jose 0.0.2

A JSON Object Signing and Encryption implementation
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349

use alloc::vec::Vec;
use core::ops::{Deref, DerefMut};

use thiserror::Error;

use super::JsonWebSignature;
use crate::{
    crypto,
    format::{DecodeFormat, DecodeFormatWithContext, Format, JsonGeneral},
    jwa::{JsonWebAlgorithm, JsonWebSigningAlgorithm},
    jwk::FromKey,
};

/// The error indicating if either the signature is invalid, or if the
/// cyptographic operation failed.
#[derive(Debug, Error)]
pub enum VerifyError {
    /// The signature is invalid.
    #[error("signature is invalid")]
    InvalidSignature,

    /// The crypto backend threw an error.
    #[error("crypto backend error")]
    CryptoBackend(
        #[from]
        #[source]
        crypto::Error,
    ),
}

/// This trait represents anything that can be used to verify a JWS, JWE, or
/// whatever.
pub trait Verifier {
    /// The `verify` operation.
    ///
    /// If the message is valid, returns `Ok(())`.
    ///
    /// # Errors
    ///
    /// Returns [`VerifyError`] if anything went wrong during signature
    /// verification or if the signature is just invalid.
    fn verify(&mut self, msg: &[u8], signature: &[u8]) -> Result<(), VerifyError>;
}

/// This wrapper type represents a [JWS](crate::JsonWebSignature) that was
/// parsed from user input, but the data integrity was not verified, thus it
/// might contain corrupted or malicious data.
///
/// An [`Unverified`] struct can be verified using the [`verify`](Self::verify)
/// method.
#[derive(Debug)]
pub struct Unverified<T> {
    pub(crate) value: T,
    pub(crate) signature: Vec<u8>,
    pub(crate) msg: Vec<u8>,
}

impl<T> Unverified<T> {
    /// Parse the input format to an unverified representation of `T`.
    ///
    /// # Errors
    ///
    /// Returns an error if the input format has an invalid representation for
    /// the `T` type.
    pub fn decode<F: Format>(input: F) -> Result<Self, T::Error>
    where
        T: DecodeFormat<F, Decoded<T> = Unverified<T>>,
    {
        T::decode(input)
    }

    /// Parse the input format to an unverified representation of `T`, with the
    /// given context.
    ///
    /// # Errors
    ///
    /// Returns an error if the input format has an invalid representation for
    /// the `T` type.
    pub fn decode_with_context<F: Format, C>(input: F, context: &C) -> Result<Self, T::Error>
    where
        T: DecodeFormatWithContext<F, C, Decoded<T> = Unverified<T>>,
    {
        T::decode_with_context(input, context)
    }

    /// Verify this struct using the given verifier, returning a [`Verified`]
    /// representation of the inner type.
    ///
    /// # Errors
    ///
    /// Returns [`VerifyError`] if anything went wrong during signature
    /// verification or if the signature is just invalid.
    pub fn verify(self, verifier: &mut dyn Verifier) -> Result<Verified<T>, VerifyError> {
        verifier.verify(&self.msg, &self.signature)?;
        Ok(Verified(self.value))
    }
}

impl<T, F> Unverified<JsonWebSignature<F, T>>
where
    F: Format,
{
    /// Exposes the **unverified** [`JoseHeader`](crate::JoseHeader) of this
    /// [`JsonWebSignature`]
    ///
    /// You usually **should not use this method**. Instead, verify the
    /// [`JsonWebSignature`] and potentially protected headers first, to avoid
    /// creating security vulnerabilities.
    ///
    /// # When to use
    ///
    /// One use case is to determine which key was used to create this signature
    /// in the first place. For example, consider you have a list of public
    /// keys used by the same party. If you were not able to peek inside to
    /// get a hint of the key used, for example via
    /// [`JoseHeader::key_identifier`](crate::JoseHeader::key_identifier), you
    /// would have to try each key until either a signature is valid or
    /// there are no keys left.
    ///
    /// However, note that, since the header is not verified yet, an attacker
    /// can spoof the key hint. For example, you MUST still make sure that the
    /// key in the hint is actually established and does not belong to some
    /// other party which might still be in your list of keys but is unrelated.
    ///
    /// # Security
    ///
    /// Every security garantee given by this crate is broken for the returned
    /// [`JoseHeader`](crate::JoseHeader), including
    /// [`HeaderValue::Protected`](crate::header::HeaderValue). Thus, you should
    /// use this method only within isolated code regions.
    pub fn expose_unverified_header(&self) -> &F::JwsHeader {
        &self.value.header
    }

