2 @sort: TLSError, TLSAbruptCloseError, TLSAlert, TLSLocalAlert, TLSRemoteAlert,
3 TLSAuthenticationError, TLSNoAuthenticationError, TLSAuthenticationTypeError,
4 TLSFingerprintError, TLSAuthorizationError, TLSValidationError, TLSFaultError
7 from constants import AlertDescription, AlertLevel
9 class TLSError(Exception):
10 """Base class for all TLS Lite exceptions."""
13 class TLSAbruptCloseError(TLSError):
14 """The socket was closed without a proper TLS shutdown.
16 The TLS specification mandates that an alert of some sort
17 must be sent before the underlying socket is closed. If the socket
18 is closed without this, it could signify that an attacker is trying
19 to truncate the connection. It could also signify a misbehaving
20 TLS implementation, or a random network failure.
24 class TLSAlert(TLSError):
25 """A TLS alert has been signalled."""
29 AlertDescription.close_notify: "close_notify",\
30 AlertDescription.unexpected_message: "unexpected_message",\
31 AlertDescription.bad_record_mac: "bad_record_mac",\
32 AlertDescription.decryption_failed: "decryption_failed",\
33 AlertDescription.record_overflow: "record_overflow",\
34 AlertDescription.decompression_failure: "decompression_failure",\
35 AlertDescription.handshake_failure: "handshake_failure",\
36 AlertDescription.no_certificate: "no certificate",\
37 AlertDescription.bad_certificate: "bad_certificate",\
38 AlertDescription.unsupported_certificate: "unsupported_certificate",\
39 AlertDescription.certificate_revoked: "certificate_revoked",\
40 AlertDescription.certificate_expired: "certificate_expired",\
41 AlertDescription.certificate_unknown: "certificate_unknown",\
42 AlertDescription.illegal_parameter: "illegal_parameter",\
43 AlertDescription.unknown_ca: "unknown_ca",\
44 AlertDescription.access_denied: "access_denied",\
45 AlertDescription.decode_error: "decode_error",\
46 AlertDescription.decrypt_error: "decrypt_error",\
47 AlertDescription.export_restriction: "export_restriction",\
48 AlertDescription.protocol_version: "protocol_version",\
49 AlertDescription.insufficient_security: "insufficient_security",\
50 AlertDescription.internal_error: "internal_error",\
51 AlertDescription.user_canceled: "user_canceled",\
52 AlertDescription.no_renegotiation: "no_renegotiation",\
53 AlertDescription.unknown_srp_username: "unknown_srp_username",\
54 AlertDescription.missing_srp_username: "missing_srp_username"}
56 class TLSLocalAlert(TLSAlert):
57 """A TLS alert has been signalled by the local implementation.
59 @type description: int
60 @ivar description: Set to one of the constants in
61 L{tlslite.constants.AlertDescription}
64 @ivar level: Set to one of the constants in
65 L{tlslite.constants.AlertLevel}
68 @ivar message: Description of what went wrong.
70 def __init__(self, alert, message=None):
71 self.description = alert.description
72 self.level = alert.level
73 self.message = message
76 alertStr = TLSAlert._descriptionStr.get(self.description)
78 alertStr = str(self.description)
80 return alertStr + ": " + self.message
84 class TLSRemoteAlert(TLSAlert):
85 """A TLS alert has been signalled by the remote implementation.
87 @type description: int
88 @ivar description: Set to one of the constants in
89 L{tlslite.constants.AlertDescription}
92 @ivar level: Set to one of the constants in
93 L{tlslite.constants.AlertLevel}
95 def __init__(self, alert):
96 self.description = alert.description
97 self.level = alert.level
100 alertStr = TLSAlert._descriptionStr.get(self.description)
102 alertStr = str(self.description)
105 class TLSAuthenticationError(TLSError):
106 """The handshake succeeded, but the other party's authentication
109 This exception will only be raised when a
110 L{tlslite.Checker.Checker} has been passed to a handshake function.
111 The Checker will be invoked once the handshake completes, and if
112 the Checker objects to how the other party authenticated, a
113 subclass of this exception will be raised.
117 class TLSNoAuthenticationError(TLSAuthenticationError):
118 """The Checker was expecting the other party to authenticate with a
119 certificate chain, but this did not occur."""
122 class TLSAuthenticationTypeError(TLSAuthenticationError):
123 """The Checker was expecting the other party to authenticate with a
124 different type of certificate chain."""
127 class TLSFingerprintError(TLSAuthenticationError):
128 """The Checker was expecting the other party to authenticate with a
129 certificate chain that matches a different fingerprint."""
132 class TLSAuthorizationError(TLSAuthenticationError):
133 """The Checker was expecting the other party to authenticate with a
134 certificate chain that has a different authorization."""
137 class TLSValidationError(TLSAuthenticationError):
138 """The Checker has determined that the other party's certificate
142 class TLSFaultError(TLSError):
143 """The other party responded incorrectly to an induced fault.
145 This exception will only occur during fault testing, when a
146 TLSConnection's fault variable is set to induce some sort of
147 faulty behavior, and the other party doesn't respond appropriately.