webpki/error.rs
1// Copyright 2015 Brian Smith.
2//
3// Permission to use, copy, modify, and/or distribute this software for any
4// purpose with or without fee is hereby granted, provided that the above
5// copyright notice and this permission notice appear in all copies.
6//
7// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
8// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
10// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14
15#[cfg(feature = "alloc")]
16use alloc::string::String;
17#[cfg(feature = "alloc")]
18use alloc::vec::Vec;
19use core::fmt;
20use core::ops::ControlFlow;
21
22use pki_types::UnixTime;
23#[cfg(feature = "alloc")]
24use pki_types::{AlgorithmIdentifier, ServerName};
25
26use crate::verify_cert::RequiredEkuNotFoundContext;
27
28/// An error that occurs during certificate validation or name validation.
29#[derive(Clone, Debug, PartialEq, Eq)]
30#[non_exhaustive]
31pub enum Error {
32 /// The encoding of some ASN.1 DER-encoded item is invalid.
33 BadDer,
34
35 /// The encoding of an ASN.1 DER-encoded time is invalid.
36 BadDerTime,
37
38 /// A CA certificate is being used as an end-entity certificate.
39 CaUsedAsEndEntity,
40
41 /// The certificate is expired; i.e. the time it is being validated for is
42 /// later than the certificate's notAfter time.
43 CertExpired {
44 /// The validation time.
45 time: UnixTime,
46 /// The notAfter time of the certificate.
47 not_after: UnixTime,
48 },
49
50 /// The certificate is not valid for the name it is being validated for.
51 CertNotValidForName(InvalidNameContext),
52
53 /// The certificate is not valid yet; i.e. the time it is being validated
54 /// for is earlier than the certificate's notBefore time.
55 CertNotValidYet {
56 /// The validation time.
57 time: UnixTime,
58 /// The notBefore time of the certificate.
59 not_before: UnixTime,
60 },
61
62 /// The certificate, or one of its issuers, has been revoked.
63 CertRevoked,
64
65 /// The CRL is expired; i.e. the verification time is not before the time
66 /// in the CRL nextUpdate field.
67 CrlExpired {
68 /// The validation time.
69 time: UnixTime,
70 /// The nextUpdate time of the CRL.
71 next_update: UnixTime,
72 },
73
74 /// The certificate has an Extended Key Usage extension without any EKU values.
75 EmptyEkuExtension,
76
77 /// An end-entity certificate is being used as a CA certificate.
78 EndEntityUsedAsCa,
79
80 /// An X.509 extension is invalid.
81 ExtensionValueInvalid,
82
83 /// The certificate validity period (notBefore, notAfter) is invalid; e.g.
84 /// the notAfter time is earlier than the notBefore time.
85 InvalidCertValidity,
86
87 /// A CRL number extension was invalid:
88 /// - it was mis-encoded
89 /// - it was negative
90 /// - it was too long
91 InvalidCrlNumber,
92
93 /// A iPAddress name constraint was invalid:
94 /// - it had a sparse network mask (ie, cannot be written in CIDR form).
95 /// - it was too long or short
96 InvalidNetworkMaskConstraint,
97
98 /// A serial number was invalid:
99 /// - it was misencoded
100 /// - it was negative
101 /// - it was too long
102 InvalidSerialNumber,
103
104 /// The CRL signature is invalid for the issuer's public key.
105 InvalidCrlSignatureForPublicKey,
106
107 /// The signature is invalid for the given public key.
108 InvalidSignatureForPublicKey,
109
110 /// A CRL was signed by an issuer that has a KeyUsage bitstring that does not include
111 /// the cRLSign key usage bit.
112 IssuerNotCrlSigner,
113
114 /// A presented or reference DNS identifier was malformed, potentially
115 /// containing invalid characters or invalid labels.
116 MalformedDnsIdentifier,
117
118 /// The certificate extensions are malformed.
119 ///
120 /// In particular, webpki requires the DNS name(s) be in the subjectAltName
121 /// extension as required by the CA/Browser Forum Baseline Requirements
122 /// and as recommended by RFC6125.
123 MalformedExtensions,
124
125 /// A name constraint was malformed, potentially containing invalid characters or
126 /// invalid labels.
127 MalformedNameConstraint,
128
129 /// The maximum number of name constraint comparisons has been reached.
130 MaximumNameConstraintComparisonsExceeded,
131
132 /// The maximum number of internal path building calls has been reached. Path complexity is too great.
133 MaximumPathBuildCallsExceeded,
134
135 /// The path search was terminated because it became too deep.
136 MaximumPathDepthExceeded,
137
138 /// The maximum number of signature checks has been reached. Path complexity is too great.
