9945421627

Committed 15 Jul 2024 07:26PM UTC coverage: 89.964% (-7.6%) from 97.542%

Build # 9945421627

Build Type

push

github

Committed by

dacut

Commit Message

Fix broken doc link

Run Details

3254 of 3617 relevant lines covered (89.96%)

109.57 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

87.64

/src/error.rs

use {
    http::status::StatusCode,
    scratchstack_errors::ServiceError,
    std::{
        error::Error,
        fmt::{Display, Formatter, Result as FmtResult},
        io::Error as IOError,
    },
};

/// Error code: ExpiredToken
const ERR_CODE_EXPIRED_TOKEN: &str = "ExpiredToken";

/// Error code: InternalFailure
const ERR_CODE_INTERNAL_FAILURE: &str = "InternalFailure";

/// Error code: InvalidContentType (non-AWS standard)
const ERR_CODE_INVALID_CONTENT_TYPE: &str = "InvalidContentType";

/// Error code: InvalidBodyEncoding
const ERR_CODE_INVALID_BODY_ENCODING: &str = "InvalidBodyEncoding";

/// Error code: InvalidClientTokenId
const ERR_CODE_INVALID_CLIENT_TOKEN_ID: &str = "InvalidClientTokenId";

/// Error code: IncompleteSignature
const ERR_CODE_INCOMPLETE_SIGNATURE: &str = "IncompleteSignature";

/// Error code: InvalidRequestMethod (non-AWS standard)
const ERR_CODE_INVALID_REQUEST_METHOD: &str = "InvalidRequestMethod";

/// Error code: InvalidURIPath
const ERR_CODE_INVALID_URI_PATH: &str = "InvalidURIPath";

/// Error code: MalformedQueryString
const ERR_CODE_MALFORMED_QUERY_STRING: &str = "MalformedQueryString";

/// Error code: MissingAuthenticationToken
const ERR_CODE_MISSING_AUTHENTICATION_TOKEN: &str = "MissingAuthenticationToken";

/// Error code: SignatureDoesNotMatch
const ERR_CODE_SIGNATURE_DOES_NOT_MATCH: &str = "SignatureDoesNotMatch";

/// Error returned when an attempt at validating an AWS SigV4 signature fails.
#[derive(Debug)]
pub enum SignatureError {
    /// The security token included with the request is expired.
    ExpiredToken(/* message */ String),

    /// Validation failed due to an underlying I/O error.
    IO(IOError),

    /// Validation failed due to an internal service error.
    InternalServiceError(Box<dyn Error + Send + Sync>),

    /// The request body used an unsupported character set encoding. Currently only UTF-8 is supported.
    InvalidBodyEncoding(/* message */ String),

    /// The AWS access key provided does not exist in our records.
    InvalidClientTokenId(/* message */ String),

    /// The content-type of the request is unsupported.
    InvalidContentType(/* message */ String),

    /// Invalid request method.
    InvalidRequestMethod(/* message */ String),

    /// The request signature does not conform to AWS standards. Sample messages:  
    /// `Authorization header requires 'Credential' parameter. Authorization=...`  
    /// `Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header.`  
    /// `Date must be in ISO-8601 'basic format'. Got '...'. See http://en.wikipedia.org/wiki/ISO_8601`  
    /// `Unsupported AWS 'algorithm': 'AWS4-HMAC-SHA512'`
    IncompleteSignature(/* message */ String),

    /// The URI path includes invalid components. This can be a malformed hex encoding (e.g. `%0J`), a non-absolute
    /// URI path (`foo/bar`), or a URI path that attempts to navigate above the root (`/x/../../../y`).
    InvalidURIPath(/* message */ String),

    /// A query parameter was malformed -- the value could not be decoded as UTF-8, or the parameter was empty and
    /// this is not allowed (e.g. a signature parameter), or the parameter could not be parsed (e.g., the `X-Amz-Date`
    /// parameter is not a valid date).
    ///
    /// `Incomplete trailing escape % sequence`
    MalformedQueryString(/* message */ String),

    /// The request must contain either a valid (registered) AWS access key ID or X.509 certificate. Sample messages:  
    /// `Request is missing Authentication Token`  
    MissingAuthenticationToken(/* message */ String),

