21381490491

Committed 27 Jan 2026 01:54AM UTC coverage: 96.943% (+0.07%) from 96.873%

Build # 21381490491

Build Type

push

github

Committed by

dacut

Commit Message

Fix dead code warnings

Run Details

1681 of 1734 relevant lines covered (96.94%)

195.55 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

91.94

/src/error.rs

use {
    crate::constants::*,
    http::status::StatusCode,
    scratchstack_errors::ServiceError,
    std::{
        error::Error,
        fmt::{Display, Formatter, Result as FmtResult},
        io::Error as IOError,
    },
};

/// Error returned when an attempt at validating an AWS SigV4 signature fails.
#[derive(Debug)]
#[non_exhaustive]
pub enum SignatureError {
    /// The security token included with the request is expired.
    ExpiredToken(/* message */ String),

    /// Validation failed due to an underlying I/O error.
    IO(IOError),

    /// Validation failed due to an internal service error.
    InternalServiceError(Box<dyn Error + Send + Sync>),

    /// The request body used an unsupported character set encoding. Currently only UTF-8 is supported.
    InvalidBodyEncoding(/* message */ String),

    /// The AWS access key provided does not exist in our records.
    InvalidClientTokenId(/* message */ String),

    /// The content-type of the request is unsupported.
    InvalidContentType(/* message */ String),

    /// Invalid request method.
    InvalidRequestMethod(/* message */ String),

    /// The request signature does not conform to AWS standards. Sample messages:  
    /// `Authorization header requires 'Credential' parameter. Authorization=...`  
    /// `Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header.`  
    /// `Date must be in ISO-8601 'basic format'. Got '...'. See http://en.wikipedia.org/wiki/ISO_8601`  
    /// `Unsupported AWS 'algorithm': 'AWS4-HMAC-SHA512'`
    IncompleteSignature(/* message */ String),

    /// The URI path includes invalid components. This can be a malformed hex encoding (e.g. `%0J`), a non-absolute
    /// URI path (`foo/bar`), or a URI path that attempts to navigate above the root (`/x/../../../y`).
    InvalidURIPath(/* message */ String),

    /// A query parameter was malformed -- the value could not be decoded as UTF-8, or the parameter was empty and
    /// this is not allowed (e.g. a signature parameter), or the parameter could not be parsed (e.g., the `X-Amz-Date`
    /// parameter is not a valid date).
    ///
    /// `Incomplete trailing escape % sequence`
    MalformedQueryString(/* message */ String),

    /// The request must contain either a valid (registered) AWS access key ID or X.509 certificate. Sample messages:  
    /// `Request is missing Authentication Token`  
    MissingAuthenticationToken(/* message */ String),

    /// Signature did not match the calculated signature value.
    /// Example messages:  
    /// `The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.`  
    /// `Signature expired: 20210502T144040Z is now earlier than 20210502T173143Z (20210502T174643Z - 15 min.)`  
    /// `Signature not yet current: 20210502T183640Z is still later than 20210502T175140Z (20210502T173640Z + 15 min.)`
    SignatureDoesNotMatch(Option</* message */ String>),
}

impl SignatureError {
    fn error_code(&self) -> &'static str {
        match self {
            Self::ExpiredToken(_) => ERR_CODE_EXPIRED_TOKEN,
            Self::IO(_) | Self::InternalServiceError(_) => ERR_CODE_INTERNAL_FAILURE,
            Self::InvalidBodyEncoding(_) => ERR_CODE_INVALID_BODY_ENCODING,
            Self::InvalidClientTokenId(_) => ERR_CODE_INVALID_CLIENT_TOKEN_ID,
            Self::InvalidContentType(_) => ERR_CODE_INVALID_CONTENT_TYPE,
            Self::InvalidRequestMethod(_) => ERR_CODE_INVALID_REQUEST_METHOD,
            Self::IncompleteSignature(_) => ERR_CODE_INCOMPLETE_SIGNATURE,
            Self::InvalidURIPath(_) => ERR_CODE_INVALID_URI_PATH,
            Self::MalformedQueryString(_) => ERR_CODE_MALFORMED_QUERY_STRING,
            Self::MissingAuthenticationToken(_) => ERR_CODE_MISSING_AUTHENTICATION_TOKEN,
            Self::SignatureDoesNotMatch(_) => ERR_CODE_SIGNATURE_DOES_NOT_MATCH,
        }
    }

    fn http_status(&self) -> StatusCode {
        match self {
            Self::IncompleteSignature(_)
            | Self::InvalidBodyEncoding(_)
            | Self::InvalidRequestMethod(_)
            | Self::InvalidURIPath(_)
            | Self::MalformedQueryString(_)
            | Self::MissingAuthenticationToken(_) => StatusCode::BAD_REQUEST,
            Self::IO(_) | Self::InternalServiceError(_) => StatusCode::INTERNAL_SERVER_ERROR,
            _ => StatusCode::FORBIDDEN,
        }
    }
}

