errors

var ErrAuthenticationFailed = errors.NewError("authentication failed")

ErrAuthenticationFailed is raised whenever authentication has either failed or the credentials have timed out when using the HTTP client backend.

var ErrCreatingCipher = errors.NewError("could not create new cipher")

ErrCreatingCipher is typically returned when initializing a cipher fails. As we only use AES in this package, this is most likely due to key length errors, which should be either 16 (AES-128), 24 (AES-192), or 32 (AES-256) bytes. See https://golang.ir/pkg/crypto/aes/

var ErrCreatingCompositeKey = errors.NewError("could not create composite key")

ErrCreatingCompositeKey is returned whenever the storage backend cannot create the requested composite key for whatever reason. This error should be drilled down to determine the underlying cause from the driver.

var ErrCreatingEngine = errors.NewError("error creating engine")

ErrCreatingEngine is return when a crypto engine cannot be created. This error should typically not be returned through most use cases, but it is likely to appear if an implementer does not properly adhere to the interfaces defined in api.go and one of the related convenience New* methods fails to cast it to the appropriate interface.

var ErrCreatingIV = errors.NewError("could not create initialization vector")

ErrCreatingIV is typically returned when an encryption call cannot create the initialization vector. This may be due to incorrect block size or padding and may be implementation dependent. If this error is returned, it may be necessary to examine the type of block cipher in use (typically AES) as it may not be compliant with our use case.

var ErrCreatingKey = errors.NewError("could not create key or subkey")

ErrCreatingKey is returned whenever a new derived key or subkey cannot be generated. This may be due to problems bubbling up from the underlying OS and insufficient entropy provided to api.GenerateKeyData.

var ErrCreatingKeyRing = errors.NewError("could not create key ring for key storage")

ErrCreatingKeyRing is returned whenever a new key ring for key containment cannot be created. This may be due to problems bubbling up from the underlying OS, such as file system errors (permissions, space constraints) or due to the storage backend. This error may wrap others and may require drill down to isolate the source.

var ErrCreatingStorage = errors.NewError("error creating storage")

ErrCreatingStorage is returned when an error occurs during storage creation. The reasons for this are legion and the specific errors must be extricated via error drill-down. Individual storage backends will return unique messages.

var ErrDecoding = errors.NewError("base64 decoding error")

ErrDecoding is returned when a base64 decoding error occurs. Drilling down into this will typically yield why the error occurred in the first place (see Error.OriginalError).

var ErrDeleted = errors.NewError("deleted")

ErrDeleted is returned typically after an interactive key has been deleted and a caller attempts to call other methods on the key.

var ErrEncoding = errors.NewError("base64 encoding error")

ErrEncoding is returned when a base64 encoding error occurs. Drilling down into this will typically yield the source of the error in the encoder.

var ErrEndpointNotFound = errors.NewError("endpoint not found (404)")

ErrEndpointNotFound is returned if the client attempts to request an endpoing that returns a 404 Not Found. This is almost certainly due to a misconfiguration or an API bug.

var ErrEphemeralKey = errors.NewError("cannot save or otherwise store ephemeral keys; use NewKey() or similar to create a key suitable for storage")

ErrEphemeralKey is returned whenever an attempt is made to store keys that have been created directly by using `&api.Key{}` rather than any of the helper functions.

var ErrGeneratingKey = errors.NewError("error generating key")

ErrGeneratingKey is typically returned when an error occurs generating the key. This is usually the result of a failure during entropy collection but may have other pathologies.

var ErrInvalidChallengeRequest = errors.NewError("invalid challenge request")

ErrInvalidChallengeRequest is returned if a challenge cannot be created given the nature of the current request. This may be due to a failure to retrieve the account ID and key ring key from backend storage, an incorrect ID submitted to the backend, or a failure during the challenge encoding process.

The nature of this error is intentionally vague to reduce attack surface with timing attacks.

var ErrInvalidFile = errors.NewError("invalid file or file pointer")

ErrInvalidFile is returned when an attempt is made to act on a file that doesn't exist or a file pointer that is invalid.

var ErrInvalidIVSize = errors.NewError("invalid initialization vector size")

ErrInvalidIVSize is returned if a size of zero (0) is requested from IV generators.

var ErrInvalidKey = errors.NewError("invalid key")

ErrInvalidKey is returned when an attempt is made to read a key store but no valid keys are found.

var ErrInvalidKeyRing = errors.NewError("invalid key ring")

ErrInvalidKeyRing is returned whenever a key ring or key ring name is not valid. This can be empty key rings or may be raised due to other errors.

