direktil/local-server
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

vendor

Browse Source
This commit is contained in:
Mikaël Cluseau
2018-06-17 18:32:44 +11:00
parent f92c531f5d
commit 4d889632f6
500 changed files with 133832 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
vendor/github.com/cloudflare/cfssl/errors/doc.go generated vendored Normal file
View File

@ -0,0 +1,46 @@
/*
Package errors provides error types returned in CF SSL.
1. Type Error is intended for errors produced by CF SSL packages.
It formats to a json object that consists of an error message and a 4-digit code for error reasoning.
Example: {"code":1002, "message": "Failed to decode certificate"}
The index of codes are listed below:
1XXX: CertificateError
1000: Unknown
1001: ReadFailed
1002: DecodeFailed
1003: ParseFailed
1100: SelfSigned
12XX: VerifyFailed
121X: CertificateInvalid
1210: NotAuthorizedToSign
1211: Expired
1212: CANotAuthorizedForThisName
1213: TooManyIntermediates
1214: IncompatibleUsage
1220: UnknownAuthority
2XXX: PrivatekeyError
2000: Unknown
2001: ReadFailed
2002: DecodeFailed
2003: ParseFailed
2100: Encrypted
2200: NotRSA
2300: KeyMismatch
2400: GenerationFailed
2500: Unavailable
3XXX: IntermediatesError
4XXX: RootError
5XXX: PolicyError
5100: NoKeyUsages
5200: InvalidPolicy
5300: InvalidRequest
5400: UnknownProfile
6XXX: DialError
2. Type HttpError is intended for CF SSL API to consume. It contains a HTTP status code that will be read and returned
by the API server.
*/
package errors

438
vendor/github.com/cloudflare/cfssl/errors/error.go generated vendored Normal file
View File

@ -0,0 +1,438 @@
package errors
import (
"crypto/x509"
"encoding/json"
"fmt"
)
// Error is the error type usually returned by functions in CF SSL package.
// It contains a 4-digit error code where the most significant digit
// describes the category where the error occurred and the rest 3 digits
// describe the specific error reason.
type Error struct {
ErrorCode int `json:"code"`
Message string `json:"message"`
}
// Category is the most significant digit of the error code.
type Category int
// Reason is the last 3 digits of the error code.
type Reason int
const (
// Success indicates no error occurred.
Success Category = 1000 * iota // 0XXX
// CertificateError indicates a fault in a certificate.
CertificateError // 1XXX
// PrivateKeyError indicates a fault in a private key.
PrivateKeyError // 2XXX
// IntermediatesError indicates a fault in an intermediate.
IntermediatesError // 3XXX
// RootError indicates a fault in a root.
RootError // 4XXX
// PolicyError indicates an error arising from a malformed or
// non-existent policy, or a breach of policy.
PolicyError // 5XXX
// DialError indicates a network fault.
DialError // 6XXX
// APIClientError indicates a problem with the API client.
APIClientError // 7XXX
// OCSPError indicates a problem with OCSP signing
OCSPError // 8XXX
// CSRError indicates a problem with CSR parsing
CSRError // 9XXX
// CTError indicates a problem with the certificate transparency process
CTError // 10XXX
// CertStoreError indicates a problem with the certificate store
CertStoreError // 11XXX
)
// None is a non-specified error.
const (
None Reason = iota
)
// Warning code for a success
const (
BundleExpiringBit int = 1 << iota // 0x01
BundleNotUbiquitousBit // 0x02
)
// Parsing errors
const (
Unknown Reason = iota // X000
ReadFailed // X001
DecodeFailed // X002
ParseFailed // X003
)
// The following represent certificate non-parsing errors, and must be
// specified along with CertificateError.
const (
// SelfSigned indicates that a certificate is self-signed and
// cannot be used in the manner being attempted.
SelfSigned Reason = 100 * (iota + 1) // Code 11XX
// VerifyFailed is an X.509 verification failure. The least two
// significant digits of 12XX is determined as the actual x509
// error is examined.
VerifyFailed // Code 12XX
// BadRequest indicates that the certificate request is invalid.
BadRequest // Code 13XX
// MissingSerial indicates that the profile specified
// 'ClientProvidesSerialNumbers', but the SignRequest did not include a serial
// number.
