common_access_token/
error.rs

1use thiserror::Error;
2
3/// Error types for the Common Access Token (CAT) library.
4///
5/// This enum represents all possible errors that can occur during token
6/// generation, parsing, and validation.
7#[derive(Error, Debug, Clone)]
8pub enum Error {
9    /// Error during CBOR encoding.
10    #[error("Failed to encode data to CBOR format")]
11    CborEncoding,
12
13    /// Error during CBOR decoding.
14    #[error("Failed to decode CBOR data")]
15    CborDecoding,
16
17    /// Error when decoding Base64 data.
18    #[error("Failed to decode Base64 data")]
19    Base64Decoding,
20
21    /// I/O error.
22    #[error("I/O operation failed")]
23    Io,
24
25    /// Specified key ID was not found in the key store.
26    #[error("Key ID '{0}' not found in key store")]
27    KeyNotFound(String),
28
29    /// Token issuer does not match the expected value.
30    #[error("Invalid token issuer: expected '{expected}', but token has '{actual}'")]
31    InvalidIssuer { expected: String, actual: String },
32
33    /// Token has expired (current time is past the exp claim).
34    #[error("Token has expired")]
35    TokenExpired,
36
37    /// Token is not yet active (current time is before the nbf claim).
38    #[error("Token is not yet active")]
39    TokenNotActive,
40
41    /// Token audience does not match any of the expected audiences.
42    #[error("Token audience does not match any of the expected values")]
43    InvalidAudience,
44
45    /// Failed to create MAC for token.
46    #[error("Failed to create MAC for token")]
47    MacFailed,
48
49    /// MAC tag verification failed.
50    #[error("MAC tag verification failed - token may have been tampered with")]
51    TagMismatch,
52
53    /// CWT tag was expected but not found in the token.
54    #[error("Expected CWT tag (61) but it was not found")]
55    ExpectedCwtTag,
56
57    /// The requested validation type is not supported.
58    #[error("Unsupported validation type")]
59    UnsupportedValidationType,
60
61    /// Required options for MAC validation are missing.
62    #[error("Missing required options for MAC validation")]
63    MissingMacOptions,
64
65    /// Token could not be parsed correctly.
66    #[error("Unable to parse token format")]
67    UnableToParseToken,
68
69    /// A claim has an invalid data type.
70    #[error("Invalid claim type")]
71    InvalidClaimType,
72
73    /// JSON format is invalid.
74    #[error("Invalid JSON data format")]
75    InvalidJson,
76}
77
78impl Error {
79    /// Returns true if the error indicates a validation failure rather than
80    /// a structural or parsing error. Validation failures include expired tokens,
81    /// invalid issuers, etc.
82    pub fn is_validation_error(&self) -> bool {
83        matches!(
84            self,
85            Error::InvalidIssuer { .. }
86                | Error::TokenExpired
87                | Error::TokenNotActive
88                | Error::InvalidAudience
89                | Error::TagMismatch
90        )
91    }
92
93    /// Returns true if the error indicates a structural or format error rather
94    /// than a validation error. These include encoding/decoding errors, missing
95    /// keys, etc.
96    pub fn is_structural_error(&self) -> bool {
97        !self.is_validation_error()
98    }
99}
100
101// Display is already implemented by the #[derive(Error)] macro
102// impl fmt::Display for Error {
103//     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
104//         write!(f, "{self}")
105//     }
106// }