    /// Signature did not match the calculated signature value.
    /// Example messages:  
    /// `The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.`  
    /// `Signature expired: 20210502T144040Z is now earlier than 20210502T173143Z (20210502T174643Z - 15 min.)`  
    /// `Signature not yet current: 20210502T183640Z is still later than 20210502T175140Z (20210502T173640Z + 15 min.)`
    SignatureDoesNotMatch(Option</* message */ String>),
}

impl SignatureError {
    fn error_code(&self) -> &'static str {
        match self {
            Self::ExpiredToken(_) => ERR_CODE_EXPIRED_TOKEN,
            Self::IO(_) | Self::InternalServiceError(_) => ERR_CODE_INTERNAL_FAILURE,
            Self::InvalidBodyEncoding(_) => ERR_CODE_INVALID_BODY_ENCODING,
            Self::InvalidClientTokenId(_) => ERR_CODE_INVALID_CLIENT_TOKEN_ID,
            Self::InvalidContentType(_) => ERR_CODE_INVALID_CONTENT_TYPE,
            Self::InvalidRequestMethod(_) => ERR_CODE_INVALID_REQUEST_METHOD,
            Self::IncompleteSignature(_) => ERR_CODE_INCOMPLETE_SIGNATURE,
            Self::InvalidURIPath(_) => ERR_CODE_INVALID_URI_PATH,
            Self::MalformedQueryString(_) => ERR_CODE_MALFORMED_QUERY_STRING,
            Self::MissingAuthenticationToken(_) => ERR_CODE_MISSING_AUTHENTICATION_TOKEN,
            Self::SignatureDoesNotMatch(_) => ERR_CODE_SIGNATURE_DOES_NOT_MATCH,
        }
    }

    fn http_status(&self) -> StatusCode {
        match self {
            Self::IncompleteSignature(_)
            | Self::InvalidBodyEncoding(_)
            | Self::InvalidRequestMethod(_)
            | Self::InvalidURIPath(_)
            | Self::MalformedQueryString(_)
            | Self::MissingAuthenticationToken(_) => StatusCode::BAD_REQUEST,
            Self::IO(_) | Self::InternalServiceError(_) => StatusCode::INTERNAL_SERVER_ERROR,
            _ => StatusCode::FORBIDDEN,
        }
    }
}

impl ServiceError for SignatureError {
    fn error_code(&self) -> &'static str {
        SignatureError::error_code(self)
    }

    fn http_status(&self) -> StatusCode {
        SignatureError::http_status(self)
    }
}

impl Display for SignatureError {
    fn fmt(&self, f: &mut Formatter) -> FmtResult {
        match self {
            Self::ExpiredToken(msg) => f.write_str(msg),
            Self::IO(ref e) => Display::fmt(e, f),
            Self::InternalServiceError(ref e) => Display::fmt(e, f),
            Self::InvalidBodyEncoding(msg) => f.write_str(msg),
            Self::InvalidClientTokenId(msg) => f.write_str(msg),
            Self::InvalidContentType(msg) => f.write_str(msg),
            Self::InvalidRequestMethod(msg) => f.write_str(msg),
            Self::IncompleteSignature(msg) => f.write_str(msg),
            Self::InvalidURIPath(msg) => f.write_str(msg),
            Self::MalformedQueryString(msg) => f.write_str(msg),
            Self::MissingAuthenticationToken(msg) => f.write_str(msg),
            Self::SignatureDoesNotMatch(msg) => {
                if let Some(msg) = msg {
                    f.write_str(msg)
                } else {
                    Ok(())
                }
            }
        }
    }
}

impl Error for SignatureError {
    fn source(&self) -> Option<&(dyn Error + 'static)> {
        match self {
            Self::IO(ref e) => Some(e),
            _ => None,
        }
    }
}

impl From<IOError> for SignatureError {
    fn from(e: IOError) -> SignatureError {
        SignatureError::IO(e)
    }
}

impl From<Box<dyn Error + Send + Sync>> for SignatureError {
    fn from(e: Box<dyn Error + Send + Sync>) -> SignatureError {
        match e.downcast::<SignatureError>() {
            Ok(sig_err) => *sig_err,
            Err(e) => SignatureError::InternalServiceError(e),
        }
    }
}