MissingSerial // Code 14XX
)
const (
certificateInvalid = 10 * (iota + 1) //121X
unknownAuthority //122x
)
// The following represent private-key non-parsing errors, and must be
// specified with PrivateKeyError.
const (
// Encrypted indicates that the private key is a PKCS #8 encrypted
// private key. At this time, CFSSL does not support decrypting
// these keys.
Encrypted Reason = 100 * (iota + 1) //21XX
// NotRSAOrECC indicates that they key is not an RSA or ECC
// private key; these are the only two private key types supported
// at this time by CFSSL.
NotRSAOrECC //22XX
// KeyMismatch indicates that the private key does not match
// the public key or certificate being presented with the key.
KeyMismatch //23XX
// GenerationFailed indicates that a private key could not
// be generated.
GenerationFailed //24XX
// Unavailable indicates that a private key mechanism (such as
// PKCS #11) was requested but support for that mechanism is
// not available.
Unavailable
)
// The following are policy-related non-parsing errors, and must be
// specified along with PolicyError.
const (
// NoKeyUsages indicates that the profile does not permit any
// key usages for the certificate.
NoKeyUsages Reason = 100 * (iota + 1) // 51XX
// InvalidPolicy indicates that policy being requested is not
// a valid policy or does not exist.
InvalidPolicy // 52XX
// InvalidRequest indicates a certificate request violated the
// constraints of the policy being applied to the request.
InvalidRequest // 53XX
// UnknownProfile indicates that the profile does not exist.
UnknownProfile // 54XX
UnmatchedWhitelist // 55xx
)
// The following are API client related errors, and should be
// specified with APIClientError.
const (
// AuthenticationFailure occurs when the client is unable
// to obtain an authentication token for the request.
AuthenticationFailure Reason = 100 * (iota + 1)
// JSONError wraps an encoding/json error.
JSONError
// IOError wraps an io/ioutil error.
IOError
// ClientHTTPError wraps a net/http error.
ClientHTTPError
// ServerRequestFailed covers any other failures from the API
// client.
ServerRequestFailed
)
// The following are OCSP related errors, and should be
// specified with OCSPError
const (
// IssuerMismatch ocurs when the certificate in the OCSP signing
// request was not issued by the CA that this responder responds for.
IssuerMismatch Reason = 100 * (iota + 1) // 81XX
// InvalidStatus occurs when the OCSP signing requests includes an
// invalid value for the certificate status.
InvalidStatus
)
// Certificate transparency related errors specified with CTError
const (
// PrecertSubmissionFailed occurs when submitting a precertificate to
// a log server fails
PrecertSubmissionFailed = 100 * (iota + 1)
// CTClientConstructionFailed occurs when the construction of a new
// github.com/google/certificate-transparency client fails.
CTClientConstructionFailed
// PrecertMissingPoison occurs when a precert is passed to SignFromPrecert
// and is missing the CT poison extension.
PrecertMissingPoison
// PrecertInvalidPoison occurs when a precert is passed to SignFromPrecert
// and has a invalid CT poison extension value or the extension is not
// critical.
PrecertInvalidPoison
)
// Certificate persistence related errors specified with CertStoreError
const (
// InsertionFailed occurs when a SQL insert query failes to complete.
InsertionFailed = 100 * (iota + 1)
// RecordNotFound occurs when a SQL query targeting on one unique
// record failes to update the specified row in the table.
RecordNotFound
)
// The error interface implementation, which formats to a JSON object string.
func (e *Error) Error() string {
marshaled, err := json.Marshal(e)
if err != nil {
panic(err)
}
return string(marshaled)
}
// New returns an error that contains an error code and message derived from
// the given category, reason. Currently, to avoid confusion, it is not
// allowed to create an error of category Success
func New(category Category, reason Reason) *Error {
errorCode := int(category) + int(reason)
var msg string
switch category {
case OCSPError:
switch reason {
case ReadFailed:
msg = "No certificate provided"
case IssuerMismatch:
msg = "Certificate not issued by this issuer"
case InvalidStatus:
msg = "Invalid revocation status"
}
case CertificateError:
switch reason {
case Unknown:
msg = "Unknown certificate error"
case ReadFailed:
msg = "Failed to read certificate"
case DecodeFailed:
msg = "Failed to decode certificate"
case ParseFailed:
msg = "Failed to parse certificate"
case SelfSigned:
msg = "Certificate is self signed"
case VerifyFailed:
msg = "Unable to verify certificate"
case BadRequest:
msg = "Invalid certificate request"
case MissingSerial:
msg = "Missing serial number in request"
default:
panic(fmt.Sprintf("Unsupported CFSSL error reason %d under category CertificateError.",
reason))
}
case PrivateKeyError:
switch reason {
case Unknown:
msg = "Unknown private key error"
case ReadFailed:
msg = "Failed to read private key"
case DecodeFailed:
msg = "Failed to decode private key"
case ParseFailed:
msg = "Failed to parse private key"
case Encrypted:
msg = "Private key is encrypted."
