/rust/git/checkouts/nss-rs-71e20fe79ef91440/9b94ca3/src/auth.rs

Source
// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
// option. This file may not be copied, modified, or distributed
// except according to those terms.

use strum::FromRepr;

use crate::err::{PRErrorCode, mozpkix, sec, ssl};

/// The outcome of authentication.
#[derive(Clone, Copy, Debug, PartialEq, Eq, FromRepr)]
#[repr(i32)]
pub enum AuthenticationStatus {
    Ok,
    CaInvalid = sec::SEC_ERROR_CA_CERT_INVALID,
    CaNotV3 = mozpkix::MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA,
    CertAlgorithmDisabled = sec::SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED,
    CertExpired = sec::SEC_ERROR_EXPIRED_CERTIFICATE,
    CertInvalidTime = sec::SEC_ERROR_INVALID_TIME,
    CertIsCa = mozpkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY,
    CertKeyUsage = sec::SEC_ERROR_INADEQUATE_KEY_USAGE,
    CertMitm = mozpkix::MOZILLA_PKIX_ERROR_MITM_DETECTED,
    CertNotYetValid = mozpkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE,
    CertRevoked = sec::SEC_ERROR_REVOKED_CERTIFICATE,
    CertSelfSigned = mozpkix::MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT,
    CertSubjectInvalid = ssl::SSL_ERROR_BAD_CERT_DOMAIN,
    CertUntrusted = sec::SEC_ERROR_UNTRUSTED_CERT,
    CertWeakKey = mozpkix::MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE,
    IssuerEmptyName = mozpkix::MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME,
    IssuerExpired = sec::SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE,
    IssuerNotYetValid = mozpkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE,
    IssuerUnknown = sec::SEC_ERROR_UNKNOWN_ISSUER,
    IssuerUntrusted = sec::SEC_ERROR_UNTRUSTED_ISSUER,
    PolicyRejection = mozpkix::MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED,
    Unknown = sec::SEC_ERROR_LIBRARY_FAILURE,
}

impl From<AuthenticationStatus> for PRErrorCode {
    fn from(v: AuthenticationStatus) -> Self {
        v as Self
    }
}

// Note that this mapping should be removed after gecko eventually learns how to
// map into the enumerated type.
impl From<PRErrorCode> for AuthenticationStatus {
    fn from(v: PRErrorCode) -> Self {
        Self::from_repr(v).unwrap_or(Self::Unknown)
    }
}

#[cfg(test)]
#[cfg_attr(coverage_nightly, coverage(off))]
mod tests {
    use super::*;

    #[test]
    fn authentication_status_from_error_code() {
        assert_eq!(
            AuthenticationStatus::from(sec::SEC_ERROR_EXPIRED_CERTIFICATE),
            AuthenticationStatus::CertExpired
        );
        assert_eq!(AuthenticationStatus::from(0), AuthenticationStatus::Ok);
        assert_eq!(
            AuthenticationStatus::from(12345),
            AuthenticationStatus::Unknown
        );
        assert_eq!(
            AuthenticationStatus::from(i32::MIN),
            AuthenticationStatus::Unknown
        );
    }
}

Coverage Report

Created: 2026-05-18 06:32

Line	Count	Source
1		// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
2		// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
3		// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
4		// option. This file may not be copied, modified, or distributed
5		// except according to those terms.
6
7		use strum::FromRepr;
8
9		use crate::err::{PRErrorCode, mozpkix, sec, ssl};
10
11		/// The outcome of authentication.
12		#[derive(Clone, Copy, Debug, PartialEq, Eq, FromRepr)]
13		#[repr(i32)]
14		pub enum AuthenticationStatus {
15		Ok,
16		CaInvalid = sec::SEC_ERROR_CA_CERT_INVALID,
17		CaNotV3 = mozpkix::MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA,
18		CertAlgorithmDisabled = sec::SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED,
19		CertExpired = sec::SEC_ERROR_EXPIRED_CERTIFICATE,
20		CertInvalidTime = sec::SEC_ERROR_INVALID_TIME,
21		CertIsCa = mozpkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY,
22		CertKeyUsage = sec::SEC_ERROR_INADEQUATE_KEY_USAGE,
23		CertMitm = mozpkix::MOZILLA_PKIX_ERROR_MITM_DETECTED,
24		CertNotYetValid = mozpkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE,
25		CertRevoked = sec::SEC_ERROR_REVOKED_CERTIFICATE,
26		CertSelfSigned = mozpkix::MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT,
27		CertSubjectInvalid = ssl::SSL_ERROR_BAD_CERT_DOMAIN,
28		CertUntrusted = sec::SEC_ERROR_UNTRUSTED_CERT,
29		CertWeakKey = mozpkix::MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE,
30		IssuerEmptyName = mozpkix::MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME,
31		IssuerExpired = sec::SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE,
32		IssuerNotYetValid = mozpkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE,
33		IssuerUnknown = sec::SEC_ERROR_UNKNOWN_ISSUER,
34		IssuerUntrusted = sec::SEC_ERROR_UNTRUSTED_ISSUER,
35		PolicyRejection = mozpkix::MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED,
36		Unknown = sec::SEC_ERROR_LIBRARY_FAILURE,
37		}
38
39		impl From<AuthenticationStatus> for PRErrorCode {
40	0	fn from(v: AuthenticationStatus) -> Self {
41	0	v as Self
42	0	}
43		}
44
45		// Note that this mapping should be removed after gecko eventually learns how to
46		// map into the enumerated type.
47		impl From<PRErrorCode> for AuthenticationStatus {
48	0	fn from(v: PRErrorCode) -> Self {
49	0	Self::from_repr(v).unwrap_or(Self::Unknown)
50	0	}
51		}
52
53		#[cfg(test)]
54		#[cfg_attr(coverage_nightly, coverage(off))]
55		mod tests {
56		use super::*;
57
58		#[test]
59		fn authentication_status_from_error_code() {
60		assert_eq!(
61		AuthenticationStatus::from(sec::SEC_ERROR_EXPIRED_CERTIFICATE),
62		AuthenticationStatus::CertExpired
63		);
64		assert_eq!(AuthenticationStatus::from(0), AuthenticationStatus::Ok);
65		assert_eq!(
66		AuthenticationStatus::from(12345),
67		AuthenticationStatus::Unknown
68		);
69		assert_eq!(
70		AuthenticationStatus::from(i32::MIN),
71		AuthenticationStatus::Unknown
72		);
73		}
74		}