1#[cfg(any(feature = "pure-rust", target_arch = "wasm32", target_arch = "wasm64"))]
2use superboring as boring;
3
4use boring::bn::BigNum;
5use boring::hash::MessageDigest;
6use boring::pkey::{PKey, Private, Public};
7use boring::rsa::{Padding, Rsa};
8use boring::sign::{Signer, Verifier};
9use ct_codecs::{Base64UrlSafeNoPadding, Encoder};
10use hmac_sha1_compact::Hash as SHA1;
11use hmac_sha256::Hash as SHA256;
12use serde::{de::DeserializeOwned, Serialize};
13
14use crate::claims::*;
15use crate::common::*;
16#[cfg(feature = "cwt")]
17use crate::cwt_token::*;
18use crate::error::*;
19use crate::jwt_header::*;
20use crate::token::*;
21
22#[doc(hidden)]
23#[derive(Debug, Clone)]
24pub struct RSAPublicKey(Rsa<Public>);
25
26impl AsRef<Rsa<Public>> for RSAPublicKey {
27 fn as_ref(&self) -> &Rsa<Public> {
28 &self.0
29 }
30}
31
32pub struct RSAPublicKeyComponents {
33 pub n: Vec<u8>,
34 pub e: Vec<u8>,
35}
36
37impl RSAPublicKey {
38 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
39 let rsa_pk = Rsa::<Public>::public_key_from_der(der)
40 .or_else(|_| Rsa::<Public>::public_key_from_der_pkcs1(der))?;
41 Ok(RSAPublicKey(rsa_pk))
42 }
43
44 pub fn from_pem(pem: &str) -> Result<Self, Error> {
45 let pem = pem.trim();
46 let rsa_pk = Rsa::<Public>::public_key_from_pem(pem.as_bytes())
47 .or_else(|_| Rsa::<Public>::public_key_from_pem_pkcs1(pem.as_bytes()))?;
48 Ok(RSAPublicKey(rsa_pk))
49 }
50
51 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
52 let n = BigNum::from_slice(n)?;
53 let e = BigNum::from_slice(e)?;
54 let rsa_pk = Rsa::<Public>::from_public_components(n, e)?;
55 Ok(RSAPublicKey(rsa_pk))
56 }
57
58 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
59 self.0.public_key_to_der().map_err(Into::into)
60 }
61
62 pub fn to_pem(&self) -> Result<String, Error> {
63 Ok(String::from_utf8(self.0.public_key_to_pem()?)?)
64 }
65
66 pub fn to_components(&self) -> RSAPublicKeyComponents {
67 RSAPublicKeyComponents {
68 n: self.0.n().to_vec(),
69 e: self.0.e().to_vec(),
70 }
71 }
72
73 fn thumbprint(&self, hash: impl Fn(&[u8]) -> Vec<u8>) -> String {
74 Base64UrlSafeNoPadding::encode_to_string(hash(&self.to_der().unwrap())).unwrap()
75 }
76}
77
78#[doc(hidden)]
79#[derive(Clone)]
80pub struct RSAKeyPair {
81 rsa_sk: Rsa<Private>,
82 metadata: Option<KeyMetadata>,
83}
84
85impl std::fmt::Debug for RSAKeyPair {
86 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
87 write!(f, "Rsa")
88 }
89}
90
91impl AsRef<Rsa<Private>> for RSAKeyPair {
92 fn as_ref(&self) -> &Rsa<Private> {
93 &self.rsa_sk
94 }
95}
96
97impl RSAKeyPair {
98 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
99 let rsa_sk = Rsa::<Private>::private_key_from_der(der)?;
100 if !(rsa_sk.check_key()?) {
101 bail!(JWTError::InvalidKeyPair);
102 }
103 Ok(RSAKeyPair {
104 rsa_sk,
105 metadata: None,
106 })
107 }
108
109 pub fn from_pem(pem: &str) -> Result<Self, Error> {
110 let pem = pem.trim();
111 let rsa_sk = Rsa::<Private>::private_key_from_pem(pem.as_bytes())?;
112 if !(rsa_sk.check_key()?) {
113 bail!(JWTError::InvalidKeyPair);
114 }
115 Ok(RSAKeyPair {
116 rsa_sk,
117 metadata: None,
118 })
119 }
120
121 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
122 self.rsa_sk.private_key_to_der().map_err(Into::into)
123 }
124
125 pub fn to_pem(&self) -> Result<String, Error> {
126 let bytes = self.rsa_sk.private_key_to_pem()?;
127 let pem = String::from_utf8(bytes)?;
128 Ok(pem)
129 }
130
131 pub fn public_key(&self) -> RSAPublicKey {
