1#[cfg(any(feature = "pure-rust", target_arch = "wasm32", target_arch = "wasm64"))]
2use superboring as boring;
3
4use boring::bn::BigNum;
5use boring::hash::MessageDigest;
6use boring::pkey::{PKey, Private, Public};
7use boring::rsa::{Padding, Rsa};
8use boring::sign::{Signer, Verifier};
9use ct_codecs::{Base64UrlSafeNoPadding, Encoder};
10use hmac_sha1_compact::Hash as SHA1;
11use hmac_sha256::Hash as SHA256;
12use serde::{de::DeserializeOwned, Serialize};
13
14use crate::claims::*;
15use crate::common::*;
16#[cfg(feature = "cwt")]
17use crate::cwt_token::*;
18use crate::error::*;
19use crate::jwt_header::*;
20use crate::token::*;
21
22#[doc(hidden)]
23#[derive(Debug, Clone)]
24pub struct RSAPublicKey(Rsa<Public>);
25
26impl AsRef<Rsa<Public>> for RSAPublicKey {
27 fn as_ref(&self) -> &Rsa<Public> {
28 &self.0
29 }
30}
31
32pub struct RSAPublicKeyComponents {
33 pub n: Vec<u8>,
34 pub e: Vec<u8>,
35}
36
37impl RSAPublicKey {
38 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
39 let rsa_pk = Rsa::<Public>::public_key_from_der(der)
40 .or_else(|_| Rsa::<Public>::public_key_from_der_pkcs1(der))?;
41 Ok(RSAPublicKey(rsa_pk))
42 }
43
44 pub fn from_pem(pem: &str) -> Result<Self, Error> {
45 let pem = pem.trim();
46 let rsa_pk = Rsa::<Public>::public_key_from_pem(pem.as_bytes())
47 .or_else(|_| Rsa::<Public>::public_key_from_pem_pkcs1(pem.as_bytes()))?;
48 Ok(RSAPublicKey(rsa_pk))
49 }
50
51 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
52 let n = BigNum::from_slice(n)?;
53 let e = BigNum::from_slice(e)?;
54 let rsa_pk = Rsa::<Public>::from_public_components(n, e)?;
55 Ok(RSAPublicKey(rsa_pk))
56 }
57
58 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
59 self.0.public_key_to_der().map_err(Into::into)
60 }
61
62 pub fn to_pem(&self) -> Result<String, Error> {
63 let bytes = self.0.public_key_to_pem()?;
64 let pem = String::from_utf8(bytes)?;
65 Ok(pem)
66 }
67
68 pub fn to_components(&self) -> RSAPublicKeyComponents {
69 let n = self.0.n().to_vec();
70 let e = self.0.e().to_vec();
71 RSAPublicKeyComponents { n, e }
72 }
73}
74
75#[doc(hidden)]
76#[derive(Debug, Clone)]
77pub struct RSAKeyPair {
78 rsa_sk: Rsa<Private>,
79 metadata: Option<KeyMetadata>,
80}
81
82impl AsRef<Rsa<Private>> for RSAKeyPair {
83 fn as_ref(&self) -> &Rsa<Private> {
84 &self.rsa_sk
85 }
86}
87
88impl RSAKeyPair {
89 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
90 let rsa_sk = Rsa::<Private>::private_key_from_der(der)?;
91 if !(rsa_sk.check_key()?) {
92 bail!(JWTError::InvalidKeyPair);
93 }
94 Ok(RSAKeyPair {
95 rsa_sk,
96 metadata: None,
97 })
98 }
99
100 pub fn from_pem(pem: &str) -> Result<Self, Error> {
101 let pem = pem.trim();
102 let rsa_sk = Rsa::<Private>::private_key_from_pem(pem.as_bytes())?;
103 if !(rsa_sk.check_key()?) {
104 bail!(JWTError::InvalidKeyPair);
105 }
106 Ok(RSAKeyPair {
107 rsa_sk,
108 metadata: None,
109 })
110 }
111
112 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
113 self.rsa_sk.private_key_to_der().map_err(Into::into)
114 }
115
116 pub fn to_pem(&self) -> Result<String, Error> {
117 let bytes = self.rsa_sk.private_key_to_pem()?;
118 let pem = String::from_utf8(bytes)?;
119 Ok(pem)
120 }
121
122 pub fn public_key(&self) -> RSAPublicKey {
123 let rsa_pk = Rsa::<Public>::from_public_components(
124 self.rsa_sk
125 .n()
126 .to_owned()
127 .expect("failed to create public key"),
128 self.rsa_sk
129 .e()
130 .to_owned()
131 .expect("failed to create public key"),
132 )
133 .expect("failed to create public key");
134 RSAPublicKey(rsa_pk)
135 }
136
137 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
138 match modulus_bits {
139 2048 | 3072 | 4096 => {}
140 _ => bail!(JWTError::UnsupportedRSAModulus),
141 };
142 let rsa_sk = Rsa::<Private>::generate(modulus_bits as _)?;
143 Ok(RSAKeyPair {
144 rsa_sk,
145 metadata: None,
146 })
147 }
148}
149
150pub trait RSAKeyPairLike {
151 fn jwt_alg_name() -> &'static str;
152 fn key_pair(&self) -> &RSAKeyPair;
153 fn key_id(&self) -> &Option<String>;
154 fn metadata(&self) -> &Option<KeyMetadata>;
155 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error>;
156 fn hash() -> MessageDigest;
157 fn padding_scheme(&self) -> Padding;
158
159 fn sign<CustomClaims: Serialize + DeserializeOwned>(
160 &self,
161 claims: JWTClaims<CustomClaims>,
162 ) -> Result<String, Error> {
163 self.sign_with_options(claims, &Default::default())
164 }
165
166 fn sign_with_options<CustomClaims: Serialize + DeserializeOwned>(
167 &self,
168 claims: JWTClaims<CustomClaims>,
169 opts: &HeaderOptions,
170 ) -> Result<String, Error> {
171 let jwt_header = JWTHeader::new(Self::jwt_alg_name().to_string(), self.key_id().clone())
172 .with_key_metadata(self.metadata())
173 .with_options(opts);
174 Token::build(&jwt_header, claims, |authenticated| {
175 let digest = Self::hash();
176 let pkey = PKey::from_rsa(self.key_pair().as_ref().clone())?;
177 let mut signer = Signer::new(digest, &pkey).unwrap();
178 signer.set_rsa_padding(self.padding_scheme())?;
179 signer.update(authenticated.as_bytes())?;
180 let signature = signer.sign_to_vec()?;
181 Ok(signature)
182 })
183 }
184}
185
186pub trait RSAPublicKeyLike {
187 fn jwt_alg_name() -> &'static str;
188 fn public_key(&self) -> &RSAPublicKey;
189 fn key_id(&self) -> &Option<String>;
190 fn set_key_id(&mut self, key_id: String);
191 fn hash() -> MessageDigest;
192 fn padding_scheme(&self) -> Padding;
193
194 fn verify_token<CustomClaims: Serialize + DeserializeOwned>(
195 &self,
196 token: &str,
197 options: Option<VerificationOptions>,
198 ) -> Result<JWTClaims<CustomClaims>, Error> {
199 Token::verify(
200 Self::jwt_alg_name(),
201 token,
202 options,
203 |authenticated, signature| {
204 let digest = Self::hash();
205 let pkey = PKey::from_rsa(self.public_key().as_ref().clone())?;
206 let mut verifier = Verifier::new(digest, &pkey)?;
207 verifier.set_rsa_padding(self.padding_scheme())?;
208 verifier.update(authenticated.as_bytes())?;
209 if !(verifier
210 .verify(signature)
211 .map_err(|_| JWTError::InvalidSignature)?)
212 {
213 bail!(JWTError::InvalidSignature);
214 }
215 Ok(())
216 },
217 |_salt: Option<&[u8]>| Ok(()),
218 )
219 }
220
221 #[cfg(feature = "cwt")]
222 fn verify_cwt_token<CustomClaims: Serialize + DeserializeOwned>(
223 &self,
224 token: &[u8],
225 options: Option<VerificationOptions>,
226 ) -> Result<JWTClaims<NoCustomClaims>, Error> {
227 CWTToken::verify(
228 Self::jwt_alg_name(),
229 token,
230 options,
231 |authenticated, signature| {
232 let digest = Self::hash();
233 let pkey = PKey::from_rsa(self.public_key().as_ref().clone())?;
234 let mut verifier = Verifier::new(digest, &pkey)?;
235 verifier.update(authenticated.as_bytes())?;
236 if !(verifier
237 .verify(signature)
238 .map_err(|_| JWTError::InvalidSignature)?)
