core_crypto/mls/credential/
error.rs

1//! MLS credential errors
2
3// We allow missing documentation in the error module because the types are generally self-descriptive.
4#![allow(missing_docs)]
5
6use openmls::prelude::SignaturePublicKey;
7
8pub(crate) type Result<T, E = Error> = core::result::Result<T, E>;
9
10#[derive(Debug, thiserror::Error)]
11pub enum Error {
12    #[error("decoding X509 certificate")]
13    DecodeX509(#[source] x509_cert::der::Error),
14    #[error("client presented an invalid identity")]
15    InvalidIdentity,
16    #[error("No credential for the given public key ({0:?}) was found in this database")]
17    CredentialNotFound(SignaturePublicKey),
18    /// Unsupported credential type.
19    ///
20    /// Supported credential types:
21    ///
22    /// - basic
23    /// - x509
24    #[error("unsupported credential type (variant {0}")]
25    UnsupportedCredentialType(u16),
26    #[error("the signature scheme {0:?} was not present in the provided x509 identity")]
27    SignatureSchemeNotPresentInX509Identity(openmls::prelude::SignatureScheme),
28    /// This operation is not supported.
29    ///
30    /// There are some operations which must be implemented to satisfy a trait,
31    /// but for which we cannot offer a real implementation. Those raise this error.
32    ///
33    /// Where possible, a short workaround is included.
34    #[error("unsupported operation. prefer `{0}`")]
35    UnsupportedOperation(&'static str),
36    #[error("unsupported algorithm")]
37    UnsupportedAlgorithm,
38    #[error(transparent)]
39    Keystore(#[from] crate::KeystoreError),
40    #[error(transparent)]
41    Mls(#[from] crate::MlsError),
42    #[error(transparent)]
43    Recursive(#[from] crate::RecursiveError),
44    #[error("TLS serializing {item}")]
45    TlsSerialize {
46        #[source]
47        source: tls_codec::Error,
48        item: &'static str,
49    },
50    #[error("TLS deserializing {item}")]
51    TlsDeserialize {
52        #[source]
53        source: tls_codec::Error,
54        item: &'static str,
55    },
56}
57
58impl Error {
59    pub fn tls_serialize(item: &'static str) -> impl FnOnce(tls_codec::Error) -> Self {
60        move |source| Self::TlsSerialize { source, item }
61    }
62
63    pub fn tls_deserialize(item: &'static str) -> impl FnOnce(tls_codec::Error) -> Self {
64        move |source| Self::TlsDeserialize { source, item }
65    }
66}
67
68#[derive(Debug, thiserror::Error)]
69pub enum CredentialValidationError {
70    #[error("identity or public key did not match")]
71    WrongCredential,
72    #[error("public key not extractable from certificate")]
73    NoPublicKey,
74    #[error(transparent)]
75    Recursive(#[from] crate::RecursiveError),
76}