Refactors errors to use go 1.13 style

claims.go

@@ -2,8 +2,9 @@ package jwt
 
 import (
 	"crypto/subtle"
-	"fmt"
 	"time"
+
+	"github.com/hashicorp/go-multierror"
 )
 
 // Claims must just have a Valid method that determines
@@ -49,32 +50,32 @@ type RegisteredClaims struct {
 // As well, if any of the above claims are not in the token, it will still
 // be considered a valid claim.
 func (c RegisteredClaims) Valid() error {
-	vErr := new(ValidationError)
-	now := TimeFunc()
+	result := &multierror.Error{}
+	result.ErrorFormat = ValidationErrorFormat
 
+	now := TimeFunc()
 	// The claims below are optional, by default, so if they are set to the
 	// default value in Go, let's not fail the verification for them.
 	if !c.VerifyExpiresAt(now, false) {
-		delta := now.Sub(c.ExpiresAt.Time)
-		vErr.Inner = fmt.Errorf("token is expired by %v", delta)
-		vErr.Errors |= ValidationErrorExpired
+		result = multierror.Append(result, &ExpiredError{
+			ExpiredAt:   c.ExpiresAt.Time,
+			AttemptedAt: now,
+		})
 	}
-
 	if !c.VerifyIssuedAt(now, false) {
-		vErr.Inner = fmt.Errorf("token used before issued")
-		vErr.Errors |= ValidationErrorIssuedAt
+		result = multierror.Append(result, &UsedBeforeIssuedError{
+			IssuedAt:    c.IssuedAt.Time,
+			AttemptedAt: now,
+		})
 	}
-
 	if !c.VerifyNotBefore(now, false) {
-		vErr.Inner = fmt.Errorf("token is not valid yet")
-		vErr.Errors |= ValidationErrorNotValidYet
-	}
-
-	if vErr.valid() {
-		return nil
+		result = multierror.Append(result, &NotYetValidError{
+			ValidAt:     c.NotBefore.Time,
+			AttemptedAt: now,
+		})
 	}
 
-	return vErr
+	return result.ErrorOrNil()
 }
 
 // VerifyAudience compares the aud claim against cmp.
@@ -136,32 +137,33 @@ type StandardClaims struct {
 // As well, if any of the above claims are not in the token, it will still
 // be considered a valid claim.
 func (c StandardClaims) Valid() error {
-	vErr := new(ValidationError)
-	now := TimeFunc().Unix()
+	result := &multierror.Error{}
+	result.ErrorFormat = ValidationErrorFormat
 
+	now := TimeFunc()
+	nowUnix := now.Unix()
 	// The claims below are optional, by default, so if they are set to the
 	// default value in Go, let's not fail the verification for them.
-	if !c.VerifyExpiresAt(now, false) {
-		delta := time.Unix(now, 0).Sub(time.Unix(c.ExpiresAt, 0))
-		vErr.Inner = fmt.Errorf("token is expired by %v", delta)
-		vErr.Errors |= ValidationErrorExpired
-	}
 
-	if !c.VerifyIssuedAt(now, false) {
-		vErr.Inner = fmt.Errorf("token used before issued")
-		vErr.Errors |= ValidationErrorIssuedAt
+	if !c.VerifyExpiresAt(nowUnix, false) {
+		result = multierror.Append(result, &ExpiredError{
+			ExpiredAt:   time.Unix(c.ExpiresAt, 0),
+			AttemptedAt: now,
+		})
 	}
-
-	if !c.VerifyNotBefore(now, false) {
-		vErr.Inner = fmt.Errorf("token is not valid yet")
-		vErr.Errors |= ValidationErrorNotValidYet
+	if !c.VerifyIssuedAt(nowUnix, false) {
+		result = multierror.Append(result, &UsedBeforeIssuedError{
+			IssuedAt:    time.Unix(c.IssuedAt, 0),
+			AttemptedAt: now,
+		})
 	}
-
-	if vErr.valid() {
-		return nil
+	if !c.VerifyNotBefore(nowUnix, false) {
+		result = multierror.Append(result, &NotYetValidError{
+			ValidAt:     time.Unix(c.NotBefore, 0),
+			AttemptedAt: now,
+		})
 	}
-
-	return vErr
+	return result.ErrorOrNil()
 }
 
 // VerifyAudience compares the aud claim against cmp.

ecdsa.go

@@ -4,13 +4,11 @@ import (
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/rand"
-	"errors"
 	"math/big"
 )
 
 var (
-	// Sadly this is missing from crypto/ecdsa compared to crypto/rsa
-	ErrECDSAVerification = errors.New("crypto/ecdsa: verification error")
+// Sadly this is missing from crypto/ecdsa compared to crypto/rsa
 )
 
 // SigningMethodECDSA implements the ECDSA family of signing methods.
@@ -74,7 +72,9 @@ func (m *SigningMethodECDSA) Verify(signingString, signature string, key interfa
 	}
 
 	if len(sig) != 2*m.KeySize {
-		return ErrECDSAVerification
+		return &SignatureVerificationError{
+			Algorithm: m.Name,
+		}
 	}
 
 	r := big.NewInt(0).SetBytes(sig[:m.KeySize])
@@ -92,7 +92,9 @@ func (m *SigningMethodECDSA) Verify(signingString, signature string, key interfa
 		return nil
 	}
 
-	return ErrECDSAVerification
+	return &SignatureVerificationError{
+		Algorithm: m.Name,
+	}
 }
 
 // Sign implements token signing for the SigningMethod.

ed25519.go

@@ -1,16 +1,12 @@
 package jwt
 
 import (
-	"errors"
-
 	"crypto"
 	"crypto/ed25519"
 	"crypto/rand"
 )
 
-var (
-	ErrEd25519Verification = errors.New("ed25519: verification error")
-)
+var ()
 
 // SigningMethodEd25519 implements the EdDSA family.
 // Expects ed25519.PrivateKey for signing and ed25519.PublicKey for verification
@@ -55,7 +51,7 @@ func (m *SigningMethodEd25519) Verify(signingString, signature string, key inter
 
 	// Verify the signature
 	if !ed25519.Verify(ed25519Key, []byte(signingString), sig) {
-		return ErrEd25519Verification
+		return &SignatureVerificationError{Algorithm: "EdDSA"}
 	}
 
 	return nil