est-ca 0.2.0

RFC 7030 Enrollment over Secure Transport (EST) — client, server, and an internal X.509 CA in pure Rust.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

//! Crate-local error type.

use thiserror::Error;

/// Top-level error for the est-ca crate.
#[derive(Debug, Error)]
pub enum Error {
    /// Failure reading or writing on-disk material (keys, certs, serials).
    #[error("io: {0}")]
    Io(#[from] std::io::Error),

    /// PEM/DER parse failure, typically on a key or certificate file.
    #[error("parse: {0}")]
    Parse(String),

    /// Invalid CSR (malformed PKCS#10 or subject/key mismatch).
    #[error("invalid CSR: {0}")]
    InvalidCsr(String),

    /// Certificate profile validation failure (e.g. disallowed extension).
    #[error("profile violation: {0}")]
    Profile(String),

    /// Authentication rejected at the EST endpoint.
    #[error("authentication failed: {0}")]
    Auth(String),

    /// CMS/PKCS#7 encoding or decoding error.
    #[error("cms: {0}")]
    Cms(String),

    /// HTTP transport error (client side).
    #[cfg(feature = "client")]
    #[error("http: {0}")]
    Http(#[from] reqwest::Error),

    /// CA signing / rcgen error (also used for client-side keypair / CSR
    /// construction since both paths use `rcgen`).
    #[error("ca: {0}")]
    Ca(String),

    /// Unexpected state — should not happen if invariants hold.
    #[error("unexpected: {0}")]
    Unexpected(String),
}

/// Convenience `Result` alias fixed to this crate's [`Error`].
pub type Result<T, E = Error> = std::result::Result<T, E>;