Better errors for ASN.1 string types

Author: Tudyx

rcgen/src/error.rs

@@ -13,16 +13,8 @@ pub enum Error {
 	#[cfg(feature = "x509-parser")]
 	/// Invalid subject alternative name type
 	InvalidNameType,
-	/// Invalid PrintableString type
-	InvalidPrintableString,
-	/// Invalide UniversalString type
-	InvalidUniversalString,
-	/// Invalid Ia5String type
-	InvalidIa5String,
-	/// Invalid TeletexString type
-	InvalidTeletexString,
-	/// Invalid BmpString type
-	InvalidBmpString,
+	/// Invalid ASN.1 string
+	InvalidAsn1String(InvalidAsn1String),
 	/// An IP address was provided as a byte array, but the byte array was an invalid length.
 	InvalidIpAddressOctetLength(usize),
 	/// There is no support for generating
@@ -65,11 +57,7 @@ impl fmt::Display for Error {
 			CouldNotParseKeyPair => write!(f, "Could not parse key pair")?,
 			#[cfg(feature = "x509-parser")]
 			InvalidNameType => write!(f, "Invalid subject alternative name type")?,
-			InvalidPrintableString => write!(f, "Invalid PrintableString")?,
-			InvalidIa5String => write!(f, "Invalid IA5String")?,
-			InvalidBmpString => write!(f, "Invalid BMPString")?,
-			InvalidUniversalString => write!(f, "Invalid UniversalString")?,
-			InvalidTeletexString => write!(f, "Invalid TeletexString")?,
+			InvalidAsn1String(e) => write!(f, "{}", e)?,
 			InvalidIpAddressOctetLength(actual) => {
 				write!(f, "Invalid IP address octet length of {actual} bytes")?
 			},
@@ -105,6 +93,36 @@ impl fmt::Display for Error {
 
 impl std::error::Error for Error {}
 
+/// Invalid ASN.1 string type
+#[derive(Debug, PartialEq, Eq)]
+#[non_exhaustive]
+pub enum InvalidAsn1String {
+	/// Invalid PrintableString type
+	PrintableString(String),
+	/// Invalide UniversalString type
+	UniversalString(String),
+	/// Invalid Ia5String type
+	Ia5String(String),
+	/// Invalid TeletexString type
+	TeletexString(String),
+	/// Invalid BmpString type
+	BmpString(String),
+}
+
+impl fmt::Display for InvalidAsn1String {
+	fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+		use InvalidAsn1String::*;
+		match self {
+			PrintableString(s) => write!(f, "Invalid PrintableString: '{}'", s)?,
+			Ia5String(s) => write!(f, "Invalid IA5String: '{}'", s)?,
+			BmpString(s) => write!(f, "Invalid BMPString: '{}'", s)?,
+			UniversalString(s) => write!(f, "Invalid UniversalString: '{}'", s)?,
+			TeletexString(s) => write!(f, "Invalid TeletexString: '{}'", s)?,
+		};
+		Ok(())
+	}
+}
+
 /// A trait describing an error that can be converted into an `rcgen::Error`.
 ///
 /// We use this trait to avoid leaking external error types into the public API

rcgen/src/lib.rs

@@ -56,7 +56,7 @@ pub use crate::crl::{
 	CrlIssuingDistributionPoint, CrlScope, RevocationReason, RevokedCertParams,
 };
 pub use crate::csr::{CertificateSigningRequestParams, PublicKey};
-pub use crate::error::Error;
+pub use crate::error::{Error, InvalidAsn1String};
 use crate::key_pair::PublicKeyData;
 pub use crate::key_pair::{KeyPair, RemoteKeyPair};
 use crate::oid::*;

rcgen/src/string_types.rs

@@ -1,4 +1,4 @@
-use crate::Error;
+use crate::{Error, InvalidAsn1String};
 use std::str::FromStr;
 
