signstar_config/nethsm/error.rs
1//! Error handling specific to interacting with [`NetHsmBackend`] and [`State`].
2
3use nethsm::{KeyId, NamespaceId, Url, UserId};
4
5use super::state::StateComparisonErrors;
6#[cfg(doc)]
7use crate::{NetHsmAdminCredentials, NetHsmBackend, SignstarConfig, State};
8
9/// An error that may occur when handling a NetHSM backend.
10#[derive(Debug, thiserror::Error)]
11pub enum Error {
12 /// One or more errors occurred when comparing [`State`].
13 #[error("Errors occurred when comparing states:\n{0}")]
14 CompareStates(StateComparisonErrors),
15
16 /// The iteration of the [`NetHsmAdminCredentials`] and [`SignstarConfig`] are not matching.
17 #[error(
18 "Iteration mismatch: Administrative credentials ({admin_creds}) vs. Signstar config ({signstar_config})"
19 )]
20 IterationMismatch {
21 /// The iteration of the [`NetHsmAdminCredentials`].
22 admin_creds: u32,
23 /// The iteration of the [`SignstarConfig`].
24 signstar_config: u32,
25 },
26
27 /// A system-wide key misses a tag.
28 #[error("The system-wide key {key_id} misses the tag {tag}")]
29 KeyIsMissingTag {
30 /// The [`KeyId`] of the missing key.
31 key_id: KeyId,
32
33 /// The missing tag.
34 tag: String,
35 },
36
37 /// A system-wide key is missing.
38 #[error("The system-wide key {key_id} is missing")]
39 KeyMissing {
40 /// The [`KeyId`] of the missing key.
41 key_id: KeyId,
42 },
43
44 /// A namespace admin is not in a namespace.
45 #[error("The NetHSM namespace administrator is not in a namespace: {user}")]
46 NamespaceAdminHasNoNamespace {
47 /// The [`UserId`] of the namespace administrator without a namespace.
48 user: UserId,
49 },
50
51 /// A namespace exists, but no N-Administrator is available for it.
52 #[error(
53 "There is no known N-Administrator available in the namespace {namespace} on the NetHSM backend at {url}"
54 )]
55 NamespaceHasNoAdmin {
56 /// The namespace for which no N-Administrator is available.
57 namespace: NamespaceId,
58
59 /// The URL of the NetHSM backend.
60 url: Url,
61 },
62
63 /// A namespaced key misses a tag.
64 #[error("The key {key_id} in namespace {namespace} misses the tag {tag}")]
65 NamespaceKeyMissesTag {
66 /// The [`KeyId`] of the missing key.
67 key_id: KeyId,
68
69 /// The namespace of the key that is missing a tag.
70 namespace: NamespaceId,
71
72 /// The missing tag.
73 tag: String,
74 },
75
76 /// A namespaced key is missing.
77 #[error("The key {key_id} in namespace {namespace} is missing")]
78 NamespaceKeyMissing {
79 /// The [`KeyId`] of the missing key.
80 key_id: KeyId,
81
82 /// The namespace of the key that is missing.
83 namespace: NamespaceId,
84 },
85
86 /// A namespace does not (yet) exist.
87 #[error("The is namespace {namespace} does not exist (yet)")]
88 NamespaceMissing {
89 /// The namespace that does not (yet) exist.
90 namespace: NamespaceId,
91 },
92
93 /// There is no User ID for an OpenPGP certificate that is supposed to be created.
94 #[error(
95 "The options for the OpenPGP certificate for key {key_id} in namespace {namespace} do not provide a User ID"
96 )]
97 NamespaceOpenPgpUserIdMissing {
98 /// The [`KeyId`] of the key for which the OpenPGP certificate should be created.
99 key_id: KeyId,
100
101 /// The namespace of the key for which the OpenPGP certificate should be created.
102 namespace: NamespaceId,
103 },
104
105 /// A namespaced non-administrative user misses a tag.
106 #[error("The non-administrative user {user} in namespace {namespace} misses the tag {tag}")]
107 NamespaceUserMissingTag {
108 /// The [`UserId`] of the user that misses `tag`.
109 user: UserId,
110
111 /// The namespace that user is in.
112 namespace: NamespaceId,
113
114 /// The missing tag.
115 tag: String,
116 },
117
118 /// A user is not in a specific namespace.
119 #[error("The user {user} is not the namespace {namespace}")]
120 NamespaceUserMissing {
121 /// The [`UserId`] of the user not in `namespace`.
122 user: UserId,
123
124 /// The [`NamespaceId`] of the namespace that `user` is not in.
125 namespace: NamespaceId,
126 },
127
128 /// A user is not in a namespace.
129 #[error("The user {user} is not in a namespace")]
130 NamespaceUserNoNamespace {
131 /// The [`UserId`] of the user without a namespace.
132 user: UserId,
133 },
134
135 /// A [`nethsm::UserError`] occurred.
136 #[error(transparent)]
137 NetHsmUser(#[from] nethsm::UserError),
138
139 /// There is no User ID for an OpenPGP certificate.
140 #[error("The OpenPGP certificate does not have a User ID associated with it")]
141 OpenPgpUserIdMissing {
142 /// The [`KeyId`] of the key for which the OpenPGP certificate should be created.
143 key_id: KeyId,
144 },
145
146 /// The passphrase for a system-wide non-administrative user is missing.
147 #[error("The passphrase for system-wide user {user} is missing")]
148 UserMissingPassphrase {
149 /// The [`UserId`] for which the passphrase is missing.
150 user: UserId,
151 },
152
153 /// A system-wide non-administrative user misses a tag.
154 #[error("The system-wide non-administrative user {user_id} misses the tag {tag}")]
155 UserMissingTag {
156 /// The [`UserId`] of the user that misses `tag`.
157 user_id: UserId,
158
159 /// The missing tag.
160 tag: String,
161 },
162
163 /// A system-wide non-administrative user is missing.
164 #[error("The system-wide non-administrative user {user_id} is missing")]
165 UserMissing {
166 /// The [`UserId`] of the missing user.
167 user_id: UserId,
168 },
169}