1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
|
//===----------------------------------------------------------------------===//
//
// This source file is part of the SwiftCertificates open source project
//
// Copyright (c) 2022 Apple Inc. and the SwiftCertificates project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//
/// Represents an error that may be thrown from the ``Certificate`` module.
///
/// This object contains both an error ``code`` and a textual reason for the error,
/// as well as source code context for the error. When attempting to process a specific
/// error, users are encouraged to check the ``code``. The additional diagnostic information
/// is available by using `String(describing:)` to format ``CertificateError``.
///
/// This type is `Equatable` and `Hashable`, but only the ``code`` field is considered in the
/// implementation of that behaviour. This makes it relatively easy to test code that throws
/// a specific error by creating the error type directly in your own code.
public struct CertificateError: Error, Hashable, CustomStringConvertible {
private var backing: Backing
/// Represents the kind of error that was encountered.
public var code: ErrorCode {
get {
self.backing.code
}
set {
self.makeUnique()
self.backing.code = newValue
}
}
private var reason: String {
self.backing.reason
}
private var file: String {
self.backing.file
}
private var line: UInt {
self.backing.line
}
public var description: String {
"CertificateError.\(self.code): \(self.reason) \(self.file):\(self.line)"
}
private mutating func makeUnique() {
if !isKnownUniquelyReferenced(&self.backing) {
self.backing = self.backing.copy()
}
}
/// The signature algorithm used in a ``Certificate`` is not supported by this library.
/// - Parameter reason: A detailed reason explaining what signature algorithm was not supported.
/// - Returns: A ``CertificateError`` with ``code`` set to ``ErrorCode/unsupportedSignatureAlgorithm``.
@inline(never)
public static func unsupportedSignatureAlgorithm(
reason: String,
file: String = #fileID,
line: UInt = #line
) -> CertificateError {
return CertificateError(
backing: .init(
code: .unsupportedSignatureAlgorithm,
reason: reason,
file: file,
line: line
)
)
}
/// The private key algorithm used in a ``Certificate`` is not supported by this library.
/// - Parameter reason: A detailed reason explaining what private key algorithm was not supported.
/// - Returns: A ``CertificateError`` with ``code`` set to ``ErrorCode/unsupportedPublicKeyAlgorithm``.
@inline(never)
public static func unsupportedPublicKeyAlgorithm(
reason: String,
file: String = #fileID,
line: UInt = #line
) -> CertificateError {
return CertificateError(
backing: .init(
code: .unsupportedPublicKeyAlgorithm,
reason: reason,
file: file,
line: line
)
)
}
/// The signature was not valid for the provided ``Certificate``.
/// - Parameter reason: A detailed reason detailing the signature and certificate that did not match.
/// - Returns: A ``CertificateError`` with ``code`` set to ``ErrorCode/invalidSignatureForCertificate``.
@inline(never)
public static func invalidSignatureForCertificate(
reason: String,
file: String = #fileID,
line: UInt = #line
) -> CertificateError {
return CertificateError(
backing: .init(
code: .invalidSignatureForCertificate,
reason: reason,
file: file,
line: line
)
)
}
/// An extension has the wrong OID.
/// - Parameter reason: A detailed reason detailing the extension and OID that didn't match.
/// - Returns: A ``CertificateError`` with ``code`` set to ``ErrorCode/incorrectOIDForExtension``.
@inline(never)
public static func incorrectOIDForExtension(
reason: String,
file: String = #fileID,
line: UInt = #line
) -> CertificateError {
return CertificateError(
backing: .init(
code: .incorrectOIDForExtension,
reason: reason,
file: file,
line: line
)
)
}
/// A digest algorithm isn't supported
/// - Parameter reason: A detailed reason indicating the algorithm identifier for the unsupported digest.
/// - Returns: A ``CertificateError`` with ``code`` set to ``ErrorCode/unsupportedDigestAlgorithm``.
@inline(never)
public static func unsupportedDigestAlgorithm(
reason: String,
file: String = #fileID,
line: UInt = #line
) -> CertificateError {
return CertificateError(
backing: .init(
code: .unsupportedDigestAlgorithm,
reason: reason,
file: file,
line: line
)
)
}
/// A digest private key isn't supported
/// - Parameter reason: A detailed reason indicating the unsupported private key.
/// - Returns: A ``CertificateError`` with ``code`` set to ``ErrorCode/unsupportedPrivateKey``.
