Skip to main content

TrustedRootKeyError

cortex_ledger::external_sink::trusted_root

Enum TrustedRootKeyError 

Source 
pub enum TrustedRootKeyError {
    NoEcdsaP256Tlog,
    TlogLogIdNoMatch {
        invariant: &'static str,
        receipt_log_id: String,
        tlog_log_ids: Vec<String>,
    },
    MissingRawBytes,
    Base64 {
        reason: String,
    },
    DecodeKey {
        reason: String,
    },
}
Expand description

Errors when extracting a typed Rekor verifying key from the active trusted root.

Variants§

§

NoEcdsaP256Tlog

No transparency-log instance in the trusted root declared an ECDSA P-256 key. Cortex does not (yet) accept Ed25519 Rekor signatures.

§

TlogLogIdNoMatch

No transparency-log instance declared a logId.keyId that matches the Rekor receipt’s body.logID. Closes BH-3 (docs/reviews/BUG_HUNT_2026-05-12_post_8f43450.md Finding 3, Cosign GHSA-whqx-f9j3-ch6m class). Refusal is structural — there is no silent fall-back to the latest-activated tlog.

Fields

§invariant: &'static str

Stable invariant token, equal to REKOR_TRUSTED_ROOT_TLOG_LOGID_NO_MATCH_INVARIANT.

§receipt_log_id: String

body.logID from the Rekor receipt that failed to bind.

§tlog_log_ids: Vec<String>

The tlog logId.keyId values declared in the trusted root, preserved verbatim from the JSON so operators can correlate with the Sigstore TUF history. Empty when every tlog omitted logId.keyId.

§

MissingRawBytes

The selected tlog declared no rawBytes field for its publicKey. The verifier refuses to fall back to inferring keys from other channels.

§

Base64

rawBytes was present but did not decode as base64.

Fields

§reason: String

Underlying base64 decode failure.

§

DecodeKey

The decoded DER bytes did not parse as a P-256 SubjectPublicKeyInfo.

Fields

§reason: String

Underlying p256/pkcs8 failure.

Trait Implementations§

Source§

impl Debug for TrustedRootKeyError

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Display for TrustedRootKeyError

Source§

fn fmt(&self, __formatter: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Error for TrustedRootKeyError

1.30.0 · Source§

fn source(&self) -> Option<&(dyn Error + 'static)>

Returns the lower-level source of this error, if any. Read more
1.0.0 · Source§

fn description(&self) -> &str

👎Deprecated since 1.42.0:

use the Display impl or to_string()

Read more
1.0.0 · Source§

fn cause(&self) -> Option<&dyn Error>

👎Deprecated since 1.33.0:

replaced by Error::source, which can support downcasting

Source§

fn provide<'a>(&'a self, request: &mut Request<'a>)

🔬This is a nightly-only experimental API. (error_generic_member_access)
Provides type-based access to context intended for error reports. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more