webpki/
error.rs

1// Copyright 2015 Brian Smith.
2//
3// Permission to use, copy, modify, and/or distribute this software for any
4// purpose with or without fee is hereby granted, provided that the above
5// copyright notice and this permission notice appear in all copies.
6//
7// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
8// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
10// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14
15use core::fmt;
16
17/// An error that occurs during certificate validation or name validation.
18#[derive(Clone, Copy, Debug, PartialEq)]
19pub enum Error {
20    /// The encoding of some ASN.1 DER-encoded item is invalid.
21    BadDER,
22
23    /// The encoding of an ASN.1 DER-encoded time is invalid.
24    BadDERTime,
25
26    /// A CA certificate is veing used as an end-entity certificate.
27    CAUsedAsEndEntity,
28
29    /// The certificate is expired; i.e. the time it is being validated for is
30    /// later than the certificate's notAfter time.
31    CertExpired,
32
33    /// The certificate is not valid for the name it is being validated for.
34    CertNotValidForName,
35
36    /// The certificate is not valid yet; i.e. the time it is being validated
37    /// for is earlier than the certificate's notBefore time.
38    CertNotValidYet,
39
40    /// An end-entity certificate is being used as a CA certificate.
41    EndEntityUsedAsCA,
42
43    /// An X.509 extension is invalid.
44    ExtensionValueInvalid,
45
46    /// The certificate validity period (notBefore, notAfter) is invalid; e.g.
47    /// the notAfter time is earlier than the notBefore time.
48    InvalidCertValidity,
49
50    /// The signature is invalid for the given public key.
51    InvalidSignatureForPublicKey,
52
53    /// The certificate violates one or more name constraints.
54    NameConstraintViolation,
55
56    /// The certificate violates one or more path length constraints.
57    PathLenConstraintViolated,
58
59    /// The algorithm in the TBSCertificate "signature" field of a certificate
60    /// does not match the algorithm in the signature of the certificate.
61    SignatureAlgorithmMismatch,
62
63    /// The certificate is not valid for the Extended Key Usage for which it is
64    /// being validated.
65    RequiredEKUNotFound,
66
67    /// A valid issuer for the certificate could not be found.
68    UnknownIssuer,
69
70    /// The certificate is not a v3 X.509 certificate.
71    UnsupportedCertVersion,
72
73    /// The certificate contains an unsupported critical extension.
74    UnsupportedCriticalExtension,
75
76    /// The signature's algorithm does not match the algorithm of the public
77    /// key it is being validated for. This may be because the public key
78    /// algorithm's OID isn't recognized (e.g. DSA), or the public key
79    /// algorithm's parameters don't match the supported parameters for that
80    /// algorithm (e.g. ECC keys for unsupported curves), or the public key
81    /// algorithm and the signature algorithm simply don't match (e.g.
82    /// verifying an RSA signature with an ECC public key).
83    UnsupportedSignatureAlgorithmForPublicKey,
84
85    /// The signature algorithm for a signature is not in the set of supported
86    /// signature algorithms given.
87    UnsupportedSignatureAlgorithm,
88}
89
90impl fmt::Display for Error {
91    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { write!(f, "{:?}", self) }
92}
93
94#[cfg(feature = "std")]
95impl ::std::error::Error for Error {}