Function dcaf::token::decrypt_access_token

source ·

pub fn decrypt_access_token<T>(
    key: &CoseKey,
    token: &ByteString,
    external_aad: Option<&[u8]>
) -> Result<ClaimsSet, AccessTokenError<T::Error>>where
    T: CoseEncryptCipher,

Expand description

Decrypts the given token and external_aad using the key and the cipher given by type parameter T, returning the decrypted ClaimsSet.

This method should be used when the given token is a CoseEncrypt0 rather than CoseEncrypt (i.e., if it is intended for a single recipient). In case the token is an instance of the latter, use decrypt_access_token_multiple instead.

For an example, see the documentation of encrypt_access_token.

Errors

When there’s a CoseError while deserializing the given token to a CoseEncrypt0 structure (e.g., if it’s not in fact a CoseEncrypt0 structure but rather something else).
When there’s a decryption error coming from the cipher given by T.
When the deserialized and decrypted CoseEncrypt0 structure does not contain a valid ClaimsSet.