pub struct Algorithm { /* private fields */ }
Expand description
A cryptographic function for signing or verifying a token signature
An Algorithm encapsulates one function for signing or verifying tokens. A key
or secret only needs to be decoded once so it can be reused cheaply while
signing or verifying tokens. The decoded key or secret and AlgorithmID
are
immutable after construction to avoid the chance of being coerced into using
the wrong algorithm to sign or verify a token at runtime.
Optionally a kid
Key ID can be assigned to an Algorithm
to add a strict
check that a token’s header must include the same kid
value. This is useful
when using an Algorithm
to represent a single key within a JWKS key set,
for example.
Implementations§
Source§impl Algorithm
impl Algorithm
Sourcepub fn id(&self) -> AlgorithmID
pub fn id(&self) -> AlgorithmID
Returns the AlgorithmID
that was used to construct the Algorithm
Sourcepub fn set_kid(&mut self, kid: impl Into<String>)
pub fn set_kid(&mut self, kid: impl Into<String>)
Optionally if a kid
is associated with an algorithm there will be an extra
verification that a token’s kid matches the one associated with the Algorithm
Sourcepub fn new_unsecured() -> Result<Self, Error>
pub fn new_unsecured() -> Result<Self, Error>
Constructs a NOP algorithm for use with unsecured (unsigned) tokens
Sourcepub fn new_hmac(
id: AlgorithmID,
secret: impl Into<Vec<u8>>,
) -> Result<Self, Error>
pub fn new_hmac( id: AlgorithmID, secret: impl Into<Vec<u8>>, ) -> Result<Self, Error>
Constructs a symmetric HMAC algorithm based on a given secret
This algorithm may be used for signing and/or verifying signatures
Sourcepub fn new_hmac_b64(
id: AlgorithmID,
secret: impl AsRef<str>,
) -> Result<Self, Error>
pub fn new_hmac_b64( id: AlgorithmID, secret: impl AsRef<str>, ) -> Result<Self, Error>
Constructs a symmetric HMAC algorithm based on a given base64 secret
This is a convenience api in case the secret you’re using is base64 encoded
This algorithm may be used for signing and/or verifying signatures
Sourcepub fn new_ecdsa_pem_signer(id: AlgorithmID, key: &[u8]) -> Result<Self, Error>
pub fn new_ecdsa_pem_signer(id: AlgorithmID, key: &[u8]) -> Result<Self, Error>
Constructs an ECDSA algorithm based on a PEM format private key
This algorithm may only be used for signing tokens
Sourcepub fn new_ecdsa_pem_verifier(
id: AlgorithmID,
key: &[u8],
) -> Result<Self, Error>
pub fn new_ecdsa_pem_verifier( id: AlgorithmID, key: &[u8], ) -> Result<Self, Error>
Constructs an ECDSA algorithm based on a PEM format public key
This algorithm may only be used for verifying tokens
Sourcepub fn new_rsa_pem_signer(id: AlgorithmID, key: &[u8]) -> Result<Self, Error>
pub fn new_rsa_pem_signer(id: AlgorithmID, key: &[u8]) -> Result<Self, Error>
Constructs an RSA algorithm based on a PEM format private key
This algorithm may only be used for signing tokens
Sourcepub fn new_rsa_pem_verifier(id: AlgorithmID, key: &[u8]) -> Result<Self, Error>
pub fn new_rsa_pem_verifier(id: AlgorithmID, key: &[u8]) -> Result<Self, Error>
Constructs an RSA algorithm based on a PEM format public key
This algorithm may only be used for verifying tokens
Sourcepub fn new_rsa_n_e_b64_verifier(
id: AlgorithmID,
n_b64: &str,
e_b64: &str,
) -> Result<Self, Error>
pub fn new_rsa_n_e_b64_verifier( id: AlgorithmID, n_b64: &str, e_b64: &str, ) -> Result<Self, Error>
Constructs an RSA algorithm based on modulus (n) and exponent (e) components
In some situations (such as JWKS key sets), a public RSA key may be described in terms of (base64 encoded) modulus and exponent values.
This algorithm may only be used for verifying tokens