#[cfg(test)]
mod tests {
    use {crate::SignatureError, std::error::Error};

    #[test_log::test]
    fn test_from() {
        // This just exercises a few codepaths that aren't usually exercised.
        let utf8_error = Box::new(String::from_utf8(b"\x80".to_vec()).unwrap_err());
        let e: SignatureError = (utf8_error as Box<dyn Error + Send + Sync + 'static>).into();
        assert_eq!(e.error_code(), "InternalFailure");
        assert_eq!(e.http_status(), 500);

        let e = SignatureError::MalformedQueryString("foo".to_string());
        let e2 = SignatureError::from(Box::new(e) as Box<dyn Error + Send + Sync + 'static>);
        assert_eq!(e2.to_string(), "foo");
        assert_eq!(e2.error_code(), "MalformedQueryString");

        let e = SignatureError::InvalidContentType("Invalid content type: image/jpeg".to_string());
        assert_eq!(e.error_code(), "InvalidContentType");
        assert_eq!(e.http_status(), 403); // Should be 400, but AWS returns 403.
        assert_eq!(format!("{}", e), "Invalid content type: image/jpeg");

        let e = SignatureError::InvalidRequestMethod("Invalid request method: DELETE".to_string());
        assert_eq!(e.error_code(), "InvalidRequestMethod");
        assert_eq!(e.http_status(), 400);
        assert_eq!(format!("{}", e), "Invalid request method: DELETE");
    }
}