    /// Exposes the **unverified** [`payload`](JsonWebSignature::payload) of
    /// this [`JsonWebSignature`]
    ///
    /// You **should never have the need to use this method**. If you have
    /// information in the payload that you need in order to verify the
    /// signature, you are using it wrong. Instead, such information should be
    /// put in the [`JoseHeader`](crate::JoseHeader) and can be accessed via
    /// [`expose_unverified_header]`](Self::expose_unverified_header).
    ///
    /// # Security
    ///
    /// Every security garantee given by this crate is broken for the returned
    /// payload `T`. Thus, you should use this method only within isolated code
    /// regions.
    pub fn expose_unverified_payload(&self) -> &T {
        &self.value.payload
    }

    /// Exposes the **unverified** raw signature in its byte representation
    ///
    /// Note: raw means that it is already base64 decoded.
    ///
    /// There is absolutely no reason to use this method. If you want to use
    /// your own code for verification, you should create your own [`Verifier`]
    /// instead.
    pub fn expose_unverified_raw_signature(&self) -> &[u8] {
        self.signature.as_slice()
    }
}

/// This wrapper type represents a [JWS](crate::JsonWebSignature) that was
/// parsed from user input, but the data integrity was not verified, thus it
/// might contain corrupted or malicious data.
///
/// Compared to [`Unverified`] this type can contain multiple signatures that
/// need to be verified. An instance of this type can only be obtained by
/// decoding a JWS using the [`JsonGeneral`] format.
#[derive(Debug)]
pub struct ManyUnverified<T> {
    pub(crate) value: T,
    // Vec<(msg, signature)>
    pub(crate) signatures: Vec<(Vec<u8>, Vec<u8>)>,
}

impl<T> ManyUnverified<T> {
    /// Parses a JWS in the [`JsonGeneral`] format into an unverified
    /// representation of `T`.
    ///
    /// # Errors
    ///
    /// Returns an error if the input format has an invalid representation for
    /// the `T` type.
    pub fn decode(input: JsonGeneral) -> Result<Self, T::Error>
    where
        T: DecodeFormat<JsonGeneral, Decoded<T> = ManyUnverified<T>>,
    {
        T::decode(input)
    }

    /// Returns the number of signatures in this JWS.
    pub fn signature_count(&self) -> usize {
        self.signatures.len()
    }

    /// Verify this struct using the given verifies, returning a [`Verified`]
    /// representation of the inner type.
    ///
    /// # Errors
    ///
    /// Returns an error if the number of verifiers does not match the number of
    /// signatures, or if anything went wrong during a signature
    /// verification or if one of the signatures is just invalid.
    // TODO: consider using a more specific error type to give the usermore
    // information about the error
    pub fn verify_many<'a>(
        self,
        verifiers: impl IntoIterator<Item = &'a mut dyn Verifier>,
    ) -> Result<Verified<T>, VerifyError> {
        let verifiers = verifiers.into_iter().collect::<Vec<_>>();
        if verifiers.len() != self.signatures.len() {
            return Err(VerifyError::InvalidSignature);
        }

        for (verifier, (msg, signature)) in verifiers.into_iter().zip(self.signatures) {
            verifier.verify(&msg, &signature)?;
        }

