// Licensed under the Apache License, Version 2.0 or the MIT license // , at your // option. This file may not be copied, modified, or distributed // except according to those terms. use crate::err::{mozpkix, sec, ssl, PRErrorCode}; /// The outcome of authentication. #[derive(Clone, Copy, Debug, PartialEq, Eq)] pub enum AuthenticationStatus { Ok, CaInvalid, CaNotV3, CertAlgorithmDisabled, CertExpired, CertInvalidTime, CertIsCa, CertKeyUsage, CertMitm, CertNotYetValid, CertRevoked, CertSelfSigned, CertSubjectInvalid, CertUntrusted, CertWeakKey, IssuerEmptyName, IssuerExpired, IssuerNotYetValid, IssuerUnknown, IssuerUntrusted, PolicyRejection, Unknown, } impl From for PRErrorCode { #[must_use] fn from(v: AuthenticationStatus) -> Self { match v { AuthenticationStatus::Ok => 0, AuthenticationStatus::CaInvalid => sec::SEC_ERROR_CA_CERT_INVALID, AuthenticationStatus::CaNotV3 => mozpkix::MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA, AuthenticationStatus::CertAlgorithmDisabled => { sec::SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED } AuthenticationStatus::CertExpired => sec::SEC_ERROR_EXPIRED_CERTIFICATE, AuthenticationStatus::CertInvalidTime => sec::SEC_ERROR_INVALID_TIME, AuthenticationStatus::CertIsCa => { mozpkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY } AuthenticationStatus::CertKeyUsage => sec::SEC_ERROR_INADEQUATE_KEY_USAGE, AuthenticationStatus::CertMitm => mozpkix::MOZILLA_PKIX_ERROR_MITM_DETECTED, AuthenticationStatus::CertNotYetValid => { mozpkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE } AuthenticationStatus::CertRevoked => sec::SEC_ERROR_REVOKED_CERTIFICATE, AuthenticationStatus::CertSelfSigned => mozpkix::MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT, AuthenticationStatus::CertSubjectInvalid => ssl::SSL_ERROR_BAD_CERT_DOMAIN, AuthenticationStatus::CertUntrusted => sec::SEC_ERROR_UNTRUSTED_CERT, AuthenticationStatus::CertWeakKey => mozpkix::MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE, AuthenticationStatus::IssuerEmptyName => mozpkix::MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME, AuthenticationStatus::IssuerExpired => sec::SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, AuthenticationStatus::IssuerNotYetValid => { mozpkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE } AuthenticationStatus::IssuerUnknown => sec::SEC_ERROR_UNKNOWN_ISSUER, AuthenticationStatus::IssuerUntrusted => sec::SEC_ERROR_UNTRUSTED_ISSUER, AuthenticationStatus::PolicyRejection => { mozpkix::MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED } AuthenticationStatus::Unknown => sec::SEC_ERROR_LIBRARY_FAILURE, } } } // Note that this mapping should be removed after gecko eventually learns how to // map into the enumerated type. impl From for AuthenticationStatus { #[must_use] fn from(v: PRErrorCode) -> Self { match v { 0 => Self::Ok, sec::SEC_ERROR_CA_CERT_INVALID => Self::CaInvalid, mozpkix::MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA => Self::CaNotV3, sec::SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED => Self::CertAlgorithmDisabled, sec::SEC_ERROR_EXPIRED_CERTIFICATE => Self::CertExpired, sec::SEC_ERROR_INVALID_TIME => Self::CertInvalidTime, mozpkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY => Self::CertIsCa, sec::SEC_ERROR_INADEQUATE_KEY_USAGE => Self::CertKeyUsage, mozpkix::MOZILLA_PKIX_ERROR_MITM_DETECTED => Self::CertMitm, mozpkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE => Self::CertNotYetValid, sec::SEC_ERROR_REVOKED_CERTIFICATE => Self::CertRevoked, mozpkix::MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT => Self::CertSelfSigned, ssl::SSL_ERROR_BAD_CERT_DOMAIN => Self::CertSubjectInvalid, sec::SEC_ERROR_UNTRUSTED_CERT => Self::CertUntrusted, mozpkix::MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE => Self::CertWeakKey, mozpkix::MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME => Self::IssuerEmptyName, sec::SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE => Self::IssuerExpired, mozpkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE => Self::IssuerNotYetValid, sec::SEC_ERROR_UNKNOWN_ISSUER => Self::IssuerUnknown, sec::SEC_ERROR_UNTRUSTED_ISSUER => Self::IssuerUntrusted, mozpkix::MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED => { Self::PolicyRejection } _ => Self::Unknown, } } }