fix(rbac-registration): add structured error

Signed-off-by: bkioshn <[email protected]>

Author: bkioshn

rust/rbac-registration/Cargo.toml

@@ -30,6 +30,7 @@ tracing = "0.1.40"
 ed25519-dalek = "2.1.1"
 uuid = "1.11.0"
 oid-registry = "0.7.1"
+thiserror = "2.0.11"
 
 c509-certificate = { version = "0.0.3", path = "../c509-certificate" }
 pallas = { version = "0.30.1", git = "https://github.com/input-output-hk/catalyst-pallas.git", rev = "9b5183c8b90b90fe2cc319d986e933e9518957b3" }

rust/rbac-registration/src/cardano/cip509/utils/extract_key.rs

@@ -5,8 +5,17 @@ use anyhow::{anyhow, Context};
 use c509_certificate::c509::C509;
 use ed25519_dalek::{VerifyingKey, PUBLIC_KEY_LENGTH};
 use oid_registry::{Oid, OID_SIG_ED25519};
+use thiserror::Error;
 use x509_cert::Certificate as X509Certificate;
 
+/// Error type for unsupported signature algorithms.
+#[derive(Error, Debug)]
+#[error("Unsupported signature algorithm: {oid}")]
+pub struct SignatureAlgoError {
+    /// An OID of unsupported signature algorithm.
+    oid: String,
+}
+
 /// Returns `VerifyingKey` from the given X509 certificate.
 ///
 /// # Errors
@@ -51,10 +60,12 @@ pub fn c509_key(cert: &C509) -> anyhow::Result<VerifyingKey> {
 }
 
 /// Checks that the signature algorithm is supported.
-fn check_signature_algorithm(oid: &Oid) -> anyhow::Result<()> {
+fn check_signature_algorithm(oid: &Oid) -> Result<(), SignatureAlgoError> {
     // Currently the only supported signature algorithm is ED25519.
     if *oid != OID_SIG_ED25519 {
-        return Err(anyhow!("Unsupported signature algorithm: {oid}"));
+        return Err(SignatureAlgoError {
+            oid: oid.to_id_string(),
+        });
     }
     Ok(())
 }