1#[cfg(any(feature = "pure-rust", target_arch = "wasm32", target_arch = "wasm64"))]
2use superboring as boring;
3
4use boring::bn::BigNum;
5use boring::hash::MessageDigest;
6use boring::pkey::{PKey, Private, Public};
7use boring::rsa::{Padding, Rsa};
8use boring::sign::{Signer, Verifier};
9use ct_codecs::{Base64UrlSafeNoPadding, Encoder};
10use hmac_sha1_compact::Hash as SHA1;
11use hmac_sha256::Hash as SHA256;
12use serde::{de::DeserializeOwned, Serialize};
13
14use crate::claims::*;
15use crate::common::*;
16#[cfg(feature = "cwt")]
17use crate::cwt_token::*;
18use crate::error::*;
19use crate::jwt_header::*;
20use crate::token::*;
21
22#[doc(hidden)]
23#[derive(Debug, Clone)]
24pub struct RSAPublicKey(Rsa<Public>);
25
26impl AsRef<Rsa<Public>> for RSAPublicKey {
27 fn as_ref(&self) -> &Rsa<Public> {
28 &self.0
29 }
30}
31
32pub struct RSAPublicKeyComponents {
33 pub n: Vec<u8>,
34 pub e: Vec<u8>,
35}
36
37impl RSAPublicKey {
38 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
39 let rsa_pk = Rsa::<Public>::public_key_from_der(der)
40 .or_else(|_| Rsa::<Public>::public_key_from_der_pkcs1(der))?;
41 Ok(RSAPublicKey(rsa_pk))
42 }
43
44 pub fn from_pem(pem: &str) -> Result<Self, Error> {
45 let pem = pem.trim();
46 let rsa_pk = Rsa::<Public>::public_key_from_pem(pem.as_bytes())
47 .or_else(|_| Rsa::<Public>::public_key_from_pem_pkcs1(pem.as_bytes()))?;
48 Ok(RSAPublicKey(rsa_pk))
49 }
50
51 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
52 let n = BigNum::from_slice(n)?;
53 let e = BigNum::from_slice(e)?;
54 let rsa_pk = Rsa::<Public>::from_public_components(n, e)?;
55 Ok(RSAPublicKey(rsa_pk))
56 }
57
58 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
59 self.0.public_key_to_der().map_err(Into::into)
60 }
61
62 pub fn to_pem(&self) -> Result<String, Error> {
63 let bytes = self.0.public_key_to_pem()?;
64 let pem = String::from_utf8(bytes)?;
65 Ok(pem)
66 }
67
68 pub fn to_components(&self) -> RSAPublicKeyComponents {
69 let n = self.0.n().to_vec();
70 let e = self.0.e().to_vec();
71 RSAPublicKeyComponents { n, e }
72 }
73}
74
75#[doc(hidden)]
76#[derive(Debug, Clone)]
77pub struct RSAKeyPair {
78 rsa_sk: Rsa<Private>,
79 metadata: Option<KeyMetadata>,
80}
81
82impl AsRef<Rsa<Private>> for RSAKeyPair {
83 fn as_ref(&self) -> &Rsa<Private> {
84 &self.rsa_sk
85 }
86}
87
88impl RSAKeyPair {
89 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
90 let rsa_sk = Rsa::<Private>::private_key_from_der(der)?;
91 if !(rsa_sk.check_key()?) {
92 bail!(JWTError::InvalidKeyPair);
93 }
94 Ok(RSAKeyPair {
95 rsa_sk,
96 metadata: None,
97 })
98 }
99
100 pub fn from_pem(pem: &str) -> Result<Self, Error> {
101 let pem = pem.trim();
102 let rsa_sk = Rsa::<Private>::private_key_from_pem(pem.as_bytes())?;
103 if !(rsa_sk.check_key()?) {
104 bail!(JWTError::InvalidKeyPair);
105 }
106 Ok(RSAKeyPair {
107 rsa_sk,
108 metadata: None,
109 })
110 }
111
112 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
113 self.rsa_sk.private_key_to_der().map_err(Into::into)
114 }
115
116 pub fn to_pem(&self) -> Result<String, Error> {
117 let bytes = self.rsa_sk.private_key_to_pem()?;
118 let pem = String::from_utf8(bytes)?;
119 Ok(pem)
120 }
121
122 pub fn public_key(&self) -> RSAPublicKey {
