Struct Algorithm

Source
pub struct Algorithm { /* private fields */ }
Expand description

A cryptographic function for signing or verifying a token signature

An Algorithm encapsulates one function for signing or verifying tokens. A key or secret only needs to be decoded once so it can be reused cheaply while signing or verifying tokens. The decoded key or secret and AlgorithmID are immutable after construction to avoid the chance of being coerced into using the wrong algorithm to sign or verify a token at runtime.

Optionally a kid Key ID can be assigned to an Algorithm to add a strict check that a token’s header must include the same kid value. This is useful when using an Algorithm to represent a single key within a JWKS key set, for example.

Implementations§

Source§

impl Algorithm

Source

pub fn id(&self) -> AlgorithmID

Returns the AlgorithmID that was used to construct the Algorithm

Source

pub fn name(&self) -> &'static str

Returns the algorithm name as standardized in RFC 7518

Source

pub fn set_kid(&mut self, kid: impl Into<String>)

Optionally if a kid is associated with an algorithm there will be an extra verification that a token’s kid matches the one associated with the Algorithm

Source

pub fn kid(&self) -> Option<&str>

Returns a reference to any associated kid set via set_kid()

Source

pub fn new_unsecured() -> Result<Self, Error>

Constructs a NOP algorithm for use with unsecured (unsigned) tokens

Source

pub fn new_hmac( id: AlgorithmID, secret: impl Into<Vec<u8>>, ) -> Result<Self, Error>

Constructs a symmetric HMAC algorithm based on a given secret

This algorithm may be used for signing and/or verifying signatures

Source

pub fn new_hmac_b64( id: AlgorithmID, secret: impl AsRef<str>, ) -> Result<Self, Error>

Constructs a symmetric HMAC algorithm based on a given base64 secret

This is a convenience api in case the secret you’re using is base64 encoded

This algorithm may be used for signing and/or verifying signatures

Source

pub fn new_ecdsa_pem_signer(id: AlgorithmID, key: &[u8]) -> Result<Self, Error>

Constructs an ECDSA algorithm based on a PEM format private key

This algorithm may only be used for signing tokens

Source

pub fn new_ecdsa_pem_verifier( id: AlgorithmID, key: &[u8], ) -> Result<Self, Error>

Constructs an ECDSA algorithm based on a PEM format public key

This algorithm may only be used for verifying tokens

Source

pub fn new_rsa_pem_signer(id: AlgorithmID, key: &[u8]) -> Result<Self, Error>

Constructs an RSA algorithm based on a PEM format private key

This algorithm may only be used for signing tokens

Source

pub fn new_rsa_pem_verifier(id: AlgorithmID, key: &[u8]) -> Result<Self, Error>

Constructs an RSA algorithm based on a PEM format public key

This algorithm may only be used for verifying tokens

Source

pub fn new_rsa_n_e_b64_verifier( id: AlgorithmID, n_b64: &str, e_b64: &str, ) -> Result<Self, Error>

Constructs an RSA algorithm based on modulus (n) and exponent (e) components

In some situations (such as JWKS key sets), a public RSA key may be described in terms of (base64 encoded) modulus and exponent values.

This algorithm may only be used for verifying tokens

Source

pub fn verify( &self, kid: Option<&str>, message: impl AsRef<str>, signature: impl AsRef<str>, ) -> Result<(), Error>

Lower-level api that can be used to verify a signature for a given message

Source

pub fn sign(&self, message: &str) -> Result<String, Error>

Lower-level api that can be used to calculate a signature for a message

Trait Implementations§

Source§

impl Debug for Algorithm

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl From<Algorithm> for &'static str

Source§

fn from(alg: Algorithm) -> Self

Converts to this type from the input type.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.