TWiki>
EMI Web>EmiProjectStructure>JRA1>EmiJra1>EmiJra1T4Security>EmiJra1T4SecurityCommonAuthNLib>EmiJra1T4CaNIErrorMsgs (2011-11-13, unknown)
EditAttachPDF
EMI Web>EmiProjectStructure>JRA1>EmiJra1>EmiJra1T4Security>EmiJra1T4SecurityCommonAuthNLib>EmiJra1T4CaNIErrorMsgs (2011-11-13, unknown) EditAttachPDFCommon error messages
To be discussed, extended, corrected. Currently only Java implementation's messages. Each error message consists of: error code (string, to be processed by the software), message (string, human readable), category (a coarse grained identifier of the error's class) and position (integer, position in chain which caused the error or -1 if the whole chain is affected). Sometimes errors require a dynamic parameters. Below is the list of codes and corresponding messages. For each code also the category is defined (using the convention code.category=CATEGORY_NAME). Dynamic parameters are marked as '{NUMBER}' and should be self-explanatory.
#
# Generic errors
#
unknown=Unknown error
unknown.category=OTHER
unknownMsg={0}
unknownMsg.category=OTHER
inputError=Input certificate chain processing error: {0}
inputError.category=GENERAL_INPUT
#
# Namespace related errors
#
nsUndefinedAndRequired=Namespace definition for the certificate issuer ({0}) is not defined, and namespaces are configured to be required.
nsUndefinedAndRequired.category=NAMESPACE
nsDeny=The certificate subject {0} is denied by the namespace policy: {1}
nsDeny.category=NAMESPACE
nsNotAccepted=The certificate subject {0} is not accepted by any rule of the the relevant namespace policies. Policies which matches the issuer are: {1}
nsNotAccepted.category=NAMESPACE
#
# Proxy certificate specific errors
#
proxyEECInChain=Certificate issued by an end-entity certificate or a proxy certificate is not a proxy proxy certificate.
proxyEECInChain.category=INCONSISTENT_PROXY_CHAIN
proxyLength=At the current position the proxy certificates chain exceeded its length limit.
proxyLength.category=INCONSISTENT_PROXY_CHAIN
proxyNoIssuer=Issuing end entity certificate was not found in the chain with proxy certificates.
proxyNoIssuer.category=INCONSISTENT_PROXY_CHAIN
proxyCASet=Proxy certificate has the cA field set
proxyCASet.category=INVALID_PROXY_CERT
proxyIssuerAltNameSet=Proxy certificate has the IssuerAlternativeName set
proxyIssuerAltNameSet.category=INVALID_PROXY_CERT
proxySubjectAltNameSet=Proxy certificate has the SubjectAlternativeName set
proxySubjectAltNameSet.category=INVALID_PROXY_CERT
proxyIssuedByCa=Proxy certificate issuer has the cA field set
proxyIssuedByCa.category=INCONSISTENT_PROXY_CHAIN
proxyNoIssuerSubject=Proxy certificate issuer has no Subject field set
proxyNoIssuerSubject.category=INVALID_PROXY_CERT
proxySubjectInconsistent=Proxy certificate issuer field is different than the issuing certificate subject field set.
proxySubjectInconsistent.category=INCONSISTENT_PROXY_CHAIN
proxyIssuerNoDsig=Proxy certificate issuer has no digital signature creation right
proxyIssuerNoDsig.category=INCONSISTENT_PROXY_CHAIN
proxySubjectOneRDN=The proxy certificate subject name has less then two elements
proxySubjectOneRDN.category=INVALID_PROXY_CERT
proxySubjectMultiLastRDN=The last RDN in proxy subject name is multivalued
proxySubjectMultiLastRDN.category=INVALID_PROXY_CERT
proxySubjectLastRDNNotCN=The last RDN in proxy subject name is not a CN
proxySubjectLastRDNNotCN.category=INVALID_PROXY_CERT
proxySubjectBaseWrong=The proxy subject without its last CN component is not equal to its issuer name
proxySubjectBaseWrong.category=INVALID_PROXY_CERT
#
# Regular X.509 path validation errors
#
noIssuerPublicKey=Trusted issuer of this certificate was not established
noIssuerPublicKey.category=X509_CHAIN
noBasicConstraints=The selected CA certificate does not contain the mandatory Basic Constraints extension
noBasicConstraints.category=X509_BASIC
pathLenghtExtended=Total chain length exceeds the limit
pathLenghtExtended.category=X509_CHAIN
conflictingTrustAnchors=More then one trusted CA certificate was found for the certificate chain
conflictingTrustAnchors.category=X509_CHAIN
noTrustAnchorFound=No trusted CA certificate was found for the certificate chain
noTrustAnchorFound.category=X509_CHAIN
trustButInvalidCert=CA certificate was found for the certificate chain but the initial certificate in chain is not issued (correctly signed) by the CA certificate
trustButInvalidCert.category=X509_CHAIN
signatureNotVerified=Unable to verify signature of certificates in the chain: {0}
signatureNotVerified.category=X509_BASIC
certificateNotYetValid=Certificate is not yet valid. Will be from: {0}
certificateNotYetValid.category=X509_BASIC
certificateExpired=Certificate has expired at: {0}
certificateExpired.category=X509_BASIC
noCACert=CA certificate was not found for the chain
noCACert.category=X509_CHAIN
noCertSign=Issuer of the certificate is not eligible to sign certificates as its certificate has no keyCertSign flag set in its KeyUsage extension.
