1use std::mem;
2
3use ct_codecs::{Base64UrlSafeNoPadding, Encoder};
4use hmac_sha1_compact::Hash as SHA1;
5use hmac_sha256::Hash as SHA256;
6use hmac_sha512::sha384::Hash as SHA384;
7use hmac_sha512::Hash as SHA512;
8use rsa::pkcs1::{DecodeRsaPrivateKey as _, DecodeRsaPublicKey};
9use rsa::pkcs8::{DecodePrivateKey as _, DecodePublicKey as _, EncodePrivateKey as _};
10use rsa::{BigUint, PublicKey as _, PublicKeyParts as _};
11use serde::{de::DeserializeOwned, Serialize};
12#[allow(unused_imports)]
13use spki::{DecodePublicKey as _, EncodePublicKey as _};
14
15use crate::claims::*;
16use crate::common::*;
17#[cfg(feature = "cwt")]
18use crate::cwt_token::*;
19use crate::error::*;
20use crate::jwt_header::*;
21use crate::token::*;
22
23#[doc(hidden)]
24#[derive(Debug, Clone)]
25pub struct RSAPublicKey(rsa::RsaPublicKey);
26
27impl AsRef<rsa::RsaPublicKey> for RSAPublicKey {
28 fn as_ref(&self) -> &rsa::RsaPublicKey {
29 &self.0
30 }
31}
32
33pub struct RSAPublicKeyComponents {
34 pub n: Vec<u8>,
35 pub e: Vec<u8>,
36}
37
38impl RSAPublicKey {
39 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
40 let rsa_pk = rsa::RsaPublicKey::from_public_key_der(der)
41 .or_else(|_| rsa::RsaPublicKey::from_pkcs1_der(der))?;
42 Ok(RSAPublicKey(rsa_pk))
43 }
44
45 pub fn from_pem(pem: &str) -> Result<Self, Error> {
46 let pem = pem.trim();
47 let rsa_pk = rsa::RsaPublicKey::from_public_key_pem(pem)
48 .or_else(|_| rsa::RsaPublicKey::from_pkcs1_pem(pem))?;
49 Ok(RSAPublicKey(rsa_pk))
50 }
51
52 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
53 let n = BigUint::from_bytes_be(n);
54 let e = BigUint::from_bytes_be(e);
55 let rsa_pk = rsa::RsaPublicKey::new(n, e)?;
56 Ok(RSAPublicKey(rsa_pk))
57 }
58
59 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
60 self.0
61 .to_public_key_der()
62 .map_err(Into::into)
63 .map(|x| x.as_ref().to_vec())
64 }
65
66 pub fn to_pem(&self) -> Result<String, Error> {
67 self.0
68 .to_public_key_pem(Default::default())
69 .map_err(Into::into)
70 }
71
72 pub fn to_components(&self) -> RSAPublicKeyComponents {
73 let n = self.0.n().to_bytes_be();
74 let e = self.0.e().to_bytes_be();
75 RSAPublicKeyComponents { n, e }
76 }
77}
78
79#[doc(hidden)]
80#[derive(Debug, Clone)]
81pub struct RSAKeyPair {
82 rsa_sk: rsa::RsaPrivateKey,
83 metadata: Option<KeyMetadata>,
84}
85
86impl AsRef<rsa::RsaPrivateKey> for RSAKeyPair {
87 fn as_ref(&self) -> &rsa::RsaPrivateKey {
88 &self.rsa_sk
89 }
90}
91
92impl RSAKeyPair {
93 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
94 let mut rsa_sk = rsa::RsaPrivateKey::from_pkcs8_der(der)
95 .or_else(|_| rsa::RsaPrivateKey::from_pkcs1_der(der))?;
96 rsa_sk.validate()?;
97 rsa_sk.precompute()?;
98 Ok(RSAKeyPair {
99 rsa_sk,
100 metadata: None,
101 })
102 }
103
104 pub fn from_pem(pem: &str) -> Result<Self, Error> {
105 let pem = pem.trim();
106 let mut rsa_sk = rsa::RsaPrivateKey::from_pkcs8_pem(pem)
107 .or_else(|_| rsa::RsaPrivateKey::from_pkcs1_pem(pem))?;
108 rsa_sk.validate()?;
109 rsa_sk.precompute()?;
110 Ok(RSAKeyPair {
111 rsa_sk,
112 metadata: None,
113 })
114 }
115
116 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
117 self.rsa_sk
118 .to_pkcs8_der()
119 .map_err(Into::into)
120 .map(|x| mem::take(x.to_bytes().as_mut()))
121 }
122
123 pub fn to_pem(&self) -> Result<String, Error> {
124 self.rsa_sk
125 .to_pkcs8_pem(Default::default())
126 .map_err(Into::into)
127 .map(|x| x.to_string())
128 }
129
130 pub fn public_key(&self) -> RSAPublicKey {
131 let rsa_pk = self.rsa_sk.to_public_key();
132 RSAPublicKey(rsa_pk)
133 }
134
135 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
136 match modulus_bits {
