Throw exceptions instead of returning errors

Author: Robert Adams

lib/ssh_client_key_api.ex

@@ -1,4 +1,5 @@
 defmodule SSHClientKeyAPI do
+  alias SSHClientKeyAPI.KeyError
 
   @behaviour :ssh_client_key_api
   @key_algorithms :ssh.default_algorithms()[:public_key]
@@ -103,23 +104,25 @@ defmodule SSHClientKeyAPI do
   end
 
   def user_key(alg, _) do
-    message = "unsupported user key algorithm #{inspect alg}"
-    IO.puts(message)
-    {:error, message}
+    raise KeyError, {:unsupported_algorithm, alg}
+  end
+
+  defp decode_pem_entry(nil, _phrase) do
+    raise KeyError, {:unsupported_algorithm, :unknown}
   end
 
   defp decode_pem_entry({_type, _data, :not_encrypted} = entry, _) do
     {:ok, :public_key.pem_entry_decode(entry)}
   end
 
-  defp decode_pem_entry({_type, _data, _cipher_info}, nil) do
-    {:error, "passphrase needed for protected key"}
+  defp decode_pem_entry({_type, _data, {alg, _}}, nil) do
+    raise KeyError, {:passphrase_required, alg}
   end
 
-  defp decode_pem_entry({_type, _data, _cipher_info} = entry, phrase) do
-      {:ok, :public_key.pem_entry_decode(entry, phrase)}
+  defp decode_pem_entry({_type, _data, {alg, _}} = entry, phrase) do
+    {:ok, :public_key.pem_entry_decode(entry, phrase)}
   rescue
-    _e in MatchError -> {:error, "passphrase for protected key is invalid"}
+    _e in MatchError -> raise KeyError, {:incorrect_passphrase, alg}
   end
 
   defp identity_data(opts) do

lib/ssh_client_key_api/key_error.ex

@@ -0,0 +1,18 @@
+defmodule SSHClientKeyAPI.KeyError do
+  defexception [:reason, :algorithm]
+
+  def exception({reason, algo}), do: %__MODULE__{reason: reason, algorithm: algo}
+
+  def exception(reason), do: %__MODULE__{reason: reason}
+
+  def message(%__MODULE__{reason: :unsupported_algorithm}), do: "key algorithm is not supported"
+
+  def message(%__MODULE__{reason: :passphrase_required}),
+    do: "passphrase required for protected key"
+
+  def message(%__MODULE__{reason: :incorrect_passphrase}),
+    do: "passphrase invalid for protected key"
+
+  def message(%__MODULE__{reason: :unsupported_algorithm, algorithm: algo}),
+    do: "key algorithm is not supported: #{algo}"
+end

test/ssh_client_key_api_test.exs

@@ -2,6 +2,7 @@ defmodule SSHClientKeyAPITest do
   use ExUnit.Case
 
   alias SSHClientKeyAPI
+  alias SSHClientKeyAPI.KeyError
 
   @private_key """
 -----BEGIN RSA PRIVATE KEY-----
@@ -132,19 +133,30 @@ FSlw/QlRe3XqAJDRtHyiI2d4JIPFcOjZQSF7fURYPEKaRRtQRvSaI0D9fYwuRZDY
   end
 
   test "user key returns error if passphrase is missing for protected key", %{protected_key: protected_key} do
-    result = SSHClientKeyAPI.user_key(
-      :"ssh-dss",
-      [key_cb_private: [identity: protected_key, identity_data: IO.binread(protected_key, :all)]]
-    )
-    assert {:error, _} = result
+    assert_raise KeyError, ~r/passphrase required/, fn ->
+      SSHClientKeyAPI.user_key(
+        :"ssh-dss",
+        [key_cb_private: [identity: protected_key, identity_data: IO.binread(protected_key, :all)]]
+      )
+      end
   end
 
   test "user key returns error if passphrase is incorrect for protected key", %{protected_key: protected_key} do
-    result = SSHClientKeyAPI.user_key(
-      :"ssh-dss",
-      [key_cb_private: [passphrase: 'wrong', identity: protected_key, identity_data: IO.binread(protected_key, :all)]]
-    )
-    assert {:error, _} = result
+    assert_raise KeyError, ~r/passphrase invalid/, fn ->
+      SSHClientKeyAPI.user_key(
+        :"ssh-dss",
+        [key_cb_private: [passphrase: 'wrong', identity: protected_key, identity_data: IO.binread(protected_key, :all)]]
+      )
+    end
+  end
+
+  test "user key returns error if trying to use unsupported algorithm", %{protected_key: protected_key} do
+    assert_raise KeyError, ~r/not supported/, fn ->
+      SSHClientKeyAPI.user_key(
+        :"ssh-scooby-doo",
+        [key_cb_private: [passphrase: 'wrong', identity: protected_key, identity_data: IO.binread(protected_key, :all)]]
+      )
+    end
   end
 
   test "with correct passphrase, user key returns contents of protected key", %{protected_key: protected_key} do