Function dcaf::token::decrypt_access_token_multiple
source · pub fn decrypt_access_token_multiple<K, C>(
kek: &CoseKey,
token: &ByteString,
external_aad: Option<&[u8]>
) -> Result<ClaimsSet, AccessTokenError<MultipleCoseError<K::Error, C::Error>>>where
K: CoseEncryptCipher,
C: CoseEncryptCipher,
Expand description
Decrypts the given token
and external_aad
using the Key Encryption Key kek
and the cipher given
by type parameter T
, returning the decrypted ClaimsSet
.
Note that the given kek
must have an associated kid
(key ID) field when converted
to a COSE key, as the recipient inside the CoseEncrypt
is identified in this way.
This method should be used when the given token
is a CoseEncrypt
rather than
CoseEncrypt0
(i.e., if it is intended for multiple recipients). In case the token is an
instance of the latter, use decrypt_access_token
instead.
Errors
- When there’s a
CoseError
while deserializing the giventoken
to aCoseEncrypt
structure (e.g., if it’s not in fact aCoseEncrypt
structure but rather something else). - When there’s a decryption error coming from the cipher given by
T
. - When the deserialized and decrypted
CoseEncrypt
structure does not contain a validClaimsSet
. - When the
CoseEncrypt
contains either multiple matching recipients or none at all for the givenkek
.