forked from sigstore/sigstore-rs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
errors.rs
127 lines (92 loc) · 4.05 KB
/
errors.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
//
// Copyright 2021 The Sigstore Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//! The errors that can be raised by sigstore-rs
use thiserror::Error;
pub type Result<T> = std::result::Result<T, SigstoreError>;
#[derive(Error, Debug)]
pub enum SigstoreError {
#[error("invalid key format: {error}")]
InvalidKeyFormat { error: String },
#[error(transparent)]
PEMParseError(#[from] x509_parser::nom::Err<x509_parser::error::PEMError>),
#[error(transparent)]
FromPEMError(#[from] pem::PemError),
#[error(transparent)]
X509ParseError(#[from] x509_parser::nom::Err<x509_parser::error::X509Error>),
#[error(transparent)]
X509Error(#[from] x509_parser::error::X509Error),
#[error(transparent)]
CertError(#[from] picky::x509::certificate::CertError),
#[error(transparent)]
Base64DecodeError(#[from] base64::DecodeError),
#[error("Public key with unsupported algorithm: {0}")]
PublicKeyUnsupportedAlgorithmError(String),
#[error("Public key verification error")]
PublicKeyVerificationError,
#[error("Certificate validity check failed: cannot be used before {0}")]
CertificateValidityError(String),
#[error("Certificate has not been issued for {0}")]
CertificateInvalidEmail(String),
#[error("Certificate expired before signatures were entered in log: {integrated_time} is before {not_before}")]
CertificateExpiredBeforeSignaturesSubmittedToRekor {
integrated_time: String,
not_before: String,
},
#[error("Certificate was issued after signatures were entered in log: {integrated_time} is after {not_after}")]
CertificateIssuedAfterSignaturesSubmittedToRekor {
integrated_time: String,
not_after: String,
},
#[error("Bundled certificate does not have digital signature key usage")]
CertificateWithoutDigitalSignatureKeyUsage,
#[error("Bundled certificate does not have code signing extended key usage")]
CertificateWithoutCodeSigningKeyUsage,
#[error("Certificate without Subject Alternative Name")]
CertificateWithoutSubjectAlternativeName,
#[error("Certificate with incomplete Subject Alternative Name")]
CertificateWithIncompleteSubjectAlternativeName,
#[error("Certificate pool error: {0}")]
CertificatePoolError(String),
#[error("Cannot fetch manifest of {image}: {error}")]
RegistryFetchManifestError { image: String, error: String },
#[error("Cannot pull manifest of {image}: {error}")]
RegistryPullManifestError { image: String, error: String },
#[error("Cannot pull {image}: {error}")]
RegistryPullError { image: String, error: String },
#[error("OCI reference not valid: {reference}")]
OciReferenceNotValidError { reference: String },
#[error("Layer doesn't have Sigstore media type")]
SigstoreMediaTypeNotFoundError,
#[error("Layer digest mismatch")]
SigstoreLayerDigestMismatchError,
#[error("Missing signature annotation")]
SigstoreAnnotationNotFoundError,
#[error("Rekor bundle missing")]
SigstoreRekorBundleNotFoundError,
#[error("Fulcio public key not provided")]
SigstoreFulcioPublicNotProvidedError,
#[error("No Signature Layer passed verification")]
SigstoreNoVerifiedLayer,
#[error(transparent)]
TufError(#[from] tough::error::Error),
#[error("TUF target {0} not found inside of repository")]
TufTargetNotFoundError(String),
#[error(transparent)]
IOError(#[from] std::io::Error),
#[error("{0}")]
UnexpectedError(String),
#[error("{0}")]
VerificationConstraintError(String),
}