137 2048 | 3072 | 4096 => {}
138 _ => bail!(JWTError::UnsupportedRSAModulus),
139 };
140 let mut rng = rand::thread_rng();
141 let rsa_sk = rsa::RsaPrivateKey::new(&mut rng, modulus_bits)?;
142 Ok(RSAKeyPair {
143 rsa_sk,
144 metadata: None,
145 })
146 }
147}
148
149pub trait RSAKeyPairLike {
150 fn jwt_alg_name() -> &'static str;
151 fn key_pair(&self) -> &RSAKeyPair;
152 fn key_id(&self) -> &Option<String>;
153 fn metadata(&self) -> &Option<KeyMetadata>;
154 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error>;
155 fn hash(message: &[u8]) -> Vec<u8>;
156 fn padding_scheme(&self) -> rsa::PaddingScheme;
157
158 fn sign<CustomClaims: Serialize + DeserializeOwned>(
159 &self,
160 claims: JWTClaims<CustomClaims>,
161 ) -> Result<String, Error> {
162 let jwt_header = JWTHeader::new(Self::jwt_alg_name().to_string(), self.key_id().clone())
163 .with_metadata(self.metadata());
164 Token::build(&jwt_header, claims, |authenticated| {
165 let digest = Self::hash(authenticated.as_bytes());
166 let mut rng = rand::thread_rng();
167 let token =
168 self.key_pair()
169 .as_ref()
170 .sign_blinded(&mut rng, self.padding_scheme(), &digest)?;
171 Ok(token)
172 })
173 }
174}
175
176pub trait RSAPublicKeyLike {
177 fn jwt_alg_name() -> &'static str;
178 fn public_key(&self) -> &RSAPublicKey;
179 fn key_id(&self) -> &Option<String>;
180 fn set_key_id(&mut self, key_id: String);
181 fn hash(message: &[u8]) -> Vec<u8>;
182 fn padding_scheme(&self) -> rsa::PaddingScheme;
183 fn padding_scheme_alt(&self) -> Option<rsa::PaddingScheme>;
184
185 fn verify_token<CustomClaims: Serialize + DeserializeOwned>(
186 &self,
187 token: &str,
188 options: Option<VerificationOptions>,
189 ) -> Result<JWTClaims<CustomClaims>, Error> {
190 Token::verify(
191 Self::jwt_alg_name(),
192 token,
193 options,
194 |authenticated, signature| {
195 let digest = Self::hash(authenticated.as_bytes());
196 let mut verification_failed = self
197 .public_key()
198 .as_ref()
199 .verify(self.padding_scheme(), &digest, signature)
200 .is_err();
201 if verification_failed {
202 if let Some(padding_scheme_alt) = self.padding_scheme_alt() {
203 verification_failed = self
204 .public_key()
205 .as_ref()
206 .verify(padding_scheme_alt, &digest, signature)
207 .is_err();
208 }
209 }
210 if verification_failed {
211 bail!(JWTError::InvalidSignature);
212 }
213 Ok(())
214 },
215 )
216 }
217
218 #[cfg(feature = "cwt")]
219 fn verify_cwt_token<CustomClaims: Serialize + DeserializeOwned>(
220 &self,
221 token: &[u8],
222 options: Option<VerificationOptions>,
223 ) -> Result<JWTClaims<NoCustomClaims>, Error> {
224 CWTToken::verify(
225 Self::jwt_alg_name(),
226 token,
227 options,
228 |authenticated, signature| {
229 let digest = Self::hash(authenticated.as_bytes());
230 let mut verification_failed = self
231 .public_key()
232 .as_ref()
233 .verify(self.padding_scheme(), &digest, signature)
234 .is_err();
235 if verification_failed {
236 if let Some(padding_scheme_alt) = self.padding_scheme_alt() {
237 verification_failed = self
238 .public_key()
239 .as_ref()
240 .verify(padding_scheme_alt, &digest, signature)
241 .is_err();
242 }
243 }
244 if verification_failed {
245 bail!(JWTError::InvalidSignature);
246 }
247 Ok(())
248 },
249 )
250 }
251}
252
253#[derive(Debug, Clone)]
254pub struct RS256KeyPair {
255 key_pair: RSAKeyPair,
256 key_id: Option<String>,
257}
258
259#[derive(Debug, Clone)]
260pub struct RS256PublicKey {
261 pk: RSAPublicKey,
262 key_id: Option<String>,
263}
264
265impl RSAKeyPairLike for RS256KeyPair {
266 fn jwt_alg_name() -> &'static str {
267 "RS256"
268 }
269
270 fn key_pair(&self) -> &RSAKeyPair {
