aboutsummaryrefslogtreecommitdiff
path: root/src/api/signature
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-05-13 15:04:53 +0200
committerAlex Auvolat <alex@adnab.me>2022-05-13 15:04:53 +0200
commit96b11524d53b3616a28f33e2b057655be1639f6f (patch)
tree324a8a9624c5b861fb5a09b0ae0e0c07f6b9614c /src/api/signature
parentc0fb9fd0fe553e5eda39dcb1a09f059bcd631b6c (diff)
downloadgarage-96b11524d53b3616a28f33e2b057655be1639f6f.tar.gz
garage-96b11524d53b3616a28f33e2b057655be1639f6f.zip
Error refactoring
Diffstat (limited to 'src/api/signature')
-rw-r--r--src/api/signature/mod.rs2
-rw-r--r--src/api/signature/payload.rs14
-rw-r--r--src/api/signature/streaming.rs6
3 files changed, 12 insertions, 10 deletions
diff --git a/src/api/signature/mod.rs b/src/api/signature/mod.rs
index 5646f4fa..e3554080 100644
--- a/src/api/signature/mod.rs
+++ b/src/api/signature/mod.rs
@@ -16,7 +16,7 @@ type HmacSha256 = Hmac<Sha256>;
pub fn verify_signed_content(expected_sha256: Hash, body: &[u8]) -> Result<(), Error> {
if expected_sha256 != sha256sum(body) {
- return Err(Error::BadRequest(
+ return Err(Error::bad_request(
"Request content hash does not match signed hash".to_string(),
));
}
diff --git a/src/api/signature/payload.rs b/src/api/signature/payload.rs
index 9137dd2d..52c4d401 100644
--- a/src/api/signature/payload.rs
+++ b/src/api/signature/payload.rs
@@ -105,7 +105,7 @@ fn parse_authorization(
let (auth_kind, rest) = authorization.split_at(first_space);
if auth_kind != "AWS4-HMAC-SHA256" {
- return Err(Error::BadRequest("Unsupported authorization method".into()));
+ return Err(Error::bad_request("Unsupported authorization method"));
}
let mut auth_params = HashMap::new();
@@ -129,10 +129,11 @@ fn parse_authorization(
let date = headers
.get("x-amz-date")
.ok_or_bad_request("Missing X-Amz-Date field")
+ .map_err(Error::from)
.and_then(|d| parse_date(d))?;
if Utc::now() - date > Duration::hours(24) {
- return Err(Error::BadRequest("Date is too old".to_string()));
+ return Err(Error::bad_request("Date is too old".to_string()));
}
let auth = Authorization {
@@ -156,7 +157,7 @@ fn parse_query_authorization(
headers: &HashMap<String, String>,
) -> Result<Authorization, Error> {
if algorithm != "AWS4-HMAC-SHA256" {
- return Err(Error::BadRequest(
+ return Err(Error::bad_request(
"Unsupported authorization method".to_string(),
));
}
@@ -179,10 +180,10 @@ fn parse_query_authorization(
.get("x-amz-expires")
.ok_or_bad_request("X-Amz-Expires not found in query parameters")?
.parse()
- .map_err(|_| Error::BadRequest("X-Amz-Expires is not a number".to_string()))?;
+ .map_err(|_| Error::bad_request("X-Amz-Expires is not a number".to_string()))?;
if duration > 7 * 24 * 3600 {
- return Err(Error::BadRequest(
+ return Err(Error::bad_request(
"X-Amz-Exprires may not exceed a week".to_string(),
));
}
@@ -190,10 +191,11 @@ fn parse_query_authorization(
let date = headers
.get("x-amz-date")
.ok_or_bad_request("Missing X-Amz-Date field")
+ .map_err(Error::from)
.and_then(|d| parse_date(d))?;
if Utc::now() - date > Duration::seconds(duration) {
- return Err(Error::BadRequest("Date is too old".to_string()));
+ return Err(Error::bad_request("Date is too old".to_string()));
}
Ok(Authorization {
diff --git a/src/api/signature/streaming.rs b/src/api/signature/streaming.rs
index ded9d993..6c326c54 100644
--- a/src/api/signature/streaming.rs
+++ b/src/api/signature/streaming.rs
@@ -87,7 +87,7 @@ fn compute_streaming_payload_signature(
let mut hmac = signing_hmac.clone();
hmac.update(string_to_sign.as_bytes());
- Hash::try_from(&hmac.finalize().into_bytes()).ok_or_internal_error("Invalid signature")
+ Ok(Hash::try_from(&hmac.finalize().into_bytes()).ok_or_internal_error("Invalid signature")?)
}
mod payload {
@@ -163,10 +163,10 @@ impl From<SignedPayloadStreamError> for Error {
match err {
SignedPayloadStreamError::Stream(e) => e,
SignedPayloadStreamError::InvalidSignature => {
- Error::BadRequest("Invalid payload signature".into())
+ Error::bad_request("Invalid payload signature")
}
SignedPayloadStreamError::Message(e) => {
- Error::BadRequest(format!("Chunk format error: {}", e))
+ Error::bad_request(format!("Chunk format error: {}", e))
}
}
}