signstar_config/nethsm/error.rs
1//! Error handling specific to interacting with [`NetHsmBackend`] and [`State`].
2
3use nethsm::{KeyId, NamespaceId, Url, UserId};
4#[cfg(doc)]
5use nethsm_config::HermeticParallelConfig;
6
7use super::state::StateComparisonErrors;
8#[cfg(doc)]
9use crate::{AdminCredentials, NetHsmBackend, State};
10
11/// An error that may occur when handling a NetHSM backend.
12#[derive(Debug, thiserror::Error)]
13pub enum Error {
14 /// One or more errors occurred when comparing [`State`].
15 #[error("Errors occurred when comparing states:\n{0}")]
16 CompareStates(StateComparisonErrors),
17
18 /// The iteration of the [`AdminCredentials`] and [`HermeticParallelConfig`] are not matching.
19 #[error(
20 "Iteration mismatch: Administrative credentials ({admin_creds}) vs. Signstar config ({signstar_config})"
21 )]
22 IterationMismatch {
23 /// The iteration of the [`AdminCredentials`].
24 admin_creds: u32,
25 /// The iteration of the [`HermeticParallelConfig`].
26 signstar_config: u32,
27 },
28
29 /// A system-wide key misses a tag.
30 #[error("The system-wide key {key_id} misses the tag {tag}")]
31 KeyIsMissingTag {
32 /// The [`KeyId`] of the missing key.
33 key_id: KeyId,
34
35 /// The missing tag.
36 tag: String,
37 },
38
39 /// A system-wide key is missing.
40 #[error("The system-wide key {key_id} is missing")]
41 KeyMissing {
42 /// The [`KeyId`] of the missing key.
43 key_id: KeyId,
44 },
45
46 /// A namespace admin is not in a namespace.
47 #[error("The NetHSM namespace administrator is not in a namespace: {user}")]
48 NamespaceAdminHasNoNamespace {
49 /// The [`UserId`] of the namespace administrator without a namespace.
50 user: UserId,
51 },
52
53 /// A namespace exists, but no N-Administrator is available for it.
54 #[error(
55 "There is no known N-Administrator available in the namespace {namespace} on the NetHSM backend at {url}"
56 )]
57 NamespaceHasNoAdmin {
58 /// The namespace for which no N-Administrator is available.
59 namespace: NamespaceId,
60
61 /// The URL of the NetHSM backend.
62 url: Url,
63 },
64
65 /// A namespaced key misses a tag.
66 #[error("The key {key_id} in namespace {namespace} misses the tag {tag}")]
67 NamespaceKeyMissesTag {
68 /// The [`KeyId`] of the missing key.
69 key_id: KeyId,
70
71 /// The namespace of the key that is missing a tag.
72 namespace: NamespaceId,
73
74 /// The missing tag.
75 tag: String,
76 },
77
78 /// A namespaced key is missing.
79 #[error("The key {key_id} in namespace {namespace} is missing")]
80 NamespaceKeyMissing {
81 /// The [`KeyId`] of the missing key.
82 key_id: KeyId,
83
84 /// The namespace of the key that is missing.
85 namespace: NamespaceId,
86 },
87
88 /// A namespace does not (yet) exist.
89 #[error("The is namespace {namespace} does not exist (yet)")]
90 NamespaceMissing {
91 /// The namespace that does not (yet) exist.
92 namespace: NamespaceId,
93 },
94
95 /// There is no User ID for an OpenPGP certificate that is supposed to be created.
96 #[error(
97 "The options for the OpenPGP certificate for key {key_id} in namespace {namespace} do not provide a User ID"
98 )]
99 NamespaceOpenPgpUserIdMissing {
100 /// The [`KeyId`] of the key for which the OpenPGP certificate should be created.
101 key_id: KeyId,
102
103 /// The namespace of the key for which the OpenPGP certificate should be created.
104 namespace: NamespaceId,
105 },
106
107 /// A namespaced non-administrative user misses a tag.
108 #[error("The non-administrative user {user} in namespace {namespace} misses the tag {tag}")]
109 NamespaceUserMissingTag {
110 /// The [`UserId`] of the user that misses `tag`.
111 user: UserId,
112
113 /// The namespace that user is in.
114 namespace: NamespaceId,
115
116 /// The missing tag.
117 tag: String,
118 },
119
120 /// A user is not in a specific namespace.
121 #[error("The user {user} is not the namespace {namespace}")]
122 NamespaceUserMissing {
123 /// The [`UserId`] of the user not in `namespace`.
124 user: UserId,
125
126 /// The [`NamespaceId`] of the namespace that `user` is not in.
127 namespace: NamespaceId,
128 },
129
130 /// A user is not in a namespace.
131 #[error("The user {user} is not in a namespace")]
132 NamespaceUserNoNamespace {
133 /// The [`UserId`] of the user without a namespace.
134 user: UserId,
135 },
136
137 /// A [`nethsm::UserError`] occurred.
138 #[error(transparent)]
139 NetHsmUser(#[from] nethsm::UserError),
140
141 /// There is no User ID for an OpenPGP certificate.
142 #[error("The OpenPGP certificate does not have a User ID associated with it")]
143 OpenPgpUserIdMissing {
144 /// The [`KeyId`] of the key for which the OpenPGP certificate should be created.
145 key_id: KeyId,
146 },
147
148 /// The passphrase for a system-wide non-administrative user is missing.
149 #[error("The passphrase for system-wide user {user} is missing")]
150 UserMissingPassphrase {
151 /// The [`UserId`] for which the passphrase is missing.
152 user: UserId,
153 },
154
155 /// A system-wide non-administrative user misses a tag.
156 #[error("The system-wide non-administrative user {user_id} misses the tag {tag}")]
157 UserMissingTag {
158 /// The [`UserId`] of the user that misses `tag`.
159 user_id: UserId,
160
161 /// The missing tag.
162 tag: String,
163 },
164
165 /// A system-wide non-administrative user is missing.
166 #[error("The system-wide non-administrative user {user_id} is missing")]
167 UserMissing {
168 /// The [`UserId`] of the missing user.
169 user_id: UserId,
170 },
171}