diff --git a/CHANGELOG.md b/CHANGELOG.md index 697c35f1..765d88a8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,10 @@ # Changes +## Unreleased + +- Rename `RcGenError` to `Error` to avoid stuttering when used fully-qualified via `rcgen::`. + ## Release 0.11.3 - October 1, 2023 - Fix for import errors building without the optional `pem` feature. diff --git a/src/crl.rs b/src/crl.rs index ad431600..75a89bcd 100644 --- a/src/crl.rs +++ b/src/crl.rs @@ -11,9 +11,7 @@ use crate::{ write_distinguished_name, write_dt_utc_or_generalized, write_x509_authority_key_identifier, write_x509_extension, }; -use crate::{ - Certificate, KeyIdMethod, KeyUsagePurpose, RcgenError, SerialNumber, SignatureAlgorithm, -}; +use crate::{Certificate, Error, KeyIdMethod, KeyUsagePurpose, SerialNumber, SignatureAlgorithm}; /// A certificate revocation list (CRL) /// @@ -54,9 +52,9 @@ pub struct CertificateRevocationList { impl CertificateRevocationList { /// Generates a new certificate revocation list (CRL) from the given parameters. - pub fn from_params(params: CertificateRevocationListParams) -> Result { + pub fn from_params(params: CertificateRevocationListParams) -> Result { if params.next_update.le(¶ms.this_update) { - return Err(RcgenError::InvalidCrlNextUpdate); + return Err(Error::InvalidCrlNextUpdate); } Ok(Self { params }) } @@ -66,18 +64,18 @@ impl CertificateRevocationList { } /// Serializes the certificate revocation list (CRL) in binary DER format, signed with /// the issuing certificate authority's key. - pub fn serialize_der_with_signer(&self, ca: &Certificate) -> Result, RcgenError> { + pub fn serialize_der_with_signer(&self, ca: &Certificate) -> Result, Error> { if !ca.params.key_usages.is_empty() && !ca.params.key_usages.contains(&KeyUsagePurpose::CrlSign) { - return Err(RcgenError::IssuerNotCrlSigner); + return Err(Error::IssuerNotCrlSigner); } self.params.serialize_der_with_signer(ca) } /// Serializes the certificate revocation list (CRL) in ASCII PEM format, signed with /// the issuing certificate authority's key. #[cfg(feature = "pem")] - pub fn serialize_pem_with_signer(&self, ca: &Certificate) -> Result { + pub fn serialize_pem_with_signer(&self, ca: &Certificate) -> Result { let contents = self.serialize_der_with_signer(ca)?; let p = Pem::new("X509 CRL", contents); Ok(pem::encode_config(&p, ENCODE_CONFIG)) @@ -174,13 +172,13 @@ pub struct CertificateRevocationListParams { } impl CertificateRevocationListParams { - fn serialize_der_with_signer(&self, ca: &Certificate) -> Result, RcgenError> { + fn serialize_der_with_signer(&self, ca: &Certificate) -> Result, Error> { yasna::try_construct_der(|writer| { // https://www.rfc-editor.org/rfc/rfc5280#section-5.1 writer.write_sequence(|writer| { let tbs_cert_list_serialized = yasna::try_construct_der(|writer| { self.write_crl(writer, ca)?; - Ok::<(), RcgenError>(()) + Ok::<(), Error>(()) })?; // Write tbsCertList @@ -196,7 +194,7 @@ impl CertificateRevocationListParams { }) }) } - fn write_crl(&self, writer: DERWriter, ca: &Certificate) -> Result<(), RcgenError> { + fn write_crl(&self, writer: DERWriter, ca: &Certificate) -> Result<(), Error> { writer.write_sequence(|writer| { // Write CRL version. // RFC 5280 ยง5.1.2.1: diff --git a/src/csr.rs b/src/csr.rs index 62ad99f4..e0d9eb6f 100644 --- a/src/csr.rs +++ b/src/csr.rs @@ -4,7 +4,7 @@ use crate::{DistinguishedName, SanType}; use pem::Pem; use std::hash::Hash; -use crate::{Certificate, CertificateParams, PublicKeyData, RcgenError, SignatureAlgorithm}; +use crate::{Certificate, CertificateParams, Error, PublicKeyData, SignatureAlgorithm}; /// A public key, extracted from a CSR #[derive(Debug, PartialEq, Eq, Hash)] @@ -36,8 +36,8 @@ impl CertificateSigningRequest { /// /// See [`from_der`](Self::from_der) for more details. #[cfg(all(feature = "pem", feature = "x509-parser"))] - pub fn from_pem(pem_str: &str) -> Result { - let csr = pem::parse(pem_str).or(Err(RcgenError::CouldNotParseCertificationRequest))?; + pub fn from_pem(pem_str: &str) -> Result { + let csr = pem::parse(pem_str).or(Err(Error::CouldNotParseCertificationRequest))?; Self::from_der(csr.contents()) } @@ -46,18 +46,17 @@ impl CertificateSigningRequest { /// Currently, this only supports the `Subject Alternative Name` extension. /// On encountering other extensions, this function will return an error. #[cfg(feature = "x509-parser")] - pub fn from_der(csr: &[u8]) -> Result { + pub fn from_der(csr: &[u8]) -> Result { use x509_parser::prelude::FromDer; let csr = x509_parser::certification_request::X509CertificationRequest::from_der(csr) - .map_err(|_| RcgenError::CouldNotParseCertificationRequest)? + .map_err(|_| Error::CouldNotParseCertificationRequest)? .1; - csr.verify_signature() - .map_err(|_| RcgenError::RingUnspecified)?; + csr.verify_signature().map_err(|_| Error::RingUnspecified)?; let alg_oid = csr .signature_algorithm .algorithm .iter() - .ok_or(RcgenError::CouldNotParseCertificationRequest)? + .ok_or(Error::CouldNotParseCertificationRequest)? .collect::>(); let alg = SignatureAlgorithm::from_oid(&alg_oid)?; @@ -77,7 +76,7 @@ impl CertificateSigningRequest { .push(SanType::try_from_general(name)?); } }, - _ => return Err(RcgenError::UnsupportedExtension), + _ => return Err(Error::UnsupportedExtension), } } } @@ -94,12 +93,12 @@ impl CertificateSigningRequest { }) } /// Serializes the requested certificate, signed with another certificate's key, in binary DER format - pub fn serialize_der_with_signer(&self, ca: &Certificate) -> Result, RcgenError> { + pub fn serialize_der_with_signer(&self, ca: &Certificate) -> Result, Error> { self.params.serialize_der_with_signer(&self.public_key, ca) } /// Serializes the requested certificate, signed with another certificate's key, to the ASCII PEM format #[cfg(feature = "pem")] - pub fn serialize_pem_with_signer(&self, ca: &Certificate) -> Result { + pub fn serialize_pem_with_signer(&self, ca: &Certificate) -> Result { let contents = self .params .serialize_der_with_signer(&self.public_key, ca)?; diff --git a/src/error.rs b/src/error.rs index 40982430..954078f4 100644 --- a/src/error.rs +++ b/src/error.rs @@ -1,10 +1,9 @@ -use std::error::Error; use std::fmt; #[derive(Debug, PartialEq, Eq)] #[non_exhaustive] /// The error type of the rcgen crate -pub enum RcgenError { +pub enum Error { /// The given certificate couldn't be parsed CouldNotParseCertificate, /// The given certificate signing request couldn't be parsed @@ -46,9 +45,9 @@ pub enum RcgenError { IssuerNotCrlSigner, } -impl fmt::Display for RcgenError { +impl fmt::Display for Error { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - use self::RcgenError::*; + use self::Error::*; match self { CouldNotParseCertificate => write!