1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108
// Copyright 2015 Brian Smith.
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
use core::fmt;
/// An error that occurs during certificate validation or name validation.
#[derive(Clone, Copy, Debug, PartialEq)]
pub enum Error {
/// The encoding of some ASN.1 DER-encoded item is invalid.
BadDer,
/// The encoding of an ASN.1 DER-encoded time is invalid.
BadDerTime,
/// A CA certificate is being used as an end-entity certificate.
CaUsedAsEndEntity,
/// The certificate is expired; i.e. the time it is being validated for is
/// later than the certificate's notAfter time.
CertExpired,
/// The certificate is not valid for the name it is being validated for.
CertNotValidForName,
/// The certificate is not valid yet; i.e. the time it is being validated
/// for is earlier than the certificate's notBefore time.
CertNotValidYet,
/// An end-entity certificate is being used as a CA certificate.
EndEntityUsedAsCa,
/// An X.509 extension is invalid.
ExtensionValueInvalid,
/// The certificate validity period (notBefore, notAfter) is invalid; e.g.
/// the notAfter time is earlier than the notBefore time.
InvalidCertValidity,
/// The signature is invalid for the given public key.
InvalidSignatureForPublicKey,
/// The certificate violates one or more name constraints.
NameConstraintViolation,
/// The certificate violates one or more path length constraints.
PathLenConstraintViolated,
/// The algorithm in the TBSCertificate "signature" field of a certificate
/// does not match the algorithm in the signature of the certificate.
SignatureAlgorithmMismatch,
/// The certificate is not valid for the Extended Key Usage for which it is
/// being validated.
RequiredEkuNotFound,
/// A valid issuer for the certificate could not be found.
UnknownIssuer,
/// The certificate is not a v3 X.509 certificate.
///
/// This error may be also reported if the certificate version field
/// is malformed.
UnsupportedCertVersion,
/// The certificate extensions are missing or malformed.
///
/// In particular, webpki requires the DNS name(s) be in the subjectAltName
/// extension as required by the CA/Browser Forum Baseline Requirements
/// and as recommended by RFC6125.
MissingOrMalformedExtensions,
/// The certificate contains an unsupported critical extension.
UnsupportedCriticalExtension,
/// The signature's algorithm does not match the algorithm of the public
/// key it is being validated for. This may be because the public key
/// algorithm's OID isn't recognized (e.g. DSA), or the public key
/// algorithm's parameters don't match the supported parameters for that
/// algorithm (e.g. ECC keys for unsupported curves), or the public key
/// algorithm and the signature algorithm simply don't match (e.g.
/// verifying an RSA signature with an ECC public key).
UnsupportedSignatureAlgorithmForPublicKey,
/// The signature algorithm for a signature is not in the set of supported
/// signature algorithms given.
UnsupportedSignatureAlgorithm,
}
impl fmt::Display for Error {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
write!(f, "{:?}", self)
}
}
/// Requires the `std` feature.
#[cfg(feature = "std")]
impl ::std::error::Error for Error {}