2017-04-17 18:08:24 -04:00
|
|
|
package signed
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"strings"
|
2017-08-24 18:40:24 -04:00
|
|
|
|
|
|
|
"github.com/docker/notary/tuf/data"
|
2017-04-17 18:08:24 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
// ErrInsufficientSignatures - can not create enough signatures on a piece of
|
|
|
|
// metadata
|
|
|
|
type ErrInsufficientSignatures struct {
|
|
|
|
FoundKeys int
|
|
|
|
NeededKeys int
|
|
|
|
MissingKeyIDs []string
|
|
|
|
}
|
|
|
|
|
|
|
|
func (e ErrInsufficientSignatures) Error() string {
|
|
|
|
candidates := ""
|
|
|
|
if len(e.MissingKeyIDs) > 0 {
|
|
|
|
candidates = fmt.Sprintf(" (%s)", strings.Join(e.MissingKeyIDs, ", "))
|
|
|
|
}
|
|
|
|
|
|
|
|
if e.FoundKeys == 0 {
|
|
|
|
return fmt.Sprintf("signing keys not available: need %d keys from %d possible keys%s",
|
|
|
|
e.NeededKeys, len(e.MissingKeyIDs), candidates)
|
|
|
|
}
|
|
|
|
return fmt.Sprintf("not enough signing keys: found %d of %d needed keys - %d other possible keys%s",
|
|
|
|
e.FoundKeys, e.NeededKeys, len(e.MissingKeyIDs), candidates)
|
|
|
|
}
|
|
|
|
|
|
|
|
// ErrExpired indicates a piece of metadata has expired
|
|
|
|
type ErrExpired struct {
|
2017-08-24 18:40:24 -04:00
|
|
|
Role data.RoleName
|
2017-04-17 18:08:24 -04:00
|
|
|
Expired string
|
|
|
|
}
|
|
|
|
|
|
|
|
func (e ErrExpired) Error() string {
|
2017-08-24 18:40:24 -04:00
|
|
|
return fmt.Sprintf("%s expired at %v", e.Role.String(), e.Expired)
|
2017-04-17 18:08:24 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
// ErrLowVersion indicates the piece of metadata has a version number lower than
|
|
|
|
// a version number we're already seen for this role
|
|
|
|
type ErrLowVersion struct {
|
|
|
|
Actual int
|
|
|
|
Current int
|
|
|
|
}
|
|
|
|
|
|
|
|
func (e ErrLowVersion) Error() string {
|
|
|
|
return fmt.Sprintf("version %d is lower than current version %d", e.Actual, e.Current)
|
|
|
|
}
|
|
|
|
|
|
|
|
// ErrRoleThreshold indicates we did not validate enough signatures to meet the threshold
|
|
|
|
type ErrRoleThreshold struct {
|
|
|
|
Msg string
|
|
|
|
}
|
|
|
|
|
|
|
|
func (e ErrRoleThreshold) Error() string {
|
|
|
|
if e.Msg == "" {
|
|
|
|
return "valid signatures did not meet threshold"
|
|
|
|
}
|
|
|
|
return e.Msg
|
|
|
|
}
|
|
|
|
|
|
|
|
// ErrInvalidKeyType indicates the types for the key and signature it's associated with are
|
|
|
|
// mismatched. Probably a sign of malicious behaviour
|
|
|
|
type ErrInvalidKeyType struct{}
|
|
|
|
|
|
|
|
func (e ErrInvalidKeyType) Error() string {
|
|
|
|
return "key type is not valid for signature"
|
|
|
|
}
|
|
|
|
|
|
|
|
// ErrInvalidKeyID indicates the specified key ID was incorrect for its associated data
|
|
|
|
type ErrInvalidKeyID struct{}
|
|
|
|
|
|
|
|
func (e ErrInvalidKeyID) Error() string {
|
|
|
|
return "key ID is not valid for key content"
|
|
|
|
}
|
|
|
|
|
|
|
|
// ErrInvalidKeyLength indicates that while we may support the cipher, the provided
|
|
|
|
// key length is not specifically supported, i.e. we support RSA, but not 1024 bit keys
|
|
|
|
type ErrInvalidKeyLength struct {
|
|
|
|
msg string
|
|
|
|
}
|
|
|
|
|
|
|
|
func (e ErrInvalidKeyLength) Error() string {
|
|
|
|
return fmt.Sprintf("key length is not supported: %s", e.msg)
|
|
|
|
}
|
|
|
|
|
|
|
|
// ErrNoKeys indicates no signing keys were found when trying to sign
|
|
|
|
type ErrNoKeys struct {
|
|
|
|
KeyIDs []string
|
|
|
|
}
|
|
|
|
|
|
|
|
func (e ErrNoKeys) Error() string {
|
|
|
|
return fmt.Sprintf("could not find necessary signing keys, at least one of these keys must be available: %s",
|
|
|
|
strings.Join(e.KeyIDs, ", "))
|
|
|
|
}
|