139 MaximumSignatureChecksExceeded,
140
141 /// The certificate violates one or more name constraints.
142 NameConstraintViolation,
143
144 /// The certificate violates one or more path length constraints.
145 PathLenConstraintViolated,
146
147 /// The certificate is not valid for the Extended Key Usage for which it is
148 /// being validated.
149 #[deprecated(since = "0.103.2", note = "use RequiredEkuNotFoundContext instead")]
150 RequiredEkuNotFound,
151
152 /// The certificate is not valid for the Extended Key Usage for which it is
153 /// being validated.
154 RequiredEkuNotFoundContext(RequiredEkuNotFoundContext),
155
156 /// The algorithm in the TBSCertificate "signature" field of a certificate
157 /// does not match the algorithm in the signature of the certificate.
158 SignatureAlgorithmMismatch,
159
160 /// Trailing data was found while parsing DER-encoded input for the named type.
161 TrailingData(DerTypeId),
162
163 /// A valid issuer for the certificate could not be found.
164 UnknownIssuer,
165
166 /// The certificate's revocation status could not be determined.
167 UnknownRevocationStatus,
168
169 /// The certificate is not a v3 X.509 certificate.
170 ///
171 /// This error may be also reported if the certificate version field
172 /// is malformed.
173 UnsupportedCertVersion,
174
175 /// The certificate contains an unsupported critical extension.
176 UnsupportedCriticalExtension,
177
178 /// The CRL contains an issuing distribution point with no distribution point name,
179 /// or a distribution point name relative to an issuer.
180 UnsupportedCrlIssuingDistributionPoint,
181
182 /// The CRL is not a v2 X.509 CRL.
183 ///
184 /// The RFC 5280 web PKI profile mandates only version 2 be used. See section
185 /// 5.1.2.1 for more information.
186 ///
187 /// This error may also be reported if the CRL version field is malformed.
188 UnsupportedCrlVersion,
189
190 /// The CRL is an unsupported "delta" CRL.
191 UnsupportedDeltaCrl,
192
193 /// The CRL contains unsupported "indirect" entries.
194 UnsupportedIndirectCrl,
195
196 /// The `ServerName` contained an unsupported type of value.
197 UnsupportedNameType,
198
199 /// The revocation reason is not in the set of supported revocation reasons.
200 UnsupportedRevocationReason,
201
202 /// The CRL is partitioned by revocation reasons.
203 UnsupportedRevocationReasonsPartitioning,
204
205 /// The signature algorithm for a signature over a CRL is not in the set of supported
206 /// signature algorithms given.
207 #[deprecated(
208 since = "0.103.4",
209 note = "use UnsupportedCrlSignatureAlgorithmContext instead"
210 )]
211 UnsupportedCrlSignatureAlgorithm,
212
213 /// The signature algorithm for a signature is not in the set of supported
214 /// signature algorithms given.
215 UnsupportedCrlSignatureAlgorithmContext(UnsupportedSignatureAlgorithmContext),
216
217 /// The signature algorithm for a signature is not in the set of supported
218 /// signature algorithms given.
219 #[deprecated(
220 since = "0.103.4",
221 note = "use UnsupportedSignatureAlgorithmContext instead"
222 )]
223 UnsupportedSignatureAlgorithm,
224
225 /// The signature algorithm for a signature is not in the set of supported
226 /// signature algorithms given.
227 UnsupportedSignatureAlgorithmContext(UnsupportedSignatureAlgorithmContext),
228
229 /// The CRL signature's algorithm does not match the algorithm of the issuer
230 /// public key it is being validated for. This may be because the public key
231 /// algorithm's OID isn't recognized (e.g. DSA), or the public key
232 /// algorithm's parameters don't match the supported parameters for that
233 /// algorithm (e.g. ECC keys for unsupported curves), or the public key
234 /// algorithm and the signature algorithm simply don't match (e.g.
235 /// verifying an RSA signature with an ECC public key).
236 #[deprecated(
237 since = "0.103.4",
238 note = "use UnsupportedCrlSignatureAlgorithmForPublicKeyContext instead"
239 )]
240 UnsupportedCrlSignatureAlgorithmForPublicKey,
241
242 /// The signature's algorithm does not match the algorithm of the public
243 /// key it is being validated for. This may be because the public key
244 /// algorithm's OID isn't recognized (e.g. DSA), or the public key
245 /// algorithm's parameters don't match the supported parameters for that
246 /// algorithm (e.g. ECC keys for unsupported curves), or the public key
247 /// algorithm and the signature algorithm simply don't match (e.g.
248 /// verifying an RSA signature with an ECC public key).
