError(TLSAuthenticationError):
"""The Checker was expecting the other party to authenticate with a
certificate chain that has a different authorization."""
pass
[docs]
class TLSValidationError(TLSAuthenticationError):
"""The Checker has determined that the other party's certificate
chain is invalid."""
[docs]
def __init__(self, msg, info=None):
# Include a dict containing info about this validation failure
TLSAuthenticationError.__init__(self, msg)
self.info = info
[docs]
class TLSFaultError(TLSError):
"""The other party responded incorrectly to an induced fault.
This exception will only occur during fault testing, when a
:py:class:`tlslite.tlsconnection.TLSConnection`'s fault variable is
set to induce some sort of
faulty behavior, and the other party doesn't respond appropriately.
"""
pass
[docs]
class TLSUnsupportedError(TLSError):
"""The implementation doesn't support the requested (or required)
capabilities."""
pass
[docs]
class TLSInternalError(TLSError):
"""The internal state of object is unexpected or invalid.
Caused by incorrect use of API.
"""
pass
[docs]
class TLSProtocolException(BaseTLSException):
"""Exceptions used internally for handling errors in received messages"""
pass
[docs]
class TLSIllegalParameterException(TLSProtocolException):
"""Parameters specified in message were incorrect or invalid"""
pass
[docs]
class TLSDecodeError(TLSProtocolException):
"""The received message encoding does not match specification."""
pass
[docs]
class TLSUnexpectedMessage(TLSProtocolException):
"""
The received message was unexpected or parsing of Inner Plaintext
failed
"""
pass
[docs]
class TLSRecordOverflow(TLSProtocolException):
"""The received record size was too big"""
pass
[docs]
class TLSDecryptionFailed(TLSProtocolException):
"""Decryption of data was unsuccessful"""
pass
[docs]
class TLSBadRecordMAC(TLSProtocolException):
"""Bad MAC (or padding in case of mac-then-encrypt)"""
pass
[docs]
class TLSInsufficientSecurity(TLSProtocolException):
"""Parameters selected by user are too weak"""
pass
[docs]
class TLSUnknownPSKIdentity(TLSProtocolException):
"""The PSK or SRP identity is unknown"""
pass
[docs]
class TLSHandshakeFailure(TLSProtocolException):
"""Could not find acceptable set of handshake parameters"""
pass
[docs]
class EncodingError(EncryptionError):
"""An error appeared while encoding"""
pass
[docs]
class InvalidSignature(EncryptionError):
"""Verification function found invalid signature"""
pass
[docs]
class UnknownRSAType(EncryptionError):
"""Unknown RSA algorithm type passed"""
pass