signstar_config/nethsm/
error.rs

1//! Error handling specific to interacting with a [`NetHsmBackend`].
2
3use nethsm::{KeyId, NamespaceId, Url, UserId};
4
5#[cfg(doc)]
6use crate::{NetHsmAdminCredentials, NetHsmBackend, SignstarConfig};
7
8/// An error that may occur when handling a NetHSM backend.
9#[derive(Debug, thiserror::Error)]
10pub enum Error {
11    /// The iteration of the [`NetHsmAdminCredentials`] and [`SignstarConfig`] are not matching.
12    #[error(
13        "Iteration mismatch: Administrative credentials ({admin_creds}) vs. Signstar config ({signstar_config})"
14    )]
15    IterationMismatch {
16        /// The iteration of the [`NetHsmAdminCredentials`].
17        admin_creds: u32,
18        /// The iteration of the [`SignstarConfig`].
19        signstar_config: u32,
20    },
21
22    /// A system-wide key misses a tag.
23    #[error("The system-wide key {key_id} misses the tag {tag}")]
24    KeyIsMissingTag {
25        /// The [`KeyId`] of the missing key.
26        key_id: KeyId,
27
28        /// The missing tag.
29        tag: String,
30    },
31
32    /// A system-wide key is missing.
33    #[error("The system-wide key {key_id} is missing")]
34    KeyMissing {
35        /// The [`KeyId`] of the missing key.
36        key_id: KeyId,
37    },
38
39    /// A namespace admin is not in a namespace.
40    #[error("The NetHSM namespace administrator is not in a namespace: {user}")]
41    NamespaceAdminHasNoNamespace {
42        /// The [`UserId`] of the namespace administrator without a namespace.
43        user: UserId,
44    },
45
46    /// A namespace exists, but no N-Administrator is available for it.
47    #[error(
48        "There is no known N-Administrator available in the namespace {namespace} on the NetHSM backend at {url}"
49    )]
50    NamespaceHasNoAdmin {
51        /// The namespace for which no N-Administrator is available.
52        namespace: NamespaceId,
53
54        /// The URL of the NetHSM backend.
55        url: Url,
56    },
57
58    /// A namespaced key misses a tag.
59    #[error("The key {key_id} in namespace {namespace} misses the tag {tag}")]
60    NamespaceKeyMissesTag {
61        /// The [`KeyId`] of the missing key.
62        key_id: KeyId,
63
64        /// The namespace of the key that is missing a tag.
65        namespace: NamespaceId,
66
67        /// The missing tag.
68        tag: String,
69    },
70
71    /// A namespaced key is missing.
72    #[error("The key {key_id} in namespace {namespace} is missing")]
73    NamespaceKeyMissing {
74        /// The [`KeyId`] of the missing key.
75        key_id: KeyId,
76
77        /// The namespace of the key that is missing.
78        namespace: NamespaceId,
79    },
80
81    /// A namespace does not (yet) exist.
82    #[error("The is namespace {namespace} does not exist (yet)")]
83    NamespaceMissing {
84        /// The namespace that does not (yet) exist.
85        namespace: NamespaceId,
86    },
87
88    /// There is no User ID for an OpenPGP certificate that is supposed to be created.
89    #[error(
90        "The options for the OpenPGP certificate for key {key_id} in namespace {namespace} do not provide a User ID"
91    )]
92    NamespaceOpenPgpUserIdMissing {
93        /// The [`KeyId`] of the key for which the OpenPGP certificate should be created.
94        key_id: KeyId,
95
96        /// The namespace of the key for which the OpenPGP certificate should be created.
97        namespace: NamespaceId,
98    },
99
100    /// A namespaced non-administrative user misses a tag.
101    #[error("The non-administrative user {user} in namespace {namespace} misses the tag {tag}")]
102    NamespaceUserMissingTag {
103        /// The [`UserId`] of the user that misses `tag`.
104        user: UserId,
105
106        /// The namespace that user is in.
107        namespace: NamespaceId,
108
109        /// The missing tag.
110        tag: String,
111    },
112
113    /// A user is not in a specific namespace.
114    #[error("The user {user} is not the namespace {namespace}")]
115    NamespaceUserMissing {
116        /// The [`UserId`] of the user not in `namespace`.
117        user: UserId,
118
119        /// The [`NamespaceId`] of the namespace that `user` is not in.
120        namespace: NamespaceId,
121    },
122
123    /// A user is not in a namespace.
124    #[error("The user {user} is not in a namespace")]
125    NamespaceUserNoNamespace {
126        /// The [`UserId`] of the user without a namespace.
127        user: UserId,
128    },
129
130    /// A [`nethsm::UserError`] occurred.
131    #[error(transparent)]
132    NetHsmUser(#[from] nethsm::UserError),
133
134    /// There is no User ID for an OpenPGP certificate.
135    #[error("The OpenPGP certificate does not have a User ID associated with it")]
136    OpenPgpUserIdMissing {
137        /// The [`KeyId`] of the key for which the OpenPGP certificate should be created.
138        key_id: KeyId,
139    },
140
141    /// The passphrase for a system-wide non-administrative user is missing.
142    #[error("The passphrase for system-wide user {user} is missing")]
143    UserMissingPassphrase {
144        /// The [`UserId`] for which the passphrase is missing.
145        user: UserId,
146    },
147
148    /// A system-wide non-administrative user misses a tag.
149    #[error("The system-wide non-administrative user {user_id} misses the tag {tag}")]
150    UserMissingTag {
151        /// The [`UserId`] of the user that misses `tag`.
152        user_id: UserId,
153
154        /// The  missing tag.
155        tag: String,
156    },
157
158    /// A system-wide non-administrative user is missing.
159    #[error("The system-wide non-administrative user {user_id} is missing")]
160    UserMissing {
161        /// The [`UserId`] of the missing user.
162        user_id: UserId,
163    },
164}