From dbcf0db471f2b234342fdeeb68d5cf7aaff50846 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adam=20Cig=C3=A1nek?= <adam.ciganek@gmail.com>
Date: Tue, 12 Jan 2021 11:16:12 +0100
Subject: [PATCH] refactor!: remove `Error::UntrustedMessage`

Replaced with `InvalidMessage` which is more appropriate.

`UntrustedMessage` was supposed to mean that the message is otherwise valid but we don't trust the key it was signed with. However, we often used this error even in cases where the message was actually invalid, for example when the proof chain was broken. Also, untrusted messages are bounced back to the sender, so receiving them is not treated as an error anyway.

BREAKING CHANGE: this affects the `Error` type which is a part of the public API.
---
 src/error.rs             | 2 --
 src/routing/bootstrap.rs | 2 +-
 src/section/mod.rs       | 7 +++++--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/error.rs b/src/error.rs
index c1d7912589..3f5a85091f 100644
--- a/src/error.rs
+++ b/src/error.rs
@@ -33,8 +33,6 @@ pub enum Error {
     InvalidDestination,
     #[error("Content of a received message is inconsistent.")]
     InvalidMessage,
-    #[error("A signed message could not be trusted.")]
-    UntrustedMessage,
     #[error("A signature share is invalid.")]
     InvalidSignatureShare,
     #[error("The secret key share is missing.")]
diff --git a/src/routing/bootstrap.rs b/src/routing/bootstrap.rs
index 4fbfe32da0..55cedd2eae 100644
--- a/src/routing/bootstrap.rs
+++ b/src/routing/bootstrap.rs
@@ -441,7 +441,7 @@ impl<'a> State<'a> {
             .verify(trusted_key.map(|key| (&prefix, key)))
             .and_then(|status| match (status, trusted_key) {
                 (VerifyStatus::Full, _) | (VerifyStatus::Unknown, None) => Ok(()),
-                (VerifyStatus::Unknown, Some(_)) => Err(Error::UntrustedMessage),
+                (VerifyStatus::Unknown, Some(_)) => Err(Error::InvalidMessage),
             });
 
         match result {
diff --git a/src/section/mod.rs b/src/section/mod.rs
index 2bda94edf8..21f96dadf7 100644
--- a/src/section/mod.rs
+++ b/src/section/mod.rs
@@ -45,7 +45,8 @@ impl Section {
     /// (`elders_info`).
     pub fn new(chain: SectionProofChain, elders_info: Proven<EldersInfo>) -> Result<Self, Error> {
         if !chain.has_key(&elders_info.proof.public_key) {
-            return Err(Error::UntrustedMessage);
+            // TODO: consider more specific error here.
+            return Err(Error::InvalidMessage);
         }
 
         Ok(Self {
@@ -86,6 +87,8 @@ impl Section {
         Ok((section, section_key_share))
     }
 
+    /// Try to merge this `Section` with `other`. Returns `InvalidMessage` if `other` is invalid or
+    /// its chain is not compatible with the chain of `self`.
     pub fn merge(&mut self, other: Self) -> Result<()> {
         if !other.chain.self_verify() || !other.elders_info.verify(&other.chain) {
             return Err(Error::InvalidMessage);
@@ -94,7 +97,7 @@ impl Section {
         // TODO: handle forks
         self.chain
             .merge(other.chain)
-            .map_err(|_| Error::UntrustedMessage)?;
+            .map_err(|_| Error::InvalidMessage)?;
 
         match cmp_section_chain_position(
             &self.elders_info.proof,