Skip to main content

nexus_net/tls/
error.rs

1use std::fmt;
2
3/// TLS operation error.
4#[derive(Debug)]
5pub enum TlsError {
6    /// rustls protocol error (handshake failure, certificate error, etc.)
7    Rustls(rustls::Error),
8    /// I/O error during TLS operations.
9    Io(std::io::Error),
10    /// Invalid hostname for SNI.
11    InvalidHostname(String),
12    /// No system root certificates found.
13    NoRootCerts,
14}
15
16impl fmt::Display for TlsError {
17    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
18        match self {
19            Self::Rustls(e) => write!(f, "TLS error: {e}"),
20            Self::Io(e) => write!(f, "TLS I/O error: {e}"),
21            Self::InvalidHostname(h) => write!(f, "invalid TLS hostname: {h}"),
22            Self::NoRootCerts => write!(f, "no system root certificates found"),
23        }
24    }
25}
26
27impl std::error::Error for TlsError {
28    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
29        match self {
30            Self::Rustls(e) => Some(e),
31            Self::Io(e) => Some(e),
32            _ => None,
33        }
34    }
35}
36
37impl From<rustls::Error> for TlsError {
38    fn from(e: rustls::Error) -> Self {
39        Self::Rustls(e)
40    }
41}
42
43impl From<std::io::Error> for TlsError {
44    fn from(e: std::io::Error) -> Self {
45        Self::Io(e)
46    }
47}
48
49#[cfg(test)]
50mod tests {
51    use super::*;
52    use std::error::Error;
53
54    #[test]
55    fn tls_error_io() {
56        let io_err = std::io::Error::new(std::io::ErrorKind::ConnectionReset, "reset");
57        let err = TlsError::from(io_err);
58        assert!(matches!(err, TlsError::Io(_)));
59        assert!(err.to_string().contains("reset"));
60        assert!(err.source().is_some());
61    }
62
63    #[test]
64    fn tls_error_rustls() {
65        let rustls_err = rustls::Error::General("test error".into());
66        let err = TlsError::from(rustls_err);
67        assert!(matches!(err, TlsError::Rustls(_)));
68        assert!(err.to_string().contains("test error"));
69        assert!(err.source().is_some());
70    }
71
72    #[test]
73    fn tls_error_invalid_hostname() {
74        let err = TlsError::InvalidHostname("not a host!".into());
75        assert!(matches!(err, TlsError::InvalidHostname(_)));
76        assert_eq!(err.to_string(), "invalid TLS hostname: not a host!");
77        assert!(err.source().is_none());
78    }
79
80    #[test]
81    fn tls_error_no_root_certs() {
82        let err = TlsError::NoRootCerts;
83        assert!(matches!(err, TlsError::NoRootCerts));
84        assert_eq!(err.to_string(), "no system root certificates found");
85        assert!(err.source().is_none());
86    }
87}