(f, "Could not parse certificate")?, CouldNotParseCertificationRequest => write!( @@ -97,23 +96,23 @@ impl fmt::Display for RcgenError { } } -impl Error for RcgenError {} +impl std::error::Error for Error {} -impl From for RcgenError { +impl From for Error { fn from(_unspecified: ring::error::Unspecified) -> Self { - RcgenError::RingUnspecified + Error::RingUnspecified } } -impl From for RcgenError { +impl From for Error { fn from(err: ring::error::KeyRejected) -> Self { - RcgenError::RingKeyRejected(err.description_()) + Error::RingKeyRejected(err.description_()) } } #[cfg(feature = "pem")] -impl From for RcgenError { +impl From for Error { fn from(e: pem::PemError) -> Self { - RcgenError::PemError(e) + Error::PemError(e) } } diff --git a/src/key_pair.rs b/src/key_pair.rs index 72f8c321..ce15b554 100644 --- a/src/key_pair.rs +++ b/src/key_pair.rs @@ -11,7 +11,7 @@ use crate::sign_algo::algo::*; use crate::sign_algo::SignAlgo; #[cfg(feature = "pem")] use crate::ENCODE_CONFIG; -use crate::{RcgenError, SignatureAlgorithm}; +use crate::{Error, SignatureAlgorithm}; /// A key pair vairant #[allow(clippy::large_enum_variant)] @@ -55,7 +55,7 @@ impl KeyPair { /// Parses the key pair from the DER format /// /// Equivalent to using the [`TryFrom`] implementation. - pub fn from_der(der: &[u8]) -> Result { + pub fn from_der(der: &[u8]) -> Result { Ok(der.try_into()?) } /// Returns the key pair's signature algorithm @@ -64,14 +64,14 @@ impl KeyPair { } /// Parses the key pair from the ASCII PEM format #[cfg(feature = "pem")] - pub fn from_pem(pem_str: &str) -> Result { + pub fn from_pem(pem_str: &str) -> Result { let private_key = pem::parse(pem_str)?; let private_key_der: &[_] = private_key.contents(); Ok(private_key_der.try_into()?) } /// Obtains the key pair from a raw public key and a remote private key - pub fn from_remote(key_pair: Box) -> Result { + pub fn from_remote(key_pair: Box) -> Result { Ok(Self { alg: key_pair.algorithm(), kind: KeyPairKind::Remote(key_pair), @@ -87,7 +87,7 @@ impl KeyPair { pub fn from_pem_and_sign_algo( pem_str: &str, alg: &'static SignatureAlgorithm, - ) -> Result { + ) -> Result { let private_key = pem::parse(pem_str)?; let private_key_der: &[_] = private_key.contents(); Ok(Self::from_der_and_sign_algo(private_key_der, alg)?) @@ -105,7 +105,7 @@ impl KeyPair { pub fn from_der_and_sign_algo( pkcs8: &[u8], alg: &'static SignatureAlgorithm, - ) -> Result { + ) -> Result { let pkcs8_vec = pkcs8.to_vec(); let kind = if alg == &PKCS_ED25519 { @@ -145,7 +145,7 @@ impl KeyPair { pub(crate) fn from_raw( pkcs8: &[u8], - ) -> Result<(KeyPairKind, &'static SignatureAlgorithm), RcgenError> { + ) -> Result<(KeyPairKind, &'static SignatureAlgorithm), Error> { let (kind, alg) = if let Ok(edkp) = Ed25519KeyPair::from_pkcs8_maybe_unchecked(pkcs8) { (KeyPairKind::Ed(edkp), &PKCS_ED25519) } else if let Ok(eckp) = @@ -162,7 +162,7 @@ impl KeyPair { &PKCS_RSA_SHA256, ) } else { - return Err(RcgenError::CouldNotParseKeyPair); + return Err(Error::CouldNotParseKeyPair); }; Ok((kind, alg)) } @@ -177,16 +177,16 @@ pub trait RemoteKeyPair { fn public_key(&self) -> &[u8]; /// Signs `msg` using the selected algorithm - fn sign(&self, msg: &[u8]) -> Result, RcgenError>; + fn sign(&self, msg: &[u8]) -> Result, Error>; /// Reveals the algorithm to be used when calling `sign()` fn algorithm(&self) -> &'static SignatureAlgorithm; } impl TryFrom<&[u8]> for KeyPair { - type Error = RcgenError; + type Error = Error; - fn try_from(pkcs8: &[u8]) -> Result { + fn try_from(pkcs8: &[u8]) -> Result { let (kind, alg) = KeyPair::from_raw(pkcs8)?; Ok(KeyPair { kind, @@ -197,9 +197,9 @@ impl TryFrom<&[u8]> for KeyPair { } impl TryFrom> for KeyPair { - type Error = RcgenError; + type Error = Error; - fn try_from(pkcs8: Vec) -> Result { + fn try_from(pkcs8: Vec) -> Result { let (kind, alg) = KeyPair::from_raw(pkcs8.as_slice())?; Ok(KeyPair { kind, @@ -211,7 +211,7 @@ impl TryFrom> for KeyPair { impl KeyPair { /// Generate a new random key pair for the specified signature algorithm - pub fn generate(alg: &'static SignatureAlgorithm) -> Result { + pub fn generate(alg: &'static SignatureAlgorithm) -> Result { let system_random = SystemRandom::new(); match alg.sign_alg { SignAlgo::EcDsa(sign_alg) => { @@ -240,7 +240,7 @@ impl KeyPair { // Ring doesn't have RSA key generation yet: // https://github.com/briansmith/ring/issues/219 // https://github.com/briansmith/ring/pull/733 - SignAlgo::Rsa() => Err(RcgenError::KeyGenerationUnavailable), + SignAlgo::Rsa() => Err(Error::KeyGenerationUnavailable), } } /// Get the raw public key of this key pair @@ -260,7 +260,7 @@ impl KeyPair { pub fn compatible_algs(&self) -> impl Iterator { std::iter::once(self.alg) } - pub(crate) fn sign(&self, msg: &[u8], writer: DERWriter) -> Result<(), RcgenError> { + pub(crate) fn sign(&self, msg: &[u8], writer: DERWriter) -> Result<(), Error> { match &self.kind { KeyPairKind::Ec(kp) => { let system_random = SystemRandom::new(); diff --git a/src/lib.rs b/src/lib.rs index c04c6c8e..8c806f9d 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -56,13 +56,19 @@ pub use crate::crl::{ CrlIssuingDistributionPoint, CrlScope, RevocationReason, RevokedCertParams, }; pub use crate::csr::{CertificateSigningRequest, PublicKey}; -pub use crate::error::RcgenError; +pub use crate::error::Error; use crate::key_pair::PublicKeyData; pub use crate::key_pair::{KeyPair, RemoteKeyPair}; use crate::oid::*; pub use crate::sign_algo::algo::*; pub use crate::sign_algo::SignatureAlgorithm; +/// Type-alias for the old name of [`Error`]. +#[deprecated( + note = "Renamed to `Error`. We recommend to refer to it by fully-qualifying the crate: `rcgen::Error`." +)] +pub type RcGenError = Error; + /// A self signed certificate together with signing keys pub struct Certificate { params: CertificateParams, @@ -99,7 +105,7 @@ println!("{}", cert.serialize_private_key_pem()); )] pub fn generate_simple_self_signed( subject_alt_names: impl Into>, -) -> Result { +) -> Result { Certificate::from_params(CertificateParams::new(subject_alt_names)) } @@ -137,21 +143,19 @@ pub enum SanType { } #[cfg(feature = "x509-parser")] -fn ip_addr_from_octets(octets: &[u8]) -> Result { +fn ip_addr_from_octets(octets: &[u8]) -> Result { if let Ok(ipv6_octets) = <&[u8; 16]>::try_from(octets) { Ok(Ipv6Addr::from(*ipv6_octets).into()) } else if let Ok(ipv4_octets) = <&[u8; 4]>::try_from(octets) { Ok(Ipv4Addr::from(*ipv4_octets).into()) } else { - Err(RcgenError::InvalidIpAddressOctetLength(octets.len())) + Err(Error::InvalidIpAddressOctetLength(octets.len())) } } impl