1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

//! This crate implements the Javascript/JSON Object Signing and Encryption (JOSE)
//! standards, including:
//!
//! * JSON Web Signature (JWS): [RFC7515][]
//! * JSON Web Key (JWK): [RFC7517][]
//! * JSON Web Algorithms (JWA): [RFC7518][]
//! * JSON Web Token (JWT): [RFC7519][]
//!
//! JSON Web Encryption (JWE), [RFC7516][], is not yet supported.
//!
//! [RFC7515]: https://tools.ietf.org/html/rfc7515
//! [RFC7516]: https://tools.ietf.org/html/rfc7516
//! [RFC7517]: https://tools.ietf.org/html/rfc7517
//! [RFC7518]: https://tools.ietf.org/html/rfc7518
//! [RFC7519]: https://tools.ietf.org/html/rfc7519
//!
//! # Example
//!
//! ```
//! use aliri_base64::Base64UrlRef;
//! use aliri::{jwa, jwk, jws, jwt, jwt::CoreHeaders, Jwk, JwtRef};
//! use regex::Regex;
//! use aliri::jwt::HasAlgorithm;
//!
//! let token = JwtRef::from_str(concat!(
//!     "eyJhbGciOiJIUzI1NiIsImtpZCI6InRlc3Qga2V5In0.",
//!     "eyJzdWIiOiJBbGlyaSIsImF1ZCI6Im15X2FwaSIsImlzcyI6ImF1dGhvcml0eSJ9.",
//!     "yKDd4Ba3fdedqRKHrSUUMuF01-ctdXzEKM9oyWjSx9A"
//! ));
//!
//! let secret = Base64UrlRef::from_slice(b"test").to_owned();
//! let key = Jwk::from(jwa::Hmac::new(secret))
//!     .with_algorithm(jwa::Algorithm::HS256)
//!     .with_key_id(jwk::KeyId::new("test key"));
//!
//! let mut keys = aliri::Jwks::default();
//! keys.add_key(key);
//!
//! let validator = jwt::CoreValidator::default()
//!     .ignore_expiration()
//!     .add_approved_algorithm(jwa::Algorithm::HS256)
//!     .add_allowed_audience(jwt::Audience::new("my_api"))
//!     .require_issuer(jwt::Issuer::new("authority"))
//!     .check_subject(Regex::new("^Al.ri$").unwrap());
//!
//! let decomposed: jwt::Decomposed = token.decompose().unwrap();
//! let key_ref = keys.get_key_by_id(decomposed.kid().unwrap(), decomposed.alg()).unwrap();
//!
//! let data: jwt::Validated = token.verify(key_ref, &validator)
//!     .expect("JWT was invalid");
//! # let _ = data;
//! ```
//!
//! Inspect this token at [jwt.io][token] and verify with the shared secret `test`.
//!
//!   [token]: https://jwt.io/#debugger-io?token=eyJhbGciOiJIUzI1NiIsImtpZCI6InRlc3Qga2V5In0.eyJzdWIiOiJBbGlyaSIsImF1ZCI6Im15X2FwaSIsImlzcyI6ImF1dGhvcml0eSJ9.yKDd4Ba3fdedqRKHrSUUMuF01-ctdXzEKM9oyWjSx9A
//!

#![warn(
    missing_docs,
    unused_import_braces,
    unused_imports,
    unused_qualifications
)]
#![deny(
    missing_debug_implementations,
    missing_copy_implementations,
    trivial_casts,
    trivial_numeric_casts,
    unsafe_code,
    unused_must_use
)]

pub mod error;
pub mod jwa;
pub mod jwk;
mod jwks;
pub mod jws;
pub mod jwt;

pub(crate) mod test;

#[doc(inline)]
pub use jwk::Jwk;

#[doc(inline)]
pub use jwks::Jwks;

#[doc(inline)]
pub use jwt::{Jwt, JwtRef};

#[cfg(not(any(feature = "rsa", feature = "hmac", feature = "ec")))]
compiler_error!(
    "At least one of `rsa`, `hmac`, or `ec` must be enabled for this crate to be of any use."
);