1	use {
2	http::status::StatusCode,
3	scratchstack_errors::ServiceError,
4	std::{
5	error::Error,
6	fmt::{Display, Formatter, Result as FmtResult},
7	io::Error as IOError,
8	},
9	};
10
11	/// Error code: ExpiredToken
12	const ERR_CODE_EXPIRED_TOKEN: &str = "ExpiredToken";
13
14	/// Error code: InternalFailure
15	const ERR_CODE_INTERNAL_FAILURE: &str = "InternalFailure";
16
17	/// Error code: InvalidContentType (non-AWS standard)
18	const ERR_CODE_INVALID_CONTENT_TYPE: &str = "InvalidContentType";
19
20	/// Error code: InvalidBodyEncoding
21	const ERR_CODE_INVALID_BODY_ENCODING: &str = "InvalidBodyEncoding";
22
23	/// Error code: InvalidClientTokenId
24	const ERR_CODE_INVALID_CLIENT_TOKEN_ID: &str = "InvalidClientTokenId";
25
26	/// Error code: IncompleteSignature
27	const ERR_CODE_INCOMPLETE_SIGNATURE: &str = "IncompleteSignature";
28
29	/// Error code: InvalidRequestMethod (non-AWS standard)
30	const ERR_CODE_INVALID_REQUEST_METHOD: &str = "InvalidRequestMethod";
31
32	/// Error code: InvalidURIPath
33	const ERR_CODE_INVALID_URI_PATH: &str = "InvalidURIPath";
34
35	/// Error code: MalformedQueryString
36	const ERR_CODE_MALFORMED_QUERY_STRING: &str = "MalformedQueryString";
37
38	/// Error code: MissingAuthenticationToken
39	const ERR_CODE_MISSING_AUTHENTICATION_TOKEN: &str = "MissingAuthenticationToken";
40
41	/// Error code: SignatureDoesNotMatch
42	const ERR_CODE_SIGNATURE_DOES_NOT_MATCH: &str = "SignatureDoesNotMatch";
43
44	/// Error returned when an attempt at validating an AWS SigV4 signature fails.
45	#[derive(Debug)]	3✔
46	pub enum SignatureError {
47	/// The security token included with the request is expired.
48	ExpiredToken(/* message */ String),	×
49
50	/// Validation failed due to an underlying I/O error.
51	IO(IOError),	×
52
53	/// Validation failed due to an internal service error.
54	InternalServiceError(Box<dyn Error + Send + Sync>),	×
55
56	/// The request body used an unsupported character set encoding. Currently only UTF-8 is supported.
57	InvalidBodyEncoding(/* message */ String),	×
58
59	/// The AWS access key provided does not exist in our records.
60	InvalidClientTokenId(/* message */ String),	×
61
62	/// The content-type of the request is unsupported.
63	InvalidContentType(/* message */ String),	×
64
65	/// Invalid request method.
66	InvalidRequestMethod(/* message */ String),	×
67
68	/// The request signature does not conform to AWS standards. Sample messages:
69	/// `Authorization header requires 'Credential' parameter. Authorization=...`
70	/// `Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header.`
71	/// `Date must be in ISO-8601 'basic format'. Got '...'. See http://en.wikipedia.org/wiki/ISO_8601`
72	/// `Unsupported AWS 'algorithm': 'AWS4-HMAC-SHA512'`
73	IncompleteSignature(/* message */ String),	3✔
74
75	/// The URI path includes invalid components. This can be a malformed hex encoding (e.g. `%0J`), a non-absolute
76	/// URI path (`foo/bar`), or a URI path that attempts to navigate above the root (`/x/../../../y`).
77	InvalidURIPath(/* message */ String),	×
78
79	/// A query parameter was malformed -- the value could not be decoded as UTF-8, or the parameter was empty and
80	/// this is not allowed (e.g. a signature parameter), or the parameter could not be parsed (e.g., the `X-Amz-Date`
81	/// parameter is not a valid date).
82	///
83	/// `Incomplete trailing escape % sequence`
84	MalformedQueryString(/* message */ String),	×
85
86	/// The request must contain either a valid (registered) AWS access key ID or X.509 certificate. Sample messages:
87	/// `Request is missing Authentication Token`
88	MissingAuthenticationToken(/* message */ String),	×
89
90	/// Signature did not match the calculated signature value.
91	/// Example messages:
92	/// `The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.`
93	/// `Signature expired: 20210502T144040Z is now earlier than 20210502T173143Z (20210502T174643Z - 15 min.)`
94	/// `Signature not yet current: 20210502T183640Z is still later than 20210502T175140Z (20210502T173640Z + 15 min.)`
95	SignatureDoesNotMatch(Option</* message */ String>),	×
96	}
97
98	impl SignatureError {
99	fn error_code(&self) -> &'static str {	38✔
100	match self {	38✔
101	Self::ExpiredToken(_) => ERR_CODE_EXPIRED_TOKEN,	1✔
102	Self::IO(_) \| Self::InternalServiceError(_) => ERR_CODE_INTERNAL_FAILURE,	3✔
103	Self::InvalidBodyEncoding(_) => ERR_CODE_INVALID_BODY_ENCODING,	1✔
