Skip to main content

nordnet_model/
error.rs

1//! Errors raised by [`crate::auth`].
2//!
3//! These cover only what the auth module can fail at — there are no HTTP
4//! variants. The REST crate (`nordnet-api`) wraps this enum into its own
5//! `Error::Auth(#[from] AuthError)` variant.
6
7use thiserror::Error;
8
9/// All recoverable failures from [`crate::auth`].
10#[derive(Debug, Error)]
11pub enum AuthError {
12    /// The supplied PEM did not parse as an OpenSSH private key, or the
13    /// parser rejected the contents (e.g. malformed framing). The wrapped
14    /// string carries the underlying parser's message for diagnostics.
15    #[error("invalid private key: {0}")]
16    InvalidKey(String),
17
18    /// The OpenSSH key parsed successfully but is encrypted. Decrypt the
19    /// key out-of-band before passing it back in.
20    #[error("encrypted private keys are not supported")]
21    EncryptedKey,
22
23    /// The OpenSSH key uses an algorithm other than Ed25519 (RSA, ECDSA,
24    /// DSA, …). Nordnet's external API v2 requires Ed25519 keys.
25    #[error("wrong key algorithm: got {got}, expected {expected}")]
26    WrongAlgorithm { got: String, expected: &'static str },
27
28    /// The key declared Ed25519 but the embedded key data was a different
29    /// shape — should not happen with well-formed `ssh-keygen` output, but
30    /// surfaced explicitly so consumers can distinguish it from
31    /// [`AuthError::InvalidKey`].
32    #[error("ed25519 key data length mismatch")]
33    KeyDataMismatch,
34}