1
2
3
4
5
6
7 """Exception classes.
8 @sort: TLSError, TLSAbruptCloseError, TLSAlert, TLSLocalAlert, TLSRemoteAlert,
9 TLSAuthenticationError, TLSNoAuthenticationError, TLSAuthenticationTypeError,
10 TLSFingerprintError, TLSAuthorizationError, TLSValidationError, TLSFaultError,
11 TLSUnsupportedError
12 """
13 import socket
14
15 from .constants import AlertDescription, AlertLevel
16
18
19 """Metaclass for TLS Lite exceptions.
20
21 Look to L{TLSError} for exceptions that should be caught by tlslite
22 consumers
23 """
24
25 pass
26
28
29 """Base class for all TLS Lite exceptions."""
30
32 """"At least print out the Exception time for str(...)."""
33 return repr(self)
34
36 """An attempt was made to use the connection after it was closed."""
37 pass
38
40 """The socket was closed without a proper TLS shutdown.
41
42 The TLS specification mandates that an alert of some sort
43 must be sent before the underlying socket is closed. If the socket
44 is closed without this, it could signify that an attacker is trying
45 to truncate the connection. It could also signify a misbehaving
46 TLS implementation, or a random network failure.
47 """
48 pass
49
51 """A TLS alert has been signalled."""
52 pass
53
54 _descriptionStr = {\
55 AlertDescription.close_notify: "close_notify",\
56 AlertDescription.unexpected_message: "unexpected_message",\
57 AlertDescription.bad_record_mac: "bad_record_mac",\
58 AlertDescription.decryption_failed: "decryption_failed",\
59 AlertDescription.record_overflow: "record_overflow",\
60 AlertDescription.decompression_failure: "decompression_failure",\
61 AlertDescription.handshake_failure: "handshake_failure",\
62 AlertDescription.no_certificate: "no certificate",\
63 AlertDescription.bad_certificate: "bad_certificate",\
64 AlertDescription.unsupported_certificate: "unsupported_certificate",\
65 AlertDescription.certificate_revoked: "certificate_revoked",\
66 AlertDescription.certificate_expired: "certificate_expired",\
67 AlertDescription.certificate_unknown: "certificate_unknown",\
68 AlertDescription.illegal_parameter: "illegal_parameter",\
69 AlertDescription.unknown_ca: "unknown_ca",\
70 AlertDescription.access_denied: "access_denied",\
71 AlertDescription.decode_error: "decode_error",\
72 AlertDescription.decrypt_error: "decrypt_error",\
73 AlertDescription.export_restriction: "export_restriction",\
74 AlertDescription.protocol_version: "protocol_version",\
75 AlertDescription.insufficient_security: "insufficient_security",\
76 AlertDescription.internal_error: "internal_error",\
77 AlertDescription.inappropriate_fallback: "inappropriate_fallback",\
78 AlertDescription.user_canceled: "user_canceled",\
79 AlertDescription.no_renegotiation: "no_renegotiation",\
80 AlertDescription.unknown_psk_identity: "unknown_psk_identity"}
81
83 """A TLS alert has been signalled by the local implementation.
84
85 @type description: int
86 @ivar description: Set to one of the constants in
87 L{tlslite.constants.AlertDescription}
88
89 @type level: int
90 @ivar level: Set to one of the constants in
91 L{tlslite.constants.AlertLevel}
92
93 @type message: str
94 @ivar message: Description of what went wrong.
95 """
96 - def __init__(self, alert, message=None):
97 self.description = alert.description
98 self.level = alert.level
99 self.message = message
100
102 alertStr = TLSAlert._descriptionStr.get(self.description)
103 if alertStr == None:
104 alertStr = str(self.description)
105 if self.message:
106 return alertStr + ": " + self.message
107 else:
108 return alertStr
109
111 """A TLS alert has been signalled by the remote implementation.
112
113 @type description: int
114 @ivar description: Set to one of the constants in
115 L{tlslite.constants.AlertDescription}
116
117 @type level: int
118 @ivar level: Set to one of the constants in
119 L{tlslite.constants.AlertLevel}
120 """
122 self.description = alert.description
123 self.level = alert.level
124
126 alertStr = TLSAlert._descriptionStr.get(self.description)
127 if alertStr == None:
128 alertStr = str(self.description)
129 return alertStr
130
132 """The handshake succeeded, but the other party's authentication
133 was inadequate.
134
135 This exception will only be raised when a
136 L{tlslite.Checker.Checker} has been passed to a handshake function.
137 The Checker will be invoked once the handshake completes, and if
138 the Checker objects to how the other party authenticated, a
139 subclass of this exception will be raised.
140 """
141 pass
142
144 """The Checker was expecting the other party to authenticate with a
145 certificate chain, but this did not occur."""
146 pass
147
149 """The Checker was expecting the other party to authenticate with a
150 different type of certificate chain."""
151 pass
152
154 """The Checker was expecting the other party to authenticate with a
155 certificate chain that matches a different fingerprint."""
156 pass
157
159 """The Checker was expecting the other party to authenticate with a
160 certificate chain that has a different authorization."""
161 pass
162
164 """The Checker has determined that the other party's certificate
165 chain is invalid."""
170
172 """The other party responded incorrectly to an induced fault.
173
174 This exception will only occur during fault testing, when a
175 TLSConnection's fault variable is set to induce some sort of
176 faulty behavior, and the other party doesn't respond appropriately.
177 """
178 pass
179
180
182 """The implementation doesn't support the requested (or required)
183 capabilities."""
184 pass
185
187 """The internal state of object is unexpected or invalid.
188
189 Caused by incorrect use of API.
190 """
191 pass
192
194
195 """Exceptions used internally for handling errors in received messages"""
196
197 pass
198
200
201 """Parameters specified in message were incorrect or invalid"""
202
203 pass
204
206
207 """The received record size was too big"""
208
209 pass
210
212
213 """Decryption of data was unsuccessful"""
214
215 pass
216
218
219 """Bad MAC (or padding in case of mac-then-encrypt)"""
220
221 pass
222
224 """Parameters selected by user are too weak"""
225
226 pass
227
229 """The PSK or SRP identity is unknown"""
230
231 pass
232