1#[cfg(any(feature = "pure-rust", target_arch = "wasm32", target_arch = "wasm64"))]
2use superboring as boring;
3
4use boring::bn::BigNum;
5use boring::hash::MessageDigest;
6use boring::pkey::{PKey, Private, Public};
7use boring::rsa::{Padding, Rsa};
8use boring::sign::{Signer, Verifier};
9use ct_codecs::{Base64UrlSafeNoPadding, Encoder};
10use hmac_sha1_compact::Hash as SHA1;
11use hmac_sha256::Hash as SHA256;
12use serde::{de::DeserializeOwned, Serialize};
13
14use crate::claims::*;
15use crate::common::*;
16#[cfg(feature = "cwt")]
17use crate::cwt_token::*;
18use crate::error::*;
19use crate::jwt_header::*;
20use crate::token::*;
21
22#[doc(hidden)]
23#[derive(Debug, Clone)]
24pub struct RSAPublicKey(Rsa<Public>);
25
26impl AsRef<Rsa<Public>> for RSAPublicKey {
27 fn as_ref(&self) -> &Rsa<Public> {
28 &self.0
29 }
30}
31
32pub struct RSAPublicKeyComponents {
33 pub n: Vec<u8>,
34 pub e: Vec<u8>,
35}
36
37impl RSAPublicKey {
38 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
39 let rsa_pk = Rsa::<Public>::public_key_from_der(der)
40 .or_else(|_| Rsa::<Public>::public_key_from_der_pkcs1(der))?;
41 Ok(RSAPublicKey(rsa_pk))
42 }
43
44 pub fn from_pem(pem: &str) -> Result<Self, Error> {
45 let pem = pem.trim();
46 let rsa_pk = Rsa::<Public>::public_key_from_pem(pem.as_bytes())
47 .or_else(|_| Rsa::<Public>::public_key_from_pem_pkcs1(pem.as_bytes()))?;
48 Ok(RSAPublicKey(rsa_pk))
49 }
50
51 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
52 let n = BigNum::from_slice(n)?;
53 let e = BigNum::from_slice(e)?;
54 let rsa_pk = Rsa::<Public>::from_public_components(n, e)?;
55 Ok(RSAPublicKey(rsa_pk))
56 }
57
58 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
59 self.0.public_key_to_der().map_err(Into::into)
60 }
61
62 pub fn to_pem(&self) -> Result<String, Error> {
63 let bytes = self.0.public_key_to_pem()?;
64 let pem = String::from_utf8(bytes)?;
65 Ok(pem)
66 }
67
68 pub fn to_components(&self) -> RSAPublicKeyComponents {
69 let n = self.0.n().to_vec();
70 let e = self.0.e().to_vec();
71 RSAPublicKeyComponents { n, e }
72 }
73}
74
75#[doc(hidden)]
76#[derive(Debug, Clone)]
77pub struct RSAKeyPair {
78 rsa_sk: Rsa<Private>,
79 metadata: Option<KeyMetadata>,
80}
81
82impl AsRef<Rsa<Private>> for RSAKeyPair {
83 fn as_ref(&self) -> &Rsa<Private> {
84 &self.rsa_sk
85 }
86}
87
88impl RSAKeyPair {
89 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
90 let rsa_sk = Rsa::<Private>::private_key_from_der(der)?;
91 if !(rsa_sk.check_key()?) {
92 bail!(JWTError::InvalidKeyPair);
93 }
94 Ok(RSAKeyPair {
95 rsa_sk,
96 metadata: None,
97 })
98 }
99
100 pub fn from_pem(pem: &str) -> Result<Self, Error> {
101 let pem = pem.trim();
102 let rsa_sk = Rsa::<Private>::private_key_from_pem(pem.as_bytes())?;
103 if !(rsa_sk.check_key()?) {
104 bail!(JWTError::InvalidKeyPair);
105 }
106 Ok(RSAKeyPair {
107 rsa_sk,
108 metadata: None,
109 })
110 }
111
112 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
113 self.rsa_sk.private_key_to_der().map_err(Into::into)
114 }
115
116 pub fn to_pem(&self) -> Result<String, Error> {
117 let bytes = self.rsa_sk.private_key_to_pem()?;
118 let pem = String::from_utf8(bytes)?;
119 Ok(pem)
120 }
121
122 pub fn public_key(&self) -> RSAPublicKey {
123 let rsa_pk = Rsa::<Public>::from_public_components(
124 self.rsa_sk
125 .n()
126 .to_owned()
127 .expect("failed to create public key"),
128 self.rsa_sk
129 .e()
130 .to_owned()
131 .expect("failed to create public key"),
132 )
133 .expect("failed to create public key");
134 RSAPublicKey(rsa_pk)
135 }
136
137 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
138 match modulus_bits {
139 2048 | 3072 | 4096 => {}
140 _ => bail!(JWTError::UnsupportedRSAModulus),
141 };
142 let rsa_sk = Rsa::<Private>::generate(modulus_bits as _)?;
143 Ok(RSAKeyPair {
144 rsa_sk,
145 metadata: None,
146 })
147 }
148}
149
150pub trait RSAKeyPairLike {
151 fn jwt_alg_name() -> &'static str;
152 fn key_pair(&self) -> &RSAKeyPair;
153 fn key_id(&self) -> &Option<String>;
154 fn metadata(&self) -> &Option<KeyMetadata>;
155 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error>;
156 fn hash() -> MessageDigest;
157 fn padding_scheme(&self) -> Padding;
158
159 fn sign<CustomClaims: Serialize>(
160 &self,
161 claims: JWTClaims<CustomClaims>,
162 ) -> Result<String, Error> {
163 self.sign_with_options(claims, &Default::default())
164 }
165
166 fn sign_with_options<CustomClaims: Serialize>(
167 &self,
168 claims: JWTClaims<CustomClaims>,
169 opts: &HeaderOptions,
170 ) -> Result<String, Error> {
171 let jwt_header = JWTHeader::new(Self::jwt_alg_name().to_string(), self.key_id().clone())
172 .with_key_metadata(self.metadata())
173 .with_options(opts);
174 Token::build(&jwt_header, claims, |authenticated| {
175 let digest = Self::hash();
176 let pkey = PKey::from_rsa(self.key_pair().as_ref().clone())?;
177 let mut signer = Signer::new(digest, &pkey).unwrap();
178 signer.set_rsa_padding(self.padding_scheme())?;
179 signer.update(authenticated.as_bytes())?;
180 let signature = signer.sign_to_vec()?;
181 Ok(signature)
182 })
183 }
184}
185
186pub trait RSAPublicKeyLike {
187 fn jwt_alg_name() -> &'static str;
188 fn public_key(&self) -> &RSAPublicKey;
189 fn key_id(&self) -> &Option<String>;
190 fn set_key_id(&mut self, key_id: String);
191 fn hash() -> MessageDigest;
192 fn padding_scheme(&self) -> Padding;
193
194 fn verify_token<CustomClaims: DeserializeOwned>(
195 &self,
196 token: &str,
197 options: Option<VerificationOptions>,
198 ) -> Result<JWTClaims<CustomClaims>, Error> {
199 Token::verify(
200 Self::jwt_alg_name(),
201 token,
202 options,
203 |authenticated, signature| {
204 let digest = Self::hash();
205 let pkey = PKey::from_rsa(self.public_key().as_ref().clone())?;
206 let mut verifier = Verifier::new(digest, &pkey)?;
207 verifier.set_rsa_padding(self.padding_scheme())?;
208 verifier.update(authenticated.as_bytes())?;
209 if !(verifier
210 .verify(signature)
211 .map_err(|_| JWTError::InvalidSignature)?)
212 {
213 bail!(JWTError::InvalidSignature);
214 }
215 Ok(())
216 },
217 |_salt: Option<&[u8]>| Ok(()),
218 )
219 }
220
221 #[cfg(feature = "cwt")]
222 fn verify_cwt_token<CustomClaims: DeserializeOwned>(
223 &self,
224 token: &[u8],
225 options: Option<VerificationOptions>,
226 ) -> Result<JWTClaims<NoCustomClaims>, Error> {
227 CWTToken::verify(
228 Self::jwt_alg_name(),
229 token,
230 options,
231 |authenticated, signature| {
232 let digest = Self::hash();
233 let pkey = PKey::from_rsa(self.public_key().as_ref().clone())?;
234 let mut verifier = Verifier::new(digest, &pkey)?;
235 verifier.set_rsa_padding(self.padding_scheme())?;
236 verifier.update(authenticated.as_bytes())?;
237 if !(verifier
238 .verify(signature)
239 .map_err(|_| JWTError::InvalidSignature)?)
240 {
241 bail!(JWTError::InvalidSignature);
242 }
243 Ok(())
244 },
245 )
246 }
247
248 #[cfg(feature = "cwt")]
250 fn decode_cwt_metadata(&self, token: impl AsRef<[u8]>) -> Result<TokenMetadata, Error> {
251 CWTToken::decode_metadata(token)
252 }
253}
254
255#[derive(Debug, Clone)]
256pub struct RS256KeyPair {
257 key_pair: RSAKeyPair,
258 key_id: Option<String>,
259}
260
261#[derive(Debug, Clone)]
262pub struct RS256PublicKey {
263 pk: RSAPublicKey,
264 key_id: Option<String>,
265}
266
267impl RSAKeyPairLike for RS256KeyPair {
268 fn jwt_alg_name() -> &'static str {
269 "RS256"
270 }
271
272 fn key_pair(&self) -> &RSAKeyPair {
273 &self.key_pair
274 }
275
276 fn key_id(&self) -> &Option<String> {
277 &self.key_id
278 }
279
280 fn metadata(&self) -> &Option<KeyMetadata> {
281 &self.key_pair.metadata
282 }
283
284 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
285 self.key_pair.metadata = Some(metadata);
286 Ok(())
287 }
288
289 fn hash() -> MessageDigest {
290 MessageDigest::sha256()
291 }
292
293 fn padding_scheme(&self) -> Padding {
294 Padding::PKCS1
295 }
296}
297
298impl RS256KeyPair {
299 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
300 Ok(RS256KeyPair {
301 key_pair: RSAKeyPair::from_der(der)?,
302 key_id: None,
303 })
304 }
305
306 pub fn from_pem(pem: &str) -> Result<Self, Error> {
307 Ok(RS256KeyPair {
308 key_pair: RSAKeyPair::from_pem(pem)?,
309 key_id: None,
310 })
311 }
312
313 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
314 self.key_pair.to_der()
315 }
316
317 pub fn to_pem(&self) -> Result<String, Error> {
318 self.key_pair.to_pem()
319 }
320
321 pub fn public_key(&self) -> RS256PublicKey {
322 RS256PublicKey {
323 pk: self.key_pair.public_key(),
324 key_id: self.key_id.clone(),
325 }
326 }
327
328 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
329 Ok(RS256KeyPair {
330 key_pair: RSAKeyPair::generate(modulus_bits)?,
331 key_id: None,
332 })
333 }
334
335 pub fn with_key_id(mut self, key_id: &str) -> Self {
336 self.key_id = Some(key_id.to_string());
337 self
338 }
339}
340
341impl RSAPublicKeyLike for RS256PublicKey {
342 fn jwt_alg_name() -> &'static str {
343 "RS256"
344 }
345
346 fn hash() -> MessageDigest {
347 MessageDigest::sha256()
348 }
349
350 fn padding_scheme(&self) -> Padding {
351 Padding::PKCS1
352 }
353
354 fn public_key(&self) -> &RSAPublicKey {
355 &self.pk
356 }
357
358 fn key_id(&self) -> &Option<String> {
359 &self.key_id
360 }
361
362 fn set_key_id(&mut self, key_id: String) {
363 self.key_id = Some(key_id);
364 }
365}
366
367impl RS256PublicKey {
368 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
369 Ok(RS256PublicKey {
370 pk: RSAPublicKey::from_der(der)?,
371 key_id: None,
372 })
373 }
374
375 pub fn from_pem(pem: &str) -> Result<Self, Error> {
376 Ok(RS256PublicKey {
377 pk: RSAPublicKey::from_pem(pem)?,
378 key_id: None,
379 })
380 }
381
382 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
383 Ok(RS256PublicKey {
384 pk: RSAPublicKey::from_components(n, e)?,
385 key_id: None,
386 })
387 }
388
389 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
390 self.pk.to_der()
391 }
392
393 pub fn to_pem(&self) -> Result<String, Error> {
394 self.pk.to_pem()
395 }
396
397 pub fn to_components(&self) -> RSAPublicKeyComponents {
398 self.pk.to_components()
399 }
400
401 pub fn with_key_id(mut self, key_id: &str) -> Self {
402 self.key_id = Some(key_id.to_string());
403 self
404 }
405
406 pub fn sha1_thumbprint(&self) -> String {
407 Base64UrlSafeNoPadding::encode_to_string(SHA1::hash(&self.pk.to_der().unwrap())).unwrap()
408 }
409
410 pub fn sha256_thumbprint(&self) -> String {
411 Base64UrlSafeNoPadding::encode_to_string(SHA256::hash(&self.pk.to_der().unwrap())).unwrap()
412 }
413}
414
415#[derive(Debug, Clone)]
418pub struct RS512KeyPair {
419 key_pair: RSAKeyPair,
420 key_id: Option<String>,
421}
422
423#[derive(Debug, Clone)]
424pub struct RS512PublicKey {
425 pk: RSAPublicKey,
426 key_id: Option<String>,
427}
428
429impl RSAKeyPairLike for RS512KeyPair {
430 fn jwt_alg_name() -> &'static str {
431 "RS512"
432 }
433
434 fn key_pair(&self) -> &RSAKeyPair {
435 &self.key_pair
436 }
437
438 fn key_id(&self) -> &Option<String> {
439 &self.key_id
440 }
441
442 fn metadata(&self) -> &Option<KeyMetadata> {
443 &self.key_pair.metadata
444 }
445
446 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
447 self.key_pair.metadata = Some(metadata);
448 Ok(())
449 }
450
451 fn hash() -> MessageDigest {
452 MessageDigest::sha512()
453 }
454
455 fn padding_scheme(&self) -> Padding {
456 Padding::PKCS1
457 }
458}
459
460impl RS512KeyPair {
461 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
462 Ok(RS512KeyPair {
463 key_pair: RSAKeyPair::from_der(der)?,
464 key_id: None,
465 })
466 }
467
468 pub fn from_pem(pem: &str) -> Result<Self, Error> {
469 Ok(RS512KeyPair {
470 key_pair: RSAKeyPair::from_pem(pem)?,
471 key_id: None,
472 })
473 }
474
475 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
476 self.key_pair.to_der()
477 }
478
479 pub fn to_pem(&self) -> Result<String, Error> {
480 self.key_pair.to_pem()
481 }
482
483 pub fn public_key(&self) -> RS512PublicKey {
484 RS512PublicKey {
485 pk: self.key_pair.public_key(),
486 key_id: self.key_id.clone(),
487 }
488 }
489
490 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
491 Ok(RS512KeyPair {
492 key_pair: RSAKeyPair::generate(modulus_bits)?,
493 key_id: None,
494 })
495 }
496
497 pub fn with_key_id(mut self, key_id: &str) -> Self {
498 self.key_id = Some(key_id.to_string());
499 self
500 }
501}
502
503impl RSAPublicKeyLike for RS512PublicKey {
504 fn jwt_alg_name() -> &'static str {
505 "RS512"
506 }
507
508 fn hash() -> MessageDigest {
509 MessageDigest::sha512()
510 }
511
512 fn padding_scheme(&self) -> Padding {
513 Padding::PKCS1
514 }
515
516 fn public_key(&self) -> &RSAPublicKey {
517 &self.pk
518 }
519
520 fn key_id(&self) -> &Option<String> {
521 &self.key_id
522 }
523
524 fn set_key_id(&mut self, key_id: String) {
525 self.key_id = Some(key_id);
526 }
527}
528
529impl RS512PublicKey {
530 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
531 Ok(RS512PublicKey {
532 pk: RSAPublicKey::from_der(der)?,
533 key_id: None,
534 })
535 }
536
537 pub fn from_pem(pem: &str) -> Result<Self, Error> {
538 Ok(RS512PublicKey {
539 pk: RSAPublicKey::from_pem(pem)?,
540 key_id: None,
541 })
542 }
543
544 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
545 Ok(RS512PublicKey {
546 pk: RSAPublicKey::from_components(n, e)?,
547 key_id: None,
548 })
549 }
550
551 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
552 self.pk.to_der()
553 }
554
555 pub fn to_pem(&self) -> Result<String, Error> {
556 self.pk.to_pem()
557 }
558
559 pub fn to_components(&self) -> RSAPublicKeyComponents {
560 self.pk.to_components()
561 }
562
563 pub fn with_key_id(mut self, key_id: &str) -> Self {
564 self.key_id = Some(key_id.to_string());
565 self
566 }
567
568 pub fn sha1_thumbprint(&self) -> String {
569 Base64UrlSafeNoPadding::encode_to_string(SHA1::hash(&self.pk.to_der().unwrap())).unwrap()
570 }
571
572 pub fn sha256_thumbprint(&self) -> String {
573 Base64UrlSafeNoPadding::encode_to_string(SHA256::hash(&self.pk.to_der().unwrap())).unwrap()
574 }
575}
576
577#[derive(Debug, Clone)]
580pub struct RS384KeyPair {
581 key_pair: RSAKeyPair,
582 key_id: Option<String>,
583}
584
585#[derive(Debug, Clone)]
586pub struct RS384PublicKey {
587 pk: RSAPublicKey,
588 key_id: Option<String>,
589}
590
591impl RSAKeyPairLike for RS384KeyPair {
592 fn jwt_alg_name() -> &'static str {
593 "RS384"
594 }
595
596 fn key_pair(&self) -> &RSAKeyPair {
597 &self.key_pair
598 }
599
600 fn key_id(&self) -> &Option<String> {
601 &self.key_id
602 }
603
604 fn metadata(&self) -> &Option<KeyMetadata> {
605 &self.key_pair.metadata
606 }
607
608 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
609 self.key_pair.metadata = Some(metadata);
610 Ok(())
611 }
612
613 fn hash() -> MessageDigest {
614 MessageDigest::sha384()
615 }
616
617 fn padding_scheme(&self) -> Padding {
618 Padding::PKCS1
619 }
620}
621
622impl RS384KeyPair {
623 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
624 Ok(RS384KeyPair {
625 key_pair: RSAKeyPair::from_der(der)?,
626 key_id: None,
627 })
628 }
629
630 pub fn from_pem(pem: &str) -> Result<Self, Error> {
631 Ok(RS384KeyPair {
632 key_pair: RSAKeyPair::from_pem(pem)?,
633 key_id: None,
634 })
635 }
636
637 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
638 self.key_pair.to_der()
639 }
640
641 pub fn to_pem(&self) -> Result<String, Error> {
642 self.key_pair.to_pem()
643 }
644
645 pub fn public_key(&self) -> RS384PublicKey {
646 RS384PublicKey {
647 pk: self.key_pair.public_key(),
648 key_id: self.key_id.clone(),
649 }
650 }
651
652 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
653 Ok(RS384KeyPair {
654 key_pair: RSAKeyPair::generate(modulus_bits)?,
655 key_id: None,
656 })
657 }
658
659 pub fn with_key_id(mut self, key_id: &str) -> Self {
660 self.key_id = Some(key_id.to_string());
661 self
662 }
663}
664
665impl RSAPublicKeyLike for RS384PublicKey {
666 fn jwt_alg_name() -> &'static str {
667 "RS384"
668 }
669
670 fn hash() -> MessageDigest {
671 MessageDigest::sha384()
672 }
673
674 fn padding_scheme(&self) -> Padding {
675 Padding::PKCS1
676 }
677
678 fn public_key(&self) -> &RSAPublicKey {
679 &self.pk
680 }
681
682 fn key_id(&self) -> &Option<String> {
683 &self.key_id
684 }
685
686 fn set_key_id(&mut self, key_id: String) {
687 self.key_id = Some(key_id);
688 }
689}
690
691impl RS384PublicKey {
692 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
693 Ok(RS384PublicKey {
694 pk: RSAPublicKey::from_der(der)?,
695 key_id: None,
696 })
697 }
698
699 pub fn from_pem(pem: &str) -> Result<Self, Error> {
700 Ok(RS384PublicKey {
701 pk: RSAPublicKey::from_pem(pem)?,
702 key_id: None,
703 })
704 }
705
706 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
707 Ok(RS384PublicKey {
708 pk: RSAPublicKey::from_components(n, e)?,
709 key_id: None,
710 })
711 }
712
713 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
714 self.pk.to_der()
715 }
716
717 pub fn to_pem(&self) -> Result<String, Error> {
718 self.pk.to_pem()
719 }
720
721 pub fn to_components(&self) -> RSAPublicKeyComponents {
722 self.pk.to_components()
723 }
724
725 pub fn with_key_id(mut self, key_id: &str) -> Self {
726 self.key_id = Some(key_id.to_string());
727 self
728 }
729
730 pub fn sha1_thumbprint(&self) -> String {
731 Base64UrlSafeNoPadding::encode_to_string(SHA1::hash(&self.pk.to_der().unwrap())).unwrap()
732 }
733
734 pub fn sha256_thumbprint(&self) -> String {
735 Base64UrlSafeNoPadding::encode_to_string(SHA256::hash(&self.pk.to_der().unwrap())).unwrap()
736 }
737}
738
739#[derive(Debug, Clone)]
742pub struct PS256KeyPair {
743 key_pair: RSAKeyPair,
744 key_id: Option<String>,
745}
746
747#[derive(Debug, Clone)]
748pub struct PS256PublicKey {
749 pk: RSAPublicKey,
750 key_id: Option<String>,
751}
752
753impl RSAKeyPairLike for PS256KeyPair {
754 fn jwt_alg_name() -> &'static str {
755 "PS256"
756 }
757
758 fn key_pair(&self) -> &RSAKeyPair {
759 &self.key_pair
760 }
761
762 fn key_id(&self) -> &Option<String> {
763 &self.key_id
764 }
765
766 fn metadata(&self) -> &Option<KeyMetadata> {
767 &self.key_pair.metadata
768 }
769
770 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
771 self.key_pair.metadata = Some(metadata);
772 Ok(())
773 }
774
775 fn hash() -> MessageDigest {
776 MessageDigest::sha256()
777 }
778
779 fn padding_scheme(&self) -> Padding {
780 Padding::PKCS1_PSS
781 }
782}
783
784impl PS256KeyPair {
785 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
786 Ok(PS256KeyPair {
787 key_pair: RSAKeyPair::from_der(der)?,
788 key_id: None,
789 })
790 }
791
792 pub fn from_pem(pem: &str) -> Result<Self, Error> {
793 Ok(PS256KeyPair {
794 key_pair: RSAKeyPair::from_pem(pem)?,
795 key_id: None,
796 })
797 }
798
799 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
800 self.key_pair.to_der()
801 }
802
803 pub fn to_pem(&self) -> Result<String, Error> {
804 self.key_pair.to_pem()
805 }
806
807 pub fn public_key(&self) -> PS256PublicKey {
808 PS256PublicKey {
809 pk: self.key_pair.public_key(),
810 key_id: self.key_id.clone(),
811 }
812 }
813
814 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
815 Ok(PS256KeyPair {
816 key_pair: RSAKeyPair::generate(modulus_bits)?,
817 key_id: None,
818 })
819 }
820
821 pub fn with_key_id(mut self, key_id: &str) -> Self {
822 self.key_id = Some(key_id.to_string());
823 self
824 }
825}
826
827impl RSAPublicKeyLike for PS256PublicKey {
828 fn jwt_alg_name() -> &'static str {
829 "PS256"
830 }
831
832 fn hash() -> MessageDigest {
833 MessageDigest::sha256()
834 }
835
836 fn padding_scheme(&self) -> Padding {
837 Padding::PKCS1_PSS
838 }
839
840 fn public_key(&self) -> &RSAPublicKey {
841 &self.pk
842 }
843
844 fn key_id(&self) -> &Option<String> {
845 &self.key_id
846 }
847
848 fn set_key_id(&mut self, key_id: String) {
849 self.key_id = Some(key_id);
850 }
851}
852
853impl PS256PublicKey {
854 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
855 Ok(PS256PublicKey {
856 pk: RSAPublicKey::from_der(der)?,
857 key_id: None,
858 })
859 }
860
861 pub fn from_pem(pem: &str) -> Result<Self, Error> {
862 Ok(PS256PublicKey {
863 pk: RSAPublicKey::from_pem(pem)?,
864 key_id: None,
865 })
866 }
867
868 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
869 Ok(PS256PublicKey {
870 pk: RSAPublicKey::from_components(n, e)?,
871 key_id: None,
872 })
873 }
874
875 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
876 self.pk.to_der()
877 }
878
879 pub fn to_pem(&self) -> Result<String, Error> {
880 self.pk.to_pem()
881 }
882
883 pub fn to_components(&self) -> RSAPublicKeyComponents {
884 self.pk.to_components()
885 }
886
887 pub fn with_key_id(mut self, key_id: &str) -> Self {
888 self.key_id = Some(key_id.to_string());
889 self
890 }
891}
892
893#[derive(Debug, Clone)]
896pub struct PS512KeyPair {
897 key_pair: RSAKeyPair,
898 key_id: Option<String>,
899}
900
901#[derive(Debug, Clone)]
902pub struct PS512PublicKey {
903 pk: RSAPublicKey,
904 key_id: Option<String>,
905}
906
907impl RSAKeyPairLike for PS512KeyPair {
908 fn jwt_alg_name() -> &'static str {
909 "PS512"
910 }
911
912 fn key_pair(&self) -> &RSAKeyPair {
913 &self.key_pair
914 }
915
916 fn key_id(&self) -> &Option<String> {
917 &self.key_id
918 }
919
920 fn metadata(&self) -> &Option<KeyMetadata> {
921 &self.key_pair.metadata
922 }
923
924 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
925 self.key_pair.metadata = Some(metadata);
926 Ok(())
927 }
928
929 fn hash() -> MessageDigest {
930 MessageDigest::sha512()
931 }
932
933 fn padding_scheme(&self) -> Padding {
934 Padding::PKCS1_PSS
935 }
936}
937
938impl PS512KeyPair {
939 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
940 Ok(PS512KeyPair {
941 key_pair: RSAKeyPair::from_der(der)?,
942 key_id: None,
943 })
944 }
945
946 pub fn from_pem(pem: &str) -> Result<Self, Error> {
947 Ok(PS512KeyPair {
948 key_pair: RSAKeyPair::from_pem(pem)?,
949 key_id: None,
950 })
951 }
952
953 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
954 self.key_pair.to_der()
955 }
956
957 pub fn to_pem(&self) -> Result<String, Error> {
958 self.key_pair.to_pem()
959 }
960
961 pub fn public_key(&self) -> PS512PublicKey {
962 PS512PublicKey {
963 pk: self.key_pair.public_key(),
964 key_id: self.key_id.clone(),
965 }
966 }
967
968 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
969 Ok(PS512KeyPair {
970 key_pair: RSAKeyPair::generate(modulus_bits)?,
971 key_id: None,
972 })
973 }
974
975 pub fn with_key_id(mut self, key_id: &str) -> Self {
976 self.key_id = Some(key_id.to_string());
977 self
978 }
979}
980
981impl RSAPublicKeyLike for PS512PublicKey {
982 fn jwt_alg_name() -> &'static str {
983 "PS512"
984 }
985
986 fn hash() -> MessageDigest {
987 MessageDigest::sha512()
988 }
989
990 fn padding_scheme(&self) -> Padding {
991 Padding::PKCS1_PSS
992 }
993
994 fn public_key(&self) -> &RSAPublicKey {
995 &self.pk
996 }
997
998 fn key_id(&self) -> &Option<String> {
999 &self.key_id
1000 }
1001
1002 fn set_key_id(&mut self, key_id: String) {
1003 self.key_id = Some(key_id);
1004 }
1005}
1006
1007impl PS512PublicKey {
1008 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
1009 Ok(PS512PublicKey {
1010 pk: RSAPublicKey::from_der(der)?,
1011 key_id: None,
1012 })
1013 }
1014
1015 pub fn from_pem(pem: &str) -> Result<Self, Error> {
1016 Ok(PS512PublicKey {
1017 pk: RSAPublicKey::from_pem(pem)?,
1018 key_id: None,
1019 })
1020 }
1021
1022 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
1023 Ok(PS512PublicKey {
1024 pk: RSAPublicKey::from_components(n, e)?,
1025 key_id: None,
1026 })
1027 }
1028
1029 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
1030 self.pk.to_der()
1031 }
1032
1033 pub fn to_pem(&self) -> Result<String, Error> {
1034 self.pk.to_pem()
1035 }
1036
1037 pub fn to_components(&self) -> RSAPublicKeyComponents {
1038 self.pk.to_components()
1039 }
1040
1041 pub fn with_key_id(mut self, key_id: &str) -> Self {
1042 self.key_id = Some(key_id.to_string());
1043 self
1044 }
1045
1046 pub fn sha1_thumbprint(&self) -> String {
1047 Base64UrlSafeNoPadding::encode_to_string(SHA1::hash(&self.pk.to_der().unwrap())).unwrap()
1048 }
1049
1050 pub fn sha256_thumbprint(&self) -> String {
1051 Base64UrlSafeNoPadding::encode_to_string(SHA256::hash(&self.pk.to_der().unwrap())).unwrap()
1052 }
1053}
1054
1055#[derive(Debug, Clone)]
1058pub struct PS384KeyPair {
1059 key_pair: RSAKeyPair,
1060 key_id: Option<String>,
1061}
1062
1063#[derive(Debug, Clone)]
1064pub struct PS384PublicKey {
1065 pk: RSAPublicKey,
1066 key_id: Option<String>,
1067}
1068
1069impl RSAKeyPairLike for PS384KeyPair {
1070 fn jwt_alg_name() -> &'static str {
1071 "PS384"
1072 }
1073
1074 fn key_pair(&self) -> &RSAKeyPair {
1075 &self.key_pair
1076 }
1077
1078 fn key_id(&self) -> &Option<String> {
1079 &self.key_id
1080 }
1081
1082 fn metadata(&self) -> &Option<KeyMetadata> {
1083 &self.key_pair.metadata
1084 }
1085
1086 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
1087 self.key_pair.metadata = Some(metadata);
1088 Ok(())
1089 }
1090
1091 fn hash() -> MessageDigest {
1092 MessageDigest::sha384()
1093 }
1094
1095 fn padding_scheme(&self) -> Padding {
1096 Padding::PKCS1_PSS
1097 }
1098}
1099
1100impl PS384KeyPair {
1101 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
1102 Ok(PS384KeyPair {
1103 key_pair: RSAKeyPair::from_der(der)?,
1104 key_id: None,
1105 })
1106 }
1107
1108 pub fn from_pem(pem: &str) -> Result<Self, Error> {
1109 Ok(PS384KeyPair {
1110 key_pair: RSAKeyPair::from_pem(pem)?,
1111 key_id: None,
1112 })
1113 }
1114
1115 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
1116 self.key_pair.to_der()
1117 }
1118
1119 pub fn to_pem(&self) -> Result<String, Error> {
1120 self.key_pair.to_pem()
1121 }
1122
1123 pub fn public_key(&self) -> PS384PublicKey {
1124 PS384PublicKey {
1125 pk: self.key_pair.public_key(),
1126 key_id: self.key_id.clone(),
1127 }
1128 }
1129
1130 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
1131 Ok(PS384KeyPair {
1132 key_pair: RSAKeyPair::generate(modulus_bits)?,
1133 key_id: None,
1134 })
1135 }
1136
1137 pub fn with_key_id(mut self, key_id: &str) -> Self {
1138 self.key_id = Some(key_id.to_string());
1139 self
1140 }
1141}
1142
1143impl RSAPublicKeyLike for PS384PublicKey {
1144 fn jwt_alg_name() -> &'static str {
1145 "PS384"
1146 }
1147
1148 fn hash() -> MessageDigest {
1149 MessageDigest::sha384()
1150 }
1151
1152 fn padding_scheme(&self) -> Padding {
1153 Padding::PKCS1_PSS
1154 }
1155
1156 fn public_key(&self) -> &RSAPublicKey {
1157 &self.pk
1158 }
1159
1160 fn key_id(&self) -> &Option<String> {
1161 &self.key_id
1162 }
1163
1164 fn set_key_id(&mut self, key_id: String) {
1165 self.key_id = Some(key_id);
1166 }
1167}
1168
1169impl PS384PublicKey {
1170 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
1171 Ok(PS384PublicKey {
1172 pk: RSAPublicKey::from_der(der)?,
1173 key_id: None,
1174 })
1175 }
1176
1177 pub fn from_pem(pem: &str) -> Result<Self, Error> {
1178 Ok(PS384PublicKey {
1179 pk: RSAPublicKey::from_pem(pem)?,
1180 key_id: None,
1181 })
1182 }
1183
1184 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
1185 Ok(PS384PublicKey {
1186 pk: RSAPublicKey::from_components(n, e)?,
1187 key_id: None,
1188 })
1189 }
1190
1191 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
1192 self.pk.to_der()
1193 }
1194
1195 pub fn to_pem(&self) -> Result<String, Error> {
1196 self.pk.to_pem()
1197 }
1198
1199 pub fn to_components(&self) -> RSAPublicKeyComponents {
1200 self.pk.to_components()
1201 }
1202
1203 pub fn with_key_id(mut self, key_id: &str) -> Self {
1204 self.key_id = Some(key_id.to_string());
1205 self
1206 }
1207
1208 pub fn sha1_thumbprint(&self) -> String {
1209 Base64UrlSafeNoPadding::encode_to_string(SHA1::hash(&self.pk.to_der().unwrap())).unwrap()
1210 }
1211
1212 pub fn sha256_thumbprint(&self) -> String {
1213 Base64UrlSafeNoPadding::encode_to_string(SHA256::hash(&self.pk.to_der().unwrap())).unwrap()
1214 }
1215}