1 // Copyright 2015 Brian Smith.
2 //
3 // Permission to use, copy, modify, and/or distribute this software for any
4 // purpose with or without fee is hereby granted, provided that the above
5 // copyright notice and this permission notice appear in all copies.
6 //
7 // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
8 // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
10 // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14 
15 use core::fmt;
16 
17 /// An error that occurs during certificate validation or name validation.
18 #[derive(Clone, Copy, Debug, PartialEq)]
19 pub enum Error {
20     /// The encoding of some ASN.1 DER-encoded item is invalid.
21     BadDER,
22 
23     /// The encoding of an ASN.1 DER-encoded time is invalid.
24     BadDERTime,
25 
26     /// A CA certificate is veing used as an end-entity certificate.
27     CAUsedAsEndEntity,
28 
29     /// The certificate is expired; i.e. the time it is being validated for is
30     /// later than the certificate's notAfter time.
31     CertExpired,
32 
33     /// The certificate is not valid for the name it is being validated for.
34     CertNotValidForName,
35 
36     /// The certificate is not valid yet; i.e. the time it is being validated
37     /// for is earlier than the certificate's notBefore time.
38     CertNotValidYet,
39 
40     /// An end-entity certificate is being used as a CA certificate.
41     EndEntityUsedAsCA,
42 
43     /// An X.509 extension is invalid.
44     ExtensionValueInvalid,
45 
46     /// The certificate validity period (notBefore, notAfter) is invalid; e.g.
47     /// the notAfter time is earlier than the notBefore time.
48     InvalidCertValidity,
49 
50     /// The signature is invalid for the given public key.
51     InvalidSignatureForPublicKey,
52 
53     /// The certificate violates one or more name constraints.
54     NameConstraintViolation,
55 
56     /// The certificate violates one or more path length constraints.
57     PathLenConstraintViolated,
58 
59     /// The algorithm in the TBSCertificate "signature" field of a certificate
60     /// does not match the algorithm in the signature of the certificate.
61     SignatureAlgorithmMismatch,
62 
63     /// The certificate is not valid for the Extended Key Usage for which it is
64     /// being validated.
65     RequiredEKUNotFound,
66 
67     /// A valid issuer for the certificate could not be found.
68     UnknownIssuer,
69 
70     /// The certificate is not a v3 X.509 certificate.
71     UnsupportedCertVersion,
72 
73     /// The certificate contains an unsupported critical extension.
74     UnsupportedCriticalExtension,
75 
76     /// The signature's algorithm does not match the algorithm of the public
77     /// key it is being validated for. This may be because the public key
78     /// algorithm's OID isn't recognized (e.g. DSA), or the public key
79     /// algorithm's parameters don't match the supported parameters for that
80     /// algorithm (e.g. ECC keys for unsupported curves), or the public key
81     /// algorithm and the signature algorithm simply don't match (e.g.
82     /// verifying an RSA signature with an ECC public key).
83     UnsupportedSignatureAlgorithmForPublicKey,
84 
85     /// The signature algorithm for a signature is not in the set of supported
86     /// signature algorithms given.
87     UnsupportedSignatureAlgorithm,
88 }
89 
90 impl fmt::Display for Error {
fmt(&self, f: &mut fmt::Formatter) -> fmt::Result91     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { write!(f, "{:?}", self) }
92 }
93 
94 #[cfg(feature = "std")]
95 impl ::std::error::Error for Error {}
96