132 let rsa_pk = Rsa::<Public>::from_public_components(
133 self.rsa_sk
134 .n()
135 .to_owned()
136 .expect("failed to create public key"),
137 self.rsa_sk
138 .e()
139 .to_owned()
140 .expect("failed to create public key"),
141 )
142 .expect("failed to create public key");
143 RSAPublicKey(rsa_pk)
144 }
145
146 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
147 match modulus_bits {
148 2048 | 3072 | 4096 => {}
149 _ => bail!(JWTError::UnsupportedRSAModulus),
150 };
151 let rsa_sk = Rsa::<Private>::generate(modulus_bits as _)?;
152 Ok(RSAKeyPair {
153 rsa_sk,
154 metadata: None,
155 })
156 }
157}
158
159pub trait RSAKeyPairLike {
160 fn jwt_alg_name() -> &'static str;
161 fn key_pair(&self) -> &RSAKeyPair;
162 fn key_id(&self) -> &Option<String>;
163 fn metadata(&self) -> &Option<KeyMetadata>;
164 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error>;
165 fn hash() -> MessageDigest;
166 fn padding_scheme(&self) -> Padding;
167
168 fn sign<CustomClaims: Serialize>(
169 &self,
170 claims: JWTClaims<CustomClaims>,
171 ) -> Result<String, Error> {
172 self.sign_with_options(claims, &Default::default())
173 }
174
175 fn sign_with_options<CustomClaims: Serialize>(
176 &self,
177 claims: JWTClaims<CustomClaims>,
178 opts: &HeaderOptions,
179 ) -> Result<String, Error> {
180 let jwt_header = JWTHeader::new(Self::jwt_alg_name().to_string(), self.key_id().clone())
181 .with_key_metadata(self.metadata())
182 .with_options(opts);
183 Token::build(&jwt_header, claims, |authenticated| {
184 let digest = Self::hash();
185 let pkey = PKey::from_rsa(self.key_pair().as_ref().clone())?;
186 let mut signer = Signer::new(digest, &pkey).unwrap();
187 signer.set_rsa_padding(self.padding_scheme())?;
188 signer.update(authenticated.as_bytes())?;
189 let signature = signer.sign_to_vec()?;
190 Ok(signature)
191 })
192 }
193}
194
195pub trait RSAPublicKeyLike {
196 fn jwt_alg_name() -> &'static str;
197 fn public_key(&self) -> &RSAPublicKey;
198 fn key_id(&self) -> &Option<String>;
199 fn set_key_id(&mut self, key_id: String);
200 fn hash() -> MessageDigest;
201 fn padding_scheme(&self) -> Padding;
202
203 fn verify_token<CustomClaims: DeserializeOwned>(
204 &self,
205 token: &str,
206 options: Option<VerificationOptions>,
207 ) -> Result<JWTClaims<CustomClaims>, Error> {
208 Token::verify(
209 Self::jwt_alg_name(),
210 token,
211 options,
212 |authenticated, signature| {
213 let digest = Self::hash();
214 let pkey = PKey::from_rsa(self.public_key().as_ref().clone())?;
215 let mut verifier = Verifier::new(digest, &pkey)?;
216 verifier.set_rsa_padding(self.padding_scheme())?;
217 verifier.update(authenticated.as_bytes())?;
218 if !(verifier
219 .verify(signature)
220 .map_err(|_| JWTError::InvalidSignature)?)
221 {
222 bail!(JWTError::InvalidSignature);
223 }
224 Ok(())
225 },
226 |_salt: Option<&[u8]>| Ok(()),
227 )
228 }
229
230 #[cfg(feature = "cwt")]
231 fn verify_cwt_token<CustomClaims: DeserializeOwned>(
232 &self,
233 token: &[u8],
234 options: Option<VerificationOptions>,
235 ) -> Result<JWTClaims<NoCustomClaims>, Error> {
236 CWTToken::verify(
237 Self::jwt_alg_name(),
238 token,
239 options,
240 |authenticated, signature| {
241 let digest = Self::hash();
242 let pkey = PKey::from_rsa(self.public_key().as_ref().clone())?;
243 let mut verifier = Verifier::new(digest, &pkey)?;
244 verifier.set_rsa_padding(self.padding_scheme())?;
245 verifier.update(authenticated.as_bytes())?;
246 if !(verifier
247 .verify(signature)
248 .map_err(|_| JWTError::InvalidSignature)?)