SanType { #[cfg(feature = "x509-parser")] - fn try_from_general( - name: &x509_parser::extensions::GeneralName<'_>, - ) -> Result { + fn try_from_general(name: &x509_parser::extensions::GeneralName<'_>) -> Result { Ok(match name { x509_parser::extensions::GeneralName::RFC822Name(name) => { SanType::Rfc822Name((*name).into()) @@ -161,7 +165,7 @@ impl SanType { x509_parser::extensions::GeneralName::IPAddress(octets) => { SanType::IpAddress(ip_addr_from_octets(octets)?) }, - _ => return Err(RcgenError::InvalidNameType), + _ => return Err(Error::InvalidNameType), }) } @@ -443,7 +447,7 @@ impl DistinguishedName { } #[cfg(feature = "x509-parser")] - fn from_name(name: &x509_parser::x509::X509Name) -> Result { + fn from_name(name: &x509_parser::x509::X509Name) -> Result { use x509_parser::der_parser::asn1_rs::Tag; let mut dn = DistinguishedName::new(); @@ -453,7 +457,7 @@ impl DistinguishedName { let attr = if let Some(dn) = dn_opt { if rdn_iter.next().is_some() { // no support for distinguished names with more than one attribute - return Err(RcgenError::CouldNotParseCertificate); + return Err(Error::CouldNotParseCertificate); } else { dn } @@ -464,24 +468,24 @@ impl DistinguishedName { let attr_type_oid = attr .attr_type() .iter() - .ok_or(RcgenError::CouldNotParseCertificate)?; + .ok_or(Error::CouldNotParseCertificate)?; let dn_type = DnType::from_oid(&attr_type_oid.collect::>()); let data = attr.attr_value().data; let dn_value = match attr.attr_value().header.tag() { Tag::T61String => DnValue::TeletexString(data.into()), Tag::PrintableString => { - let data = std::str::from_utf8(data) - .map_err(|_| RcgenError::CouldNotParseCertificate)?; + let data = + std::str::from_utf8(data).map_err(|_| Error::CouldNotParseCertificate)?; DnValue::PrintableString(data.to_owned()) }, Tag::UniversalString => DnValue::UniversalString(data.into()), Tag::Utf8String => { - let data = std::str::from_utf8(data) - .map_err(|_| RcgenError::CouldNotParseCertificate)?; + let data = + std::str::from_utf8(data).map_err(|_| Error::CouldNotParseCertificate)?; DnValue::Utf8String(data.to_owned()) }, Tag::BmpString => DnValue::BmpString(data.into()), - _ => return Err(RcgenError::CouldNotParseCertificate), + _ => return Err(Error::CouldNotParseCertificate), }; dn.push(dn_type, dn_value); @@ -571,8 +575,8 @@ impl CertificateParams { /// /// See [`from_ca_cert_der`](Self::from_ca_cert_der) for more details. #[cfg(all(feature = "pem", feature = "x509-parser"))] - pub fn from_ca_cert_pem(pem_str: &str, key_pair: KeyPair) -> Result { - let certificate = pem::parse(pem_str).or(Err(RcgenError::CouldNotParseCertificate))?; + pub fn from_ca_cert_pem(pem_str: &str, key_pair: KeyPair) -> Result { + let certificate = pem::parse(pem_str).or(Err(Error::CouldNotParseCertificate))?; Self::from_ca_cert_der(certificate.contents(), key_pair) } @@ -590,15 +594,15 @@ impl CertificateParams { /// /// Will not check if certificate is a ca certificate! #[cfg(feature = "x509-parser")] - pub fn from_ca_cert_der(ca_cert: &[u8], key_pair: KeyPair) -> Result { + pub fn from_ca_cert_der(ca_cert: &[u8], key_pair: KeyPair) -> Result { let (_remainder, x509) = x509_parser::parse_x509_certificate(ca_cert) - .or(Err(RcgenError::CouldNotParseCertificate))?; + .or(Err(Error::CouldNotParseCertificate))?; let alg_oid = x509 .signature_algorithm .algorithm .iter() - .ok_or(RcgenError::CouldNotParseCertificate)?; + .ok_or(Error::CouldNotParseCertificate)?; let alg = SignatureAlgorithm::from_oid(&alg_oid.collect::>())?; let dn = DistinguishedName::from_name(&x509.tbs_certificate.subject)?; @@ -628,12 +632,12 @@ impl CertificateParams { #[cfg(feature = "x509-parser")] fn convert_x509_is_ca( x509: &x509_parser::certificate::X509Certificate<'_>, - ) -> Result { + ) -> Result { use x509_parser::extensions::BasicConstraints as B; let basic_constraints = x509 .basic_constraints() - .or(Err(RcgenError::CouldNotParseCertificate))? + .or(Err(Error::CouldNotParseCertificate))? .map(|ext| ext.value); let is_ca = match basic_constraints { @@ -644,7 +648,7 @@ impl CertificateParams { Some(B { ca: true, path_len_constraint: Some(_), - }) => return Err(RcgenError::CouldNotParseCertificate), + }) => return Err(Error::CouldNotParseCertificate), Some(B { ca: true, path_len_constraint: None, @@ -658,10 +662,10 @@ impl CertificateParams { #[cfg(feature = "x509-parser")] fn convert_x509_subject_alternative_name( x509: &x509_parser::certificate::X509Certificate<'_>, - ) -> Result, RcgenError> { + ) -> Result, Error> { let sans = x509 .subject_alternative_name() - .or(Err(RcgenError::CouldNotParseCertificate))? + .or(Err(Error::CouldNotParseCertificate))? .map(|ext| &ext.value.general_names); if let Some(sans) = sans { @@ -677,10 +681,10 @@ impl CertificateParams { #[cfg(feature = "x509-parser")] fn convert_x509_key_usages( x509: &x509_parser::certificate::X509Certificate<'_>, - ) -> Result, RcgenError> { + ) -> Result, Error> { let key_usage = x509 .key_usage() - .or(Err(RcgenError::CouldNotParseCertificate))? + .or(Err(Error::CouldNotParseCertificate))? .map(|ext| ext.value); let mut key_usages = Vec::new(); @@ -718,10 +722,10 @@ impl CertificateParams { #[cfg(feature = "x509-parser")] fn convert_x509_extended_key_usages( x509: &x509_parser::certificate::X509Certificate<'_>, - ) -> Result, RcgenError> { + ) -> Result, Error> { let extended_key_usage = x509 .extended_key_usage() - .or(Err(RcgenError::CouldNotParseCertificate))? + .or(Err(Error::CouldNotParseCertificate))? .map(|ext| ext.value); let mut extended_key_usages = Vec::new(); @@ -753,10 +757,10 @@ impl CertificateParams { #[cfg(feature = "x509-parser")] fn convert_x509_name_constraints( x509: &x509_parser::certificate::X509Certificate<'_>, - ) -> Result, RcgenError> { + ) -> Result, Error> { let constraints = x509 .name_constraints() - .or(Err(RcgenError::CouldNotParseCertificate))? + .or(Err(Error::CouldNotParseCertificate))? .map(|ext| ext.value); if let Some(constraints) = constraints { @@ -785,7 +789,7 @@ impl CertificateParams { #[cfg(feature = "x509-parser")] fn convert_x509_general_subtrees( subtrees: &[x509_parser::extensions::GeneralSubtree<'_>], - ) -> Result, RcgenError> { + ) -> Result, Error> { use x509_parser::extensions::GeneralName; let mut result = Vec::new(); @@ -834,11 +838,7 @@ impl CertificateParams { }); }); } - fn write_request( - &self, - pub_key: &K, - writer: DERWriter, - ) -> Result<(), RcgenError> { + fn write_request(&self, pub_key: &K, writer: DERWriter) -> Result<(), Error> { // No .. pattern, we use this to ensure every field is used #[deny(unused)] let Self { @@ -873,7 +873,7 @@ impl CertificateParams { || !crl_distribution_points.is_empty() || *use_authority_key_identifier_extension { - return Err(RcgenError::UnsupportedInCsr); + return Err(Error::UnsupportedInCsr); } writer.write_sequence(|writer| { // Write version @@ -945,7 +945,7 @@ impl CertificateParams { writer: DERWriter, pub_key: &K, ca: &Certificate, - ) -> Result<(), RcgenError> { + ) -> Result<(), Error> { writer.write_sequence(|writer| { // Write version writer.next().write_tagged(Tag::context(0), |writer| { @@ -970,7 +970,7 @@ impl CertificateParams { write_dt_utc_or_generalized(writer.next(), self.not_before); // Not after write_dt_utc_or_generalized(writer.next(), self.not_after); - Ok::<(), RcgenError>(()) + Ok::<(), Error>(()) })?; // Write subject write_distinguished_name(writer.next(), &self.distinguished_name); @@ -1173,12 +1173,12 @@ impl CertificateParams { &self, pub_key: &K, ca: &Certificate, - ) -> Result, RcgenError> { + ) -> Result, Error> { yasna::try_construct_der(|writer| { writer.write_sequence(|writer| { let tbs_cert_list_serialized = yasna::try_construct_der(|writer| { self.write_cert(writer, pub_key, ca)?; - Ok::<(), RcgenError>(()) + Ok::<(), Error>(()) })?; // Write tbsCertList writer.next().write_der(&tbs_cert_list_serialized); @@ -1493,10 +1493,10 @@ impl Certificate { /// Generates a new certificate from the given parameters. /// /// If there is no key pair included, then a new key pair will be generated and used. - pub fn from_params(mut params: CertificateParams) -> Result { + pub fn from_params(mut params: CertificateParams) -> Result { let key_pair = if let Some(key_pair) = params.key_pair.take() { if !key_pair.is_compatible(¶ms.alg) { - return Err(RcgenError::CertificateKeyPairMismatch); + return Err(Error::CertificateKeyPairMismatch); } key_pair } else { @@ -1515,15 +1515,15 @@ impl Certificate { self.params.key_identifier(&self.key_pair) } /// Serializes the certificate to the binary DER format - pub fn serialize_der(&self) -> Result, RcgenError> { + pub fn serialize_der(&self) -> Result, Error> { self.serialize_der_with_signer(&self) } /// Serializes the certificate, signed with another certificate's key, in binary DER format - pub fn serialize_der_with_signer(&self, ca: &Certificate) -> Result, RcgenError> { + pub fn serialize_der_with_signer(&self, ca: &Certificate) -> Result, Error> { self.params.serialize_der_with_signer(&self.key_pair, ca) } /// Serializes a certificate signing request in binary DER format - pub fn serialize_request_der(&self) -> Result, RcgenError> { + pub fn serialize_request_der(&self) -> Result, Error> { yasna::try_construct_der(|writer| { writer.write_sequence(|writer| { let cert_data = yasna::try_construct_der(|writer| { @@ -1547,21 +1547,21 @@ impl Certificate { } /// Serializes the certificate to the ASCII PEM format #[cfg(feature = "pem")] - pub fn serialize_pem(&self) -> Result { + pub fn serialize_pem(&self) -> Result { let contents = self.serialize_der()?; let p = Pem::new("CERTIFICATE", contents); Ok(pem::encode_config(&p, ENCODE_CONFIG)) } /// Serializes the certificate, signed with another certificate's key, to the ASCII PEM format #[cfg(feature = "pem")] - pub fn serialize_pem_with_signer(&self, ca: &Certificate) -> Result { + pub fn serialize_pem_with_signer(&self, ca: &Certificate) -> Result { let contents = self.serialize_der_with_signer(ca)?; let