• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2015 Brian Smith.
2 //
3 // Permission to use, copy, modify, and/or distribute this software for any
4 // purpose with or without fee is hereby granted, provided that the above
5 // copyright notice and this permission notice appear in all copies.
6 //
7 // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
8 // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
10 // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14 
15 use core::fmt;
16 
17 /// An error that occurs during certificate validation or name validation.
18 #[derive(Clone, Copy, Debug, PartialEq)]
19 pub enum Error {
20     /// The encoding of some ASN.1 DER-encoded item is invalid.
21     BadDer,
22 
23     /// The encoding of an ASN.1 DER-encoded time is invalid.
24     BadDerTime,
25 
26     /// A CA certificate is being used as an end-entity certificate.
27     CaUsedAsEndEntity,
28 
29     /// The certificate is expired; i.e. the time it is being validated for is
30     /// later than the certificate's notAfter time.
31     CertExpired,
32 
33     /// The certificate is not valid for the name it is being validated for.
34     CertNotValidForName,
35 
36     /// The certificate is not valid yet; i.e. the time it is being validated
37     /// for is earlier than the certificate's notBefore time.
38     CertNotValidYet,
39 
40     /// An end-entity certificate is being used as a CA certificate.
41     EndEntityUsedAsCa,
42 
43     /// An X.509 extension is invalid.
44     ExtensionValueInvalid,
45 
46     /// The certificate validity period (notBefore, notAfter) is invalid; e.g.
47     /// the notAfter time is earlier than the notBefore time.
48     InvalidCertValidity,
49 
50     /// The signature is invalid for the given public key.
51     InvalidSignatureForPublicKey,
52 
53     /// The certificate violates one or more name constraints.
54     NameConstraintViolation,
55 
56     /// The certificate violates one or more path length constraints.
57     PathLenConstraintViolated,
58 
59     /// The algorithm in the TBSCertificate "signature" field of a certificate
60     /// does not match the algorithm in the signature of the certificate.
61     SignatureAlgorithmMismatch,
62 
63     /// The certificate is not valid for the Extended Key Usage for which it is
64     /// being validated.
65     RequiredEkuNotFound,
66 
67     /// A valid issuer for the certificate could not be found.
68     UnknownIssuer,
69 
70     /// The certificate is not a v3 X.509 certificate.
71     ///
72     /// This error may be also reported if the certificate version field
73     /// is malformed.
74     UnsupportedCertVersion,
75 
76     /// The certificate extensions are missing or malformed.
77     ///
78     /// In particular, webpki requires the DNS name(s) be in the subjectAltName
79     /// extension as required by the CA/Browser Forum Baseline Requirements
80     /// and as recommended by RFC6125.
81     MissingOrMalformedExtensions,
82 
83     /// The certificate contains an unsupported critical extension.
84     UnsupportedCriticalExtension,
85 
86     /// The signature's algorithm does not match the algorithm of the public
87     /// key it is being validated for. This may be because the public key
88     /// algorithm's OID isn't recognized (e.g. DSA), or the public key
89     /// algorithm's parameters don't match the supported parameters for that
90     /// algorithm (e.g. ECC keys for unsupported curves), or the public key
91     /// algorithm and the signature algorithm simply don't match (e.g.
92     /// verifying an RSA signature with an ECC public key).
93     UnsupportedSignatureAlgorithmForPublicKey,
94 
95     /// The signature algorithm for a signature is not in the set of supported
96     /// signature algorithms given.
97     UnsupportedSignatureAlgorithm,
98 }
99 
100 impl fmt::Display for Error {
fmt(&self, f: &mut fmt::Formatter) -> fmt::Result101     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
102         write!(f, "{:?}", self)
103     }
104 }
105 
106 /// Requires the `std` feature.
107 #[cfg(feature = "std")]
108 impl ::std::error::Error for Error {}
109