271 &self.key_pair
272 }
273
274 fn key_id(&self) -> &Option<String> {
275 &self.key_id
276 }
277
278 fn metadata(&self) -> &Option<KeyMetadata> {
279 &self.key_pair.metadata
280 }
281
282 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
283 self.key_pair.metadata = Some(metadata);
284 Ok(())
285 }
286
287 fn hash(message: &[u8]) -> Vec<u8> {
288 SHA256::hash(message).to_vec()
289 }
290
291 fn padding_scheme(&self) -> rsa::PaddingScheme {
292 rsa::PaddingScheme::new_pkcs1v15_sign::<SHA256>()
293 }
294}
295
296impl RS256KeyPair {
297 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
298 Ok(RS256KeyPair {
299 key_pair: RSAKeyPair::from_der(der)?,
300 key_id: None,
301 })
302 }
303
304 pub fn from_pem(pem: &str) -> Result<Self, Error> {
305 Ok(RS256KeyPair {
306 key_pair: RSAKeyPair::from_pem(pem)?,
307 key_id: None,
308 })
309 }
310
311 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
312 self.key_pair.to_der()
313 }
314
315 pub fn to_pem(&self) -> Result<String, Error> {
316 self.key_pair.to_pem()
317 }
318
319 pub fn public_key(&self) -> RS256PublicKey {
320 RS256PublicKey {
321 pk: self.key_pair.public_key(),
322 key_id: self.key_id.clone(),
323 }
324 }
325
326 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
327 Ok(RS256KeyPair {
328 key_pair: RSAKeyPair::generate(modulus_bits)?,
329 key_id: None,
330 })
331 }
332
333 pub fn with_key_id(mut self, key_id: &str) -> Self {
334 self.key_id = Some(key_id.to_string());
335 self
336 }
337}
338
339impl RSAPublicKeyLike for RS256PublicKey {
340 fn jwt_alg_name() -> &'static str {
341 "RS256"
342 }
343
344 fn hash(message: &[u8]) -> Vec<u8> {
345 SHA256::hash(message).to_vec()
346 }
347
348 fn padding_scheme(&self) -> rsa::PaddingScheme {
349 rsa::PaddingScheme::new_pkcs1v15_sign::<SHA256>()
350 }
351
352 fn padding_scheme_alt(&self) -> Option<rsa::PaddingScheme> {
353 None
354 }
355
356 fn public_key(&self) -> &RSAPublicKey {
357 &self.pk
358 }
359
360 fn key_id(&self) -> &Option<String> {
361 &self.key_id
362 }
363
364 fn set_key_id(&mut self, key_id: String) {
365 self.key_id = Some(key_id);
366 }
367}
368
369impl RS256PublicKey {
370 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
371 Ok(RS256PublicKey {
372 pk: RSAPublicKey::from_der(der)?,
373 key_id: None,
374 })
375 }
376
377 pub fn from_pem(pem: &str) -> Result<Self, Error> {
378 Ok(RS256PublicKey {
379 pk: RSAPublicKey::from_pem(pem)?,
380 key_id: None,
381 })
382 }
383
384 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
385 Ok(RS256PublicKey {
386 pk: RSAPublicKey::from_components(n, e)?,
387 key_id: None,
388 })
389 }
390
391 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
392 self.pk.to_der()
393 }
394
395 pub fn to_pem(&self) -> Result<String, Error> {
396 self.pk.to_pem()
397 }
398
399 pub fn to_components(&self) -> RSAPublicKeyComponents {
400 self.pk.to_components()
401 }
402
403 pub fn with_key_id(mut self, key_id: &str) -> Self {
404 self.key_id = Some(key_id.to_string());
405 self
406 }
407
408 pub fn sha1_thumbprint(&self) -> String {
409 Base64UrlSafeNoPadding::encode_to_string(SHA1::hash(&self.pk.to_der().unwrap())).unwrap()
410 }
411
412 pub fn sha256_thumbprint(&self) -> String {
413 Base64UrlSafeNoPadding::encode_to_string(SHA256::hash(&self.pk.to_der().unwrap())).unwrap()
414 }
415}
416
417#[derive(Debug, Clone)]
420pub struct RS512KeyPair {
421 key_pair: RSAKeyPair,
422 key_id: Option<String>,
423}
424
425#[derive(Debug, Clone)]
426pub struct RS512PublicKey {
427 pk: RSAPublicKey,
428 key_id: Option<String>,
429}
430
431impl RSAKeyPairLike for RS512KeyPair {
432 fn jwt_alg_name() -> &'static str {
433 "RS512"
