pub trait VerificationKeyManager: Clone {
type PublicRootKey: PublicKey;
type PublicAttenuationKey: PublicKey;
type PrivateAttenuationKey: PrivateKey;
type Claims: Serialize + DeserializeOwned;
type JWK: Serialize + DeserializeOwned;
// Required methods
fn get_root_key(
&self,
key_id: &Option<String>,
) -> Option<Self::PublicRootKey>;
fn get_envelope_verification_requirements(&self) -> VerificationRequirements;
fn default_claims(&self) -> Self::Claims;
fn jwk_to_public_attenuation_key(
&self,
jwk: &Self::JWK,
) -> Option<Self::PublicAttenuationKey>;
}Expand description
Trait containing all client-supplied information needed for verify a sealed crate::sign::AttenuableJWT.
Required Associated Types§
Sourcetype PublicRootKey: PublicKey
type PublicRootKey: PublicKey
Type of the public key for the root JWT. The root JWT may be signed by a different algorithm with a different type of key than the attenuated JWTs added to it. For example, the root JWT may be signed with a secret key, whereas only asymmetric keys are suitable for attenuated JWTs.
Sourcetype PublicAttenuationKey: PublicKey
type PublicAttenuationKey: PublicKey
Type of the public key for attenuated JWTs. IMPORTANT: THIS MUST BE AN ASYMMETRIC KEY. This is the public key counterpart to the Self::PrivateAttenuationKey.
Sourcetype PrivateAttenuationKey: PrivateKey
type PrivateAttenuationKey: PrivateKey
Type of the private key for attenuated JWTs. IMPORTANT: THIS MUST BE AN ASYMMETRIC KEY. This is the private key counterpart to the Self::PublicAttenuationKey.
Sourcetype Claims: Serialize + DeserializeOwned
type Claims: Serialize + DeserializeOwned
Type of the client-supplied attenuated claims. Any type that is serializable to/from a JSON object is suitable.
Sourcetype JWK: Serialize + DeserializeOwned
type JWK: Serialize + DeserializeOwned
Type of the JWK that represents a Self::PublicAttenuationKey.
Required Methods§
Sourcefn get_root_key(&self, key_id: &Option<String>) -> Option<Self::PublicRootKey>
fn get_root_key(&self, key_id: &Option<String>) -> Option<Self::PublicRootKey>
Given a key_id if it is present in the JWT header, return the corresponding Self::PublicRootKey.
Sourcefn get_envelope_verification_requirements(&self) -> VerificationRequirements
fn get_envelope_verification_requirements(&self) -> VerificationRequirements
The VerificationRequirements to use for verifying the sealed JWT envelope.
Sourcefn default_claims(&self) -> Self::Claims
fn default_claims(&self) -> Self::Claims
crate::verify::verify performs a fold over existing and new claims for each JWT in the chain, invoking the client-provided resolve_claims function with the existing and new claims.
The default_claims are used as the initial value in that fold.
Sourcefn jwk_to_public_attenuation_key(
&self,
jwk: &Self::JWK,
) -> Option<Self::PublicAttenuationKey>
fn jwk_to_public_attenuation_key( &self, jwk: &Self::JWK, ) -> Option<Self::PublicAttenuationKey>
Given a Self::JWK, return a Self::PublicAttenuationKey.
Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.