case NotRSAOrECC:
msg = "Private key algorithm is not RSA or ECC"
case KeyMismatch:
msg = "Private key does not match public key"
case GenerationFailed:
msg = "Failed to new private key"
case Unavailable:
msg = "Private key is unavailable"
default:
panic(fmt.Sprintf("Unsupported CFSSL error reason %d under category PrivateKeyError.",
reason))
}
case IntermediatesError:
switch reason {
case Unknown:
msg = "Unknown intermediate certificate error"
case ReadFailed:
msg = "Failed to read intermediate certificate"
case DecodeFailed:
msg = "Failed to decode intermediate certificate"
case ParseFailed:
msg = "Failed to parse intermediate certificate"
default:
panic(fmt.Sprintf("Unsupported CFSSL error reason %d under category IntermediatesError.",
reason))
}
case RootError:
switch reason {
case Unknown:
msg = "Unknown root certificate error"
case ReadFailed:
msg = "Failed to read root certificate"
case DecodeFailed:
msg = "Failed to decode root certificate"
case ParseFailed:
msg = "Failed to parse root certificate"
default:
panic(fmt.Sprintf("Unsupported CFSSL error reason %d under category RootError.",
reason))
}
case PolicyError:
switch reason {
case Unknown:
msg = "Unknown policy error"
case NoKeyUsages:
msg = "Invalid policy: no key usage available"
case InvalidPolicy:
msg = "Invalid or unknown policy"
case InvalidRequest:
msg = "Policy violation request"
case UnknownProfile:
msg = "Unknown policy profile"
case UnmatchedWhitelist:
msg = "Request does not match policy whitelist"
default:
panic(fmt.Sprintf("Unsupported CFSSL error reason %d under category PolicyError.",
reason))
}
case DialError:
switch reason {
case Unknown:
msg = "Failed to dial remote server"
default:
panic(fmt.Sprintf("Unsupported CFSSL error reason %d under category DialError.",
reason))
}
case APIClientError:
switch reason {
case AuthenticationFailure:
msg = "API client authentication failure"
case JSONError:
msg = "API client JSON config error"
case ClientHTTPError:
msg = "API client HTTP error"
case IOError:
msg = "API client IO error"
case ServerRequestFailed:
msg = "API client error: Server request failed"
default:
panic(fmt.Sprintf("Unsupported CFSSL error reason %d under category APIClientError.",
reason))
}
case CSRError:
switch reason {
case Unknown:
msg = "CSR parsing failed due to unknown error"
case ReadFailed:
msg = "CSR file read failed"
case ParseFailed:
msg = "CSR Parsing failed"
case DecodeFailed:
msg = "CSR Decode failed"
case BadRequest:
msg = "CSR Bad request"
default:
panic(fmt.Sprintf("Unsupported CF-SSL error reason %d under category APIClientError.", reason))
}
case CTError:
switch reason {
case Unknown:
msg = "Certificate transparency parsing failed due to unknown error"
case PrecertSubmissionFailed:
msg = "Certificate transparency precertificate submission failed"
case PrecertMissingPoison:
msg = "Precertificate is missing CT poison extension"
case PrecertInvalidPoison:
msg = "Precertificate contains an invalid CT poison extension"
default:
panic(fmt.Sprintf("Unsupported CF-SSL error reason %d under category CTError.", reason))
}
case CertStoreError:
switch reason {
case Unknown:
msg = "Certificate store action failed due to unknown error"
default:
panic(fmt.Sprintf("Unsupported CF-SSL error reason %d under category CertStoreError.", reason))
}
default:
panic(fmt.Sprintf("Unsupported CFSSL error type: %d.",
category))
}
return &Error{ErrorCode: errorCode, Message: msg}
}
// Wrap returns an error that contains the given error and an error code derived from
// the given category, reason and the error. Currently, to avoid confusion, it is not
// allowed to create an error of category Success
func Wrap(category Category, reason Reason, err error) *Error {
errorCode := int(category) + int(reason)
if err == nil {
panic("Wrap needs a supplied error to initialize.")