249 {
250 bail!(JWTError::InvalidSignature);
251 }
252 Ok(())
253 },
254 )
255 }
256
257 #[cfg(feature = "cwt")]
259 fn decode_cwt_metadata(&self, token: impl AsRef<[u8]>) -> Result<TokenMetadata, Error> {
260 CWTToken::decode_metadata(token)
261 }
262}
263
264#[derive(Clone)]
265pub struct RS256KeyPair {
266 key_pair: RSAKeyPair,
267 key_id: Option<String>,
268}
269
270impl std::fmt::Debug for RS256KeyPair {
271 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
272 write!(f, "Rsa")
273 }
274}
275
276#[derive(Debug, Clone)]
277pub struct RS256PublicKey {
278 pk: RSAPublicKey,
279 key_id: Option<String>,
280}
281
282impl RSAKeyPairLike for RS256KeyPair {
283 fn jwt_alg_name() -> &'static str {
284 "RS256"
285 }
286
287 fn key_pair(&self) -> &RSAKeyPair {
288 &self.key_pair
289 }
290
291 fn key_id(&self) -> &Option<String> {
292 &self.key_id
293 }
294
295 fn metadata(&self) -> &Option<KeyMetadata> {
296 &self.key_pair.metadata
297 }
298
299 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
300 self.key_pair.metadata = Some(metadata);
301 Ok(())
302 }
303
304 fn hash() -> MessageDigest {
305 MessageDigest::sha256()
306 }
307
308 fn padding_scheme(&self) -> Padding {
309 Padding::PKCS1
310 }
311}
312
313impl RS256KeyPair {
314 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
315 Ok(RS256KeyPair {
316 key_pair: RSAKeyPair::from_der(der)?,
317 key_id: None,
318 })
319 }
320
321 pub fn from_pem(pem: &str) -> Result<Self, Error> {
322 Ok(RS256KeyPair {
323 key_pair: RSAKeyPair::from_pem(pem)?,
324 key_id: None,
325 })
326 }
327
328 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
329 self.key_pair.to_der()
330 }
331
332 pub fn to_pem(&self) -> Result<String, Error> {
333 self.key_pair.to_pem()
334 }
335
336 pub fn public_key(&self) -> RS256PublicKey {
337 RS256PublicKey {
338 pk: self.key_pair.public_key(),
339 key_id: self.key_id.clone(),
340 }
341 }
342
343 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
344 Ok(RS256KeyPair {
345 key_pair: RSAKeyPair::generate(modulus_bits)?,
346 key_id: None,
347 })
348 }
349
350 pub fn with_key_id(mut self, key_id: &str) -> Self {
351 self.key_id = Some(key_id.to_string());
352 self
353 }
354}
355
356impl RSAPublicKeyLike for RS256PublicKey {
357 fn jwt_alg_name() -> &'static str {
358 "RS256"
359 }
360
361 fn hash() -> MessageDigest {
362 MessageDigest::sha256()
363 }
364
365 fn padding_scheme(&self) -> Padding {
366 Padding::PKCS1
367 }
368
369 fn public_key(&self) -> &RSAPublicKey {
370 &self.pk
371 }
372
373 fn key_id(&self) -> &Option<String> {
374 &self.key_id
375 }
376
377 fn set_key_id(&mut self, key_id: String) {
378 self.key_id = Some(key_id);
379 }
380}
381
382impl RS256PublicKey {
383 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
384 Ok(RS256PublicKey {
385 pk: RSAPublicKey::from_der(der)?,
386 key_id: None,
387 })
388 }
389
390 pub fn from_pem(pem: &str) -> Result<Self, Error> {
391 Ok(RS256PublicKey {
392 pk: RSAPublicKey::from_pem(pem)?,
393 key_id: None,
394 })
395 }
396
397 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
398 Ok(RS256PublicKey {
399 pk: RSAPublicKey::from_components(n, e)?,
400 key_id: None,
401 })
402 }
403
404 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
405 self.pk.to_der()
406 }
407
408 pub fn to_pem(&self) -> Result<String, Error> {
409 self.pk.to_pem()
410 }
411
412 pub fn to_components(&self) -> RSAPublicKeyComponents {
413 self.pk.to_components()
414 }
415
416 pub fn with_key_id(mut self, key_id: &str) -> Self {
417 self.key_id = Some(key_id.to_string());
418 self
419 }
420
421 pub fn sha1_thumbprint(&self) -> String {
422 self.pk.thumbprint(|data| SHA1::hash(data).to_vec())
423 }
424
425 pub fn sha256_thumbprint(&self) -> String {
426 self.pk.thumbprint(|data| SHA256::hash(data).to_vec())
427 }
428}
429
430#[derive(Clone)]
433pub struct RS512KeyPair {
434 key_pair: RSAKeyPair,
435 key_id: Option<String>,
436}
437
438impl std::fmt::Debug for RS512KeyPair {
439 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
440 write!(f, "Rsa")
441 }
442}
443
444#[derive(Debug, Clone)]
445pub struct RS512PublicKey {
446 pk: RSAPublicKey,
447 key_id: Option<String>,
448}
449
450impl RSAKeyPairLike for RS512KeyPair {
451 fn jwt_alg_name() -> &'static str {
452 "RS512"
453 }
454
455 fn key_pair(&self) -> &RSAKeyPair {
456 &self.key_pair
457 }
458
459 fn key_id(&self) -> &Option<String> {
460 &self.key_id
461 }
462
463 fn metadata(&self) -> &Option<KeyMetadata> {
464 &self.key_pair.metadata
465 }
466
467 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
468 self.key_pair.metadata = Some(metadata);
469 Ok(())
470 }
471
472 fn hash() -> MessageDigest {
473 MessageDigest::sha512()
474 }
475
476 fn padding_scheme(&self) -> Padding {
477 Padding::PKCS1
478 }
479}
480
481impl RS512KeyPair {
482 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
483 Ok(RS512KeyPair {
484 key_pair: RSAKeyPair::from_der(der)?,
485 key_id: None,
486 })
487 }
488
489 pub fn from_pem(pem: &str) -> Result<Self, Error> {
490 Ok(RS512KeyPair {
491 key_pair: RSAKeyPair::from_pem(pem)?,
492 key_id: None,
493 })
494 }
495
496 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
497 self.key_pair.to_der()
498 }
499
500 pub fn to_pem(&self) -> Result<String, Error> {
501 self.key_pair.to_pem()
502 }
503
504 pub fn public_key(&self) -> RS512PublicKey {
505 RS512PublicKey {
506 pk: self.key_pair.public_key(),
507 key_id: self.key_id.clone(),
508 }
509 }
510
511 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
512 Ok(RS512KeyPair {
513 key_pair: RSAKeyPair::generate(modulus_bits)?,
514 key_id: None,
515 })
516 }
517
518 pub fn with_key_id(mut self, key_id: &str) -> Self {
519 self.key_id = Some(key_id.to_string());
520 self
521 }
522}
523
524impl RSAPublicKeyLike for RS512PublicKey {
525 fn jwt_alg_name() -> &'static str {
526 "RS512"
527 }
528
529 fn hash() -> MessageDigest {
530 MessageDigest::sha512()
531 }
532
533 fn padding_scheme(&self) -> Padding {
534 Padding::PKCS1
535 }
536
537 fn public_key(&self) -> &RSAPublicKey {
538 &self.pk
539 }
540
541 fn key_id(&self) -> &Option<String> {
542 &self.key_id
543 }
544
545 fn set_key_id(&mut self, key_id: String) {
546 self.key_id = Some(key_id);
547 }
548}
549
550impl RS512PublicKey {
551 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
552 Ok(RS512PublicKey {
553 pk: RSAPublicKey::from_der(der)?,
554 key_id: None,
555 })
556 }
557
558 pub fn from_pem(pem: &str) -> Result<Self, Error> {
559 Ok(RS512PublicKey {
560 pk: RSAPublicKey::from_pem(pem)?,
561 key_id: None,
562 })
563 }
564
565 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
566 Ok(RS512PublicKey {
567 pk: RSAPublicKey::from_components(n, e)?,
568 key_id: None,
569 })
570 }
571
572 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
573 self.pk.to_der()
574 }
575
576 pub fn to_pem(&self) -> Result<String, Error> {
577 self.pk.to_pem()
578 }
579
580 pub fn to_components(&self) -> RSAPublicKeyComponents {
581 self.pk.to_components()
582 }
583
584 pub fn with_key_id(mut self, key_id: &str) -> Self {
585 self.key_id = Some(key_id.to_string());
586 self
587 }
588
589 pub fn sha1_thumbprint(&self) -> String {
590 self.pk.thumbprint(|data| SHA1::hash(data).to_vec())
591 }
592
593 pub fn sha256_thumbprint(&self) -> String {
594 self.pk.thumbprint(|data| SHA256::hash(data).to_vec())
595 }
596}
597
598#[derive(Clone)]
601pub struct RS384KeyPair {
602 key_pair: RSAKeyPair,
603 key_id: Option<String>,
604}
605
606impl std::fmt::Debug for RS384KeyPair {
607 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
608 write!(f, "Rsa")
609 }
610}
611
612#[derive(Debug, Clone)]
613pub struct RS384PublicKey {
614 pk: RSAPublicKey,
615 key_id: Option<String>,
616}
617
618impl RSAKeyPairLike for RS384KeyPair {
619 fn jwt_alg_name() -> &'static str {
620 "RS384"
621 }
622
623 fn key_pair(&self) -> &RSAKeyPair {
624 &self.key_pair
625 }
626
627 fn key_id(&self) -> &Option<String> {
628 &self.key_id
629 }
630
631 fn metadata(&self) -> &Option<KeyMetadata> {
632 &self.key_pair.metadata
633 }
634
635 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
636 self.key_pair.metadata = Some(metadata);
637 Ok(())
638 }
639
640 fn hash() -> MessageDigest {
641 MessageDigest::sha384()
642 }
643
644 fn padding_scheme(&self) -> Padding {
645 Padding::PKCS1
646 }
647}
648
649impl RS384KeyPair {
650 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
651 Ok(RS384KeyPair {
652 key_pair: RSAKeyPair::from_der(der)?,
653 key_id: None,
654 })
655 }
656
657 pub fn from_pem(pem: &str) -> Result<Self, Error> {
658 Ok(RS384KeyPair {
659 key_pair: RSAKeyPair::from_pem(pem)?,
660 key_id: None,
661 })
662 }
663
664 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
665 self.key_pair.to_der()
666 }
667
668 pub fn to_pem(&self) -> Result<String, Error> {
669 self.key_pair.to_pem()
670 }
671
672 pub fn public_key(&self) -> RS384PublicKey {
673 RS384PublicKey {
674 pk: self.key_pair.public_key(),
675 key_id: self.key_id.clone(),
676 }
677 }
678
679 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
680 Ok(RS384KeyPair {
681 key_pair: RSAKeyPair::generate(modulus_bits)?,
682 key_id: None,
683 })
684 }
685
686 pub fn with_key_id(mut self, key_id: &str) -> Self {
687 self.key_id = Some(key_id.to_string());
688 self
689 }
690}
691
692impl RSAPublicKeyLike for RS384PublicKey {
693 fn jwt_alg_name() -> &'static str {
694 "RS384"
695 }
696
697 fn hash() -> MessageDigest {
698 MessageDigest::sha384()
699 }
700
701 fn padding_scheme(&self) -> Padding {
702 Padding::PKCS1
703 }
704
705 fn public_key(&self) -> &RSAPublicKey {
706 &self.pk
707 }
708
709 fn key_id(&self) -> &Option<String> {
710 &self.key_id
711 }
712
713 fn set_key_id(&mut self, key_id: String) {
714 self.key_id = Some(key_id);
715 }
716}
717
718impl RS384PublicKey {
719 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
720 Ok(RS384PublicKey {
721 pk: RSAPublicKey::from_der(der)?,
722 key_id: None,
723 })
724 }
725
726 pub fn from_pem(pem: &str) -> Result<Self, Error> {
727 Ok(RS384PublicKey {
728 pk: RSAPublicKey::from_pem(pem)?,
729 key_id: None,
730 })
731 }
732
733 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
734 Ok(RS384PublicKey {
735 pk: RSAPublicKey::from_components(n, e)?,
736 key_id: None,
737 })
738 }
739
740 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
741 self.pk.to_der()
742 }
743
744 pub fn to_pem(&self) -> Result<String, Error> {
745 self.pk.to_pem()
746 }
747
748 pub fn to_components(&self) -> RSAPublicKeyComponents {
749 self.pk.to_components()
750 }
751
752 pub fn with_key_id(mut self, key_id: &str) -> Self {
753 self.key_id = Some(key_id.to_string());
754 self
755 }
756
757 pub fn sha1_thumbprint(&self) -> String {
758 self.pk.thumbprint(|data| SHA1::hash(data).to_vec())
759 }
760
761 pub fn sha256_thumbprint(&self) -> String {
762 self.pk.thumbprint(|data| SHA256::hash(data).to_vec())
763 }
764}
765
766#[derive(Clone)]
769pub struct PS256KeyPair {
770 key_pair: RSAKeyPair,
771 key_id: Option<String>,
772}
773
774impl std::fmt::Debug for PS256KeyPair {
775 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
776 write!(f, "Rsa")
777 }
778}
779
780#[derive(Debug, Clone)]
781pub struct PS256PublicKey {
782 pk: RSAPublicKey,
783 key_id: Option<String>,
784}
785
786impl RSAKeyPairLike for PS256KeyPair {
787 fn jwt_alg_name() -> &'static str {
788 "PS256"
789 }
790
791 fn key_pair(&self) -> &RSAKeyPair {
792 &self.key_pair
793 }
794
795 fn key_id(&self) -> &Option<String> {
796 &self.key_id
797 }
798
799 fn metadata(&self) -> &Option<KeyMetadata> {
800 &self.key_pair.metadata
801 }
802
803 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
804 self.key_pair.metadata = Some(metadata);
805 Ok(())
806 }
807
808 fn hash() -> MessageDigest {
809 MessageDigest::sha256()
810 }
811
812 fn padding_scheme(&self) -> Padding {
813 Padding::PKCS1_PSS
814 }
815}
816
817impl PS256KeyPair {
818 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
819 Ok(PS256KeyPair {
820 key_pair: RSAKeyPair::from_der(der)?,
821 key_id: None,
822 })
823 }
824
825 pub fn from_pem(pem: &str) -> Result<Self, Error> {
826 Ok(PS256KeyPair {
827 key_pair: RSAKeyPair::from_pem(pem)?,
828 key_id: None,
829 })
830 }
831
832 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
833 self.key_pair.to_der()
834 }
835
836 pub fn to_pem(&self) -> Result<String, Error> {
837 self.key_pair.to_pem()
838 }
839
840 pub fn public_key(&self) -> PS256PublicKey {
841 PS256PublicKey {
842 pk: self.key_pair.public_key(),
843 key_id: self.key_id.clone(),
844 }
845 }
846
847 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
848 Ok(PS256KeyPair {
849 key_pair: RSAKeyPair::generate(modulus_bits)?,
850 key_id: None,
851 })
852 }
853
854 pub fn with_key_id(mut self, key_id: &str) -> Self {
855 self.key_id = Some(key_id.to_string());
856 self
857 }
858}
859
860impl RSAPublicKeyLike for PS256PublicKey {
861 fn jwt_alg_name() -> &'static str {
862 "PS256"
863 }
864
865 fn hash() -> MessageDigest {
866 MessageDigest::sha256()
867 }
868
869 fn padding_scheme(&self) -> Padding {
870 Padding::PKCS1_PSS
871 }
872
873 fn public_key(&self) -> &RSAPublicKey {
874 &self.pk
875 }
876
877 fn key_id(&self) -> &Option<String> {
878 &self.key_id
879 }
880
881 fn set_key_id(&mut self, key_id: String) {
882 self.key_id = Some(key_id);
883 }
884}
885
886impl PS256PublicKey {
887 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
888 Ok(PS256PublicKey {
889 pk: RSAPublicKey::from_der(der)?,
890 key_id: None,
891 })
892 }
893
894 pub fn from_pem(pem: &str) -> Result<Self, Error> {
895 Ok(PS256PublicKey {
896 pk: RSAPublicKey::from_pem(pem)?,
897 key_id: None,
898 })
899 }
900
901 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
902 Ok(PS256PublicKey {
903 pk: RSAPublicKey::from_components(n, e)?,
904 key_id: None,
905 })
906 }
907
908 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
909 self.pk.to_der()
910 }
911
912 pub fn to_pem(&self) -> Result<String, Error> {
913 self.pk.to_pem()
914 }
915
916 pub fn to_components(&self) -> RSAPublicKeyComponents {
917 self.pk.to_components()
918 }
919
920 pub fn with_key_id(mut self, key_id: &str) -> Self {
921 self.key_id = Some(key_id.to_string());
922 self
923 }
924}
925
926#[derive(Clone)]
929pub struct PS512KeyPair {
930 key_pair: RSAKeyPair,
931 key_id: Option<String>,
932}
933
934impl std::fmt::Debug for PS512KeyPair {
935 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
936 write!(f, "Rsa")
937 }
938}
939
940#[derive(Debug, Clone)]
941pub struct PS512PublicKey {
942 pk: RSAPublicKey,
943 key_id: Option<String>,
944}
945
946impl RSAKeyPairLike for PS512KeyPair {
947 fn jwt_alg_name() -> &'static str {
948 "PS512"
949 }
950
951 fn key_pair(&self) -> &RSAKeyPair {
952 &self.key_pair
953 }
954
955 fn key_id(&self) -> &Option<String> {
956 &self.key_id
957 }
958
959 fn metadata(&self) -> &Option<KeyMetadata> {
960 &self.key_pair.metadata
961 }
962
963 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
964 self.key_pair.metadata = Some(metadata);
965 Ok(())
966 }
967
968 fn hash() -> MessageDigest {
969 MessageDigest::sha512()
970 }
971
972 fn padding_scheme(&self) -> Padding {
973 Padding::PKCS1_PSS
974 }
975}
976
977impl PS512KeyPair {
978 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
979 Ok(PS512KeyPair {
980 key_pair: RSAKeyPair::from_der(der)?,
981 key_id: None,
982 })
983 }
984
985 pub fn from_pem(pem: &str) -> Result<Self, Error> {
986 Ok(PS512KeyPair {
987 key_pair: RSAKeyPair::from_pem(pem)?,
988 key_id: None,
989 })
990 }
991
992 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
993 self.key_pair.to_der()
994 }
995
996 pub fn to_pem(&self) -> Result<String, Error> {
997 self.key_pair.to_pem()
998 }
999
1000 pub fn public_key(&self) -> PS512PublicKey {
1001 PS512PublicKey {
1002 pk: self.key_pair.public_key(),
1003 key_id: self.key_id.clone(),
1004 }
1005 }
1006
1007 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
1008 Ok(PS512KeyPair {
1009 key_pair: RSAKeyPair::generate(modulus_bits)?,
1010 key_id: None,
1011 })
1012 }
1013
1014 pub fn with_key_id(mut self, key_id: &str) -> Self {
1015 self.key_id = Some(key_id.to_string());
1016 self
1017 }
1018}
1019
1020impl RSAPublicKeyLike for PS512PublicKey {
1021 fn jwt_alg_name() -> &'static str {
1022 "PS512"
1023 }
1024
1025 fn hash() -> MessageDigest {
1026 MessageDigest::sha512()
1027 }
1028
1029 fn padding_scheme(&self) -> Padding {
1030 Padding::PKCS1_PSS
1031 }
1032
1033 fn public_key(&self) -> &RSAPublicKey {
1034 &self.pk
1035 }
1036
1037 fn key_id(&self) -> &Option<String> {
1038 &self.key_id
1039 }
1040
1041 fn set_key_id(&mut self, key_id: String) {
1042 self.key_id = Some(key_id);
1043 }
1044}
1045
1046impl PS512PublicKey {
1047 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
1048 Ok(PS512PublicKey {
1049 pk: RSAPublicKey::from_der(der)?,
1050 key_id: None,
1051 })
1052 }
1053
1054 pub fn from_pem(pem: &str) -> Result<Self, Error> {
1055 Ok(PS512PublicKey {
1056 pk: RSAPublicKey::from_pem(pem)?,
1057 key_id: None,
1058 })
1059 }
1060
1061 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
1062 Ok(PS512PublicKey {
1063 pk: RSAPublicKey::from_components(n, e)?,
1064 key_id: None,
1065 })
1066 }
1067
1068 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
1069 self.pk.to_der()
1070 }
1071
1072 pub fn to_pem(&self) -> Result<String, Error> {
1073 self.pk.to_pem()
1074 }
1075
1076 pub fn to_components(&self) -> RSAPublicKeyComponents {
1077 self.pk.to_components()
1078 }
1079
1080 pub fn with_key_id(mut self, key_id: &str) -> Self {
1081 self.key_id = Some(key_id.to_string());
1082 self
1083 }
1084
1085 pub fn sha1_thumbprint(&self) -> String {
1086 self.pk.thumbprint(|data| SHA1::hash(data).to_vec())
1087 }
1088
1089 pub fn sha256_thumbprint(&self) -> String {
1090 self.pk.thumbprint(|data| SHA256::hash(data).to_vec())
1091 }
1092}
1093
1094#[derive(Clone)]
1097pub struct PS384KeyPair {
1098 key_pair: RSAKeyPair,
1099 key_id: Option<String>,
1100}
1101
1102impl std::fmt::Debug for PS384KeyPair {
1103 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
1104 write!(f, "Rsa")
1105 }
1106}
1107
1108#[derive(Debug, Clone)]
1109pub struct PS384PublicKey {
1110 pk: RSAPublicKey,
1111 key_id: Option<String>,
1112}
1113
1114impl RSAKeyPairLike for PS384KeyPair {
1115 fn jwt_alg_name() -> &'static str {
1116 "PS384"
1117 }
1118
1119 fn key_pair(&self) -> &RSAKeyPair {
1120 &self.key_pair
1121 }
1122
1123 fn key_id(&self) -> &Option<String> {
1124 &self.key_id
1125 }
1126
1127 fn metadata(&self) -> &Option<KeyMetadata> {
1128 &self.key_pair.metadata
1129 }
1130
1131 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
1132 self.key_pair.metadata = Some(metadata);
1133 Ok(())
1134 }
1135
1136 fn hash() -> MessageDigest {
1137 MessageDigest::sha384()
1138 }
1139
1140 fn padding_scheme(&self) -> Padding {
1141 Padding::PKCS1_PSS
1142 }
1143}
1144
1145impl PS384KeyPair {
1146 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
1147 Ok(PS384KeyPair {
1148 key_pair: RSAKeyPair::from_der(der)?,
1149 key_id: None,
1150 })
1151 }
1152
1153 pub fn from_pem(pem: &str) -> Result<Self, Error> {
1154 Ok(PS384KeyPair {
1155 key_pair: RSAKeyPair::from_pem(pem)?,
1156 key_id: None,
1157 })
1158 }
1159
1160 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
1161 self.key_pair.to_der()
1162 }
1163
1164 pub fn to_pem(&self) -> Result<String, Error> {
1165 self.key_pair.to_pem()
1166 }
1167
1168 pub fn public_key(&self) -> PS384PublicKey {
1169 PS384PublicKey {
1170 pk: self.key_pair.public_key(),
1171 key_id: self.key_id.clone(),
1172 }
1173 }
1174
1175 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
1176 Ok(PS384KeyPair {
1177 key_pair: RSAKeyPair::generate(modulus_bits)?,
1178 key_id: None,
1179 })
1180 }
1181
1182 pub fn with_key_id(mut self, key_id: &str) -> Self {
1183 self.key_id = Some(key_id.to_string());
1184 self
1185 }
1186}
1187
1188impl RSAPublicKeyLike for PS384PublicKey {
1189 fn jwt_alg_name() -> &'static str {
1190 "PS384"
1191 }
1192
1193 fn hash() -> MessageDigest {
1194 MessageDigest::sha384()
1195 }
1196
1197 fn padding_scheme(&self) -> Padding {
1198 Padding::PKCS1_PSS
1199 }
1200
1201 fn public_key(&self) -> &RSAPublicKey {
1202 &self.pk
1203 }
1204
1205 fn key_id(&self) -> &Option<String> {
1206 &self.key_id
1207 }
1208
1209 fn set_key_id(&mut self, key_id: String) {
1210 self.key_id = Some(key_id);
1211 }
1212}
1213
1214impl PS384PublicKey {
1215 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
1216 Ok(PS384PublicKey {
1217 pk: RSAPublicKey::from_der(der)?,
1218 key_id: None,
1219 })
1220 }
1221
1222 pub fn from_pem(pem: &str) -> Result<Self, Error> {
1223 Ok(PS384PublicKey {
1224 pk: RSAPublicKey::from_pem(pem)?,
1225 key_id: None,
1226 })
1227 }
1228
1229 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
1230 Ok(PS384PublicKey {
1231 pk: RSAPublicKey::from_components(n, e)?,
1232 key_id: None,
1233 })
1234 }
1235
1236 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
1237 self.pk.to_der()
1238 }
1239
1240 pub fn to_pem(&self) -> Result<String, Error> {
1241 self.pk.to_pem()
1242 }
1243
1244 pub fn to_components(&self) -> RSAPublicKeyComponents {
1245 self.pk.to_components()
1246 }
1247
1248 pub fn with_key_id(mut self, key_id: &str) -> Self {
1249 self.key_id = Some(key_id.to_string());
1250 self
1251 }
1252
1253 pub fn sha1_thumbprint(&self) -> String {
1254 self.pk.thumbprint(|data| SHA1::hash(data).to_vec())
1255 }
1256
1257 pub fn sha256_thumbprint(&self) -> String {
1258 self.pk.thumbprint(|data| SHA256::hash(data).to_vec())
1259 }
1260}