        Ok(Verified(self.value))
    }
}

impl<T, F> ManyUnverified<JsonWebSignature<F, T>>
where
    F: Format,
{
    /// Exposes the **unverified** [`JoseHeader`](crate::JoseHeader) of this
    /// [`JsonWebSignature`]
    ///
    /// You usually **should not use this method**. Instead, verify the
    /// [`JsonWebSignature`] and potentially protected headers first, to avoid
    /// creating security vulnerabilities.
    ///
    /// # When to use
    ///
    /// One use case is to determine which key was used to create this signature
    /// in the first place. For example, consider you have a list of public
    /// keys used by the same party. If you were not able to peek inside to
    /// get a hint of the key used, for example via
    /// [`JoseHeader::key_identifier`](crate::JoseHeader::key_identifier), you
    /// would have to try each key until either a signature is valid or
    /// there are no keys left.
    ///
    /// However, note that, since the header is not verified yet, an attacker
    /// can spoof the key hint. For example, you MUST still make sure that the
    /// key in the hint is actually established and does not belong to some
    /// other party which might still be in your list of keys but is unrelated.
    ///
    /// # Security
    ///
    /// Every security garantee given by this crate is broken for the returned
    /// [`JoseHeader`](crate::JoseHeader), including
    /// [`HeaderValue::Protected`](crate::header::HeaderValue). Thus, you should
    /// use this method only within isolated code regions.
    pub fn expose_unverified_header(&self) -> &F::JwsHeader {
        &self.value.header
    }

    /// Exposes the **unverified** [`payload`](JsonWebSignature::payload) of
    /// this [`JsonWebSignature`]
    ///
    /// You **should never have the need to use this method**. If you have
    /// information in the payload that you need in order to verify the
    /// signature, you are using it wrong. Instead, such information should be
    /// put in the [`JoseHeader`](crate::JoseHeader) and can be accessed via
    /// [`expose_unverified_header]`](Self::expose_unverified_header).
    ///
    /// # Security
    ///
    /// Every security garantee given by this crate is broken for the returned
    /// payload `T`. Thus, you should use this method only within isolated code
    /// regions.
    pub fn expose_unverified_payload(&self) -> &T {
        &self.value.payload
    }

    /// Exposes an [`Iterator`] over the **unverified** signatures and their
    /// corresponding messages.
    ///
    /// It returns an [`Iterator`] over `(message, signature)` for each
    /// signature. Note: raw means that they are already base64 decoded.
    ///
    /// There is absolutely no reason to use this method. If you want to use
    /// your own code for verification, you should create your own [`Verifier`]
    /// instead.
    pub fn expose_unverified_raw_signatures(&self) -> impl Iterator<Item = (&[u8], &[u8])> {
        self.signatures
            .iter()
            .map(|(msg, sig)| (msg.as_slice(), sig.as_slice()))
    }
}

/// Wrapper type around a JWS, or JWE that was verified using a [`Verifier`].
#[derive(Debug)]
pub struct Verified<T>(T);

impl<T> Verified<T> {
    /// Turns self into it's inner `T`.
    pub fn into_inner(self) -> T {
        self.0
    }
}

impl<T> Deref for Verified<T> {
    type Target = T;

    fn deref(&self) -> &Self::Target {
        &self.0
    }
}

impl<T> DerefMut for Verified<T> {
    fn deref_mut(&mut self) -> &mut Self::Target {
        &mut self.0
    }
}

/// A trait to turn something into a [`Verifier`]
///
/// Some key types like the [`Rsa`](crate::crypto::rsa::PublicKey) key type need
/// to know which [algorithm](JsonWebSigningAlgorithm) to use.
pub trait IntoVerifier<V>
where
    V: Verifier,
{
    /// The error returned if the conversion failed
    type Error;

    /// Turn `self` into the [`Verifier`] `V`
    ///
    /// # Errors
    ///
    /// Returns an error if the conversion failed
    fn into_verifier(self, alg: JsonWebSigningAlgorithm) -> Result<V, Self::Error>;
}

impl<K, V> IntoVerifier<V> for K
where
    V: FromKey<K> + Verifier,
{
    type Error = <V as FromKey<K>>::Error;

    fn into_verifier(self, alg: JsonWebSigningAlgorithm) -> Result<V, Self::Error> {
        V::from_key(self, JsonWebAlgorithm::Signing(alg))
    }
}