249 UnsupportedCrlSignatureAlgorithmForPublicKeyContext(
250 UnsupportedSignatureAlgorithmForPublicKeyContext,
251 ),
252
253 /// The signature's algorithm does not match the algorithm of the public
254 /// key it is being validated for. This may be because the public key
255 /// algorithm's OID isn't recognized (e.g. DSA), or the public key
256 /// algorithm's parameters don't match the supported parameters for that
257 /// algorithm (e.g. ECC keys for unsupported curves), or the public key
258 /// algorithm and the signature algorithm simply don't match (e.g.
259 /// verifying an RSA signature with an ECC public key).
260 #[deprecated(
261 since = "0.103.4",
262 note = "use UnsupportedSignatureAlgorithmForPublicKeyContext instead"
263 )]
264 UnsupportedSignatureAlgorithmForPublicKey,
265
266 /// The signature's algorithm does not match the algorithm of the public
267 /// key it is being validated for. This may be because the public key
268 /// algorithm's OID isn't recognized (e.g. DSA), or the public key
269 /// algorithm's parameters don't match the supported parameters for that
270 /// algorithm (e.g. ECC keys for unsupported curves), or the public key
271 /// algorithm and the signature algorithm simply don't match (e.g.
272 /// verifying an RSA signature with an ECC public key).
273 UnsupportedSignatureAlgorithmForPublicKeyContext(
274 UnsupportedSignatureAlgorithmForPublicKeyContext,
275 ),
276}
277
278impl Error {
279 // Compare the Error with the new error by rank, returning the higher rank of the two as
280 // the most specific error.
281 pub(crate) fn most_specific(self, new: Self) -> Self {
282 // Assign an error a numeric value ranking it by specificity.
283 if self.rank() >= new.rank() { self } else { new }
284 }
285
286 // Return a numeric indication of how specific the error is, where an error with a higher rank
287 // is considered more useful to an end user than an error with a lower rank. This is used by
288 // Error::most_specific to compare two errors in order to return which is more specific.
289 #[allow(clippy::as_conversions)] // We won't exceed u32 errors.
290 pub(crate) fn rank(&self) -> u32 {
291 match &self {
292 // Errors related to certificate validity
293 Self::CertNotValidYet { .. } | Self::CertExpired { .. } => 290,
294 Self::CertNotValidForName(_) => 280,
295 Self::CertRevoked | Self::UnknownRevocationStatus | Self::CrlExpired { .. } => 270,
296 Self::InvalidCrlSignatureForPublicKey | Self::InvalidSignatureForPublicKey => 260,
297 Self::SignatureAlgorithmMismatch => 250,
298 Self::EmptyEkuExtension => 245,
299 #[allow(deprecated)]
300 Self::RequiredEkuNotFound | Self::RequiredEkuNotFoundContext(_) => 240,
301 Self::NameConstraintViolation => 230,
302 Self::PathLenConstraintViolated => 220,
303 Self::CaUsedAsEndEntity | Self::EndEntityUsedAsCa => 210,
304 Self::IssuerNotCrlSigner => 200,
305
306 // Errors related to supported features used in an invalid way.
307 Self::InvalidCertValidity => 190,
308 Self::InvalidNetworkMaskConstraint => 180,
309 Self::InvalidSerialNumber => 170,
310 Self::InvalidCrlNumber => 160,
311
312 // Errors related to unsupported features.
313 #[allow(deprecated)]
314 Self::UnsupportedCrlSignatureAlgorithmForPublicKey
315 | Self::UnsupportedCrlSignatureAlgorithmForPublicKeyContext(_)
316 | Self::UnsupportedSignatureAlgorithmForPublicKey
317 | Self::UnsupportedSignatureAlgorithmForPublicKeyContext(_) => 150,
318 #[allow(deprecated)]
319 Self::UnsupportedCrlSignatureAlgorithm
320 | Self::UnsupportedCrlSignatureAlgorithmContext(_)
321 | Self::UnsupportedSignatureAlgorithm
322 | Self::UnsupportedSignatureAlgorithmContext(_) => 140,
323 Self::UnsupportedCriticalExtension => 130,
324 Self::UnsupportedCertVersion => 130,
325 Self::UnsupportedCrlVersion => 120,
326 Self::UnsupportedDeltaCrl => 110,
327 Self::UnsupportedIndirectCrl => 100,
328 Self::UnsupportedNameType => 95,
329 Self::UnsupportedRevocationReason => 90,
330 Self::UnsupportedRevocationReasonsPartitioning => 80,
331 Self::UnsupportedCrlIssuingDistributionPoint => 70,
332 Self::MaximumPathDepthExceeded => 61,
333
334 // Errors related to malformed data.