434 }
435
436 fn key_pair(&self) -> &RSAKeyPair {
437 &self.key_pair
438 }
439
440 fn key_id(&self) -> &Option<String> {
441 &self.key_id
442 }
443
444 fn metadata(&self) -> &Option<KeyMetadata> {
445 &self.key_pair.metadata
446 }
447
448 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
449 self.key_pair.metadata = Some(metadata);
450 Ok(())
451 }
452
453 fn hash(message: &[u8]) -> Vec<u8> {
454 SHA512::hash(message).to_vec()
455 }
456
457 fn padding_scheme(&self) -> rsa::PaddingScheme {
458 rsa::PaddingScheme::new_pkcs1v15_sign::<SHA512>()
459 }
460}
461
462impl RS512KeyPair {
463 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
464 Ok(RS512KeyPair {
465 key_pair: RSAKeyPair::from_der(der)?,
466 key_id: None,
467 })
468 }
469
470 pub fn from_pem(pem: &str) -> Result<Self, Error> {
471 Ok(RS512KeyPair {
472 key_pair: RSAKeyPair::from_pem(pem)?,
473 key_id: None,
474 })
475 }
476
477 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
478 self.key_pair.to_der()
479 }
480
481 pub fn to_pem(&self) -> Result<String, Error> {
482 self.key_pair.to_pem()
483 }
484
485 pub fn public_key(&self) -> RS512PublicKey {
486 RS512PublicKey {
487 pk: self.key_pair.public_key(),
488 key_id: self.key_id.clone(),
489 }
490 }
491
492 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
493 Ok(RS512KeyPair {
494 key_pair: RSAKeyPair::generate(modulus_bits)?,
495 key_id: None,
496 })
497 }
498
499 pub fn with_key_id(mut self, key_id: &str) -> Self {
500 self.key_id = Some(key_id.to_string());
501 self
502 }
503}
504
505impl RSAPublicKeyLike for RS512PublicKey {
506 fn jwt_alg_name() -> &'static str {
507 "RS512"
508 }
509
510 fn hash(message: &[u8]) -> Vec<u8> {
511 SHA512::hash(message).to_vec()
512 }
513
514 fn padding_scheme(&self) -> rsa::PaddingScheme {
515 rsa::PaddingScheme::new_pkcs1v15_sign::<SHA512>()
516 }
517
518 fn padding_scheme_alt(&self) -> Option<rsa::PaddingScheme> {
519 None
520 }
521
522 fn public_key(&self) -> &RSAPublicKey {
523 &self.pk
524 }
525
526 fn key_id(&self) -> &Option<String> {
527 &self.key_id
528 }
529
530 fn set_key_id(&mut self, key_id: String) {
531 self.key_id = Some(key_id);
532 }
533}
534
535impl RS512PublicKey {
536 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
537 Ok(RS512PublicKey {
538 pk: RSAPublicKey::from_der(der)?,
539 key_id: None,
540 })
541 }
542
543 pub fn from_pem(pem: &str) -> Result<Self, Error> {
544 Ok(RS512PublicKey {
545 pk: RSAPublicKey::from_pem(pem)?,
546 key_id: None,
547 })
548 }
549
550 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
551 Ok(RS512PublicKey {
552 pk: RSAPublicKey::from_components(n, e)?,
553 key_id: None,
554 })
555 }
556
557 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
558 self.pk.to_der()
559 }
560
561 pub fn to_pem(&self) -> Result<String, Error> {
562 self.pk.to_pem()
563 }
564
565 pub fn to_components(&self) -> RSAPublicKeyComponents {
566 self.pk.to_components()
567 }
568
569 pub fn with_key_id(mut self, key_id: &str) -> Self {
570 self.key_id = Some(key_id.to_string());
571 self
572 }
573
574 pub fn sha1_thumbprint(&self) -> String {
575 Base64UrlSafeNoPadding::encode_to_string(SHA1::hash(&self.pk.to_der().unwrap())).unwrap()
576 }
577
578 pub fn sha256_thumbprint(&self) -> String {
579 Base64UrlSafeNoPadding::encode_to_string(SHA256::hash(&self.pk.to_der().unwrap())).unwrap()
580 }
581}
582
583#[derive(Debug, Clone)]
586pub struct RS384KeyPair {
587 key_pair: RSAKeyPair,
588 key_id: Option<String>,
589}
590
591#[derive(Debug, Clone)]
592pub struct RS384PublicKey {
593 pk: RSAPublicKey,
594 key_id: Option<String>,
595}
596
597impl RSAKeyPairLike for RS384KeyPair {