239 {
240 bail!(JWTError::InvalidSignature);
241 }
242 Ok(())
243 },
244 )
245 }
246
247 #[cfg(feature = "cwt")]
249 fn decode_cwt_metadata(&self, token: impl AsRef<[u8]>) -> Result<TokenMetadata, Error> {
250 CWTToken::decode_metadata(token)
251 }
252}
253
254#[derive(Debug, Clone)]
255pub struct RS256KeyPair {
256 key_pair: RSAKeyPair,
257 key_id: Option<String>,
258}
259
260#[derive(Debug, Clone)]
261pub struct RS256PublicKey {
262 pk: RSAPublicKey,
263 key_id: Option<String>,
264}
265
266impl RSAKeyPairLike for RS256KeyPair {
267 fn jwt_alg_name() -> &'static str {
268 "RS256"
269 }
270
271 fn key_pair(&self) -> &RSAKeyPair {
272 &self.key_pair
273 }
274
275 fn key_id(&self) -> &Option<String> {
276 &self.key_id
277 }
278
279 fn metadata(&self) -> &Option<KeyMetadata> {
280 &self.key_pair.metadata
281 }
282
283 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
284 self.key_pair.metadata = Some(metadata);
285 Ok(())
286 }
287
288 fn hash() -> MessageDigest {
289 MessageDigest::sha256()
290 }
291
292 fn padding_scheme(&self) -> Padding {
293 Padding::PKCS1
294 }
295}
296
297impl RS256KeyPair {
298 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
299 Ok(RS256KeyPair {
300 key_pair: RSAKeyPair::from_der(der)?,
301 key_id: None,
302 })
303 }
304
305 pub fn from_pem(pem: &str) -> Result<Self, Error> {
306 Ok(RS256KeyPair {
307 key_pair: RSAKeyPair::from_pem(pem)?,
308 key_id: None,
309 })
310 }
311
312 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
313 self.key_pair.to_der()
314 }
315
316 pub fn to_pem(&self) -> Result<String, Error> {
317 self.key_pair.to_pem()
318 }
319
320 pub fn public_key(&self) -> RS256PublicKey {
321 RS256PublicKey {
322 pk: self.key_pair.public_key(),
323 key_id: self.key_id.clone(),
324 }
325 }
326
327 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
328 Ok(RS256KeyPair {
329 key_pair: RSAKeyPair::generate(modulus_bits)?,
330 key_id: None,
331 })
332 }
333
334 pub fn with_key_id(mut self, key_id: &str) -> Self {
335 self.key_id = Some(key_id.to_string());
336 self
337 }
338}
339
340impl RSAPublicKeyLike for RS256PublicKey {
341 fn jwt_alg_name() -> &'static str {
342 "RS256"
343 }
344
345 fn hash() -> MessageDigest {
346 MessageDigest::sha256()
347 }
348
349 fn padding_scheme(&self) -> Padding {
350 Padding::PKCS1
351 }
352
353 fn public_key(&self) -> &RSAPublicKey {
354 &self.pk
355 }
356
357 fn key_id(&self) -> &Option<String> {
358 &self.key_id
359 }
360
361 fn set_key_id(&mut self, key_id: String) {
362 self.key_id = Some(key_id);
363 }
364}
365
366impl RS256PublicKey {
367 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
368 Ok(RS256PublicKey {
369 pk: RSAPublicKey::from_der(der)?,
370 key_id: None,
371 })
372 }
373
374 pub fn from_pem(pem: &str) -> Result<Self, Error> {
375 Ok(RS256PublicKey {
376 pk: RSAPublicKey::from_pem(pem)?,
377 key_id: None,
378 })
379 }
380
381 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
382 Ok(RS256PublicKey {
383 pk: RSAPublicKey::from_components(n, e)?,
384 key_id: None,
385 })
386 }
387
388 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
389 self.pk.to_der()
390 }
391
392 pub fn to_pem(&self) -> Result<String, Error> {
393 self.pk.to_pem()
394 }
395
396 pub fn to_components(&self) -> RSAPublicKeyComponents {
397 self.pk.to_components()
398 }
399
400 pub fn with_key_id(mut self, key_id: &str) -> Self {
401 self.key_id = Some(key_id.to_string());
402 self
403 }
404
405 pub fn sha1_thumbprint(&self) -> String {
406 Base64UrlSafeNoPadding::encode_to_string(SHA1::hash(&self.pk.to_der().unwrap())).unwrap()
407 }
408
409 pub fn sha256_thumbprint(&self) -> String {
410 Base64UrlSafeNoPadding::encode_to_string(SHA256::hash(&self.pk.to_der().unwrap())).unwrap()
411 }
412}
413
414#[derive(Debug, Clone)]
417pub struct RS512KeyPair {
418 key_pair: RSAKeyPair,
419 key_id: Option<String>,
420}
421
422#[derive(Debug, Clone)]
423pub struct RS512PublicKey {
424 pk: RSAPublicKey,
425 key_id: Option<String>,
426}
427
428impl RSAKeyPairLike for RS512KeyPair {
429 fn jwt_alg_name() -> &'static str {
430 "RS512"
431 }
432
433 fn key_pair(&self) -> &RSAKeyPair {
434 &self.key_pair
435 }
436
437 fn key_id(&self) -> &Option<String> {
438 &self.key_id
439 }
440
441 fn metadata(&self) -> &Option<KeyMetadata> {
442 &self.key_pair.metadata
443 }
444
445 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
446 self.key_pair.metadata = Some(metadata);
447 Ok(())
448 }
449
450 fn hash() -> MessageDigest {
451 MessageDigest::sha512()
452 }
453
454 fn padding_scheme(&self) -> Padding {
455 Padding::PKCS1
456 }
457}
458
459impl RS512KeyPair {
460 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
461 Ok(RS512KeyPair {
462 key_pair: RSAKeyPair::from_der(der)?,
463 key_id: None,
464 })
465 }
466
467 pub fn from_pem(pem: &str) -> Result<Self, Error> {
468 Ok(RS512KeyPair {
469 key_pair: RSAKeyPair::from_pem(pem)?,
470 key_id: None,
471 })
472 }
473
474 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
475 self.key_pair.to_der()
476 }
477
478 pub fn to_pem(&self) -> Result<String, Error> {
479 self.key_pair.to_pem()
480 }
481
482 pub fn public_key(&self) -> RS512PublicKey {
483 RS512PublicKey {
484 pk: self.key_pair.public_key(),
485 key_id: self.key_id.clone(),
486 }
487 }
488
489 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
490 Ok(RS512KeyPair {
491 key_pair: RSAKeyPair::generate(modulus_bits)?,
492 key_id: None,
493 })
494 }
495
496 pub fn with_key_id(mut self, key_id: &str) -> Self {
497 self.key_id = Some(key_id.to_string());
498 self
499 }
500}
501
502impl RSAPublicKeyLike for RS512PublicKey {
503 fn jwt_alg_name() -> &'static str {
504 "RS512"
505 }
506
507 fn hash() -> MessageDigest {
508 MessageDigest::sha512()
509 }
510
511 fn padding_scheme(&self) -> Padding {
512 Padding::PKCS1
513 }
514
515 fn public_key(&self) -> &RSAPublicKey {
516 &self.pk
517 }
518
519 fn key_id(&self) -> &Option<String> {
520 &self.key_id
521 }
522
523 fn set_key_id(&mut self, key_id: String) {
524 self.key_id = Some(key_id);
525 }
526}
527
528impl RS512PublicKey {
529 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
530 Ok(RS512PublicKey {
531 pk: RSAPublicKey::from_der(der)?,
532 key_id: None,
533 })
534 }
535
536 pub fn from_pem(pem: &str) -> Result<Self, Error> {
537 Ok(RS512PublicKey {
538 pk: RSAPublicKey::from_pem(pem)?,
539 key_id: None,
540 })
541 }
542
543 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
544 Ok(RS512PublicKey {
545 pk: RSAPublicKey::from_components(n, e)?,
546 key_id: None,
547 })
548 }
549
550 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
551 self.pk.to_der()
552 }
553
554 pub fn to_pem(&self) -> Result<String, Error> {
555 self.pk.to_pem()
556 }
557
558 pub fn to_components(&self) -> RSAPublicKeyComponents {
559 self.pk.to_components()
560 }
561
562 pub fn with_key_id(mut self, key_id: &str) -> Self {
563 self.key_id = Some(key_id.to_string());
564 self
565 }
566
567 pub fn sha1_thumbprint(&self) -> String {
568 Base64UrlSafeNoPadding::encode_to_string(SHA1::hash(&self.pk.to_der().unwrap())).unwrap()
569 }
570
571 pub fn sha256_thumbprint(&self) -> String {
572 Base64UrlSafeNoPadding::encode_to_string(SHA256::hash(&self.pk.to_der().unwrap())).unwrap()
573 }
574}
575
576#[derive(Debug, Clone)]
579pub struct RS384KeyPair {
580 key_pair: RSAKeyPair,
581 key_id: Option<String>,
582}
583
584#[derive(Debug, Clone)]
585pub struct RS384PublicKey {
586 pk: RSAPublicKey,
587 key_id: Option<String>,
588}
589
590impl RSAKeyPairLike for RS384KeyPair {
591 fn jwt_alg_name() -> &'static str {
592 "RS384"
593 }
594
595 fn key_pair(&self) -> &RSAKeyPair {
596 &self.key_pair
597 }
598
599 fn key_id(&self) -> &Option<String> {
600 &self.key_id
601 }
602
603 fn metadata(&self) -> &Option<KeyMetadata> {
604 &self.key_pair.metadata
605 }
606
607 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
608 self.key_pair.metadata = Some(metadata);
609 Ok(())
610 }
611
612 fn hash() -> MessageDigest {
613 MessageDigest::sha384()
614 }
615
616 fn padding_scheme(&self) -> Padding {
617 Padding::PKCS1
618 }
619}
620
621impl RS384KeyPair {
622 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
623 Ok(RS384KeyPair {
624 key_pair: RSAKeyPair::from_der(der)?,
625 key_id: None,
626 })
627 }
628
629 pub fn from_pem(pem: &str) -> Result<Self, Error> {
630 Ok(RS384KeyPair {
631 key_pair: RSAKeyPair::from_pem(pem)?,
632 key_id: None,
633 })
634 }
635
636 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
637 self.key_pair.to_der()
638 }
639
640 pub fn to_pem(&self) -> Result<String, Error> {
641 self.key_pair.to_pem()
642 }
643
644 pub fn public_key(&self) -> RS384PublicKey {
645 RS384PublicKey {
646 pk: self.key_pair.public_key(),
647 key_id: self.key_id.clone(),
648 }
649 }
650
651 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
652 Ok(RS384KeyPair {
653 key_pair: RSAKeyPair::generate(modulus_bits)?,
654 key_id: None,
655 })
656 }
657
658 pub fn with_key_id(mut self, key_id: &str) -> Self {
659 self.key_id = Some(key_id.to_string());
660 self
661 }
662}
663
664impl RSAPublicKeyLike for RS384PublicKey {
665 fn jwt_alg_name() -> &'static str {
666 "RS384"
667 }
668
669 fn hash() -> MessageDigest {
670 MessageDigest::sha384()
671 }
672
673 fn padding_scheme(&self) -> Padding {
674 Padding::PKCS1
675 }
676
677 fn public_key(&self) -> &RSAPublicKey {
678 &self.pk
679 }
680
681 fn key_id(&self) -> &Option<String> {
682 &self.key_id
683 }
684
685 fn set_key_id(&mut self, key_id: String) {
686 self.key_id = Some(key_id);
687 }
688}
689
690impl RS384PublicKey {
691 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
692 Ok(RS384PublicKey {
693 pk: RSAPublicKey::from_der(der)?,
694 key_id: None,
695 })
696 }
697
698 pub fn from_pem(pem: &str) -> Result<Self, Error> {
699 Ok(RS384PublicKey {
700 pk: RSAPublicKey::from_pem(pem)?,
701 key_id: None,
702 })
703 }
704
705 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
706 Ok(RS384PublicKey {
707 pk: RSAPublicKey::from_components(n, e)?,
708 key_id: None,
709 })
710 }
711
712 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
713 self.pk.to_der()
714 }
715
716 pub fn to_pem(&self) -> Result<String, Error> {
717 self.pk.to_pem()
718 }
719
720 pub fn to_components(&self) -> RSAPublicKeyComponents {
721 self.pk.to_components()
722 }
723
724 pub fn with_key_id(mut self, key_id: &str) -> Self {
725 self.key_id = Some(key_id.to_string());
726 self
727 }
728
729 pub fn sha1_thumbprint(&self) -> String {
730 Base64UrlSafeNoPadding::encode_to_string(SHA1::hash(&self.pk.to_der().unwrap())).unwrap()
731 }
732
733 pub fn sha256_thumbprint(&self) -> String {
734 Base64UrlSafeNoPadding::encode_to_string(SHA256::hash(&self.pk.to_der().unwrap())).unwrap()
735 }
736}
737
738#[derive(Debug, Clone)]
741pub struct PS256KeyPair {
742 key_pair: RSAKeyPair,
743 key_id: Option<String>,
744}
745
746#[derive(Debug, Clone)]
747pub struct PS256PublicKey {
748 pk: RSAPublicKey,
749 key_id: Option<String>,
750}
751
752impl RSAKeyPairLike for PS256KeyPair {
753 fn jwt_alg_name() -> &'static str {
754 "PS256"
755 }
756
757 fn key_pair(&self) -> &RSAKeyPair {
758 &self.key_pair
759 }
760
761 fn key_id(&self) -> &Option<String> {
762 &self.key_id
763 }
764
765 fn metadata(&self) -> &Option<KeyMetadata> {
766 &self.key_pair.metadata
767 }
768
769 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
770 self.key_pair.metadata = Some(metadata);
771 Ok(())
772 }
773
774 fn hash() -> MessageDigest {
775 MessageDigest::sha256()
776 }
777
778 fn padding_scheme(&self) -> Padding {
779 Padding::PKCS1_PSS
780 }
781}
782
783impl PS256KeyPair {
784 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
785 Ok(PS256KeyPair {
786 key_pair: RSAKeyPair::from_der(der)?,
787 key_id: None,
788 })
789 }
790
791 pub fn from_pem(pem: &str) -> Result<Self, Error> {
792 Ok(PS256KeyPair {
793 key_pair: RSAKeyPair::from_pem(pem)?,
794 key_id: None,
795 })
796 }
797
798 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
799 self.key_pair.to_der()
800 }
801
802 pub fn to_pem(&self) -> Result<String, Error> {
803 self.key_pair.to_pem()
804 }
805
806 pub fn public_key(&self) -> PS256PublicKey {
807 PS256PublicKey {
808 pk: self.key_pair.public_key(),
809 key_id: self.key_id.clone(),
810 }
811 }
812
813 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
814 Ok(PS256KeyPair {
815 key_pair: RSAKeyPair::generate(modulus_bits)?,
816 key_id: None,
817 })
818 }
819
820 pub fn with_key_id(mut self, key_id: &str) -> Self {
821 self.key_id = Some(key_id.to_string());
822 self
823 }
824}
825
826impl RSAPublicKeyLike for PS256PublicKey {
827 fn jwt_alg_name() -> &'static str {
828 "PS256"
829 }
830
831 fn hash() -> MessageDigest {
832 MessageDigest::sha256()
833 }
834
835 fn padding_scheme(&self) -> Padding {
836 Padding::PKCS1_PSS
837 }
838
839 fn public_key(&self) -> &RSAPublicKey {
840 &self.pk
841 }
842
843 fn key_id(&self) -> &Option<String> {
844 &self.key_id
845 }
846
847 fn set_key_id(&mut self, key_id: String) {
848 self.key_id = Some(key_id);
849 }
850}
851
852impl PS256PublicKey {
853 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
854 Ok(PS256PublicKey {
855 pk: RSAPublicKey::from_der(der)?,
856 key_id: None,
857 })
858 }
859
860 pub fn from_pem(pem: &str) -> Result<Self, Error> {
861 Ok(PS256PublicKey {
862 pk: RSAPublicKey::from_pem(pem)?,
863 key_id: None,
864 })
865 }
866
867 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
868 Ok(PS256PublicKey {
869 pk: RSAPublicKey::from_components(n, e)?,
870 key_id: None,
871 })
872 }
873
874 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
875 self.pk.to_der()
876 }
877
878 pub fn to_pem(&self) -> Result<String, Error> {
879 self.pk.to_pem()
880 }
881
882 pub fn to_components(&self) -> RSAPublicKeyComponents {
883 self.pk.to_components()
884 }
885
886 pub fn with_key_id(mut self, key_id: &str) -> Self {
887 self.key_id = Some(key_id.to_string());
888 self
889 }
890}
891
892#[derive(Debug, Clone)]
895pub struct PS512KeyPair {
896 key_pair: RSAKeyPair,
897 key_id: Option<String>,
898}
899
900#[derive(Debug, Clone)]
901pub struct PS512PublicKey {
902 pk: RSAPublicKey,
903 key_id: Option<String>,
904}
905
906impl RSAKeyPairLike for PS512KeyPair {
907 fn jwt_alg_name() -> &'static str {
908 "PS512"
909 }
910
911 fn key_pair(&self) -> &RSAKeyPair {
912 &self.key_pair
913 }
914
915 fn key_id(&self) -> &Option<String> {
916 &self.key_id
917 }
918
919 fn metadata(&self) -> &Option<KeyMetadata> {
920 &self.key_pair.metadata
921 }
922
923 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
924 self.key_pair.metadata = Some(metadata);
925 Ok(())
926 }
927
928 fn hash() -> MessageDigest {
929 MessageDigest::sha512()
930 }
931
932 fn padding_scheme(&self) -> Padding {
933 Padding::PKCS1_PSS
934 }
935}
936
937impl PS512KeyPair {
938 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
939 Ok(PS512KeyPair {
940 key_pair: RSAKeyPair::from_der(der)?,
941 key_id: None,
942 })
943 }
944
945 pub fn from_pem(pem: &str) -> Result<Self, Error> {
946 Ok(PS512KeyPair {
947 key_pair: RSAKeyPair::from_pem(pem)?,
948 key_id: None,
949 })
950 }
951
952 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
953 self.key_pair.to_der()
954 }
955
956 pub fn to_pem(&self) -> Result<String, Error> {
957 self.key_pair.to_pem()
958 }
959
960 pub fn public_key(&self) -> PS512PublicKey {
961 PS512PublicKey {
962 pk: self.key_pair.public_key(),
963 key_id: self.key_id.clone(),
964 }
965 }
966
967 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
968 Ok(PS512KeyPair {
969 key_pair: RSAKeyPair::generate(modulus_bits)?,
970 key_id: None,
971 })
972 }
973
974 pub fn with_key_id(mut self, key_id: &str) -> Self {
975 self.key_id = Some(key_id.to_string());
976 self
977 }
978}
979
980impl RSAPublicKeyLike for PS512PublicKey {
981 fn jwt_alg_name() -> &'static str {
982 "PS512"
983 }
984
985 fn hash() -> MessageDigest {
986 MessageDigest::sha512()
987 }
988
989 fn padding_scheme(&self) -> Padding {
990 Padding::PKCS1_PSS
991 }
992
993 fn public_key(&self) -> &RSAPublicKey {
994 &self.pk
995 }
996
997 fn key_id(&self) -> &Option<String> {
998 &self.key_id
999 }
1000
1001 fn set_key_id(&mut self, key_id: String) {
1002 self.key_id = Some(key_id);
1003 }
1004}
1005
1006impl PS512PublicKey {
1007 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
1008 Ok(PS512PublicKey {
1009 pk: RSAPublicKey::from_der(der)?,
1010 key_id: None,
1011 })
1012 }
1013
1014 pub fn from_pem(pem: &str) -> Result<Self, Error> {
1015 Ok(PS512PublicKey {
1016 pk: RSAPublicKey::from_pem(pem)?,
1017 key_id: None,
1018 })
1019 }
1020
1021 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
1022 Ok(PS512PublicKey {
1023 pk: RSAPublicKey::from_components(n, e)?,
1024 key_id: None,
1025 })
1026 }
1027
1028 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
1029 self.pk.to_der()
1030 }
1031
1032 pub fn to_pem(&self) -> Result<String, Error> {
1033 self.pk.to_pem()
1034 }
1035
1036 pub fn to_components(&self) -> RSAPublicKeyComponents {
1037 self.pk.to_components()
1038 }
1039
1040 pub fn with_key_id(mut self, key_id: &str) -> Self {
1041 self.key_id = Some(key_id.to_string());
1042 self
1043 }
1044
1045 pub fn sha1_thumbprint(&self) -> String {
1046 Base64UrlSafeNoPadding::encode_to_string(SHA1::hash(&self.pk.to_der().unwrap())).unwrap()
1047 }
1048
1049 pub fn sha256_thumbprint(&self) -> String {
1050 Base64UrlSafeNoPadding::encode_to_string(SHA256::hash(&self.pk.to_der().unwrap())).unwrap()
1051 }
1052}
1053
1054#[derive(Debug, Clone)]
1057pub struct PS384KeyPair {
1058 key_pair: RSAKeyPair,
1059 key_id: Option<String>,
1060}
1061
1062#[derive(Debug, Clone)]
1063pub struct PS384PublicKey {
1064 pk: RSAPublicKey,
1065 key_id: Option<String>,
1066}
1067
1068impl RSAKeyPairLike for PS384KeyPair {
1069 fn jwt_alg_name() -> &'static str {
1070 "PS384"
1071 }
1072
1073 fn key_pair(&self) -> &RSAKeyPair {
1074 &self.key_pair
1075 }
1076
1077 fn key_id(&self) -> &Option<String> {
1078 &self.key_id
1079 }
1080
1081 fn metadata(&self) -> &Option<KeyMetadata> {
1082 &self.key_pair.metadata
1083 }
1084
1085 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
1086 self.key_pair.metadata = Some(metadata);
1087 Ok(())
1088 }
1089
1090 fn hash() -> MessageDigest {
1091 MessageDigest::sha384()
1092 }
1093
1094 fn padding_scheme(&self) -> Padding {
1095 Padding::PKCS1_PSS
1096 }
1097}
1098
1099impl PS384KeyPair {
1100 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
1101 Ok(PS384KeyPair {
1102 key_pair: RSAKeyPair::from_der(der)?,
1103 key_id: None,
1104 })
1105 }
1106
1107 pub fn from_pem(pem: &str) -> Result<Self, Error> {
1108 Ok(PS384KeyPair {
1109 key_pair: RSAKeyPair::from_pem(pem)?,
1110 key_id: None,
1111 })
1112 }
1113
1114 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
1115 self.key_pair.to_der()
1116 }
1117
1118 pub fn to_pem(&self) -> Result<String, Error> {
1119 self.key_pair.to_pem()
1120 }
1121
1122 pub fn public_key(&self) -> PS384PublicKey {
1123 PS384PublicKey {
1124 pk: self.key_pair.public_key(),
1125 key_id: self.key_id.clone(),
1126 }
1127 }
1128
1129 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
1130 Ok(PS384KeyPair {
1131 key_pair: RSAKeyPair::generate(modulus_bits)?,
1132 key_id: None,
1133 })
1134 }
1135
1136 pub fn with_key_id(mut self, key_id: &str) -> Self {
1137 self.key_id = Some(key_id.to_string());
1138 self
1139 }
1140}
1141
1142impl RSAPublicKeyLike for PS384PublicKey {
1143 fn jwt_alg_name() -> &'static str {
1144 "PS384"
1145 }
1146
1147 fn hash() -> MessageDigest {
1148 MessageDigest::sha384()
1149 }
1150
1151 fn padding_scheme(&self) -> Padding {
1152 Padding::PKCS1_PSS
1153 }
1154
1155 fn public_key(&self) -> &RSAPublicKey {
1156 &self.pk
1157 }
1158
1159 fn key_id(&self) -> &Option<String> {
1160 &self.key_id
1161 }
1162
1163 fn set_key_id(&mut self, key_id: String) {
1164 self.key_id = Some(key_id);
1165 }
1166}
1167
1168impl PS384PublicKey {
1169 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
1170 Ok(PS384PublicKey {
1171 pk: RSAPublicKey::from_der(der)?,
1172 key_id: None,
1173 })
1174 }
1175
1176 pub fn from_pem(pem: &str) -> Result<Self, Error> {
1177 Ok(PS384PublicKey {
1178 pk: RSAPublicKey::from_pem(pem)?,
1179 key_id: None,
1180 })
1181 }
1182
1183 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
1184 Ok(PS384PublicKey {
1185 pk: RSAPublicKey::from_components(n, e)?,
1186 key_id: None,
1187 })
1188 }
1189
1190 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
1191 self.pk.to_der()
1192 }
1193
1194 pub fn to_pem(&self) -> Result<String, Error> {
1195 self.pk.to_pem()
1196 }
1197
1198 pub fn to_components(&self) -> RSAPublicKeyComponents {
1199 self.pk.to_components()
1200 }
1201
1202 pub fn with_key_id(mut self, key_id: &str) -> Self {
1203 self.key_id = Some(key_id.to_string());
1204 self
1205 }
1206
1207 pub fn sha1_thumbprint(&self) -> String {
1208 Base64UrlSafeNoPadding::encode_to_string(SHA1::hash(&self.pk.to_der().unwrap())).unwrap()
1209 }
1210
1211 pub fn sha256_thumbprint(&self) -> String {
1212 Base64UrlSafeNoPadding::encode_to_string(SHA256::hash(&self.pk.to_der().unwrap())).unwrap()
1213 }
1214}