104	Self::InvalidClientTokenId(_) => ERR_CODE_INVALID_CLIENT_TOKEN_ID,	2✔
105	Self::InvalidContentType(_) => ERR_CODE_INVALID_CONTENT_TYPE,	1✔
106	Self::InvalidRequestMethod(_) => ERR_CODE_INVALID_REQUEST_METHOD,	1✔
107	Self::IncompleteSignature(_) => ERR_CODE_INCOMPLETE_SIGNATURE,	9✔
108	Self::InvalidURIPath(_) => ERR_CODE_INVALID_URI_PATH,	2✔
109	Self::MalformedQueryString(_) => ERR_CODE_MALFORMED_QUERY_STRING,	2✔
110	Self::MissingAuthenticationToken(_) => ERR_CODE_MISSING_AUTHENTICATION_TOKEN,	1✔
111	Self::SignatureDoesNotMatch(_) => ERR_CODE_SIGNATURE_DOES_NOT_MATCH,	15✔
112	}
113	}	38✔
114
115	fn http_status(&self) -> StatusCode {	37✔
116	match self {	37✔
117	Self::IncompleteSignature(_)
118	\| Self::InvalidBodyEncoding(_)
119	\| Self::InvalidRequestMethod(_)
120	\| Self::InvalidURIPath(_)
121	\| Self::MalformedQueryString(_)
122	\| Self::MissingAuthenticationToken(_) => StatusCode::BAD_REQUEST,	15✔
123	Self::IO(_) \| Self::InternalServiceError(_) => StatusCode::INTERNAL_SERVER_ERROR,	3✔
124	_ => StatusCode::FORBIDDEN,	19✔
125	}
126	}	37✔
127	}
128
129	impl ServiceError for SignatureError {
130	fn error_code(&self) -> &'static str {	34✔
131	SignatureError::error_code(self)	34✔
132	}	34✔
133
134	fn http_status(&self) -> StatusCode {	34✔
135	SignatureError::http_status(self)	34✔
136	}	34✔
137	}
138
139	impl Display for SignatureError {
140	fn fmt(&self, f: &mut Formatter) -> FmtResult {	69✔
141	match self {	69✔
142	Self::ExpiredToken(msg) => f.write_str(msg),	2✔
143	Self::IO(ref e) => Display::fmt(e, f),	2✔
144	Self::InternalServiceError(ref e) => Display::fmt(e, f),	1✔
145	Self::InvalidBodyEncoding(msg) => f.write_str(msg),	1✔
146	Self::InvalidClientTokenId(msg) => f.write_str(msg),	4✔
147	Self::InvalidContentType(msg) => f.write_str(msg),	1✔
148	Self::InvalidRequestMethod(msg) => f.write_str(msg),	1✔
149	Self::IncompleteSignature(msg) => f.write_str(msg),	20✔
150	Self::InvalidURIPath(msg) => f.write_str(msg),	7✔
151	Self::MalformedQueryString(msg) => f.write_str(msg),	3✔
152	Self::MissingAuthenticationToken(msg) => f.write_str(msg),	2✔
153	Self::SignatureDoesNotMatch(msg) => {	25✔
154	if let Some(msg) = msg {	25✔
155	f.write_str(msg)	24✔
156	} else {
157	Ok(())	1✔
158	}
159	}
160	}
161	}	69✔
162	}
163
164	impl Error for SignatureError {
165	fn source(&self) -> Option<&(dyn Error + 'static)> {	43✔
166	match self {	43✔
167	Self::IO(ref e) => Some(e),	1✔
168	_ => None,	42✔
169	}
170	}	43✔
171	}
172
173	impl From<IOError> for SignatureError {
174	fn from(e: IOError) -> SignatureError {	1✔
175	SignatureError::IO(e)	1✔
176	}	1✔
177	}
178
179	impl From<Box<dyn Error + Send + Sync>> for SignatureError {
180	fn from(e: Box<dyn Error + Send + Sync>) -> SignatureError {	2✔
181	match e.downcast::<SignatureError>() {	2✔
182	Ok(sig_err) => *sig_err,	1✔
183	Err(e) => SignatureError::InternalServiceError(e),	1✔
184	}
185	}	2✔
186	}
187
188	#[cfg(test)]
189	mod tests {
190	use {crate::SignatureError, std::error::Error};
191
192	#[test_log::test]	5✔
193	fn test_from() {	1✔
194	// This just exercises a few codepaths that aren't usually exercised.
195	let utf8_error = Box::new(String::from_utf8(b"\x80".to_vec()).unwrap_err());	1✔
196	let e: SignatureError = (utf8_error as Box<dyn Error + Send + Sync + 'static>).into();	1✔
197	assert_eq!(e.error_code(), "InternalFailure");	1✔
198	assert_eq!(e.http_status(), 500);	1✔
199
200	let e = SignatureError::MalformedQueryString("foo".to_string());	1✔
201	let e2 = SignatureError::from(Box::new(e) as Box<dyn Error + Send + Sync + 'static>);	1✔
202	assert_eq!(e2.to_string(), "foo");	1✔
203	assert_eq!(e2.error_code(), "MalformedQueryString");	1✔
204
205	let e = SignatureError::InvalidContentType("Invalid content type: image/jpeg".to_string());	1✔
206	assert_eq!(e.error_code(), "InvalidContentType");	1✔
207	assert_eq!(e.http_status(), 403); // Should be 400, but AWS returns 403.	1✔
208	assert_eq!(format!("{}", e), "Invalid content type: image/jpeg");	1✔
209
210	let e = SignatureError::InvalidRequestMethod("Invalid request method: DELETE".to_string());	1✔
211	assert_eq!(e.error_code(), "InvalidRequestMethod");	1✔
212	assert_eq!(e.http_status(), 400);	1✔
213	assert_eq!(format!("{}", e), "Invalid request method: DELETE");	1✔
214	}	1✔
215	}

dacut / scratchstack-aws-signature / 9945421627

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous