1
2
3
4 """Exception classes.
5 @sort: TLSError, TLSAbruptCloseError, TLSAlert, TLSLocalAlert, TLSRemoteAlert,
6 TLSAuthenticationError, TLSNoAuthenticationError, TLSAuthenticationTypeError,
7 TLSFingerprintError, TLSAuthorizationError, TLSValidationError, TLSFaultError
8 """
9
10 from .constants import AlertDescription, AlertLevel
11
13 """Base class for all TLS Lite exceptions."""
14
16 """"At least print out the Exception time for str(...)."""
17 return repr(self)
18
20 """The socket was closed without a proper TLS shutdown.
21
22 The TLS specification mandates that an alert of some sort
23 must be sent before the underlying socket is closed. If the socket
24 is closed without this, it could signify that an attacker is trying
25 to truncate the connection. It could also signify a misbehaving
26 TLS implementation, or a random network failure.
27 """
28 pass
29
31 """A TLS alert has been signalled."""
32 pass
33
34 _descriptionStr = {\
35 AlertDescription.close_notify: "close_notify",\
36 AlertDescription.unexpected_message: "unexpected_message",\
37 AlertDescription.bad_record_mac: "bad_record_mac",\
38 AlertDescription.decryption_failed: "decryption_failed",\
39 AlertDescription.record_overflow: "record_overflow",\
40 AlertDescription.decompression_failure: "decompression_failure",\
41 AlertDescription.handshake_failure: "handshake_failure",\
42 AlertDescription.no_certificate: "no certificate",\
43 AlertDescription.bad_certificate: "bad_certificate",\
44 AlertDescription.unsupported_certificate: "unsupported_certificate",\
45 AlertDescription.certificate_revoked: "certificate_revoked",\
46 AlertDescription.certificate_expired: "certificate_expired",\
47 AlertDescription.certificate_unknown: "certificate_unknown",\
48 AlertDescription.illegal_parameter: "illegal_parameter",\
49 AlertDescription.unknown_ca: "unknown_ca",\
50 AlertDescription.access_denied: "access_denied",\
51 AlertDescription.decode_error: "decode_error",\
52 AlertDescription.decrypt_error: "decrypt_error",\
53 AlertDescription.export_restriction: "export_restriction",\
54 AlertDescription.protocol_version: "protocol_version",\
55 AlertDescription.insufficient_security: "insufficient_security",\
56 AlertDescription.internal_error: "internal_error",\
57 AlertDescription.user_canceled: "user_canceled",\
58 AlertDescription.no_renegotiation: "no_renegotiation",\
59 AlertDescription.unknown_psk_identity: "unknown_psk_identity"}
60
62 """A TLS alert has been signalled by the local implementation.
63
64 @type description: int
65 @ivar description: Set to one of the constants in
66 L{tlslite.constants.AlertDescription}
67
68 @type level: int
69 @ivar level: Set to one of the constants in
70 L{tlslite.constants.AlertLevel}
71
72 @type message: str
73 @ivar message: Description of what went wrong.
74 """
75 - def __init__(self, alert, message=None):
76 self.description = alert.description
77 self.level = alert.level
78 self.message = message
79
81 alertStr = TLSAlert._descriptionStr.get(self.description)
82 if alertStr == None:
83 alertStr = str(self.description)
84 if self.message:
85 return alertStr + ": " + self.message
86 else:
87 return alertStr
88
90 """A TLS alert has been signalled by the remote implementation.
91
92 @type description: int
93 @ivar description: Set to one of the constants in
94 L{tlslite.constants.AlertDescription}
95
96 @type level: int
97 @ivar level: Set to one of the constants in
98 L{tlslite.constants.AlertLevel}
99 """
101 self.description = alert.description
102 self.level = alert.level
103
105 alertStr = TLSAlert._descriptionStr.get(self.description)
106 if alertStr == None:
107 alertStr = str(self.description)
108 return alertStr
109
111 """The handshake succeeded, but the other party's authentication
112 was inadequate.
113
114 This exception will only be raised when a
115 L{tlslite.Checker.Checker} has been passed to a handshake function.
116 The Checker will be invoked once the handshake completes, and if
117 the Checker objects to how the other party authenticated, a
118 subclass of this exception will be raised.
119 """
120 pass
121
123 """The Checker was expecting the other party to authenticate with a
124 certificate chain, but this did not occur."""
125 pass
126
128 """The Checker was expecting the other party to authenticate with a
129 different type of certificate chain."""
130 pass
131
133 """The Checker was expecting the other party to authenticate with a
134 certificate chain that matches a different fingerprint."""
135 pass
136
138 """The Checker was expecting the other party to authenticate with a
139 certificate chain that has a different authorization."""
140 pass
141
143 """The Checker has determined that the other party's certificate
144 chain is invalid."""
145 pass
146
147
149 """No TACK was presented."""
150 pass
151
153 """The chosen TACK ID did not match the presented TACK ID."""
154 pass
155
157 """The chosen TACK ID is broken by a TACK Break Signature."""
158 pass
159
160
162 """The other party responded incorrectly to an induced fault.
163
164 This exception will only occur during fault testing, when a
165 TLSConnection's fault variable is set to induce some sort of
166 faulty behavior, and the other party doesn't respond appropriately.
167 """
168 pass
169