jsonwebtoken_rustcrypto/encoding.rs
1use serde::ser::Serialize;
2
3use crate::crypto;
4use crate::errors::Result;
5use crate::header::Header;
6// use crate::pem::decoder::PemEncodedKey;
7use crate::serialization::b64_encode_part;
8
9use base64::{engine::general_purpose::STANDARD, Engine};
10
11/// A key to encode a JWT with. Can be a secret, a PEM-encoded key or a DER-encoded key.
12/// This key can be re-used so make sure you only initialize it once if you can for better performance
13#[derive(Debug, Clone, PartialEq)]
14pub enum EncodingKey {
15 Hmac(Vec<u8>),
16 Rsa(Box<rsa::RsaPrivateKey>),
17 // EcPkcs8(Vec<u8>),
18}
19
20impl EncodingKey {
21 /// If you're using a HMAC secret that is not base64, use that.
22 pub fn from_hmac_secret(secret: &[u8]) -> Self {
23 EncodingKey::Hmac(secret.to_vec())
24 }
25
26 /// If you have a base64 HMAC secret, use that.
27 pub fn from_base64_hmac_secret(secret: &str) -> Result<Self> {
28 Ok(EncodingKey::Hmac(STANDARD.decode(secret)?))
29 }
30
31 pub fn from_rsa(key: rsa::RsaPrivateKey) -> Result<Self> {
32 Ok(EncodingKey::Rsa(Box::new(key)))
33 }
34}
35
36/// Encode the header and claims given and sign the payload using the algorithm from the header and the key.
37/// If the algorithm given is RSA or EC, the key needs to be in the PEM format.
38///
39/// ```rust
40/// use serde::{Deserialize, Serialize};
41/// use jsonwebtoken_rustcrypto::{encode, Algorithm, Header, EncodingKey};
42///
43/// #[derive(Debug, Serialize, Deserialize)]
44/// struct Claims {
45/// sub: String,
46/// company: String
47/// }
48///
49/// let my_claims = Claims {
50/// sub: "b@b.com".to_owned(),
51/// company: "ACME".to_owned()
52/// };
53///
54/// // my_claims is a struct that implements Serialize
55/// // This will create a JWT using HS256 as algorithm
56/// let token = encode(&Header::default(), &my_claims, &EncodingKey::from_hmac_secret("secret".as_ref())).unwrap();
57/// ```
58pub fn encode<T: Serialize>(header: &Header, claims: &T, key: &EncodingKey) -> Result<String> {
59 crypto::validate_matching_key(key, header.alg)?;
60 let encoded_header = b64_encode_part(&header)?;
61 let encoded_claims = b64_encode_part(&claims)?;
62 let message = [encoded_header.as_ref(), encoded_claims.as_ref()].join(".");
63 let signature = crypto::sign(&message, key, header.alg)?;
64
65 Ok([message, signature].join("."))
66}