598 fn jwt_alg_name() -> &'static str {
599 "RS384"
600 }
601
602 fn key_pair(&self) -> &RSAKeyPair {
603 &self.key_pair
604 }
605
606 fn key_id(&self) -> &Option<String> {
607 &self.key_id
608 }
609
610 fn metadata(&self) -> &Option<KeyMetadata> {
611 &self.key_pair.metadata
612 }
613
614 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
615 self.key_pair.metadata = Some(metadata);
616 Ok(())
617 }
618
619 fn hash(message: &[u8]) -> Vec<u8> {
620 SHA384::hash(message).to_vec()
621 }
622
623 fn padding_scheme(&self) -> rsa::PaddingScheme {
624 rsa::PaddingScheme::new_pkcs1v15_sign::<SHA384>()
625 }
626}
627
628impl RS384KeyPair {
629 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
630 Ok(RS384KeyPair {
631 key_pair: RSAKeyPair::from_der(der)?,
632 key_id: None,
633 })
634 }
635
636 pub fn from_pem(pem: &str) -> Result<Self, Error> {
637 Ok(RS384KeyPair {
638 key_pair: RSAKeyPair::from_pem(pem)?,
639 key_id: None,
640 })
641 }
642
643 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
644 self.key_pair.to_der()
645 }
646
647 pub fn to_pem(&self) -> Result<String, Error> {
648 self.key_pair.to_pem()
649 }
650
651 pub fn public_key(&self) -> RS384PublicKey {
652 RS384PublicKey {
653 pk: self.key_pair.public_key(),
654 key_id: self.key_id.clone(),
655 }
656 }
657
658 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
659 Ok(RS384KeyPair {
660 key_pair: RSAKeyPair::generate(modulus_bits)?,
661 key_id: None,
662 })
663 }
664
665 pub fn with_key_id(mut self, key_id: &str) -> Self {
666 self.key_id = Some(key_id.to_string());
667 self
668 }
669}
670
671impl RSAPublicKeyLike for RS384PublicKey {
672 fn jwt_alg_name() -> &'static str {
673 "RS384"
674 }
675
676 fn hash(message: &[u8]) -> Vec<u8> {
677 SHA384::hash(message).to_vec()
678 }
679
680 fn padding_scheme(&self) -> rsa::PaddingScheme {
681 rsa::PaddingScheme::new_pkcs1v15_sign::<SHA384>()
682 }
683
684 fn padding_scheme_alt(&self) -> Option<rsa::PaddingScheme> {
685 None
686 }
687
688 fn public_key(&self) -> &RSAPublicKey {
689 &self.pk
690 }
691
692 fn key_id(&self) -> &Option<String> {
693 &self.key_id
694 }
695
696 fn set_key_id(&mut self, key_id: String) {
697 self.key_id = Some(key_id);
698 }
699}
700
701impl RS384PublicKey {
702 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
703 Ok(RS384PublicKey {
704 pk: RSAPublicKey::from_der(der)?,
705 key_id: None,
706 })
707 }
708
709 pub fn from_pem(pem: &str) -> Result<Self, Error> {
710 Ok(RS384PublicKey {
711 pk: RSAPublicKey::from_pem(pem)?,
712 key_id: None,
713 })
714 }
715
716 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
717 Ok(RS384PublicKey {
718 pk: RSAPublicKey::from_components(n, e)?,
719 key_id: None,
720 })
721 }
722
723 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
724 self.pk.to_der()
725 }
726
727 pub fn to_pem(&self) -> Result<String, Error> {
728 self.pk.to_pem()
729 }
730
731 pub fn to_components(&self) -> RSAPublicKeyComponents {
732 self.pk.to_components()
733 }
734
735 pub fn with_key_id(mut self, key_id: &str) -> Self {
736 self.key_id = Some(key_id.to_string());
737 self
738 }
739
740 pub fn sha1_thumbprint(&self) -> String {
741 Base64UrlSafeNoPadding::encode_to_string(SHA1::hash(&self.pk.to_der().unwrap())).unwrap()
742 }
743
744 pub fn sha256_thumbprint(&self) -> String {
745 Base64UrlSafeNoPadding::encode_to_string(SHA256::hash(&self.pk.to_der().unwrap())).unwrap()
746 }
747}
748
749#[derive(Debug, Clone)]
752pub struct PS256KeyPair {
753 key_pair: RSAKeyPair,
754 key_id: Option<String>,
755}
756
757#[derive(Debug, Clone)]
758pub struct PS256PublicKey {
759 pk: RSAPublicKey,
760 key_id: Option<String>,
761}
762
