core_crypto/mls/credential/
error.rs

1//! MLS credential errors
2
3// We allow missing documentation in the error module because the types are generally self-descriptive.
4#![allow(missing_docs)]
5
6pub(crate) type Result<T, E = Error> = core::result::Result<T, E>;
7
8#[derive(Debug, thiserror::Error)]
9pub enum Error {
10    #[error("decoding X509 certificate")]
11    DecodeX509(#[source] x509_cert::der::Error),
12    #[error("client presented an invalid identity")]
13    InvalidIdentity,
14    /// Unsupported credential type.
15    ///
16    /// Supported credential types:
17    ///
18    /// - basic
19    /// - x509
20    #[error("unsupported credential type (variant {0}")]
21    UnsupportedCredentialType(u16),
22    #[error("the signature scheme {0:?} was not present in the provided x509 identity")]
23    SignatureSchemeNotPresentInX509Identity(openmls::prelude::SignatureScheme),
24    /// This operation is not supported.
25    ///
26    /// There are some operations which must be implemented to satisfy a trait,
27    /// but for which we cannot offer a real implementation. Those raise this error.
28    ///
29    /// Where possible, a short workaround is included.
30    #[error("unsupported operation. prefer `{0}`")]
31    UnsupportedOperation(&'static str),
32    #[error("unsupported algorithm")]
33    UnsupportedAlgorithm,
34    #[error(transparent)]
35    Keystore(#[from] crate::KeystoreError),
36    #[error(transparent)]
37    Mls(#[from] crate::MlsError),
38    #[error(transparent)]
39    Recursive(#[from] crate::RecursiveError),
40    #[error("TLS serializing {item}")]
41    TlsSerialize {
42        #[source]
43        source: tls_codec::Error,
44        item: &'static str,
45    },
46    #[error("TLS deserializing {item}")]
47    TlsDeserialize {
48        #[source]
49        source: tls_codec::Error,
50        item: &'static str,
51    },
52}
53
54impl Error {
55    pub fn tls_serialize(item: &'static str) -> impl FnOnce(tls_codec::Error) -> Self {
56        move |source| Self::TlsSerialize { source, item }
57    }
58
59    pub fn tls_deserialize(item: &'static str) -> impl FnOnce(tls_codec::Error) -> Self {
60        move |source| Self::TlsDeserialize { source, item }
61    }
62}
63
64#[derive(Debug, thiserror::Error)]
65pub enum CredentialValidationError {
66    #[error("identity or public key did not match")]
67    WrongCredential,
68    #[error("public key not extractable from certificate")]
69    NoPublicKey,
70    #[error(transparent)]
71    Recursive(#[from] crate::RecursiveError),
72}