}
// do not double wrap a error
switch err.(type) {
case *Error:
panic("Unable to wrap a wrapped error.")
}
switch category {
case CertificateError:
// given VerifyFailed , report the status with more detailed status code
// for some certificate errors we care.
if reason == VerifyFailed {
switch errorType := err.(type) {
case x509.CertificateInvalidError:
errorCode += certificateInvalid + int(errorType.Reason)
case x509.UnknownAuthorityError:
errorCode += unknownAuthority
}
}
case PrivateKeyError, IntermediatesError, RootError, PolicyError, DialError,
APIClientError, CSRError, CTError, CertStoreError, OCSPError:
// no-op, just use the error
default:
panic(fmt.Sprintf("Unsupported CFSSL error type: %d.",
category))
}
return &Error{ErrorCode: errorCode, Message: err.Error()}
}

338
vendor/github.com/cloudflare/cfssl/errors/error_test.go generated vendored Normal file
View File

@ -0,0 +1,338 @@
package errors
import (
"crypto/x509"
"encoding/json"
"errors"
"testing"
)
func TestNew(t *testing.T) {
err := New(CertificateError, Unknown)
if err == nil {
t.Fatal("Error creation failed.")
}
if err.ErrorCode != int(CertificateError)+int(Unknown) {
t.Fatal("Error code construction failed.")
}
if err.Message != "Unknown certificate error" {
t.Fatal("Error message construction failed.")
}
code := New(OCSPError, ReadFailed).ErrorCode
if code != 8001 {
t.Fatal("Improper error code")
}
code = New(OCSPError, IssuerMismatch).ErrorCode
if code != 8100 {
t.Fatal("Improper error code")
}
code = New(OCSPError, InvalidStatus).ErrorCode
if code != 8200 {
t.Fatal("Improper error code")
}
code = New(CertificateError, Unknown).ErrorCode
if code != 1000 {
t.Fatal("Improper error code")
}
code = New(CertificateError, ReadFailed).ErrorCode
if code != 1001 {
t.Fatal("Improper error code")
}
code = New(CertificateError, DecodeFailed).ErrorCode
if code != 1002 {
t.Fatal("Improper error code")
}
code = New(CertificateError, ParseFailed).ErrorCode
if code != 1003 {
t.Fatal("Improper error code")
}
code = New(CertificateError, SelfSigned).ErrorCode
if code != 1100 {
t.Fatal("Improper error code")
}
code = New(CertificateError, VerifyFailed).ErrorCode
if code != 1200 {
t.Fatal("Improper error code")
}
code = New(CertificateError, BadRequest).ErrorCode
if code != 1300 {
t.Fatal("Improper error code")
}
code = New(CertificateError, MissingSerial).ErrorCode
if code != 1400 {
t.Fatal("Improper error code")
}
code = New(PrivateKeyError, Unknown).ErrorCode
if code != 2000 {
t.Fatal("Improper error code")
}
code = New(PrivateKeyError, ReadFailed).ErrorCode
if code != 2001 {
t.Fatal("Improper error code")
}
code = New(PrivateKeyError, DecodeFailed).ErrorCode
if code != 2002 {
t.Fatal("Improper error code")
}
code = New(PrivateKeyError, ParseFailed).ErrorCode
if code != 2003 {
t.Fatal("Improper error code")
}
code = New(PrivateKeyError, Encrypted).ErrorCode
if code != 2100 {
t.Fatal("Improper error code")
}
code = New(PrivateKeyError, NotRSAOrECC).ErrorCode
if code != 2200 {
t.Fatal("Improper error code")
}
code = New(PrivateKeyError, KeyMismatch).ErrorCode
if code != 2300 {
t.Fatal("Improper error code")
}
code = New(PrivateKeyError, GenerationFailed).ErrorCode
if code != 2400 {
t.Fatal("Improper error code")
}
code = New(PrivateKeyError, Unavailable).ErrorCode
if code != 2500 {
t.Fatal("Improper error code")
}
code = New(IntermediatesError, Unknown).ErrorCode
