1 // Copyright 2015 Brian Smith. 2 // 3 // Permission to use, copy, modify, and/or distribute this software for any 4 // purpose with or without fee is hereby granted, provided that the above 5 // copyright notice and this permission notice appear in all copies. 6 // 7 // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES 8 // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR 10 // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 15 use core::fmt; 16 17 /// An error that occurs during certificate validation or name validation. 18 #[derive(Clone, Copy, Debug, PartialEq)] 19 pub enum Error { 20 /// The encoding of some ASN.1 DER-encoded item is invalid. 21 BadDER, 22 23 /// The encoding of an ASN.1 DER-encoded time is invalid. 24 BadDERTime, 25 26 /// A CA certificate is veing used as an end-entity certificate. 27 CAUsedAsEndEntity, 28 29 /// The certificate is expired; i.e. the time it is being validated for is 30 /// later than the certificate's notAfter time. 31 CertExpired, 32 33 /// The certificate is not valid for the name it is being validated for. 34 CertNotValidForName, 35 36 /// The certificate is not valid yet; i.e. the time it is being validated 37 /// for is earlier than the certificate's notBefore time. 38 CertNotValidYet, 39 40 /// An end-entity certificate is being used as a CA certificate. 41 EndEntityUsedAsCA, 42 43 /// An X.509 extension is invalid. 44 ExtensionValueInvalid, 45 46 /// The certificate validity period (notBefore, notAfter) is invalid; e.g. 47 /// the notAfter time is earlier than the notBefore time. 48 InvalidCertValidity, 49 50 /// The signature is invalid for the given public key. 51 InvalidSignatureForPublicKey, 52 53 /// The certificate violates one or more name constraints. 54 NameConstraintViolation, 55 56 /// The certificate violates one or more path length constraints. 57 PathLenConstraintViolated, 58 59 /// The algorithm in the TBSCertificate "signature" field of a certificate 60 /// does not match the algorithm in the signature of the certificate. 61 SignatureAlgorithmMismatch, 62 63 /// The certificate is not valid for the Extended Key Usage for which it is 64 /// being validated. 65 RequiredEKUNotFound, 66 67 /// A valid issuer for the certificate could not be found. 68 UnknownIssuer, 69 70 /// The certificate is not a v3 X.509 certificate. 71 UnsupportedCertVersion, 72 73 /// The certificate contains an unsupported critical extension. 74 UnsupportedCriticalExtension, 75 76 /// The signature's algorithm does not match the algorithm of the public 77 /// key it is being validated for. This may be because the public key 78 /// algorithm's OID isn't recognized (e.g. DSA), or the public key 79 /// algorithm's parameters don't match the supported parameters for that 80 /// algorithm (e.g. ECC keys for unsupported curves), or the public key 81 /// algorithm and the signature algorithm simply don't match (e.g. 82 /// verifying an RSA signature with an ECC public key). 83 UnsupportedSignatureAlgorithmForPublicKey, 84 85 /// The signature algorithm for a signature is not in the set of supported 86 /// signature algorithms given. 87 UnsupportedSignatureAlgorithm, 88 } 89 90 impl fmt::Display for Error { fmt(&self, f: &mut fmt::Formatter) -> fmt::Result91 fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { write!(f, "{:?}", self) } 92 } 93 94 #[cfg(feature = "std")] 95 impl ::std::error::Error for Error {} 96