core_crypto/mls/credential/
error.rs

1//! MLS credential errors
2
3// We allow missing documentation in the error module because the types are generally self-descriptive.
4#![allow(missing_docs)]
5
6use openmls::prelude::SignaturePublicKey;
7
8pub(crate) type Result<T, E = Error> = core::result::Result<T, E>;
9
10#[derive(Debug, thiserror::Error)]
11pub enum Error {
12    #[error("decoding X509 certificate")]
13    DecodeX509(#[source] x509_cert::der::Error),
14    #[error("client presented an invalid identity")]
15    InvalidIdentity,
16    #[error("No credential for the given public key ({0:?}) was found in this database")]
17    CredentialNotFound(SignaturePublicKey),
18    #[error("missing PKI environment")]
19    MissingPKIEnvironment,
20    /// Unsupported credential type.
21    ///
22    /// Supported credential types:
23    ///
24    /// - basic
25    /// - x509
26    #[error("unsupported credential type (variant {0}")]
27    UnsupportedCredentialType(u16),
28    #[error("the signature scheme {0:?} was not present in the provided x509 identity")]
29    SignatureSchemeNotPresentInX509Identity(openmls::prelude::SignatureScheme),
30    /// This operation is not supported.
31    ///
32    /// There are some operations which must be implemented to satisfy a trait,
33    /// but for which we cannot offer a real implementation. Those raise this error.
34    ///
35    /// Where possible, a short workaround is included.
36    #[error("unsupported operation. prefer `{0}`")]
37    UnsupportedOperation(&'static str),
38    #[error("unsupported algorithm")]
39    UnsupportedAlgorithm,
40    #[error(transparent)]
41    Keystore(#[from] crate::KeystoreError),
42    #[error(transparent)]
43    Mls(#[from] crate::MlsError),
44    #[error(transparent)]
45    Recursive(#[from] crate::RecursiveError),
46    #[error("TLS serializing {item}")]
47    TlsSerialize {
48        #[source]
49        source: tls_codec::Error,
50        item: &'static str,
51    },
52    #[error("TLS deserializing {item}")]
53    TlsDeserialize {
54        #[source]
55        source: tls_codec::Error,
56        item: &'static str,
57    },
58}
59
60impl Error {
61    pub fn tls_serialize(item: &'static str) -> impl FnOnce(tls_codec::Error) -> Self {
62        move |source| Self::TlsSerialize { source, item }
63    }
64
65    pub fn tls_deserialize(item: &'static str) -> impl FnOnce(tls_codec::Error) -> Self {
66        move |source| Self::TlsDeserialize { source, item }
67    }
68}
69
70#[derive(Debug, thiserror::Error)]
71pub enum CredentialValidationError {
72    #[error("identity or public key did not match")]
73    WrongCredential,
74    #[error("public key not extractable from certificate")]
75    NoPublicKey,
76    #[error(transparent)]
77    Recursive(#[from] crate::RecursiveError),
78}