if code != 3000 {
t.Fatal("Improper error code")
}
code = New(IntermediatesError, ReadFailed).ErrorCode
if code != 3001 {
t.Fatal("Improper error code")
}
code = New(IntermediatesError, DecodeFailed).ErrorCode
if code != 3002 {
t.Fatal("Improper error code")
}
code = New(IntermediatesError, ParseFailed).ErrorCode
if code != 3003 {
t.Fatal("Improper error code")
}
code = New(RootError, Unknown).ErrorCode
if code != 4000 {
t.Fatal("Improper error code")
}
code = New(RootError, ReadFailed).ErrorCode
if code != 4001 {
t.Fatal("Improper error code")
}
code = New(RootError, DecodeFailed).ErrorCode
if code != 4002 {
t.Fatal("Improper error code")
}
code = New(RootError, ParseFailed).ErrorCode
if code != 4003 {
t.Fatal("Improper error code")
}
code = New(PolicyError, Unknown).ErrorCode
if code != 5000 {
t.Fatal("Improper error code")
}
code = New(PolicyError, NoKeyUsages).ErrorCode
if code != 5100 {
t.Fatal("Improper error code")
}
code = New(PolicyError, InvalidPolicy).ErrorCode
if code != 5200 {
t.Fatal("Improper error code")
}
code = New(PolicyError, InvalidRequest).ErrorCode
if code != 5300 {
t.Fatal("Improper error code")
}
code = New(PolicyError, UnknownProfile).ErrorCode
if code != 5400 {
t.Fatal("Improper error code")
}
code = New(DialError, Unknown).ErrorCode
if code != 6000 {
t.Fatal("Improper error code")
}
code = New(APIClientError, AuthenticationFailure).ErrorCode
if code != 7100 {
t.Fatal("Improper error code")
}
code = New(APIClientError, JSONError).ErrorCode
if code != 7200 {
t.Fatal("Improper error code")
}
code = New(APIClientError, ClientHTTPError).ErrorCode
if code != 7400 {
t.Fatal("Improper error code")
}
code = New(APIClientError, IOError).ErrorCode
if code != 7300 {
t.Fatal("Improper error code")
}
code = New(APIClientError, ServerRequestFailed).ErrorCode
if code != 7500 {
t.Fatal("Improper error code")
}
code = New(CSRError, Unknown).ErrorCode
if code != 9000 {
t.Fatal("Improper error code")
}
code = New(CSRError, ReadFailed).ErrorCode
if code != 9001 {
t.Fatal("Improper error code")
}
code = New(CSRError, DecodeFailed).ErrorCode
if code != 9002 {
t.Fatal("Improper error code")
}
code = New(CSRError, ParseFailed).ErrorCode
if code != 9003 {
t.Fatal("Improper error code")
}
code = New(CSRError, KeyMismatch).ErrorCode
if code != 9300 {
t.Fatal("Improper error code")
}
code = New(CSRError, BadRequest).ErrorCode
if code != 9300 {
t.Fatal("Improper error code")
}
code = New(CTError, Unknown).ErrorCode
if code != 10000 {
t.Fatal("Improper error code")
}
code = New(CTError, PrecertSubmissionFailed).ErrorCode
if code != 10100 {
t.Fatal("Improper error code")
}
}
func TestWrap(t *testing.T) {
msg := "Arbitrary error message"
err := Wrap(CertificateError, Unknown, errors.New(msg))
if err == nil {
t.Fatal("Error creation failed.")
}
if err.ErrorCode != int(CertificateError)+int(Unknown) {
t.Fatal("Error code construction failed.")
}
if err.Message != msg {
t.Fatal("Error message construction failed.")
}
err = Wrap(CertificateError, VerifyFailed, x509.CertificateInvalidError{Reason: x509.Expired})
if err == nil {
t.Fatal("Error creation failed.")
}
if err.ErrorCode != int(CertificateError)+int(VerifyFailed)+certificateInvalid+int(x509.Expired) {
t.Fatal("Error code construction failed.")
}
if err.Message != "x509: certificate has expired or is not yet valid" {
t.Fatal("Error message construction failed.")