impl ServiceError for SignatureError {
    fn error_code(&self) -> &'static str {
        SignatureError::error_code(self)
    }

    fn http_status(&self) -> StatusCode {
        SignatureError::http_status(self)
    }
}

impl Display for SignatureError {
    fn fmt(&self, f: &mut Formatter) -> FmtResult {
        match self {
            Self::ExpiredToken(msg) => f.write_str(msg),
            Self::IO(ref e) => Display::fmt(e, f),
            Self::InternalServiceError(ref e) => Display::fmt(e, f),
            Self::InvalidBodyEncoding(msg) => f.write_str(msg),
            Self::InvalidClientTokenId(msg) => f.write_str(msg),
            Self::InvalidContentType(msg) => f.write_str(msg),
            Self::InvalidRequestMethod(msg) => f.write_str(msg),
            Self::IncompleteSignature(msg) => f.write_str(msg),
            Self::InvalidURIPath(msg) => f.write_str(msg),
            Self::MalformedQueryString(msg) => f.write_str(msg),
            Self::MissingAuthenticationToken(msg) => f.write_str(msg),
            Self::SignatureDoesNotMatch(msg) => {
                if let Some(msg) = msg {
                    f.write_str(msg)
                } else {
                    Ok(())
                }
            }
        }
    }
}

impl Error for SignatureError {
    fn source(&self) -> Option<&(dyn Error + 'static)> {
        match self {
            Self::IO(ref e) => Some(e),
            _ => None,
        }
    }
}

impl From<IOError> for SignatureError {
    fn from(e: IOError) -> SignatureError {
        SignatureError::IO(e)
    }
}

impl From<Box<dyn Error + Send + Sync>> for SignatureError {
    fn from(e: Box<dyn Error + Send + Sync>) -> SignatureError {
        match e.downcast::<SignatureError>() {
            Ok(sig_err) => *sig_err,
            Err(e) => SignatureError::InternalServiceError(e),
        }
    }
}

/// Error returned by `KSecretKey::from_str` when the secret key cannot fit in the expected size.
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
pub enum KeyLengthError {
    /// The key is too long.
    TooLong,
    /// The key is too short.
    TooShort,
}

impl Display for KeyLengthError {
    fn fmt(&self, f: &mut Formatter) -> FmtResult {
        match self {
            KeyLengthError::TooLong => f.write_str(ERR_MSG_KEY_TOO_LONG),
            KeyLengthError::TooShort => f.write_str(ERR_MSG_KEY_TOO_SHORT),
        }
    }
}

impl Error for KeyLengthError {}

#[cfg(test)]
mod tests {
    use {crate::SignatureError, std::error::Error};

    #[test_log::test]
    fn test_from() {
        // This just exercises a few codepaths that aren't usually exercised.
        let utf8_error = Box::new(String::from_utf8(b"\x80".to_vec()).unwrap_err());
        let e: SignatureError = (utf8_error as Box<dyn Error + Send + Sync + 'static>).into();
        assert_eq!(e.error_code(), "InternalFailure");
        assert_eq!(e.http_status(), 500);

        let e = SignatureError::MalformedQueryString("foo".to_string());
        let e2 = SignatureError::from(Box::new(e) as Box<dyn Error + Send + Sync + 'static>);
        assert_eq!(e2.to_string(), "foo");
        assert_eq!(e2.error_code(), "MalformedQueryString");

        let e = SignatureError::InvalidContentType("Invalid content type: image/jpeg".to_string());
        assert_eq!(e.error_code(), "InvalidContentType");
        assert_eq!(e.http_status(), 403); // Should be 400, but AWS returns 403.
        assert_eq!(format!("{}", e), "Invalid content type: image/jpeg");

        let e = SignatureError::InvalidRequestMethod("Invalid request method: DELETE".to_string());
        assert_eq!(e.error_code(), "InvalidRequestMethod");
        assert_eq!(e.http_status(), 400);
        assert_eq!(format!("{}", e), "Invalid request method: DELETE");
    }
}

