Skip to main content

hash_attestation/
error.rs

1//! Crate-wide error type.
2
3use thiserror::Error;
4
5/// Anything that can go wrong inside the crate.
6#[derive(Debug, Error)]
7pub enum AttestationError {
8    /// Serialising the input doc to canonical JSON failed.
9    #[error("failed to canonicalise input: {0}")]
10    Canonical(#[from] serde_json::Error),
11
12    /// `signed_hash` didn't match the recomputed canonical hash for the body
13    /// supplied at verify time.
14    #[error("attestation hash mismatch: expected {expected}, got {actual}")]
15    HashMismatch {
16        /// Hash recorded on the attestation.
17        expected: String,
18        /// Hash recomputed from the body the caller supplied.
19        actual: String,
20    },
21
22    /// Signature didn't validate against the public key.
23    #[error("ed25519 signature is invalid")]
24    BadSignature,
25
26    /// Base64 decoding the signature field failed.
27    #[error("signature is not valid base64: {0}")]
28    InvalidBase64(#[from] base64::DecodeError),
29
30    /// Signature bytes weren't 64 bytes after decode.
31    #[error("signature must be 64 bytes after base64-decode; got {0}")]
32    WrongSignatureLength(usize),
33
34    /// The attestation declared `algorithm` we don't know how to verify.
35    #[error("unsupported algorithm: {0}")]
36    UnsupportedAlgorithm(String),
37
38    /// The caller asked [`crate::Verifier::verify`] for a key URL that
39    /// wasn't in the trust set.
40    #[error("untrusted key URL: {0}")]
41    UntrustedKey(String),
42}