rcgen 0.14.5

Rust X.509 certificate generator
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

use std::fmt;

#[derive(Clone, Debug, PartialEq, Eq)]
#[non_exhaustive]
/// The error type of the rcgen crate
pub enum Error {
	/// The given certificate couldn't be parsed
	CouldNotParseCertificate,
	/// The given certificate signing request couldn't be parsed
	CouldNotParseCertificationRequest,
	/// The given key pair couldn't be parsed
	CouldNotParseKeyPair,
	#[cfg(feature = "x509-parser")]
	/// Invalid subject alternative name type
	InvalidNameType,
	/// Invalid ASN.1 string
	InvalidAsn1String(InvalidAsn1String),
	/// An IP address was provided as a byte array, but the byte array was an invalid length.
	InvalidIpAddressOctetLength(usize),
	/// There is no support for generating
	/// keys for the given algorithm
	KeyGenerationUnavailable,
	#[cfg(feature = "x509-parser")]
	/// Unsupported extension requested in CSR
	UnsupportedExtension,
	/// The requested signature algorithm is not supported
	UnsupportedSignatureAlgorithm,
	/// Unspecified `ring` error
	RingUnspecified,
	/// The `ring` library rejected the key upon loading
	RingKeyRejected(String),
	/// Time conversion related errors
	Time,
	#[cfg(feature = "pem")]
	/// Error from the pem crate
	PemError(String),
	/// Error generated by a remote key operation
	RemoteKeyError,
	/// Unsupported field when generating a CSR
	UnsupportedInCsr,
	/// Invalid certificate revocation list (CRL) next update.
	InvalidCrlNextUpdate,
	/// CRL issuer specifies Key Usages that don't include cRLSign.
	IssuerNotCrlSigner,
	#[cfg(not(feature = "crypto"))]
	/// Missing serial number
	MissingSerialNumber,
	/// X509 parsing error
	#[cfg(feature = "x509-parser")]
	X509(String),
}

impl fmt::Display for Error {
	fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
		use self::Error::*;
		match self {
			CouldNotParseCertificate => write!(f, "Could not parse certificate")?,
			CouldNotParseCertificationRequest => write!(
				f,
				"Could not parse certificate signing \
				request"
			)?,
			CouldNotParseKeyPair => write!(f, "Could not parse key pair")?,
			#[cfg(feature = "x509-parser")]
			InvalidNameType => write!(f, "Invalid subject alternative name type")?,
			InvalidAsn1String(e) => write!(f, "{e}")?,
			InvalidIpAddressOctetLength(actual) => {
				write!(f, "Invalid IP address octet length of {actual} bytes")?
			},
			KeyGenerationUnavailable => write!(
				f,
				"There is no support for generating \
				keys for the given algorithm"
			)?,
			UnsupportedSignatureAlgorithm => write!(
				f,
				"The requested signature algorithm \
				is not supported"
			)?,
			#[cfg(feature = "x509-parser")]
			UnsupportedExtension => write!(f, "Unsupported extension requested in CSR")?,
			RingUnspecified => write!(f, "Unspecified ring error")?,
			RingKeyRejected(e) => write!(f, "Key rejected by ring: {e}")?,

			Time => write!(f, "Time error")?,
			RemoteKeyError => write!(f, "Remote key error")?,
			#[cfg(feature = "pem")]
			PemError(e) => write!(f, "PEM error: {e}")?,
			UnsupportedInCsr => write!(f, "Certificate parameter unsupported in CSR")?,
			InvalidCrlNextUpdate => write!(f, "Invalid CRL next update parameter")?,
			IssuerNotCrlSigner => write!(
				f,
				"CRL issuer must specify no key usage, or key usage including cRLSign"
			)?,
			#[cfg(not(feature = "crypto"))]
			MissingSerialNumber => write!(f, "A serial number must be specified")?,
			#[cfg(feature = "x509-parser")]
			X509(e) => write!(f, "X.509 parsing error: {e}")?,
		};
		Ok(())
	}
}

impl std::error::Error for Error {}

/// Invalid ASN.1 string type
#[derive(Clone, Debug, PartialEq, Eq)]
#[non_exhaustive]
pub enum InvalidAsn1String {
	/// Invalid PrintableString type
	PrintableString(String),
	/// Invalid UniversalString type
	UniversalString(String),
	/// Invalid Ia5String type
	Ia5String(String),
	/// Invalid TeletexString type
	TeletexString(String),
	/// Invalid BmpString type
	BmpString(String),
}

impl fmt::Display for InvalidAsn1String {
	fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
		use InvalidAsn1String::*;
		match self {
			PrintableString(s) => write!(f, "Invalid PrintableString: '{s}'")?,
			Ia5String(s) => write!(f, "Invalid IA5String: '{s}'")?,
			BmpString(s) => write!(f, "Invalid BMPString: '{s}'")?,
			UniversalString(s) => write!(f, "Invalid UniversalString: '{s}'")?,
			TeletexString(s) => write!(f, "Invalid TeletexString: '{s}'")?,
		};
		Ok(())
	}
}

/// A trait describing an error that can be converted into an `rcgen::Error`.
///
/// We use this trait to avoid leaking external error types into the public API
/// through a `From<x> for Error` implementation.
#[cfg(any(feature = "crypto", feature = "pem"))]
pub(crate) trait ExternalError<T>: Sized {
	fn _err(self) -> Result<T, Error>;
}