ppoppo-token 0.2.0

JWT (RFC 9068, EdDSA) issuance + verification engine for the Ppoppo ecosystem. Single deep module with a small interface (issue, verify) hiding RFC 8725 mitigations M01-M45, JWKS handling, and substrate ports (epoch, session, replay).
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

//! Server-pinned set of decoding keys indexed by `kid`.
//!
//! `kid` resolution is M12: the engine MUST look the key up in this struct
//! and never follow `jku`/`x5u` URLs (those headers fail M07/M08 first).

use jsonwebtoken::DecodingKey;
use std::collections::HashMap;

pub struct KeySet {
    keys: HashMap<String, DecodingKey>,
}

impl KeySet {
    #[must_use]
    pub fn new() -> Self {
        Self {
            keys: HashMap::new(),
        }
    }

    pub fn insert(&mut self, kid: impl Into<String>, key: DecodingKey) {
        self.keys.insert(kid.into(), key);
    }

    pub(crate) fn get(&self, kid: &str) -> Option<&DecodingKey> {
        self.keys.get(kid)
    }
}

impl Default for KeySet {
    fn default() -> Self {
        Self::new()
    }
}