123 let rsa_pk = Rsa::<Public>::from_public_components(
124 self.rsa_sk
125 .n()
126 .to_owned()
127 .expect("failed to create public key"),
128 self.rsa_sk
129 .e()
130 .to_owned()
131 .expect("failed to create public key"),
132 )
133 .expect("failed to create public key");
134 RSAPublicKey(rsa_pk)
135 }
136
137 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
138 match modulus_bits {
139 2048 | 3072 | 4096 => {}
140 _ => bail!(JWTError::UnsupportedRSAModulus),
141 };
142 let rsa_sk = Rsa::<Private>::generate(modulus_bits as _)?;
143 Ok(RSAKeyPair {
144 rsa_sk,
145 metadata: None,
146 })
147 }
148}
149
150pub trait RSAKeyPairLike {
151 fn jwt_alg_name() -> &'static str;
152 fn key_pair(&self) -> &RSAKeyPair;
153 fn key_id(&self) -> &Option<String>;
154 fn metadata(&self) -> &Option<KeyMetadata>;
155 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error>;
156 fn hash() -> MessageDigest;
157 fn padding_scheme(&self) -> Padding;
158
159 fn sign<CustomClaims: Serialize + DeserializeOwned>(
160 &self,
161 claims: JWTClaims<CustomClaims>,
162 ) -> Result<String, Error> {
163 let jwt_header = JWTHeader::new(Self::jwt_alg_name().to_string(), self.key_id().clone())
164 .with_key_metadata(self.metadata());
165 Token::build(&jwt_header, claims, |authenticated| {
166 let digest = Self::hash();
167 let pkey = PKey::from_rsa(self.key_pair().as_ref().clone())?;
168 let mut signer = Signer::new(digest, &pkey).unwrap();
169 signer.set_rsa_padding(self.padding_scheme())?;
170 signer.update(authenticated.as_bytes())?;
171 let signature = signer.sign_to_vec()?;
172 Ok(signature)
173 })
174 }
175}
176
177pub trait RSAPublicKeyLike {
178 fn jwt_alg_name() -> &'static str;
179 fn public_key(&self) -> &RSAPublicKey;
180 fn key_id(&self) -> &Option<String>;
181 fn set_key_id(&mut self, key_id: String);
182 fn hash() -> MessageDigest;
183 fn padding_scheme(&self) -> Padding;
184
185 fn verify_token<CustomClaims: Serialize + DeserializeOwned>(
186 &self,
187 token: &str,
188 options: Option<VerificationOptions>,
189 ) -> Result<JWTClaims<CustomClaims>, Error> {
190 Token::verify(
191 Self::jwt_alg_name(),
192 token,
193 options,
194 |authenticated, signature| {
195 let digest = Self::hash();
196 let pkey = PKey::from_rsa(self.public_key().as_ref().clone())?;
197 let mut verifier = Verifier::new(digest, &pkey)?;
198 verifier.set_rsa_padding(self.padding_scheme())?;
199 verifier.update(authenticated.as_bytes())?;
200 if !(verifier
201 .verify(signature)
202 .map_err(|_| JWTError::InvalidSignature)?)
203 {
204 bail!(JWTError::InvalidSignature);
205 }
206 Ok(())
207 },
208 |_salt: Option<&[u8]>| Ok(()),
209 )
210 }
211
212 #[cfg(feature = "cwt")]
213 fn verify_cwt_token<CustomClaims: Serialize + DeserializeOwned>(
214 &self,
215 token: &[u8],
216 options: Option<VerificationOptions>,
217 ) -> Result<JWTClaims<NoCustomClaims>, Error> {
218 CWTToken::verify(
219 Self::jwt_alg_name(),
220 token,
221 options,
222 |authenticated, signature| {
223 let digest = Self::hash();
224 let pkey = PKey::from_rsa(self.public_key().as_ref().clone())?;
225 let mut verifier = Verifier::new(digest, &pkey)?;
226 verifier.update(authenticated.as_bytes())?;
227 if verifier
228 .verify(&signature)
229 .map_err(|_| JWTError::InvalidSignature)?
230 == false
231 {
232 bail!(JWTError::InvalidSignature);
233 }
234 Ok(())
235 },
236 )
237 }
238}
239
240#[derive(Debug, Clone)]
241pub struct RS256KeyPair {
242 key_pair: RSAKeyPair,
243 key_id: Option<String>,
244}
245
246#[derive(Debug, Clone)]
247pub struct RS256PublicKey {
248 pk: RSAPublicKey,
249 key_id: Option<String>,
250}
251
252impl RSAKeyPairLike for RS256KeyPair {
253 fn jwt_alg_name() -> &'static str {
254 "RS256"
255 }
256
257 fn key_pair(&self) -> &RSAKeyPair {
258 &self.key_pair
259 }
260
261 fn key_id(&self) -> &Option<String> {
262 &self.key_id
263 }
264
265 fn metadata(&self) -> &Option<KeyMetadata> {
266 &self.key_pair.metadata
267 }
268
269 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
270 self.key_pair.metadata = Some(metadata);
271 Ok(())
272 }
273
274 fn hash() -> MessageDigest {
275 MessageDigest::sha256()
276 }
277
278 fn padding_scheme(&self) -> Padding {
279 Padding::PKCS1
280 }
281}
282
283impl RS256KeyPair {
284 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
285 Ok(RS256KeyPair {
286 key_pair: RSAKeyPair::from_der(der)?,
287 key_id: None,
288 })
289 }
290
291 pub fn from_pem(pem: &str) -> Result<Self, Error> {
292 Ok(RS256KeyPair {
293 key_pair: RSAKeyPair::from_pem(pem)?,
294 key_id: None,
295 })
296 }
297
298 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
299 self.key_pair.to_der()
300 }
301
302 pub fn to_pem(&self) -> Result<String, Error> {
303 self.key_pair.to_pem()
304 }
305
306 pub fn public_key(&self) -> RS256PublicKey {
307 RS256PublicKey {
308 pk: self.key_pair.public_key(),
309 key_id: self.key_id.clone(),
310 }
311 }
312
313 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
314 Ok(RS256KeyPair {
315 key_pair: RSAKeyPair::generate(modulus_bits)?,
316 key_id: None,
317 })
318 }
319
320 pub fn with_key_id(mut self, key_id: &str) -> Self {
321 self.key_id = Some(key_id.to_string());
322 self
323 }
324}
325
326impl RSAPublicKeyLike for RS256PublicKey {
327 fn jwt_alg_name() -> &'static str {
328 "RS256"
329 }
330
331 fn hash() -> MessageDigest {
332 MessageDigest::sha256()
333 }
334
335 fn padding_scheme(&self) -> Padding {
336 Padding::PKCS1
337 }
338
339 fn public_key(&self) -> &RSAPublicKey {
340 &self.pk
341 }
342
343 fn key_id(&self) -> &Option<String> {
344 &self.key_id
345 }
346
347 fn set_key_id(&mut self, key_id: String) {
348 self.key_id = Some(key_id);
349 }
350}
351
352impl RS256PublicKey {
353 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
354 Ok(RS256PublicKey {
355 pk: RSAPublicKey::from_der(der)?,
356 key_id: None,
357 })
358 }
359
360 pub fn from_pem(pem: &str) -> Result<Self, Error> {
361 Ok(RS256PublicKey {
362 pk: RSAPublicKey::from_pem(pem)?,
363 key_id: None,
364 })
365 }
366
367 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
368 Ok(RS256PublicKey {
369 pk: RSAPublicKey::from_components(n, e)?,
370 key_id: None,
371 })
372 }
373
374 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
375 self.pk.to_der()
376 }
377
378 pub fn to_pem(&self) -> Result<String, Error> {
379 self.pk.to_pem()
380 }
381
382 pub fn to_components(&self) -> RSAPublicKeyComponents {
383 self.pk.to_components()
384 }
385
386 pub fn with_key_id(mut self, key_id: &str) -> Self {
387 self.key_id = Some(key_id.to_string());
388 self
389 }
390
391 pub fn sha1_thumbprint(&self) -> String {
392 Base64UrlSafeNoPadding::encode_to_string(SHA1::hash(&self.pk.to_der().unwrap())).unwrap()
393 }
394
395 pub fn sha256_thumbprint(&self) -> String {