763impl RSAKeyPairLike for PS256KeyPair {
764 fn jwt_alg_name() -> &'static str {
765 "PS256"
766 }
767
768 fn key_pair(&self) -> &RSAKeyPair {
769 &self.key_pair
770 }
771
772 fn key_id(&self) -> &Option<String> {
773 &self.key_id
774 }
775
776 fn metadata(&self) -> &Option<KeyMetadata> {
777 &self.key_pair.metadata
778 }
779
780 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
781 self.key_pair.metadata = Some(metadata);
782 Ok(())
783 }
784
785 fn hash(message: &[u8]) -> Vec<u8> {
786 SHA256::hash(message).to_vec()
787 }
788
789 fn padding_scheme(&self) -> rsa::PaddingScheme {
790 rsa::PaddingScheme::new_pss_with_salt::<SHA256>(256 / 8)
791 }
792}
793
794impl PS256KeyPair {
795 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
796 Ok(PS256KeyPair {
797 key_pair: RSAKeyPair::from_der(der)?,
798 key_id: None,
799 })
800 }
801
802 pub fn from_pem(pem: &str) -> Result<Self, Error> {
803 Ok(PS256KeyPair {
804 key_pair: RSAKeyPair::from_pem(pem)?,
805 key_id: None,
806 })
807 }
808
809 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
810 self.key_pair.to_der()
811 }
812
813 pub fn to_pem(&self) -> Result<String, Error> {
814 self.key_pair.to_pem()
815 }
816
817 pub fn public_key(&self) -> PS256PublicKey {
818 PS256PublicKey {
819 pk: self.key_pair.public_key(),
820 key_id: self.key_id.clone(),
821 }
822 }
823
824 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
825 Ok(PS256KeyPair {
826 key_pair: RSAKeyPair::generate(modulus_bits)?,
827 key_id: None,
828 })
829 }
830
831 pub fn with_key_id(mut self, key_id: &str) -> Self {
832 self.key_id = Some(key_id.to_string());
833 self
834 }
835}
836
837impl RSAPublicKeyLike for PS256PublicKey {
838 fn jwt_alg_name() -> &'static str {
839 "PS256"
840 }
841
842 fn hash(message: &[u8]) -> Vec<u8> {
843 SHA256::hash(message).to_vec()
844 }
845
846 fn padding_scheme(&self) -> rsa::PaddingScheme {
847 rsa::PaddingScheme::new_pss_with_salt::<SHA256>(256 / 8)
848 }
849
850 fn padding_scheme_alt(&self) -> Option<rsa::PaddingScheme> {
851 Some(rsa::PaddingScheme::new_pss::<SHA256>())
852 }
853
854 fn public_key(&self) -> &RSAPublicKey {
855 &self.pk
856 }
857
858 fn key_id(&self) -> &Option<String> {
859 &self.key_id
860 }
861
862 fn set_key_id(&mut self, key_id: String) {
863 self.key_id = Some(key_id);
864 }
865}
866
867impl PS256PublicKey {
868 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
869 Ok(PS256PublicKey {
870 pk: RSAPublicKey::from_der(der)?,
871 key_id: None,
872 })
873 }
874
875 pub fn from_pem(pem: &str) -> Result<Self, Error> {
876 Ok(PS256PublicKey {
877 pk: RSAPublicKey::from_pem(pem)?,
878 key_id: None,
879 })
880 }
881
882 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
883 Ok(PS256PublicKey {
884 pk: RSAPublicKey::from_components(n, e)?,
885 key_id: None,
886 })
887 }
888
889 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
890 self.pk.to_der()
891 }
892
893 pub fn to_pem(&self) -> Result<String, Error> {
894 self.pk.to_pem()
895 }
896
897 pub fn to_components(&self) -> RSAPublicKeyComponents {
898 self.pk.to_components()
899 }
900
901 pub fn with_key_id(mut self, key_id: &str) -> Self {
902 self.key_id = Some(key_id.to_string());
903 self
904 }
905}
906
907#[derive(Debug, Clone)]
910pub struct PS512KeyPair {
911 key_pair: RSAKeyPair,
912 key_id: Option<String>,
913}
914
915#[derive(Debug, Clone)]
916pub struct PS512PublicKey {
917 pk: RSAPublicKey,
918 key_id: Option<String>,
919}
920
921impl RSAKeyPairLike for PS512KeyPair {
922 fn jwt_alg_name() -> &'static str {
923 "PS512"
924 }
925
926 fn key_pair(&self) -> &RSAKeyPair {
927 &self.key_pair
928 }
929
930 fn key_id(&self) -> &Option<String> {
