Skip to main content

tuf/
error.rs

1//! Error types and converters.
2
3use {
4    crate::{
5        crypto::KeyId,
6        metadata::{MetadataPath, MetadataVersion, TargetPath},
7    },
8    chrono::{offset::Utc, DateTime},
9    std::io,
10    thiserror::Error,
11};
12
13/// Alias for `Result<T, Error>`.
14pub type Result<T> = std::result::Result<T, Error>;
15
16/// Error type for all TUF related errors.
17#[non_exhaustive]
18#[derive(Error, Debug)]
19pub enum Error {
20    /// The metadata had a bad signature.
21    #[error("metadata {0} has a bad signature")]
22    BadSignature(MetadataPath),
23
24    /// There was a problem encoding or decoding.
25    #[error("encoding: {0}")]
26    Encoding(String),
27
28    /// Metadata was expired.
29    #[error("metadata {path} expired at {expiration}, it is now {now}")]
30    ExpiredMetadata {
31        /// The metadata that expired.
32        path: MetadataPath,
33        /// When the metadata expired.
34        expiration: DateTime<Utc>,
35        /// The latest known time.
36        now: DateTime<Utc>,
37    },
38
39    /// An illegal argument was passed into a function.
40    #[error("illegal argument: {0}")]
41    IllegalArgument(String),
42
43    /// Generic error for HTTP connections.
44    #[error("http error for {uri}")]
45    Http {
46        /// URI Resource that resulted in the error.
47        uri: String,
48
49        /// The error.
50        #[source]
51        err: http::Error,
52    },
53
54    /// Errors that can occur parsing HTTP streams.
55    #[cfg(feature = "hyper")]
56    #[error("hyper error for {uri}")]
57    Hyper {
58        /// URI Resource that resulted in the error.
59        uri: String,
60
61        /// The error.
62        #[source]
63        err: hyper::Error,
64    },
65
66    /// Unexpected HTTP response status.
67    #[error("error getting {uri}: request failed with status code {code}")]
68    BadHttpStatus {
69        /// URI Resource that resulted in the error.
70        uri: String,
71
72        /// HTTP status code.
73        code: http::StatusCode,
74    },
75
76    /// An IO error occurred.
77    #[error(transparent)]
78    Io(#[from] io::Error),
79
80    /// An IO error occurred for a path.
81    #[error("IO error on path {path}")]
82    IoPath {
83        /// Path where the error occurred.
84        path: std::path::PathBuf,
85
86        /// The IO error.
87        #[source]
88        err: io::Error,
89    },
90
91    /// A json serialization error occurred.
92    #[error(transparent)]
93    Json(#[from] serde_json::error::Error),
94
95    /// There were no available hash algorithms.
96    #[error("no supported hash algorithm")]
97    NoSupportedHashAlgorithm,
98
99    /// The metadata was not found.
100    #[error("metadata {path} at version {version} not found")]
101    MetadataNotFound {
102        /// The metadata path.
103        path: MetadataPath,
104
105        /// The metadata version.
106        version: MetadataVersion,
107    },
108
109    /// The target was not found.
110    #[error("target {0} not found")]
111    TargetNotFound(TargetPath),
112
113    /// Opaque error type, to be interpreted similar to HTTP 500. Something went wrong, and you may
114    /// or may not be able to do anything about it.
115    #[error("opaque: {0}")]
116    Opaque(String),
117
118    /// There is no known or available key type.
119    #[error("unknown key type: {0}")]
120    UnknownKeyType(String),
121
122    /// There is no known or available signature scheme.
123    #[error("unknown signature scheme: {0}")]
124    UnknownSignatureScheme(String),
125
126    /// The metadata's version must be greater than 0.
127    #[error("metadata {0} version should be greater than zero")]
128    MetadataVersionMustBeGreaterThanZero(MetadataPath),
129
130    /// The metadata's version must be less than `u32::MAX`.
131    #[error("metadata {0} version should be less than max u32")]
132    MetadataVersionMustBeSmallerThanMaxU32(MetadataPath),
133
134    /// The metadata threshold must be greater than 0.
135    #[error("metadata {0} threshold must be greater than zero")]
136    MetadataThresholdMustBeGreaterThanZero(MetadataPath),
137
138    /// The metadata role has a duplicate keyid.
139    #[error("metadata role {role} has duplicate key id {key_id}")]
140    MetadataRoleHasDuplicateKeyId {
141        /// The metadata.
142        role: MetadataPath,
143        /// The duplicated keyid.
144        key_id: KeyId,
145    },
146
147    /// The metadata role does not have enough keyids.
148    #[error("metadata role {role} has {key_ids} keyid(s), must have at least {threshold}")]
149    MetadataRoleDoesNotHaveEnoughKeyIds {
150        /// The metadata.
151        role: MetadataPath,
152        /// The number of keyids.
153        key_ids: usize,
154        /// The minimum threshold of keys.
155        threshold: u32,
156    },
157
158    /// The metadata was not signed with enough valid signatures.
159    #[error(
160        "metadata {role} signature threshold not met: {number_of_valid_signatures}/{threshold}"
161    )]
162    MetadataMissingSignatures {
163        /// The signed metadata.
164        role: MetadataPath,
165        /// The number of signatures which are valid.
166        number_of_valid_signatures: u32,
167        /// The minimum number of valid signatures.
168        threshold: u32,
169    },
170
171    /// Attempted to update metadata with an older version.
172    #[error(
173        "attempted to roll back metadata {role} from version {trusted_version} to {new_version}"
174    )]
175    AttemptedMetadataRollBack {
176        /// The metadata.
177        role: MetadataPath,
178        /// The trusted metadata's version.
179        trusted_version: u32,
180        /// The new metadata's version.
181        new_version: u32,
182    },
183
184    /// The parent metadata expected the child metadata to be at one version, but was found to be at
185    /// another version.
186    #[error("metadata {parent_role} expected metadata {child_role} version {expected_version}, but found {new_version}")]
187    WrongMetadataVersion {
188        /// The parent metadata that contains the child metadata's version.
189        parent_role: MetadataPath,
190        /// The child metadata that has an unexpected version.
191        child_role: MetadataPath,
192        /// The expected version of the child metadata.
193        expected_version: u32,
194        /// The actual version of the child metadata.
195        new_version: u32,
196    },
197
198    /// The parent metadata does not contain a description of the child metadata.
199    #[error("metadata {parent_role} missing description of {child_role}")]
200    MissingMetadataDescription {
201        /// The parent metadata that contains the child metadata's description.
202        parent_role: MetadataPath,
203        /// The child metadata that should have been contained in the parent.
204        child_role: MetadataPath,
205    },
206
207    /// The parent metadata did not delegate to the child role.
208    #[error("{parent_role} delegation to {child_role} is not authorized")]
209    UnauthorizedDelegation {
210        /// The parent metadata that did not delegate to the child.
211        parent_role: MetadataPath,
212        /// That child metadata that was not delegated to by the parent.
213        child_role: MetadataPath,
214    },
215
216    /// The metadata must be signed with at least one private key.
217    #[error("{role} must be signed with at least one private key")]
218    MissingPrivateKey {
219        /// The metadata to be signed.
220        role: MetadataPath,
221    },
222}