p = Pem::new("CERTIFICATE", contents); Ok(pem::encode_config(&p, ENCODE_CONFIG)) } /// Serializes the certificate signing request to the ASCII PEM format #[cfg(feature = "pem")] - pub fn serialize_request_pem(&self) -> Result { + pub fn serialize_request_pem(&self) -> Result { let contents = self.serialize_request_der()?; let p = Pem::new("CERTIFICATE REQUEST", contents); Ok(pem::encode_config(&p, ENCODE_CONFIG)) @@ -1906,7 +1906,7 @@ mod tests { #[cfg(feature = "x509-parser")] mod test_ip_address_from_octets { use super::super::ip_addr_from_octets; - use super::super::RcgenError; + use super::super::Error; use std::net::IpAddr; #[test] @@ -1932,14 +1932,14 @@ mod tests { let incorrect: Vec = (0..10).into_iter().collect(); let actual = ip_addr_from_octets(&incorrect).unwrap_err(); - assert_eq!(RcgenError::InvalidIpAddressOctetLength(10), actual); + assert_eq!(Error::InvalidIpAddressOctetLength(10), actual); } #[test] fn none() { let actual = ip_addr_from_octets(&[]).unwrap_err(); - assert_eq!(RcgenError::InvalidIpAddressOctetLength(0), actual); + assert_eq!(Error::InvalidIpAddressOctetLength(0), actual); } #[test] @@ -1947,7 +1947,7 @@ mod tests { let incorrect: Vec = (0..20).into_iter().collect(); let actual = ip_addr_from_octets(&incorrect).unwrap_err(); - assert_eq!(RcgenError::InvalidIpAddressOctetLength(20), actual); + assert_eq!(Error::InvalidIpAddressOctetLength(20), actual); } } diff --git a/src/sign_algo.rs b/src/sign_algo.rs index 9a0aca6f..4b7b8cc7 100644 --- a/src/sign_algo.rs +++ b/src/sign_algo.rs @@ -6,7 +6,7 @@ use yasna::DERWriter; use yasna::Tag; use crate::oid::*; -use crate::RcgenError; +use crate::Error; pub(crate) enum SignAlgo { EcDsa(&'static EcdsaSigningAlgorithm), @@ -90,13 +90,13 @@ impl SignatureAlgorithm { } /// Retrieve the SignatureAlgorithm for the provided OID - pub fn from_oid(oid: &[u64]) -> Result<&'static SignatureAlgorithm, RcgenError> { + pub fn from_oid(oid: &[u64]) -> Result<&'static SignatureAlgorithm, Error> { for algo in Self::iter() { if algo.oid_components == oid { return Ok(algo); } } - Err(RcgenError::UnsupportedSignatureAlgorithm) + Err(Error::UnsupportedSignatureAlgorithm) } } diff --git a/tests/generic.rs b/tests/generic.rs index 30555418..8b693415 100644 --- a/tests/generic.rs +++ b/tests/generic.rs @@ -4,7 +4,7 @@ mod util; mod test_key_params_mismatch { use crate::util; - use rcgen::{Certificate, KeyPair, RcgenError}; + use rcgen::{Certificate, Error, KeyPair}; use std::collections::hash_map::DefaultHasher; use std::hash::{Hash, Hasher}; @@ -44,7 +44,7 @@ mod test_key_params_mismatch { assert_eq!( Certificate::from_params(wrong_params).err(), - Some(RcgenError::CertificateKeyPairMismatch), + Some(Error::CertificateKeyPairMismatch), "i: {} j: {}", i, j diff --git a/tests/webpki.rs b/tests/webpki.rs index aa1d6df6..8b2b439f 100644 --- a/tests/webpki.rs +++ b/tests/webpki.rs @@ -321,12 +321,12 @@ fn from_remote() { self.0.public_key().as_ref() } - fn sign(&self, msg: &[u8]) -> Result, rcgen::RcgenError> { + fn sign(&self, msg: &[u8]) -> Result, rcgen::Error> { let system_random = SystemRandom::new(); self.0 .sign(&system_random, msg) .map(|s| s.as_ref().to_owned()) - .map_err(rcgen::RcgenError::from) + .map_err(rcgen::Error::from) } fn algorithm(&self) -> &'static rcgen::SignatureAlgorithm {