diff options
author | Lukasz Woznicki <75632179+makr11st@users.noreply.github.com> | 2021-12-02 12:17:27 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-12-02 12:17:27 +0000 |
commit | 759eb071a7d70d285c8ebb1126c62d46d76fac12 (patch) | |
tree | 4d41ab9e37e43364202bcf370929a1ada76e6ae8 /crates/core/tedge | |
parent | 4e3c6a7689c334c086450ceff2fa5e42a427fafa (diff) |
#624 Update dependencies and error handlers (#656)
* Update dependencies and error handlers
Signed-off-by: Lukasz Woznicki <lukasz.woznicki@softwareag.com>
Diffstat (limited to 'crates/core/tedge')
-rw-r--r-- | crates/core/tedge/Cargo.toml | 3 | ||||
-rw-r--r-- | crates/core/tedge/src/cli/certificate/error.rs | 49 |
2 files changed, 25 insertions, 27 deletions
diff --git a/crates/core/tedge/Cargo.toml b/crates/core/tedge/Cargo.toml index 1b3c1456..026a0a85 100644 --- a/crates/core/tedge/Cargo.toml +++ b/crates/core/tedge/Cargo.toml @@ -20,7 +20,7 @@ hyper = { version = "0.14", default-features = false } reqwest = { version = "0.11", default-features = false, features = ["blocking", "json", "rustls-tls", "stream"] } rpassword = "5.0" rumqttc = "0.10" -rustls = "0.19" +rustls = "0.20" serde = { version = "1.0", features = ["derive"] } structopt = "0.3" tedge_config = { path = "../../common/tedge_config" } @@ -29,7 +29,6 @@ tedge_utils = { path = "../../common/tedge_utils" } thiserror = "1.0" toml = "0.5" url = "2.2" -webpki = "0.21" which = "4.2" [dev-dependencies] diff --git a/crates/core/tedge/src/cli/certificate/error.rs b/crates/core/tedge/src/cli/certificate/error.rs index 41e03c9a..92950823 100644 --- a/crates/core/tedge/src/cli/certificate/error.rs +++ b/crates/core/tedge/src/cli/certificate/error.rs @@ -75,7 +75,7 @@ pub enum CertError { UserSwitchError(#[from] UserSwitchError), #[error("HTTP Connection Problem: {msg} \nHint: {hint}")] - WebpkiValidation { hint: String, msg: String }, + CertificateValidationFailure { hint: String, msg: String }, } impl CertError { @@ -111,59 +111,58 @@ impl CertError { // kind: Other, // error: Custom { // kind: InvalidData, -// error: WebPKIError( +// error: InvalidCertificateData( // ..., // This is where we need to get // ), // }, // }, // ) +// At the last layer we have the InvalidCertificateData error which is a Box<&dyn Error> derived from WebpkiError not included anymore, just as a String // This chain may break if underlying crates change. pub(crate) fn get_webpki_error_from_reqwest(err: reqwest::Error) -> CertError { - if let Some(rustls::TLSError::WebPKIError(cert_validation_error)) = err + if let Some(rustls::Error::InvalidCertificateData(inner)) = err // get `hyper::Error::Connect` .source() - .and_then(|hyper_error| hyper_error.downcast_ref::<hyper::Error>()) - .and_then(|hyper_error| hyper_error.source()) - // Surprise: `Custom` type is `std::io::Error`; this is our first `Custom`. - .and_then(|connect_error| connect_error.downcast_ref::<std::io::Error>()) - // A shortcut to get ref to our error 2 layers down. + .and_then(|err| err.source()) + // From here the errors are converted from std::io::Error. + // `Custom` type is `std::io::Error`; this is our first `Custom`. + .and_then(|custom_error| custom_error.downcast_ref::<std::io::Error>()) .and_then(|custom_error| custom_error.get_ref()) // This is our second `Custom`. .and_then(|custom_error2| custom_error2.downcast_ref::<std::io::Error>()) - // Get final error type from `Custom`. .and_then(|custom_error2| custom_error2.get_ref()) - .and_then(|webpki_error| webpki_error.downcast_ref::<rustls::TLSError>()) + // Get final error type from `rustls::Error`. + .and_then(|rustls_error| rustls_error.downcast_ref::<rustls::Error>()) { - match cert_validation_error { - webpki::Error::CAUsedAsEndEntity => CertError::WebpkiValidation { + match inner { + msg if msg.contains("CaUsedAsEndEntity") => CertError::CertificateValidationFailure { hint: "A CA certificate is used as an end-entity server certificate. Make sure that the certificate used is an end-entity certificate signed by CA certificate.".into(), - msg: cert_validation_error.to_string(), + msg: msg.to_string(), }, - webpki::Error::CertExpired => CertError::WebpkiValidation { - hint: "The server certificate has expired, the time it is being validated for is later than the certificate's `notAfter` time." - .into(), - msg: cert_validation_error.to_string(), + msg if msg.contains("CertExpired") => CertError::CertificateValidationFailure { + hint: "The server certificate has expired, the time it is being validated for is later than the certificate's `notAfter` time.".into(), + msg: msg.to_string(), }, - webpki::Error::CertNotValidYet => CertError::WebpkiValidation { + msg if msg.contains("CertNotValidYet") => CertError::CertificateValidationFailure { hint: "The server certificate is not valid yet, the time it is being validated for is earlier than the certificate's `notBefore` time.".into(), - msg: cert_validation_error.to_string(), + msg: msg.to_string(), }, - webpki::Error::EndEntityUsedAsCA => CertError::WebpkiValidation { + msg if msg.contains("EndEntityUsedAsCa") => CertError::CertificateValidationFailure { hint: "An end-entity certificate is used as a server CA certificate. Make sure that the certificate used is signed by a correct CA certificate.".into(), - msg: cert_validation_error.to_string(), + msg: msg.to_string(), }, - webpki::Error::InvalidCertValidity => CertError::WebpkiValidation { + msg if msg.contains("InvalidCertValidity") => CertError::CertificateValidationFailure { hint: "The server certificate validity period (`notBefore`, `notAfter`) is invalid, maybe the `notAfter` time is earlier than the `notBefore` time.".into(), - msg: cert_validation_error.to_string(), + msg: msg.to_string(), }, - _ => CertError::WebpkiValidation { + _ => CertError::CertificateValidationFailure { hint: "Server certificate validation error.".into(), - msg: cert_validation_error.to_string(), + msg: inner.to_string(), }, } } else { |