1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
//! X.509 errors

use der_parser::error::BerError;
use nom::error::{ErrorKind, ParseError};
use nom::IResult;

/// An error that can occur while converting an OID to a Nid.
#[derive(Debug, PartialEq)]
pub struct NidError;

/// Holds the result of parsing functions (X.509)
///
/// Note that this type is also a `Result`, so usual functions (`map`, `unwrap` etc.) are available.
pub type X509Result<'a, T> = IResult<&'a [u8], T, X509Error>;

/// An error that can occur while parsing or validating a certificate.
#[derive(Debug, PartialEq, thiserror::Error)]
pub enum X509Error {
    #[error("generic error")]
    Generic,

    #[error("invalid version")]
    InvalidVersion,
    #[error("invalid serial")]
    InvalidSerial,
    #[error("invalid algorithm identifier")]
    InvalidAlgorithmIdentifier,
    #[error("invalid X.509 name")]
    InvalidX509Name,
    #[error("invalid date")]
    InvalidDate,
    #[error("invalid X.509 Subject Public Key Info")]
    InvalidSPKI,
    #[error("invalid X.509 Subject Unique ID")]
    InvalidSubjectUID,
    #[error("invalid X.509 Issuer Unique ID")]
    InvalidIssuerUID,
    #[error("invalid extensions")]
    InvalidExtensions,
    #[error("invalid attributes")]
    InvalidAttributes,
    #[error("duplicate extensions")]
    DuplicateExtensions,
    #[error("duplicate attributes")]
    DuplicateAttributes,
    #[error("invalid Signature DER Value")]
    InvalidSignatureValue,
    #[error("invalid TBS certificate")]
    InvalidTbsCertificate,

    // error types from CRL
    #[error("invalid User certificate")]
    InvalidUserCertificate,

    /// Top-level certificate structure is invalid
    #[error("invalid certificate")]
    InvalidCertificate,

    #[error("signature verification error")]
    SignatureVerificationError,
    #[error("signature unsupported algorithm")]
    SignatureUnsupportedAlgorithm,

    #[error("BER error: {0}")]
    Der(#[from] BerError),
    #[error("nom error: {0:?}")]
    NomError(ErrorKind),
}

impl From<X509Error> for nom::Err<X509Error> {
    fn from(e: X509Error) -> nom::Err<X509Error> {
        nom::Err::Error(e)
    }
}

impl From<ErrorKind> for X509Error {
    fn from(e: ErrorKind) -> X509Error {
        X509Error::NomError(e)
    }
}

impl<I> ParseError<I> for X509Error {
    fn from_error_kind(_input: I, kind: ErrorKind) -> Self {
        X509Error::NomError(kind)
    }
    fn append(_input: I, kind: ErrorKind, _other: Self) -> Self {
        X509Error::NomError(kind)
    }
}

/// An error that can occur while parsing or validating a certificate.
#[derive(Debug, thiserror::Error)]
pub enum PEMError {
    #[error("base64 decode error")]
    Base64DecodeError,
    #[error("incomplete PEM")]
    IncompletePEM,
    #[error("invalid header")]
    InvalidHeader,
    #[error("missing header")]
    MissingHeader,

    #[error("IO error: {0}")]
    IOError(#[from] std::io::Error),
}