Skip to main content

tor_cert/
err.rs

1//! Define error types for the tor-cert crate.
2//!
3//! Most of the encoding/decoding functions here return [`tor_bytes::Error`],
4//! but many of them (related to certificate-specific operations) do not.
5
6use thiserror::Error;
7
8/// An error related to checking or validating a certificate
9#[derive(Clone, Debug, Error, Eq, PartialEq)]
10#[non_exhaustive]
11pub enum CertError {
12    /// The key on a certificate was not as expected.
13    #[error("Key on certificate was not as expected")]
14    KeyMismatch,
15
16    /// We tried to get the signing key from a certificate that didn't include
17    /// one.
18    #[error("Missing signing key on certificate")]
19    MissingPubKey,
20
21    /// We tried to validate a signature, and found that it was wrong.
22    #[error("Signature on certificate was invalid")]
23    BadSignature,
24}
25
26/// An error related to signing or encoding a certificate
27#[derive(Clone, Debug, Error)]
28#[non_exhaustive]
29pub enum CertEncodeError {
30    /// This certificate contains the public key that it is supposed to
31    /// be signed by, and the provided signing private key isn't it.
32    #[error("Tried to sign with wrong key")]
33    KeyMismatch,
34
35    /// The certificate contains more than 255 extensions.
36    #[error("Too many extensions")]
37    TooManyExtensions,
38
39    /// Some extension had a length of over 2^16.
40    #[error("Extension too long")]
41    ExtensionTooLong,
42
43    /// A mandatory field was not provided.
44    #[error("Missing field {0:?}")]
45    MissingField(&'static str),
46
47    /// We encountered a problem when encoding the certificate: probably, that
48    /// some length field would have to be longer than its maximum.  This is
49    /// probably a bug in the calling code.
50    #[error("Tried to generate a cert we couldn't encode.")]
51    Bytes(#[from] tor_bytes::EncodeError),
52
53    /// We tried to use an expiration time that couldn't be represented in the
54    /// given certificate type.
55    #[error("Tried to create a cert with an impossible expiration time")]
56    InvalidExpiration,
57
58    /// For some reason, we were unable to generate an RSA signature.
59    #[error("Unable to generate RSA signature")]
60    RsaSignatureFailed,
61}