@inline(never)
public static func unsupportedPrivateKey(
reason: String,
file: String = #fileID,
line: UInt = #line
) -> CertificateError {
return CertificateError(
backing: .init(
code: .unsupportedPrivateKey,
reason: reason,
file: file,
line: line
)
)
}
/// A CSR attribute has the wrong OID.
/// - Parameter reason: A detailed reason detailing the attribute and OID that didn't match.
/// - Returns: A ``CertificateError`` with ``code`` set to ``ErrorCode/incorrectOIDForAttribute``.
@inline(never)
public static func incorrectOIDForAttribute(
reason: String,
file: String = #fileID,
line: UInt = #line
) -> CertificateError {
return CertificateError(
backing: .init(
code: .incorrectOIDForAttribute,
reason: reason,
file: file,
line: line
)
)
}
/// A CSR attribute is invalid.
/// - Parameter reason: A detailed reason detailing the attribute that is invalid.
/// - Returns: A ``CertificateError`` with ``code`` set to ``ErrorCode/invalidCSRAttribute``.
@inline(never)
public static func invalidCSRAttribute(
reason: String,
file: String = #fileID,
line: UInt = #line
) -> CertificateError {
return CertificateError(
backing: .init(
code: .invalidCSRAttribute,
reason: reason,
file: file,
line: line
)
)
}
/// An OID is present twice.
/// - Parameter reason: A detailed reason detailing which OID is duplicate.
/// - Returns: A ``CertificateError`` with ``code`` set to ``ErrorCode/duplicateOID``.
@inline(never)
public static func duplicateOID(
reason: String,
file: String = #fileID,
line: UInt = #line
) -> CertificateError {
return CertificateError(
backing: .init(
code: .duplicateOID,
reason: reason,
file: file,
line: line
)
)
}
}
extension CertificateError {
/// Represents the kind of an error.
///
/// The same kind of error may be thrown from more than one place, for more than one reason. This type represents
/// only a fairly high level kind of error: use the string representation of ``CertificateError`` to get more details
/// about the specific cause.
public struct ErrorCode: Hashable, Sendable, CustomStringConvertible {
fileprivate enum BackingCode {
case unsupportedSignatureAlgorithm
case unsupportedPublicKeyAlgorithm
case invalidSignatureForCertificate
case incorrectOIDForExtension
case unsupportedDigestAlgorithm
case unsupportedPrivateKey
case incorrectOIDForAttribute
case invalidCSRAttribute
case duplicateOID
}
fileprivate var backingCode: BackingCode
fileprivate init(_ backingCode: BackingCode) {
self.backingCode = backingCode
}
/// The signature algorithm used in a ``Certificate`` is not supported by this library.
public static let unsupportedSignatureAlgorithm = ErrorCode(.unsupportedSignatureAlgorithm)
/// The public key algorithm used in a ``Certificate`` is not supported by this library.
public static let unsupportedPublicKeyAlgorithm = ErrorCode(.unsupportedPublicKeyAlgorithm)
/// The signature was not valid for the provided ``Certificate``.
public static let invalidSignatureForCertificate = ErrorCode(.invalidSignatureForCertificate)
/// An extension has the wrong OID.
public static let incorrectOIDForExtension = ErrorCode(.incorrectOIDForExtension)
/// The digest algorithm isn't supported.
public static let unsupportedDigestAlgorithm = ErrorCode(.unsupportedDigestAlgorithm)
/// The private key isn't supported.
public static let unsupportedPrivateKey = ErrorCode(.unsupportedPrivateKey)
/// An attribute has the wrong OID.
public static let incorrectOIDForAttribute = ErrorCode(.incorrectOIDForAttribute)
/// A CSR attribute is invalid.
public static let invalidCSRAttribute = ErrorCode(.invalidCSRAttribute)
/// An OID is present twice.
public static let duplicateOID = ErrorCode(.duplicateOID)
public var description: String {
return String(describing: self.backingCode)
}
}
}
extension CertificateError {
final class Backing: Hashable {
var code: CertificateError.ErrorCode
let reason: String
let file: String
let line: UInt
fileprivate init(
code: CertificateError.ErrorCode,
reason: String,
file: String,
line: UInt
) {
self.code = code
self.reason = reason
self.file = file
self.line = line
}
// Only the error code matters for equality.
static func == (lhs: Backing, rhs: Backing) -> Bool {
return lhs.code == rhs.code
}
func hash(into hasher: inout Hasher) {
hasher.combine(self.code)
}
fileprivate func copy() -> Backing {
return Backing(code: self.code, reason: self.reason, file: self.file, line: self.line)
}
}
}
|