931 &self.key_id
932 }
933
934 fn metadata(&self) -> &Option<KeyMetadata> {
935 &self.key_pair.metadata
936 }
937
938 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
939 self.key_pair.metadata = Some(metadata);
940 Ok(())
941 }
942
943 fn hash(message: &[u8]) -> Vec<u8> {
944 SHA512::hash(message).to_vec()
945 }
946
947 fn padding_scheme(&self) -> rsa::PaddingScheme {
948 rsa::PaddingScheme::new_pss_with_salt::<SHA512>(512 / 8)
949 }
950}
951
952impl PS512KeyPair {
953 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
954 Ok(PS512KeyPair {
955 key_pair: RSAKeyPair::from_der(der)?,
956 key_id: None,
957 })
958 }
959
960 pub fn from_pem(pem: &str) -> Result<Self, Error> {
961 Ok(PS512KeyPair {
962 key_pair: RSAKeyPair::from_pem(pem)?,
963 key_id: None,
964 })
965 }
966
967 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
968 self.key_pair.to_der()
969 }
970
971 pub fn to_pem(&self) -> Result<String, Error> {
972 self.key_pair.to_pem()
973 }
974
975 pub fn public_key(&self) -> PS512PublicKey {
976 PS512PublicKey {
977 pk: self.key_pair.public_key(),
978 key_id: self.key_id.clone(),
979 }
980 }
981
982 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
983 Ok(PS512KeyPair {
984 key_pair: RSAKeyPair::generate(modulus_bits)?,
985 key_id: None,
986 })
987 }
988
989 pub fn with_key_id(mut self, key_id: &str) -> Self {
990 self.key_id = Some(key_id.to_string());
991 self
992 }
993}
994
995impl RSAPublicKeyLike for PS512PublicKey {
996 fn jwt_alg_name() -> &'static str {
997 "PS512"
998 }
999
1000 fn hash(message: &[u8]) -> Vec<u8> {
1001 SHA512::hash(message).to_vec()
1002 }
1003
1004 fn padding_scheme(&self) -> rsa::PaddingScheme {
1005 rsa::PaddingScheme::new_pss_with_salt::<SHA512>(512 / 8)
1006 }
1007
1008 fn padding_scheme_alt(&self) -> Option<rsa::PaddingScheme> {
1009 Some(rsa::PaddingScheme::new_pss::<SHA512>())
1010 }
1011
1012 fn public_key(&self) -> &RSAPublicKey {
1013 &self.pk
1014 }
1015
1016 fn key_id(&self) -> &Option<String> {
1017 &self.key_id
1018 }
1019
1020 fn set_key_id(&mut self, key_id: String) {
1021 self.key_id = Some(key_id);
1022 }
1023}
1024
1025impl PS512PublicKey {
1026 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
1027 Ok(PS512PublicKey {
1028 pk: RSAPublicKey::from_der(der)?,
1029 key_id: None,
1030 })
1031 }
1032
1033 pub fn from_pem(pem: &str) -> Result<Self, Error> {
1034 Ok(PS512PublicKey {
1035 pk: RSAPublicKey::from_pem(pem)?,
1036 key_id: None,
1037 })
1038 }
1039
1040 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
1041 Ok(PS512PublicKey {
1042 pk: RSAPublicKey::from_components(n, e)?,
1043 key_id: None,
1044 })
1045 }
1046
1047 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
1048 self.pk.to_der()
1049 }
1050
1051 pub fn to_pem(&self) -> Result<String, Error> {
1052 self.pk.to_pem()
1053 }
1054
1055 pub fn to_components(&self) -> RSAPublicKeyComponents {
1056 self.pk.to_components()
1057 }
1058
1059 pub fn with_key_id(mut self, key_id: &str) -> Self {
1060 self.key_id = Some(key_id.to_string());
1061 self
1062 }
1063
1064 pub fn sha1_thumbprint(&self) -> String {
1065 Base64UrlSafeNoPadding::encode_to_string(SHA1::hash(&self.pk.to_der().unwrap())).unwrap()
1066 }
1067
1068 pub fn sha256_thumbprint(&self) -> String {
1069 Base64UrlSafeNoPadding::encode_to_string(SHA256::hash(&self.pk.to_der().unwrap())).unwrap()
1070 }
1071}
1072
1073#[derive(Debug, Clone)]
1076pub struct PS384KeyPair {
1077 key_pair: RSAKeyPair,
1078 key_id: Option<String>,
1079}
1080
1081#[derive(Debug, Clone)]
1082pub struct PS384PublicKey {
1083 pk: RSAPublicKey,
1084 key_id: Option<String>,
1085}
1086