}
err = Wrap(CertificateError, VerifyFailed, x509.UnknownAuthorityError{})
if err == nil {
t.Fatal("Error creation failed.")
}
err = Wrap(RootError, Unknown, errors.New(msg))
if err == nil {
t.Fatal("Error creation failed.")
}
if err.ErrorCode != int(RootError)+int(Unknown) {
t.Fatal("Error code construction failed.")
}
if err.Message != msg {
t.Fatal("Error message construction failed.")
}
}
func TestMarshal(t *testing.T) {
msg := "Arbitrary error message"
err := Wrap(CertificateError, Unknown, errors.New(msg))
bytes, _ := json.Marshal(err)
var received Error
json.Unmarshal(bytes, &received)
if received.ErrorCode != int(CertificateError)+int(Unknown) {
t.Fatal("Error code construction failed.")
}
if received.Message != msg {
t.Fatal("Error message construction failed.")
}
}
func TestErrorString(t *testing.T) {
msg := "Arbitrary error message"
err := Wrap(CertificateError, Unknown, errors.New(msg))
str := err.Error()
if str != `{"code":1000,"message":"`+msg+`"}` {
t.Fatal("Incorrect Error():", str)
}
}
func TestHTTP(t *testing.T) {
err := NewMethodNotAllowed("GET")
if err == nil {
t.Fatal("New Mathod Check failed")
}
err = NewBadRequest(errors.New("Bad Request"))
if err == nil {
t.Fatal("New Bad Request Check failed")
}
if err.StatusCode != 400 {
t.Fatal("New Bad Request error code construction failed")
}
err = NewBadRequestString("Bad Request String")
if err == nil {
t.Fatal("New Bad Request String Check failed")
}
if err.StatusCode != 400 {
t.Fatal("New Bad Request String error code construction failed")
}
err = NewBadRequestMissingParameter("Request Missing Parameter")
if err == nil {
t.Fatal("New Bad Request Missing Parameter Check failed")
}
if err.StatusCode != 400 {
t.Fatal("New Bad Request Missing Parameter error code construction failed")
}
err = NewBadRequestUnwantedParameter("Unwanted Parameter Present In Request")
if err == nil {
t.Fatal("New Bad Request Unwanted Parameter Check failed")
}
if err.StatusCode != 400 {
t.Fatal("New Bad Request Unwanted Parameter error code construction failed")
}
}
func TestHTTPErrorString(t *testing.T) {
method := "GET"
err := NewMethodNotAllowed(method)
str := err.Error()
if str != `Method is not allowed:"`+method+`"` {
t.Fatal("Incorrect Error():", str)
}
}

47
vendor/github.com/cloudflare/cfssl/errors/http.go generated vendored Normal file
View File

@ -0,0 +1,47 @@
package errors
import (
"errors"
"net/http"
)
// HTTPError is an augmented error with a HTTP status code.
type HTTPError struct {
StatusCode int
error
}
// Error implements the error interface.
func (e *HTTPError) Error() string {
return e.error.Error()
}
// NewMethodNotAllowed returns an appropriate error in the case that
// an HTTP client uses an invalid method (i.e. a GET in place of a POST)
// on an API endpoint.
func NewMethodNotAllowed(method string) *HTTPError {
return &HTTPError{http.StatusMethodNotAllowed, errors.New(`Method is not allowed:"` + method + `"`)}
}
// NewBadRequest creates a HttpError with the given error and error code 400.
func NewBadRequest(err error) *HTTPError {
return &HTTPError{http.StatusBadRequest, err}
}
// NewBadRequestString returns a HttpError with the supplied message
// and error code 400.
func NewBadRequestString(s string) *HTTPError {
return NewBadRequest(errors.New(s))
}
// NewBadRequestMissingParameter returns a 400 HttpError as a required
// parameter is missing in the HTTP request.
func NewBadRequestMissingParameter(s string) *HTTPError {
return NewBadRequestString(`Missing parameter "` + s + `"`)
}
// NewBadRequestUnwantedParameter returns a 400 HttpError as a unnecessary
// parameter is present in the HTTP request.
func NewBadRequestUnwantedParameter(s string) *HTTPError {
return NewBadRequestString(`Unwanted parameter "` + s + `"`)
}