396 Base64UrlSafeNoPadding::encode_to_string(SHA256::hash(&self.pk.to_der().unwrap())).unwrap()
397 }
398}
399
400#[derive(Debug, Clone)]
403pub struct RS512KeyPair {
404 key_pair: RSAKeyPair,
405 key_id: Option<String>,
406}
407
408#[derive(Debug, Clone)]
409pub struct RS512PublicKey {
410 pk: RSAPublicKey,
411 key_id: Option<String>,
412}
413
414impl RSAKeyPairLike for RS512KeyPair {
415 fn jwt_alg_name() -> &'static str {
416 "RS512"
417 }
418
419 fn key_pair(&self) -> &RSAKeyPair {
420 &self.key_pair
421 }
422
423 fn key_id(&self) -> &Option<String> {
424 &self.key_id
425 }
426
427 fn metadata(&self) -> &Option<KeyMetadata> {
428 &self.key_pair.metadata
429 }
430
431 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
432 self.key_pair.metadata = Some(metadata);
433 Ok(())
434 }
435
436 fn hash() -> MessageDigest {
437 MessageDigest::sha512()
438 }
439
440 fn padding_scheme(&self) -> Padding {
441 Padding::PKCS1
442 }
443}
444
445impl RS512KeyPair {
446 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
447 Ok(RS512KeyPair {
448 key_pair: RSAKeyPair::from_der(der)?,
449 key_id: None,
450 })
451 }
452
453 pub fn from_pem(pem: &str) -> Result<Self, Error> {
454 Ok(RS512KeyPair {
455 key_pair: RSAKeyPair::from_pem(pem)?,
456 key_id: None,
457 })
458 }
459
460 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
461 self.key_pair.to_der()
462 }
463
464 pub fn to_pem(&self) -> Result<String, Error> {
465 self.key_pair.to_pem()
466 }
467
468 pub fn public_key(&self) -> RS512PublicKey {
469 RS512PublicKey {
470 pk: self.key_pair.public_key(),
471 key_id: self.key_id.clone(),
472 }
473 }
474
475 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
476 Ok(RS512KeyPair {
477 key_pair: RSAKeyPair::generate(modulus_bits)?,
478 key_id: None,
479 })
480 }
481
482 pub fn with_key_id(mut self, key_id: &str) -> Self {
483 self.key_id = Some(key_id.to_string());
484 self
485 }
486}
487
488impl RSAPublicKeyLike for RS512PublicKey {
489 fn jwt_alg_name() -> &'static str {
490 "RS512"
491 }
492
493 fn hash() -> MessageDigest {
494 MessageDigest::sha512()
495 }
496
497 fn padding_scheme(&self) -> Padding {
498 Padding::PKCS1
499 }
500
501 fn public_key(&self) -> &RSAPublicKey {
502 &self.pk
503 }
504
505 fn key_id(&self) -> &Option<String> {
506 &self.key_id
507 }
508
509 fn set_key_id(&mut self, key_id: String) {
510 self.key_id = Some(key_id);
511 }
512}
513
514impl RS512PublicKey {
515 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
516 Ok(RS512PublicKey {
517 pk: RSAPublicKey::from_der(der)?,
518 key_id: None,
519 })
520 }
521
522 pub fn from_pem(pem: &str) -> Result<Self, Error> {
523 Ok(RS512PublicKey {
524 pk: RSAPublicKey::from_pem(pem)?,
525 key_id: None,
526 })
527 }
528
529 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
530 Ok(RS512PublicKey {
531 pk: RSAPublicKey::from_components(n, e)?,
532 key_id: None,
533 })
534 }
535
536 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
537 self.pk.to_der()
538 }
539
540 pub fn to_pem(&self) -> Result<String, Error> {
541 self.pk.to_pem()
542 }
543
544 pub fn to_components(&self) -> RSAPublicKeyComponents {
545 self.pk.to_components()
546 }
547
548 pub fn with_key_id(mut self, key_id: &str) -> Self {
549 self.key_id = Some(key_id.to_string());
550 self
551 }
552
553 pub fn sha1_thumbprint(&self) -> String {
554 Base64UrlSafeNoPadding::encode_to_string(SHA1::hash(&self.pk.to_der().unwrap())).unwrap()
555 }
556
557 pub fn sha256_thumbprint(&self) -> String {
