1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
//! # Auth-Core - Authentication and Authorization Primitives for RVoIP
//!
//! `rvoip-auth-core` provides cryptographic and token-validation primitives
//! used across the RVoIP workspace. It does not own SIP dialog state, SIP
//! request retry orchestration, or `WWW-Authenticate` / `Authorization` header
//! routing. The SIP application layer in `rvoip-sip` owns those protocol
//! workflows and calls into this crate for the underlying algorithms.
//!
//! ## SIP Digest Primitives
//!
//! [`DigestAuthenticator`] generates Digest challenges and validates Digest
//! responses. [`DigestClient`] computes UAC responses for challenges. They are
//! used by `rvoip-sip` for SIP Digest over `401 WWW-Authenticate` /
//! `Authorization` and `407 Proxy-Authenticate` / `Proxy-Authorization`.
//!
//! Supported Digest algorithms are MD5, MD5-sess, SHA-256, SHA-256-sess,
//! SHA-512-256, and SHA-512-256-sess. An omitted Digest `algorithm` defaults
//! to MD5 for legacy SIP/PBX compatibility; unknown algorithms fail instead of
//! silently downgrading.
//!
//! ## Bearer and Token Validators
//!
//! [`BearerValidator`] is the common async validation trait for Bearer tokens.
//! [`JwtValidator`], [`JwksJwtValidator`], [`OAuth2IntrospectionValidator`],
//! and [`AAuthValidator`] are concrete validator families that can be plugged
//! into `rvoip-sip`'s `SipAuthService` for UAS-side SIP Bearer validation.
//! JWT and JWKS validators can optionally call [`TokenRevocationChecker`] with
//! token `jti` context after signature, issuer, audience, and expiry checks.
//!
//! ## Provider Contracts
//!
//! Protocol crates and applications use provider traits to integrate with
//! users-core, Keycloak/OIDC, LDAP/AD, Redis, IMS infrastructure, or custom
//! services without coupling protocol code to a database. These contracts
//! include [`PasswordVerifier`], [`DigestSecretProvider`], [`ApiKeyVerifier`],
//! [`TokenRevocationChecker`], [`DigestReplayStore`], [`AuthAuditSink`], and
//! [`AuthRateLimiter`].
//!
//! ## Other Auth Building Blocks
//!
//! The crate also includes DPoP validation ([`DpopValidator`]) and HTTP
//! Message Signatures style envelope verification ([`Sig9421Verifier`]).
//! These are standalone primitives; protocol-specific negotiation and retry
//! behavior belongs in the crate that owns that protocol surface.
pub use ;
pub use ;
pub use ;
pub use ;
pub use OAuth2IntrospectionValidator;
pub use ;
pub use JwtValidator;
pub use ;
pub use ;
pub use ;