Skip to main content

ppoppo_token/
issue_error.rs

1//! Issuance errors for the JWT engine.
2//!
3//! Mirror of `AuthError` shape: 1 variant per named failure mode so audit
4//! logs read the cause off the variant name without a lookup table
5//! (project_jwt_phase2_design Decision 2). Variants are additive across
6//! phases — Phase 3 covers the issue-side baseline; Phase 4+ append.
7//!
8//! `KeyMismatch` carries both kids in its data because the audit signal
9//! ("which mismatch") is far more useful than just the fact of mismatch
10//! — operators want to see at a glance which IssueConfig misnames its
11//! signing key. KeyParse / JsonEncode wrap the underlying library error
12//! as a String so the public API stays free of `jsonwebtoken::*` types
13//! (M51 boundary; the lint enforcement lands Phase 7).
14
15#[derive(Debug, thiserror::Error)]
16pub enum IssueError {
17    /// PEM input cannot be parsed as an Ed25519 private key.
18    #[error("issue: failed to parse Ed25519 PEM ({0})")]
19    KeyParse(String),
20
21    /// `IssueConfig.kid` does not match the kid associated with the
22    /// supplied `SigningKey`. Emitted before any encoding work happens
23    /// so a misconfigured pipeline fails closed instead of issuing
24    /// tokens against an unrecognized kid.
25    #[error("issue: cfg kid '{cfg_kid}' does not match signer kid '{signer_kid}'")]
26    KeyMismatch { cfg_kid: String, signer_kid: String },
27
28    /// `jsonwebtoken::encode` failed at the JSON serialization step. In
29    /// practice this only fires when a Claims field overflows the JSON
30    /// number range — the registered claims are all integers within
31    /// `i64`, so production paths cannot hit it.
32    #[error("issue: failed to encode JWT ({0})")]
33    JsonEncode(String),
34
35    /// System clock is before UNIX_EPOCH. Cannot happen on a correctly
36    /// configured machine; surfaces only on hardware-reset / NTP-broken
37    /// edge cases. Listed for completeness so the engine refuses to
38    /// emit garbage timestamps rather than panicking.
39    #[error("issue: system clock is before UNIX_EPOCH")]
40    ClockBackwards,
41}