From 11cb2834837ad7f306c59a8eb3154814bb09eef2 Mon Sep 17 00:00:00 2001
From: Wiebe Cazemier <wiebe@ytec.nl>
Date: Thu, 16 Jul 2020 17:28:46 +0200
Subject: [PATCH] Clarify public key documentation and errors

---
 README.md                      |  3 ++-
 include/jwt/error_codes.hpp    |  1 +
 include/jwt/exceptions.hpp     | 11 +++++++++++
 include/jwt/impl/algorithm.ipp |  2 +-
 include/jwt/impl/jwt.ipp       |  4 ++++
 5 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 30b9d58..479a233 100644
--- a/README.md
+++ b/README.md
@@ -299,7 +299,8 @@ All the parameters are basically a function which returns an instance of a type
 
   - <strong>secret</strong>
 
-    Used to pass the key which could be some random string or public certificate data as string.
+    Used to pass the key which could be some random string or the bytes of the PEM encoded public key
+    file in PEM format (wrapped in -----BEGIN PUBLIC KEY----- block) as string.
     The passed string type must be convertible to <code>jwt::string_view</code>
 
   - <strong>algorithm</strong>
diff --git a/include/jwt/error_codes.hpp b/include/jwt/error_codes.hpp
index a5522a9..6c6aaa6 100644
--- a/include/jwt/error_codes.hpp
+++ b/include/jwt/error_codes.hpp
@@ -34,6 +34,7 @@ enum class AlgorithmErrc
   SigningErr = 1,
   VerificationErr,
   KeyNotFoundErr,
+  InvalidKeyErr,
   NoneAlgorithmUsed, // Not an actual error!
 };
 
diff --git a/include/jwt/exceptions.hpp b/include/jwt/exceptions.hpp
index 8d53483..e844c11 100644
--- a/include/jwt/exceptions.hpp
+++ b/include/jwt/exceptions.hpp
@@ -273,6 +273,17 @@ public:
   }
 };
 
+class InvalidKeyError final: public VerificationError
+{
+public:
+  /**
+   */
+  InvalidKeyError(std::string msg)
+	: VerificationError(std::move(msg))
+  {
+  }
+};
+
 /**
  * Derived from VerificationError.
  * Thrown when there type expectation mismatch
diff --git a/include/jwt/impl/algorithm.ipp b/include/jwt/impl/algorithm.ipp
index 39a6714..c4e13cd 100644
--- a/include/jwt/impl/algorithm.ipp
+++ b/include/jwt/impl/algorithm.ipp
@@ -91,7 +91,7 @@ verify_result_t PEMSign<Hasher>::verify(
     ev_pkey_deletor};
 
   if (!pkey) {
-    ec = AlgorithmErrc::VerificationErr;
+    ec = AlgorithmErrc::InvalidKeyErr;
     return { false, ec };
   }
 
diff --git a/include/jwt/impl/jwt.ipp b/include/jwt/impl/jwt.ipp
index da3fa1f..26a4523 100644
--- a/include/jwt/impl/jwt.ipp
+++ b/include/jwt/impl/jwt.ipp
@@ -856,6 +856,10 @@ void jwt_throw_exception(const std::error_code& ec)
   {
     switch (static_cast<AlgorithmErrc>(ec.value()))
     {
+      case AlgorithmErrc::InvalidKeyErr:
+      {
+        throw InvalidKeyError(ec.message());
+      }
       case AlgorithmErrc::VerificationErr:
       {
         throw InvalidSignatureError(ec.message());