dyn_rsa_key/
dyn-rsa-key.rs

1#![allow(dead_code)]
2
3use jaws::algorithms::SignatureBytes;
4use jaws::algorithms::TokenSigner;
5use jaws::algorithms::TokenVerifier;
6use jaws::token::{Unsigned, Unverified};
7use jaws::Compact;
8use jaws::JWTFormat;
9use jaws::RegisteredClaims;
10use rsa::pkcs8::DecodePrivateKey;
11use serde_json::json;
12use sha2::Sha256;
13
14fn rsa_private() -> rsa::RsaPrivateKey {
15    // This key is from RFC 7515, Appendix A.2. Provide your own key instead!
16    // The key here is stored as a PKCS#8 PEM file, but you can leverage
17    // RustCrypto to load a variety of other formats.
18    rsa::RsaPrivateKey::from_pkcs8_pem(include_str!(concat!(
19        env!("CARGO_MANIFEST_DIR"),
20        "/examples/rfc7515a2.pem"
21    )))
22    .unwrap()
23}
24
25fn rsa_public() -> rsa::RsaPublicKey {
26    let key = rsa_private();
27    key.to_public_key()
28}
29
30fn rsa_signer() -> rsa::pkcs1v15::SigningKey<Sha256> {
31    rsa::pkcs1v15::SigningKey::<Sha256>::new(rsa_private())
32}
33
34fn rsa_verifier() -> rsa::pkcs1v15::VerifyingKey<Sha256> {
35    rsa::pkcs1v15::VerifyingKey::new(rsa_public())
36}
37
38fn dyn_signer() -> Box<dyn TokenSigner<SignatureBytes>> {
39    Box::new(rsa_signer())
40}
41
42fn dyn_verifier() -> Box<dyn TokenVerifier<SignatureBytes>> {
43    Box::new(rsa_verifier())
44}
45
46type Claims = jaws::Claims<serde_json::Value, (), String, (), ()>;
47type Token<S> = jaws::Token<Claims, S, Compact>;
48
49fn unsigned_token() -> Token<Unsigned<()>> {
50    let claims = Claims {
51        registered: RegisteredClaims {
52            subject: "1234567890".to_string().into(),
53            ..Default::default()
54        },
55        claims: json!({
56            "name": "John Doe",
57            "admin": true,
58        }),
59    };
60
61    let mut token = Token::compact((), claims);
62    *token.header_mut().r#type() = Some("JWT".to_string());
63    token.header_mut().key().derived();
64    token
65}
66
67fn roundtrip(token: Token<Unverified<()>>) -> Token<Unverified<()>> {
68    let rendered = token.rendered().unwrap();
69    let parsed: Token<Unverified<()>> = rendered.parse().unwrap();
70    assert_eq!(token, parsed);
71    parsed
72}
73
74#[test]
75fn dyn_rsa_verify() {
76    let token = unsigned_token();
77    println!("=== Unsigned Token ===");
78    println!("{}", token.formatted());
79    println!(
80        "Payload: {}",
81        serde_json::to_string_pretty(&token.payload().unwrap()).unwrap()
82    );
83
84    let signed = token
85        .sign::<_, rsa::pkcs1v15::Signature>(&rsa_signer())
86        .unwrap();
87
88    let unverified = roundtrip(signed.unverify());
89
90    println!("=== Unverified Token ===");
91    println!("{}", unverified.formatted());
92
93    let verified = unverified
94        .verify::<_, rsa::pkcs1v15::Signature>(&rsa_verifier())
95        .unwrap();
96
97    let unverified = roundtrip(verified.unverify());
98
99    let verified = unverified
100        .verify::<_, SignatureBytes>(dyn_verifier().as_ref())
101        .unwrap();
102
103    println!("=== Verified Token ===");
104    println!("{}", verified.formatted());
105}
106
107#[test]
108fn dyn_rsa_sign() {
109    let token = unsigned_token();
110    println!("=== Unsigned Token ===");
111    println!("{}", token.formatted());
112    println!(
113        "Payload: {}",
114        serde_json::to_string_pretty(&token.payload().unwrap()).unwrap()
115    );
116
117    let signed = token
118        .sign::<_, SignatureBytes>(dyn_signer().as_ref())
119        .unwrap();
120
121    let unverified = roundtrip(signed.unverify());
122
123    println!("=== Unverified Token ===");
124    println!("{}", unverified.formatted());
125
126    let verified = unverified
127        .verify::<_, rsa::pkcs1v15::Signature>(&rsa_verifier())
128        .unwrap();
129
130    let unverified = roundtrip(verified.unverify());
131
132    let verified = unverified
133        .verify::<_, SignatureBytes>(dyn_verifier().as_ref())
134        .unwrap();
135
136    println!("=== Verified Token ===");
137    println!("{}", verified.formatted());
138}