 /// ASN.1 `PrintableString` type.
@@ -93,7 +93,11 @@ impl TryFrom<String> for PrintableString {
 				| b':'
 				| b'='
 				| b'?' => (),
-				_ => return Err(Error::InvalidPrintableString),
+				_ => {
+					return Err(Error::InvalidAsn1String(
+						InvalidAsn1String::PrintableString(value),
+					))
+				},
 			}
 		}
 		Ok(Self(value))
@@ -168,7 +172,9 @@ impl TryFrom<String> for Ia5String {
 	/// See [`Ia5String`] documentation for more information.
 	fn try_from(input: String) -> Result<Self, Error> {
 		if !input.is_ascii() {
-			return Err(Error::InvalidIa5String);
+			return Err(Error::InvalidAsn1String(InvalidAsn1String::Ia5String(
+				input,
+			)));
 		}
 		Ok(Self(input))
 	}
@@ -251,7 +257,9 @@ impl TryFrom<String> for TeletexString {
 	fn try_from(input: String) -> Result<Self, Error> {
 		// Check all bytes are visible
 		if !input.as_bytes().iter().all(|b| (0x20..=0x7f).contains(b)) {
-			return Err(Error::InvalidTeletexString);
+			return Err(Error::InvalidAsn1String(InvalidAsn1String::TeletexString(
+				input,
+			)));
 		}
 		Ok(Self(input))
 	}
@@ -318,7 +326,9 @@ impl BmpString {
 	/// Decode a UTF-16BE–encoded vector `vec` into a `BmpString`, returning [Err](`std::result::Result::Err`) if `vec` contains any invalid data.
 	pub fn from_utf16be(vec: Vec<u8>) -> Result<Self, Error> {
 		if vec.len() % 2 != 0 {
-			return Err(Error::InvalidBmpString);
+			return Err(Error::InvalidAsn1String(InvalidAsn1String::BmpString(
+				"Invalid UTF-16 encoding".to_string(),
+			)));
 		}
 
 		// FIXME: Update this when `array_chunks` is stabilized.
@@ -331,7 +341,11 @@ impl BmpString {
 				// Character is in the Basic Multilingual Plane
 				Ok(c) if (c as u64) < u64::from(u16::MAX) => (),
 				// Characters outside Basic Multilingual Plane or unpaired surrogates
-				_ => return Err(Error::InvalidBmpString),
+				_ => {
+					return Err(Error::InvalidAsn1String(InvalidAsn1String::BmpString(
+						"Invalid UTF-16 encoding".to_string(),
+					)));
+				},
 			}
 		}
 		Ok(Self(vec.to_vec()))
@@ -348,10 +362,9 @@ impl TryFrom<&str> for BmpString {
 	///
 	/// The result is allocated on the heap.
 	fn try_from(value: &str) -> Result<Self, Self::Error> {
-		let capacity = value
-			.len()
-			.checked_mul(2)
-			.ok_or_else(|| Error::InvalidBmpString)?;
+		let capacity = value.len().checked_mul(2).ok_or_else(|| {
+			Error::InvalidAsn1String(InvalidAsn1String::BmpString(value.to_string()))
+		})?;
 
 		let mut bytes = Vec::with_capacity(capacity);
 
@@ -432,7 +445,9 @@ impl UniversalString {
 	/// Decode a UTF-32BE–encoded vector `vec` into a `UniversalString`, returning [Err](`std::result::Result::Err`) if `vec` contains any invalid data.
 	pub fn from_utf32be(vec: Vec<u8>) -> Result<UniversalString, Error> {
 		if vec.len() % 4 != 0 {
-			return Err(Error::InvalidUniversalString);
+			return Err(Error::InvalidAsn1String(
+				InvalidAsn1String::UniversalString("Invalid UTF-32 encoding".to_string()),
+			));
 		}
 
 		// FIXME: Update this when `array_chunks` is stabilized.
@@ -441,7 +456,9 @@ impl UniversalString {
 			.map(|chunk| u32::from_be_bytes([chunk[0], chunk[1], chunk[2], chunk[3]]))
 		{
 			if core::char::from_u32(maybe_char).is_none() {
-				return Err(Error::InvalidUniversalString);
+				return Err(Error::InvalidAsn1String(
+					InvalidAsn1String::UniversalString("Invalid UTF-32 encoding".to_string()),
+				));
 			}
 		}
 
@@ -459,10 +476,9 @@ impl TryFrom<&str> for UniversalString {
 	///
 	/// The result is allocated on the heap.
 	fn try_from(value: &str) -> Result<Self, Self::Error> {
-		let capacity = value
-			.len()
-			.checked_mul(4)
-			.ok_or_else(|| Error::InvalidUniversalString)?;
+		let capacity = value.len().checked_mul(4).ok_or_else(|| {
+			Error::InvalidAsn1String(InvalidAsn1String::UniversalString(value.to_string()))
+		})?;
 
 		let mut bytes = Vec::with_capacity(capacity);