1	use {
2	crate::constants::*,
3	http::status::StatusCode,
4	scratchstack_errors::ServiceError,
5	std::{
6	error::Error,
7	fmt::{Display, Formatter, Result as FmtResult},
8	io::Error as IOError,
9	},
10	};
11
12	/// Error returned when an attempt at validating an AWS SigV4 signature fails.
13	#[derive(Debug)]
14	#[non_exhaustive]
15	pub enum SignatureError {
16	/// The security token included with the request is expired.
17	ExpiredToken(/* message */ String),
18
19	/// Validation failed due to an underlying I/O error.
20	IO(IOError),
21
22	/// Validation failed due to an internal service error.
23	InternalServiceError(Box<dyn Error + Send + Sync>),
24
25	/// The request body used an unsupported character set encoding. Currently only UTF-8 is supported.
26	InvalidBodyEncoding(/* message */ String),
27
28	/// The AWS access key provided does not exist in our records.
29	InvalidClientTokenId(/* message */ String),
30
31	/// The content-type of the request is unsupported.
32	InvalidContentType(/* message */ String),
33
34	/// Invalid request method.
35	InvalidRequestMethod(/* message */ String),
36
37	/// The request signature does not conform to AWS standards. Sample messages:
38	/// `Authorization header requires 'Credential' parameter. Authorization=...`
39	/// `Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header.`
40	/// `Date must be in ISO-8601 'basic format'. Got '...'. See http://en.wikipedia.org/wiki/ISO_8601`
41	/// `Unsupported AWS 'algorithm': 'AWS4-HMAC-SHA512'`
42	IncompleteSignature(/* message */ String),
43
44	/// The URI path includes invalid components. This can be a malformed hex encoding (e.g. `%0J`), a non-absolute
45	/// URI path (`foo/bar`), or a URI path that attempts to navigate above the root (`/x/../../../y`).
46	InvalidURIPath(/* message */ String),
47
48	/// A query parameter was malformed -- the value could not be decoded as UTF-8, or the parameter was empty and
49	/// this is not allowed (e.g. a signature parameter), or the parameter could not be parsed (e.g., the `X-Amz-Date`
50	/// parameter is not a valid date).
51	///
52	/// `Incomplete trailing escape % sequence`
53	MalformedQueryString(/* message */ String),
54
55	/// The request must contain either a valid (registered) AWS access key ID or X.509 certificate. Sample messages:
56	/// `Request is missing Authentication Token`
57	MissingAuthenticationToken(/* message */ String),
58
59	/// Signature did not match the calculated signature value.
60	/// Example messages:
61	/// `The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.`
62	/// `Signature expired: 20210502T144040Z is now earlier than 20210502T173143Z (20210502T174643Z - 15 min.)`
63	/// `Signature not yet current: 20210502T183640Z is still later than 20210502T175140Z (20210502T173640Z + 15 min.)`
64	SignatureDoesNotMatch(Option</* message */ String>),
65	}
66
67	impl SignatureError {
68	fn error_code(&self) -> &'static str {	38✔
69	match self {	38✔
70	Self::ExpiredToken(_) => ERR_CODE_EXPIRED_TOKEN,	1✔
71	Self::IO(_) \| Self::InternalServiceError(_) => ERR_CODE_INTERNAL_FAILURE,	3✔
72	Self::InvalidBodyEncoding(_) => ERR_CODE_INVALID_BODY_ENCODING,	1✔
73	Self::InvalidClientTokenId(_) => ERR_CODE_INVALID_CLIENT_TOKEN_ID,	2✔
74	Self::InvalidContentType(_) => ERR_CODE_INVALID_CONTENT_TYPE,	1✔
75	Self::InvalidRequestMethod(_) => ERR_CODE_INVALID_REQUEST_METHOD,	1✔
76	Self::IncompleteSignature(_) => ERR_CODE_INCOMPLETE_SIGNATURE,	9✔
77	Self::InvalidURIPath(_) => ERR_CODE_INVALID_URI_PATH,	2✔
78	Self::MalformedQueryString(_) => ERR_CODE_MALFORMED_QUERY_STRING,	2✔
79	Self::MissingAuthenticationToken(_) => ERR_CODE_MISSING_AUTHENTICATION_TOKEN,	1✔
80	Self::SignatureDoesNotMatch(_) => ERR_CODE_SIGNATURE_DOES_NOT_MATCH,	15✔
81	}
82	}	38✔
83
84	fn http_status(&self) -> StatusCode {	37✔
85	match self {	37✔
86	Self::IncompleteSignature(_)
87	\| Self::InvalidBodyEncoding(_)
88	\| Self::InvalidRequestMethod(_)
89	\| Self::InvalidURIPath(_)
90	\| Self::MalformedQueryString(_)