var ErrInvalidNamespace = errors.NewError("invalid namespace")

ErrInvalidNamespace is returned if a namespace has no parent namespace and defines itself as a name other than the accepted parent namespaces of "__global__" or "__namespace__", suggesting it is an imposter.

var ErrInvalidPatchSet = errors.NewError("invalid patchset specified")

ErrInvalidPatchSet is returned whenever a PATCH is submitted that is either malformed or contains inappropriate instructions.

var ErrInvalidRequest = errors.NewError("invalid request made to remote host (400)")

ErrInvalidRequest is returned if the server responds with a 400 Bad Request. This is usually due to either a problem with the client (possible misconfiguration) or an API change has rendered the server unable to understand the client's request.

var ErrInvalidStorageType = errors.NewError("invalid storage type or type cast")

ErrInvalidStorageType is typically returned whenever an attempt was made to return a storage type that has been type casted to one of the storage APIs and the cast has failed.

var ErrInvalidValue = errors.NewError("invalid value")

ErrInvalidValue is typically returned when processing client-provided values. For the server, this means anything that's submitted during key creation or upddate that cannot be parsed. In such cases, the server refuses to interpolate client queries and presumes the remaining data is also incorrect.

var ErrIsNotComposite = errors.NewError("key is not a composite key")

ErrIsNotComposite is returned whenever a key is requested for decoding that is not a composite key.

var ErrJSONDecoding = errors.NewError("JSON decoding error")

ErrJSONDecoding is returned when the JSON marshaler returns an error.

var ErrJSONEncoding = errors.NewError("JSON encoding error")

ErrJSONEncoding is returned when the JSON marshaler returns an error. Drilling down into this error will yield the reason for the failure.

var ErrKeyExists = errors.NewError("key exists")

ErrKeyExists is returned if an attempt is made to re-create a key that already exists. Not all methods may return this, and as of this writing, only Manager.Create() returns this if an attempt is made to create a key that already exists.

var ErrKeyRingExists = errors.NewError("key ring exists")

ErrKeyRingExists is returned when an attempt is made to overwrite an already existing key ring.

var ErrKeySizeMismatch = errors.NewError("key sizes are mismatched")

ErrKeySizeMismatch is returned when a key replacement is attempted with a key that does not match the length of the prior key.

var ErrKeyTooLong = errors.NewError("key is too long")

ErrKeyTooLong is returned whenever an attempt is made to define a key that exceeds the `MaxKeySize` defined in api/types.go.

var ErrListingKeys = errors.NewError("could not generate a list of keys from key ring")

ErrListingKeys is returned if an attempt to list keys associated with a given key ring fails.

var ErrMethodNotAllowed = errors.NewError("inappropriate method, path, or request combination to serverr (405)")

var ErrMissingVersion = errors.NewError("specified version does not exist")

ErrMissingVersion is returned if an attempt is made to read a key version that doesn't exist.

var ErrNoSuchAccount = errors.NewError("no accounts exist on this system")

ErrNoSuchAccount is returned whenever an account is requested that does not exist or whenever the system is running in single-user occupancy mode.

var ErrNoSuchBackend = errors.NewError("no such storage backend")

ErrNoSuchBackend is returned whenever the storage loader is requested to load a storage backend that either hasn't been compiled with this version of KeyStar (see build tags) or doesn't exist.

var ErrNoSuchKey = errors.NewError("no such key exists")

ErrNoSuchKey is returned if the storage backend is unable to locate the requested key.

var ErrNoSuchKeyRing = errors.NewError("no such key ring found")

ErrNoSuchKeyRing is returned if the storage backend is unable to locate the requested key ring.

var ErrNoSuchNamespace = errors.NewError("no such namespace exists")

ErrNoSuchNamespace is returned if the requested namespace doesn't exist. This is generally thrown from global namespaces or account namespaces when a request is made for one that either hasn't been created or never existed.

var ErrNoValidKeys = errors.NewError("no valid keys found")

ErrNoValidKeys is returned when no valid key or keys could be located for the given request. This is typically the case if a JSON response is prepared but no keys were passed in via the encodable.

var ErrNotACompositeKey = errors.NewError("not a composite key")

ErrNotACompositeKey is returned if the requested key is not a composite key type.

var ErrNotAuthorized = errors.NewError("client not authorized for this server (401)")

ErrNotAuthorized is returned whenever the server responds with a 401 Unauthorized, usually indicating that the client is not authorized to access the requested endpoint. If the client has been authenticated, this may indicate that the client's challenge-response key is understood but no longer valid.

