use crate::algorithms::AlgorithmFamily;
use crate::crypto::{JwtSigner, JwtVerifier};
use crate::errors::{ErrorKind, Result, new_error};
use crate::{Algorithm, DecodingKey, EncodingKey};
use aws_lc_rs::signature::{ED25519, Ed25519KeyPair, VerificationAlgorithm};
use signature::{Error, Signer, Verifier};
pub struct EdDSASigner(Ed25519KeyPair);
impl EdDSASigner {
pub(crate) fn new(encoding_key: &EncodingKey) -> Result<Self> {
if encoding_key.family() != AlgorithmFamily::Ed {
return Err(new_error(ErrorKind::InvalidKeyFormat));
}
Ok(Self(
Ed25519KeyPair::from_pkcs8(encoding_key.inner())
.map_err(|_| ErrorKind::InvalidEddsaKey)?,
))
}
}
impl Signer<Vec<u8>> for EdDSASigner {
fn try_sign(&self, msg: &[u8]) -> std::result::Result<Vec<u8>, Error> {
Ok(self.0.sign(msg).as_ref().to_vec())
}
}
impl JwtSigner for EdDSASigner {
fn algorithm(&self) -> Algorithm {
Algorithm::EdDSA
}
}
pub struct EdDSAVerifier(DecodingKey);
impl EdDSAVerifier {
pub(crate) fn new(decoding_key: &DecodingKey) -> Result<Self> {
if decoding_key.family() != AlgorithmFamily::Ed {
return Err(new_error(ErrorKind::InvalidKeyFormat));
}
Ok(Self(decoding_key.clone()))
}
}
impl Verifier<Vec<u8>> for EdDSAVerifier {
fn verify(&self, msg: &[u8], signature: &Vec<u8>) -> std::result::Result<(), Error> {
ED25519.verify_sig(self.0.as_bytes(), msg, signature).map_err(Error::from_source)?;
Ok(())
}
}
impl JwtVerifier for EdDSAVerifier {
fn algorithm(&self) -> Algorithm {
Algorithm::EdDSA
}
}