335 Self::MalformedDnsIdentifier => 60,
336 Self::MalformedNameConstraint => 50,
337 Self::MalformedExtensions | Self::TrailingData(_) => 40,
338 Self::ExtensionValueInvalid => 30,
339
340 // Generic DER errors.
341 Self::BadDerTime => 20,
342 Self::BadDer => 10,
343
344 // Special case errors - not subject to ranking.
345 Self::MaximumSignatureChecksExceeded => 0,
346 Self::MaximumPathBuildCallsExceeded => 0,
347 Self::MaximumNameConstraintComparisonsExceeded => 0,
348
349 // Default catch all error - should be renamed in the future.
350 Self::UnknownIssuer => 0,
351 }
352 }
353
354 /// Returns true for errors that should be considered fatal during path building. Errors of
355 /// this class should halt any further path building and be returned immediately.
356 #[inline]
357 pub(crate) fn is_fatal(&self) -> bool {
358 matches!(
359 self,
360 Self::MaximumSignatureChecksExceeded
361 | Self::MaximumPathBuildCallsExceeded
362 | Self::MaximumNameConstraintComparisonsExceeded
363 )
364 }
365}
366
367impl From<Error> for ControlFlow<Error, Error> {
368 fn from(value: Error) -> Self {
369 match value {
370 // If an error is fatal, we've exhausted the potential for continued search.
371 err if err.is_fatal() => Self::Break(err),
372 // Otherwise we've rejected one candidate chain, but may continue to search for others.
373 err => Self::Continue(err),
374 }
375 }
376}
377
378impl fmt::Display for Error {
379 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
380 write!(f, "{self:?}")
381 }
382}
383
384#[cfg(feature = "std")]
385impl ::std::error::Error for Error {}
386
387/// Additional context for the `CertNotValidForName` error variant.
388///
389/// The contents of this type depend on whether the `alloc` feature is enabled.
390#[derive(Clone, Debug, PartialEq, Eq)]
391pub struct InvalidNameContext {
392 /// Expected server name.
393 #[cfg(feature = "alloc")]
394 pub expected: ServerName<'static>,
395 /// The names presented in the end entity certificate.
396 ///
397 /// These are the subject names as present in the leaf certificate and may contain DNS names
398 /// with or without a wildcard label as well as IP address names.
399 #[cfg(feature = "alloc")]
400 pub presented: Vec<String>,
401}
402
403/// Additional context for the `UnsupportedSignatureAlgorithmForPublicKey` error variant.
404///
405/// The contents of this type depend on whether the `alloc` feature is enabled.
406#[derive(Clone, Debug, PartialEq, Eq)]
407pub struct UnsupportedSignatureAlgorithmForPublicKeyContext {
408 /// The signature algorithm OID.
409 #[cfg(feature = "alloc")]
410 pub signature_algorithm_id: Vec<u8>,
411 /// The public key algorithm OID.
412 #[cfg(feature = "alloc")]
413 pub public_key_algorithm_id: Vec<u8>,
414}
415
416/// Additional context for the `UnsupportedSignatureAlgorithm` error variant.
417///
418/// The contents of this type depend on whether the `alloc` feature is enabled.
419#[derive(Clone, Debug, PartialEq, Eq)]
420pub struct UnsupportedSignatureAlgorithmContext {
421 /// The signature algorithm OID that was unsupported.
422 #[cfg(feature = "alloc")]
423 pub signature_algorithm_id: Vec<u8>,
424 /// Supported algorithms that were available for signature verification.
425 #[cfg(feature = "alloc")]
426 pub supported_algorithms: Vec<AlgorithmIdentifier>,
427}
428
429/// Trailing data was found while parsing DER-encoded input for the named type.
430#[allow(missing_docs)]
431#[non_exhaustive]
432#[derive(Clone, Copy, Debug, Eq, PartialEq)]
433pub enum DerTypeId {
434 BitString,
435 Bool,
436 Certificate,
437 CertificateExtensions,
438 CertificateTbsCertificate,
439 CertRevocationList,
440 CertRevocationListExtension,
441 CrlDistributionPoint,
442 CommonNameInner,
443 CommonNameOuter,
444 DistributionPointName,
445 Extension,
446 GeneralName,
447 RevocationReason,
448 Signature,
449 SignatureAlgorithm,
450 SignedData,
451 SubjectPublicKeyInfo,
452 Time,
453 TrustAnchorV1,
454 TrustAnchorV1TbsCertificate,
455 U8,
456 RevokedCertificate,
457 RevokedCertificateExtension,
458 RevokedCertEntry,
459 IssuingDistributionPoint,
460}