var ErrNotImplemented = errors.NewError("not implemented")

ErrNotImplemented is returned whenever a feature is requested that isn't implemented or has been disabled due to the implementation not being complete.

var ErrOpeningFile = errors.NewError("error opening file")

ErrOpeningFile is returned whenever a file pointer is opened but the attempt fails. This may be due to file system errors, out-of-space errors, permissions, or many other potential causes. The underlying cause may require a drill-down to isolate.

var ErrPatchReplaceFailed = errors.NewError("PATCH replace failed; see additional error")

ErrPatchReplaceFailed is returned if a PATCH request is submitted for replacing a key ring component but fails due either to an invalid path or an inability to parse the value provided by the client.

var ErrPatchTestFailed = errors.NewError("PATCH test failed")

ErrPatchTestFailed is returned if a PATCH request is submitted that fails a test. Test failure is determined by the PATCH verb "test" as compared to internal values for a given key ring.

var ErrReadingKey = errors.NewError("error reading or decoding key")

ErrReadingKey is returned if a key read or decode process fails.

var ErrReadingKeyRing = errors.NewError("error reading or decoding key ring")

ErrReadingKeyRing is returned whenever a failure occurs while attempting to read a key ring from its backend storage.

var ErrReadingKeyStorage = errors.NewError("error reading key storage")

ErrReadingKeyStorage is returned when the storage backend is unable to read either the key or the storage host. For file system-related errors, this may be due to the directory or key being inaccessible. Drilling down into the original error may be necessary to better understand the cause of the error.

var ErrReadingResponse = errors.NewError("error occurred reading client response")

ErrReadingResponse is returned whenever a client is unable to read the response sent by the server.

var ErrRemovingKey = errors.NewError("error removing key")

ErrRemovingKey is returned whenever the storage backend cannot remove the key. The nature of this error depends on the storage backend: For file system storage, key removal may fail if any of the individual key versions or key directories contain permissions prohibiting removal. For other storage backends, this may indicate a driver error.

var ErrRemovingKeyRing = errors.NewError("error removing key ring")

ErrRemovingKeyRing is returned whenever removal of a key ring fails either due to a backend failure or other related condition. This error will typically wrap other errors that explain the condition in more detail.

var ErrRemovingVersion = errors.NewError("error removing version")

ErrRemovingVersion is returned whenever the storage backend cannot remove a [key, verison] tuple.

var ErrRequest = errors.NewError("error occurred during HTTP request")

ErrRequest is returned by KeyStar HTTP clients if a connection error (such as a timeout) occurs.

var ErrResourceExists = errors.NewError("requested resource already exists on remote host (409)")

ErrResourceExists is returned whenever the server responds with a 409 Conflict, suggestive that the resource has already been created on the server.

var ErrRotatingKey = errors.NewError("error rotating key(s)")

ErrRotatingKey is returned whenever a key rotation has failed. This is typically returned from the key ring interface and wraps the actual underlying cause.

var ErrSerializationFailed = errors.NewError("payload serialization failed")

ErrSerializationFailed is returned whenever a payload serialization is attempted but fails.

var ErrServerFailed = errors.NewError("server reported failure (500)")

ErrServerFailed is returned whenever the server returns a 500 Internal Server Error which usually indicates that the server is not presently responding to requests, and in KeyStar's case, usually indicates the server's backend storage is not responding, full, or misconfigured.

var ErrStorageReadWrite = errors.NewError("error reading or writing to storage")

ErrStorageReadWrite is returned whenever a storage subsystem cannot be read from or written to. Drill-down is required to determine the cause of the error.

var ErrStorageUnspecified = errors.NewError("no storage location or connection specified")

ErrStorageUnspecified is returned whenever a storage subsystem was requested or initialized but it was not configured with a connection string or other required field.

var ErrUpdatingKeyRing = errors.NewError("could not update key ring")

ErrUpdatingKeyRing should be returned whenever AddSecret() is called with an existing secret and it both a) exists on the configured backend storage and b) cannot be updated in place.

var ErrValidatingError = errors.NewError("error validation failed")

ErrValidatingError is returned when no other error paths can be deduced to appropriately handle error type assertions. This shouldn't normally occur unless there is a programmatic mistake in KeyStar.

var ErrWritingKey = errors.NewError("error writing key")

ErrWritingKey is returned when an error occurs writing a key to the storage backend. Drilling down into the error will yield more specific error conditions based on the backend type.

var ErrWritingVersion = errors.NewError("error writing version information")

ErrWritingVersion is returned when an error occurs writing version information to the storage backend.