pub trait VerificationKeyManager: Clone {
type PublicRootKey: PublicKey;
type PublicAttenuationKey: PublicKey;
type PrivateAttenuationKey: PrivateKey;
type Claims: Serialize + DeserializeOwned;
type JWK: Serialize + DeserializeOwned;
fn get_root_key(
&self,
key_id: &Option<String>
) -> Option<Self::PublicRootKey>;
fn get_envelope_verification_requirements(&self) -> VerificationRequirements;
fn default_claims(&self) -> Self::Claims;
fn jwk_to_public_attenuation_key(
&self,
jwk: &Self::JWK
) -> Option<Self::PublicAttenuationKey>;
}Expand description
Trait containing all client-supplied information needed for verify a sealed crate::sign::AttenuableJWT.
Required Associated Types
type PublicRootKey: PublicKey
type PublicRootKey: PublicKey
Type of the public key for the root JWT. The root JWT may be signed by a different algorithm with a different type of key than the attenuated JWTs added to it. For example, the root JWT may be signed with a secret key, whereas only asymmetric keys are suitable for attenuated JWTs.
Type of the public key for attenuated JWTs. IMPORTANT: THIS MUST BE AN ASYMMETRIC KEY. This is the public key counterpart to the Self::PrivateAttenuationKey.
Type of the private key for attenuated JWTs. IMPORTANT: THIS MUST BE AN ASYMMETRIC KEY. This is the private key counterpart to the Self::PublicAttenuationKey.
type Claims: Serialize + DeserializeOwned
type Claims: Serialize + DeserializeOwned
Type of the client-supplied attenuated claims. Any type that is serializable to/from a JSON object is suitable.
type JWK: Serialize + DeserializeOwned
type JWK: Serialize + DeserializeOwned
Type of the JWK that represents a Self::PublicAttenuationKey.
Required Methods
fn get_root_key(&self, key_id: &Option<String>) -> Option<Self::PublicRootKey>
fn get_root_key(&self, key_id: &Option<String>) -> Option<Self::PublicRootKey>
Given a key_id if it is present in the JWT header, return the corresponding Self::PublicRootKey.
The VerificationRequirements to use for verifying the sealed JWT envelope.
fn default_claims(&self) -> Self::Claims
fn default_claims(&self) -> Self::Claims
crate::verify::verify performs a fold over existing and new claims for each JWT in the chain, invoking the client-provided resolve_claims function with the existing and new claims.
The default_claims are used as the initial value in that fold.
fn jwk_to_public_attenuation_key(
&self,
jwk: &Self::JWK
) -> Option<Self::PublicAttenuationKey>
fn jwk_to_public_attenuation_key(
&self,
jwk: &Self::JWK
) -> Option<Self::PublicAttenuationKey>
Given a Self::JWK, return a Self::PublicAttenuationKey.