91	\| Self::MissingAuthenticationToken(_) => StatusCode::BAD_REQUEST,	15✔
92	Self::IO(_) \| Self::InternalServiceError(_) => StatusCode::INTERNAL_SERVER_ERROR,	3✔
93	_ => StatusCode::FORBIDDEN,	19✔
94	}
95	}	37✔
96	}
97
98	impl ServiceError for SignatureError {
99	fn error_code(&self) -> &'static str {	34✔
100	SignatureError::error_code(self)	34✔
101	}	34✔
102
103	fn http_status(&self) -> StatusCode {	34✔
104	SignatureError::http_status(self)	34✔
105	}	34✔
106	}
107
108	impl Display for SignatureError {
109	fn fmt(&self, f: &mut Formatter) -> FmtResult {	69✔
110	match self {	69✔
111	Self::ExpiredToken(msg) => f.write_str(msg),	2✔
112	Self::IO(ref e) => Display::fmt(e, f),	2✔
113	Self::InternalServiceError(ref e) => Display::fmt(e, f),	1✔
114	Self::InvalidBodyEncoding(msg) => f.write_str(msg),	1✔
115	Self::InvalidClientTokenId(msg) => f.write_str(msg),	4✔
116	Self::InvalidContentType(msg) => f.write_str(msg),	1✔
117	Self::InvalidRequestMethod(msg) => f.write_str(msg),	1✔
118	Self::IncompleteSignature(msg) => f.write_str(msg),	20✔
119	Self::InvalidURIPath(msg) => f.write_str(msg),	7✔
120	Self::MalformedQueryString(msg) => f.write_str(msg),	3✔
121	Self::MissingAuthenticationToken(msg) => f.write_str(msg),	2✔
122	Self::SignatureDoesNotMatch(msg) => {	25✔
123	if let Some(msg) = msg {	25✔
124	f.write_str(msg)	24✔
125	} else {
126	Ok(())	1✔
127	}
128	}
129	}
130	}	69✔
131	}
132
133	impl Error for SignatureError {
134	fn source(&self) -> Option<&(dyn Error + 'static)> {	43✔
135	match self {	43✔
136	Self::IO(ref e) => Some(e),	1✔
137	_ => None,	42✔
138	}
139	}	43✔
140	}
141
142	impl From<IOError> for SignatureError {
143	fn from(e: IOError) -> SignatureError {	1✔
144	SignatureError::IO(e)	1✔
145	}	1✔
146	}
147
148	impl From<Box<dyn Error + Send + Sync>> for SignatureError {
149	fn from(e: Box<dyn Error + Send + Sync>) -> SignatureError {	2✔
150	match e.downcast::<SignatureError>() {	2✔
151	Ok(sig_err) => *sig_err,	1✔
152	Err(e) => SignatureError::InternalServiceError(e),	1✔
153	}
154	}	2✔
155	}
156
157	/// Error returned by `KSecretKey::from_str` when the secret key cannot fit in the expected size.
158	#[derive(Clone, Copy, Debug, Eq, PartialEq)]
159	pub enum KeyLengthError {
160	/// The key is too long.
161	TooLong,
162	/// The key is too short.
163	TooShort,
164	}
165
166	impl Display for KeyLengthError {
167	fn fmt(&self, f: &mut Formatter) -> FmtResult {	×
168	match self {	×
169	KeyLengthError::TooLong => f.write_str(ERR_MSG_KEY_TOO_LONG),	×
170	KeyLengthError::TooShort => f.write_str(ERR_MSG_KEY_TOO_SHORT),	×
171	}
172	}	×
173	}
174
175	impl Error for KeyLengthError {}
176
177	#[cfg(test)]
178	mod tests {
179	use {crate::SignatureError, std::error::Error};
180
181	#[test_log::test]
182	fn test_from() {
183	// This just exercises a few codepaths that aren't usually exercised.
184	let utf8_error = Box::new(String::from_utf8(b"\x80".to_vec()).unwrap_err());
185	let e: SignatureError = (utf8_error as Box<dyn Error + Send + Sync + 'static>).into();
186	assert_eq!(e.error_code(), "InternalFailure");
187	assert_eq!(e.http_status(), 500);
188
189	let e = SignatureError::MalformedQueryString("foo".to_string());
190	let e2 = SignatureError::from(Box::new(e) as Box<dyn Error + Send + Sync + 'static>);
191	assert_eq!(e2.to_string(), "foo");
192	assert_eq!(e2.error_code(), "MalformedQueryString");
193
194	let e = SignatureError::InvalidContentType("Invalid content type: image/jpeg".to_string());
195	assert_eq!(e.error_code(), "InvalidContentType");
196	assert_eq!(e.http_status(), 403); // Should be 400, but AWS returns 403.
197	assert_eq!(format!("{}", e), "Invalid content type: image/jpeg");
198
199	let e = SignatureError::InvalidRequestMethod("Invalid request method: DELETE".to_string());
200	assert_eq!(e.error_code(), "InvalidRequestMethod");
201	assert_eq!(e.http_status(), 400);
202	assert_eq!(format!("{}", e), "Invalid request method: DELETE");
203	}
204	}

dacut / scratchstack-aws-signature / 21381490491

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous