Enum TokenError 

pub enum TokenError {
    InvalidSignature {
        details: String,
    },
    UnknownPublicKey,
    InvalidKeyFormat {
        reason: String,
    },
    DeserializationError {
        reason: String,
    },
    SerializationError {
        reason: String,
    },
    Base64DecodingError {
        reason: String,
    },
    UnsupportedVersion {
        maximum: u32,
        minimum: u32,
        actual: u32,
    },
    Expired {
        expired_at: i64,
        current_time: i64,
        block_id: u32,
        check_id: u32,
    },
    DomainMismatch {
        expected: String,
        provided: Option<String>,
        block_id: u32,
        check_id: u32,
    },
    CheckFailed {
        block_id: u32,
        check_id: u32,
        rule: String,
    },
    IdentityMismatch {
        expected: String,
        actual: String,
    },
    HierarchyViolation {
        expected: String,
        actual: String,
        delegatable: bool,
        block_id: u32,
        check_id: u32,
    },
    AttenuationFailed {
        reason: String,
    },
    BearerNotAllowed {
        reason: String,
    },
    RightsDenied {
        subject: String,
        resource: String,
        operation: String,
    },
    ServiceChainFailed {
        component: String,
        reason: ServiceChainFailure,
    },
    MultiPartyAttestationMissing {
        component: String,
        expected_key: String,
    },
    NoMatchingPolicy {
        failed_checks: Vec<CheckFailure>,
    },
    PolicyMatchedButChecksFailed {
        policy_type: String,
        policy_index: usize,
        failed_checks: Vec<CheckFailure>,
    },
    ExecutionLimitReached {
        reason: String,
    },
    ExpressionError {
        reason: String,
    },
    InvalidBlockRule {
        block_id: u32,
        rule: String,
    },
    Internal(String),
    Generic(String),
}

Detailed error type for hessra-token operations with specific failure information

Variants

InvalidSignature

Token signature verification failed

Fields

details: String

UnknownPublicKey

The root public key was not recognized

InvalidKeyFormat

Invalid key format provided

Fields

reason: String

DeserializationError

Token deserialization failed

Fields

reason: String

SerializationError

Token serialization failed

Fields

reason: String

Base64DecodingError

Base64 decoding failed

Fields

reason: String

UnsupportedVersion

Token format version is not supported

Fields

maximum: u32

minimum: u32

actual: u32

Expired

Token has expired

Fields

expired_at: i64

When the token expired (Unix timestamp)

current_time: i64

Current time when verification was attempted (Unix timestamp)

block_id: u32

Block ID where the expiration check failed

check_id: u32

Check ID within the block

DomainMismatch

Domain restriction check failed

Fields

expected: String

Expected domain from token

provided: Option<String>

Domain provided during verification (if any)

block_id: u32

Block ID where the check failed

check_id: u32

Check ID within the block

CheckFailed

A generic check failed (couldn’t parse semantic meaning)

Fields

block_id: u32

Block ID where the check failed

check_id: u32

Check ID within the block

rule: String

The Datalog rule that failed

IdentityMismatch

Identity/actor mismatch

Fields

expected: String

Expected identity

actual: String

Actual identity provided

HierarchyViolation

Identity hierarchy violation (delegation not allowed)

Fields

expected: String

Base identity that issued the token

actual: String

Actor attempting to use the token

delegatable: bool

Whether delegation was allowed

block_id: u32

Block ID where the check failed

check_id: u32

Check ID within the block

AttenuationFailed

Token attenuation failed

Fields

reason: String

BearerNotAllowed

Bearer token not allowed in this context

Fields

reason: String

RightsDenied

Authorization rights denied

Fields

subject: String

Subject requesting the action

resource: String

Resource being accessed

operation: String

Operation being performed

ServiceChainFailed

Service chain attestation failed

Fields

component: String

Component name that failed

reason: ServiceChainFailure

Specific reason for failure

MultiPartyAttestationMissing

Multi-party attestation missing

Fields

component: String

Component requiring attestation

expected_key: String

Expected public key

NoMatchingPolicy

No authorization policy matched and checks failed

Fields

failed_checks: Vec<CheckFailure>

List of checks that failed

PolicyMatchedButChecksFailed

Authorization policy matched but checks failed

Fields

policy_type: String

Type of policy that matched (Allow/Deny)

policy_index: usize

Index of the policy

failed_checks: Vec<CheckFailure>

List of checks that failed

ExecutionLimitReached

Datalog execution limit reached

Fields

reason: String

ExpressionError

Datalog expression evaluation failed

Fields

reason: String

InvalidBlockRule

Invalid block rule

Fields

block_id: u32

rule: String

Internal(String)

Internal error

Generic(String)

Generic error with message

Implementations

impl TokenError

pub fn is_expired(&self) -> bool

Check if this error is due to token expiration

pub fn is_domain_mismatch(&self) -> bool

Check if this error is due to domain mismatch

pub fn is_identity_mismatch(&self) -> bool

Check if this error is due to identity mismatch

pub fn is_rights_denied(&self) -> bool

Check if this error is due to authorization rights denial

pub fn is_service_chain_failure(&self) -> bool

Check if this error is due to service chain failure

pub fn is_signature_error(&self) -> bool

Check if this error is a signature/format error

pub fn get_expiration_time(&self) -> Option<i64>

Get the expiration time if this is an expiration error

pub fn get_expected_domain(&self) -> Option<&str>

Get the expected domain if this is a domain mismatch error

pub fn get_denied_access(&self) -> Option<(&str, &str, &str)>

Get the missing rights if this is a rights denied error

pub fn generic<S>(msg: S) -> TokenError

where S: Into<String>,

Create a generic error

pub fn internal<S>(msg: S) -> TokenError

where S: Into<String>,

Create an internal error

pub fn invalid_key_format<S>(reason: S) -> TokenError

where S: Into<String>,

Create an invalid key format error

Trait Implementations

impl Clone for TokenError

fn clone(&self) -> TokenError

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for TokenError

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl Display for TokenError

fn fmt(&self, __formatter: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl Error for TokenError

fn source(&self) -> Option<&(dyn Error + 'static)>

Returns the lower-level source of this error, if any.

fn description(&self) -> &str

👎Deprecated since 1.42.0: use the Display impl or to_string()

fn cause(&self) -> Option<&dyn Error>

👎Deprecated since 1.33.0: replaced by Error::source, which can support downcasting

fn provide<'a>(&'a self, request: &mut Request<'a>)

🔬This is a nightly-only experimental API. (error_generic_member_access)

Provides type-based access to context intended for error reports.

impl From<&str> for TokenError

fn from(err: &str) -> TokenError

Converts to this type from the input type.

impl From<FromHexError> for TokenError

fn from(err: FromHexError) -> TokenError

Converts to this type from the input type.

impl From<String> for TokenError

fn from(err: String) -> TokenError

Converts to this type from the input type.

impl From<Token> for TokenError

fn from(err: Token) -> TokenError

Converts to this type from the input type.