1087impl RSAKeyPairLike for PS384KeyPair {
1088 fn jwt_alg_name() -> &'static str {
1089 "PS384"
1090 }
1091
1092 fn key_pair(&self) -> &RSAKeyPair {
1093 &self.key_pair
1094 }
1095
1096 fn key_id(&self) -> &Option<String> {
1097 &self.key_id
1098 }
1099
1100 fn metadata(&self) -> &Option<KeyMetadata> {
1101 &self.key_pair.metadata
1102 }
1103
1104 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
1105 self.key_pair.metadata = Some(metadata);
1106 Ok(())
1107 }
1108
1109 fn hash(message: &[u8]) -> Vec<u8> {
1110 SHA384::hash(message).to_vec()
1111 }
1112
1113 fn padding_scheme(&self) -> rsa::PaddingScheme {
1114 rsa::PaddingScheme::new_pss_with_salt::<SHA384>(384 / 8)
1115 }
1116}
1117
1118impl PS384KeyPair {
1119 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
1120 Ok(PS384KeyPair {
1121 key_pair: RSAKeyPair::from_der(der)?,
1122 key_id: None,
1123 })
1124 }
1125
1126 pub fn from_pem(pem: &str) -> Result<Self, Error> {
1127 Ok(PS384KeyPair {
1128 key_pair: RSAKeyPair::from_pem(pem)?,
1129 key_id: None,
1130 })
1131 }
1132
1133 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
1134 self.key_pair.to_der()
1135 }
1136
1137 pub fn to_pem(&self) -> Result<String, Error> {
1138 self.key_pair.to_pem()
1139 }
1140
1141 pub fn public_key(&self) -> PS384PublicKey {
1142 PS384PublicKey {
1143 pk: self.key_pair.public_key(),
1144 key_id: self.key_id.clone(),
1145 }
1146 }
1147
1148 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
1149 Ok(PS384KeyPair {
1150 key_pair: RSAKeyPair::generate(modulus_bits)?,
1151 key_id: None,
1152 })
1153 }
1154
1155 pub fn with_key_id(mut self, key_id: &str) -> Self {
1156 self.key_id = Some(key_id.to_string());
1157 self
1158 }
1159}
1160
1161impl RSAPublicKeyLike for PS384PublicKey {
1162 fn jwt_alg_name() -> &'static str {
1163 "PS384"
1164 }
1165
1166 fn hash(message: &[u8]) -> Vec<u8> {
1167 SHA384::hash(message).to_vec()
1168 }
1169
1170 fn padding_scheme(&self) -> rsa::PaddingScheme {
1171 rsa::PaddingScheme::new_pss_with_salt::<SHA384>(384 / 8)
1172 }
1173
1174 fn padding_scheme_alt(&self) -> Option<rsa::PaddingScheme> {
1175 Some(rsa::PaddingScheme::new_pss::<SHA384>())
1176 }
1177
1178 fn public_key(&self) -> &RSAPublicKey {
1179 &self.pk
1180 }
1181
1182 fn key_id(&self) -> &Option<String> {
1183 &self.key_id
1184 }
1185
1186 fn set_key_id(&mut self, key_id: String) {
1187 self.key_id = Some(key_id);
1188 }
1189}
1190
1191impl PS384PublicKey {
1192 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
1193 Ok(PS384PublicKey {
1194 pk: RSAPublicKey::from_der(der)?,
1195 key_id: None,
1196 })
1197 }
1198
1199 pub fn from_pem(pem: &str) -> Result<Self, Error> {
1200 Ok(PS384PublicKey {
1201 pk: RSAPublicKey::from_pem(pem)?,
1202 key_id: None,
1203 })
1204 }
1205
1206 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
1207 Ok(PS384PublicKey {
1208 pk: RSAPublicKey::from_components(n, e)?,
1209 key_id: None,
1210 })
1211 }
1212
1213 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
1214 self.pk.to_der()
1215 }
1216
1217 pub fn to_pem(&self) -> Result<String, Error> {
1218 self.pk.to_pem()
1219 }
1220
1221 pub fn to_components(&self) -> RSAPublicKeyComponents {
1222 self.pk.to_components()
1223 }
1224
1225 pub fn with_key_id(mut self, key_id: &str) -> Self {
1226 self.key_id = Some(key_id.to_string());
1227 self
1228 }
1229
1230 pub fn sha1_thumbprint(&self) -> String {
1231 Base64UrlSafeNoPadding::encode_to_string(SHA1::hash(&self.pk.to_der().unwrap())).unwrap()
1232 }
1233
1234 pub fn sha256_thumbprint(&self) -> String {
1235 Base64UrlSafeNoPadding::encode_to_string(SHA256::hash(&self.pk.to_der().unwrap())).unwrap()
1236 }
1237}