noCertSign.category=X509_CHAIN
unknownCriticalExt=Unknown critical extension was found: {0}
unknownCriticalExt.category=X509_BASIC
certRevoked=Certificate was revoked at: {0}, the reason reported is: {1}
certRevoked.category=CRL
noBaseCRL=Base CRL for the delta CRL was not found
noBaseCRL.category=CRL
noValidCrlFound=No valid CRL was found for the CA which issued the chain
noValidCrlFound.category=CRL
For those errors, the human friendly messages were not yet prepared. Those errors should be rare. It will be improved over time, help is welcome!
certPathCheckerError certPathValidDate certWrongIssuer criticalExtensionError crlAuthInfoAccError crlBCExtError crlDistPoint crlDistPtExtError crlExtractionError crlIssuerException crlNbrExtError crlNoIssuerPublicKey crlOnlyAttrCert crlOnlyCaCert crlOnlyUserCert crlReasonExtError crlUpdateAvailable crlVerifyFailed deltaCrlExtError distrPtExtError emptyCertPath errorProcesingBC excludedDN excludedEmail excludedIP explicitPolicy invalidPolicy invalidPolicyMapping loadCrlDistPointError localInvalidCRL localValidCRL ncExtError ncSubjectNameError noCrlInCertstore noCrlSigningPermited notPermittedDN notPermittedEmail notPermittedIP notRevoked noValidPolicyTree ocspLocation onlineCRLWrongCA onlineInvalidCRL onlineValidCRL policyConstExtError policyExtError policyInhibitExtError policyMapExtError policyQualifierError processLengthConstError pubKeyError QcEuCompliance QcLimitValueAlpha QcLimitValueNum QcSSCD QcStatementExtError QcUnknownStatement revokedAfterValidation rootKeyIsValidButNotATrustAnchor signatureNotVerified subjAltNameExtError totalPathLength trustAnchorIssuerError trustDNInvalid trustPubKeyError unknown-- KrzysztofBenedyczak - 17-Oct-2011
EMI Web
News
Events
Procedures and Tools
Mailing Lists
Documents
Project Structure
Create New Topic
Index
Search
Changes
Statistics
- ABATBEA
- ACPP
- ADCgroup
- AEGIS
- AfricaMap
- AgileInfrastructure
- ALICE
- AliceEbyE
- AliceSPD
- AliceSSD
- AliceTOF
- AliFemto
- ALPHA
- Altair
- ArdaGrid
- ASACUSA
- AthenaFCalTBAna
- Atlas
- AtlasLBNL
- AXIALPET
- CAE
- CALICE
- CDS
- CENF
- CERNSearch
- CLIC
- Cloud
- CloudServices
- CMS
- Controls
- CTA
- CvmFS
- DB
- DefaultWeb
- DESgroup
- DPHEP
- DM-LHC
- DSSGroup
- EGEE
- EgeePtf
- ELFms
- EMI
- ETICS
- FIOgroup
- FlukaTeam
- Frontier
- Gaudi
- GeneratorServices
- GuidesInfo
- HardwareLabs
- HCC
- HEPIX
- ILCBDSColl
- ILCTPC
- IMWG
- Inspire
- IPv6
- IT
- ItCommTeam
- ITCoord
- ITdeptTechForum
- ITDRP
- ITGT
- ITSDC
- LAr
- LCG
- LCGAAWorkbook
- Leade
- LHCAccess
- LHCAtHome
- LHCb
- LHCgas
- LHCONE
- LHCOPN
- LinuxSupport
- Main
- Medipix
- Messaging
- MPGD
- NA49
- NA61
- NA62
- NTOF
- Openlab
- PDBService
- Persistency
- PESgroup
- Plugins
- PSAccess
- PSBUpgrade
- R2Eproject
- RCTF
- RD42
- RFCond12
- RFLowLevel
- ROXIE
- Sandbox
- SocialActivities
- SPI
- SRMDev
- SSM
- Student
- SuperComputing
- Support
- SwfCatalogue
- TMVA
- TOTEM
- TWiki
- UNOSAT
- Virtualization
- VOBox
- WITCH
- XTCA
 |
|
Copyright &© 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback