kamu_snap_crypto/error.rs
1//! Crate-level error taxonomy.
2
3use crate::signature::Encoding;
4
5/// All error conditions surfaced by `kamu-snap-crypto`.
6///
7/// Marked `#[non_exhaustive]` so adding new variants is non-breaking; consumers
8/// matching on this enum must use a wildcard arm.
9#[derive(Debug, thiserror::Error)]
10#[non_exhaustive]
11pub enum Error {
12 /// PKCS#8 public-key PEM failed to parse. Carries the upstream message.
13 #[error("invalid PEM public key: {0}")]
14 InvalidPublicKey(String),
15
16 /// PKCS#8 private-key PEM failed to parse. Carries the upstream message.
17 #[error("invalid PEM secret key: {0}")]
18 InvalidSecretKey(String),
19
20 /// HMAC secret length rejected by the underlying primitive.
21 #[error("invalid HMAC secret length")]
22 InvalidSecretLength,
23
24 /// Encoded signature could not be decoded into bytes.
25 #[error("signature decode failed ({encoding:?}): {reason}")]
26 SignatureDecode {
27 /// Encoding that was attempted.
28 encoding: Encoding,
29 /// Upstream decoder message.
30 reason: String,
31 },
32
33 /// HMAC verification failed (signature did not match canonical payload).
34 #[error("symmetric verification failed")]
35 SymmetricVerifyFailed,
36
37 /// RSA verification failed (signature did not match canonical payload).
38 #[error("asymmetric verification failed")]
39 AsymmetricVerifyFailed,
40
41 /// `snap_bi` recipe layer error (feature `snap-bi`).
42 #[cfg(feature = "snap-bi")]
43 #[error("snap-bi recipe error: {0}")]
44 SnapBi(String),
45
46 /// Webhook verifier error (feature `webhook`).
47 #[cfg(feature = "webhook")]
48 #[error("webhook verifier error: {0}")]
49 Webhook(String),
50}
51
52/// Shorthand for `core::result::Result<T, crate::Error>`.
53pub type Result<T> = core::result::Result<T, Error>;