558 Base64UrlSafeNoPadding::encode_to_string(SHA256::hash(&self.pk.to_der().unwrap())).unwrap()
559 }
560}
561
562#[derive(Debug, Clone)]
565pub struct RS384KeyPair {
566 key_pair: RSAKeyPair,
567 key_id: Option<String>,
568}
569
570#[derive(Debug, Clone)]
571pub struct RS384PublicKey {
572 pk: RSAPublicKey,
573 key_id: Option<String>,
574}
575
576impl RSAKeyPairLike for RS384KeyPair {
577 fn jwt_alg_name() -> &'static str {
578 "RS384"
579 }
580
581 fn key_pair(&self) -> &RSAKeyPair {
582 &self.key_pair
583 }
584
585 fn key_id(&self) -> &Option<String> {
586 &self.key_id
587 }
588
589 fn metadata(&self) -> &Option<KeyMetadata> {
590 &self.key_pair.metadata
591 }
592
593 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
594 self.key_pair.metadata = Some(metadata);
595 Ok(())
596 }
597
598 fn hash() -> MessageDigest {
599 MessageDigest::sha384()
600 }
601
602 fn padding_scheme(&self) -> Padding {
603 Padding::PKCS1
604 }
605}
606
607impl RS384KeyPair {
608 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
609 Ok(RS384KeyPair {
610 key_pair: RSAKeyPair::from_der(der)?,
611 key_id: None,
612 })
613 }
614
615 pub fn from_pem(pem: &str) -> Result<Self, Error> {
616 Ok(RS384KeyPair {
617 key_pair: RSAKeyPair::from_pem(pem)?,
618 key_id: None,
619 })
620 }
621
622 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
623 self.key_pair.to_der()
624 }
625
626 pub fn to_pem(&self) -> Result<String, Error> {
627 self.key_pair.to_pem()
628 }
629
630 pub fn public_key(&self) -> RS384PublicKey {
631 RS384PublicKey {
632 pk: self.key_pair.public_key(),
633 key_id: self.key_id.clone(),
634 }
635 }
636
637 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
638 Ok(RS384KeyPair {
639 key_pair: RSAKeyPair::generate(modulus_bits)?,
640 key_id: None,
641 })
642 }
643
644 pub fn with_key_id(mut self, key_id: &str) -> Self {
645 self.key_id = Some(key_id.to_string());
646 self
647 }
648}
649
650impl RSAPublicKeyLike for RS384PublicKey {
651 fn jwt_alg_name() -> &'static str {
652 "RS384"
653 }
654
655 fn hash() -> MessageDigest {
656 MessageDigest::sha384()
657 }
658
659 fn padding_scheme(&self) -> Padding {
660 Padding::PKCS1
661 }
662
663 fn public_key(&self) -> &RSAPublicKey {
664 &self.pk
665 }
666
667 fn key_id(&self) -> &Option<String> {
668 &self.key_id
669 }
670
671 fn set_key_id(&mut self, key_id: String) {
672 self.key_id = Some(key_id);
673 }
674}
675
676impl RS384PublicKey {
677 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
678 Ok(RS384PublicKey {
679 pk: RSAPublicKey::from_der(der)?,
680 key_id: None,
681 })
682 }
683
684 pub fn from_pem(pem: &str) -> Result<Self, Error> {
685 Ok(RS384PublicKey {
686 pk: RSAPublicKey::from_pem(pem)?,
687 key_id: None,
688 })
689 }
690
691 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
692 Ok(RS384PublicKey {
693 pk: RSAPublicKey::from_components(n, e)?,
694 key_id: None,
695 })
696 }
697
698 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
699 self.pk.to_der()
700 }
701
702 pub fn to_pem(&self) -> Result<String, Error> {
703 self.pk.to_pem()
704 }
705
706 pub fn to_components(&self) -> RSAPublicKeyComponents {
707 self.pk.to_components()
708 }
709
710 pub fn with_key_id(mut self, key_id: &str) -> Self {
711 self.key_id = Some(key_id.to_string());
712 self
713 }
714
715 pub fn sha1_thumbprint(&self) -> String {
716 Base64UrlSafeNoPadding::encode_to_string(SHA1::hash(&self.pk.to_der().unwrap())).unwrap()
717 }
718
719 pub fn sha256_thumbprint(&self) -> String {
720 Base64UrlSafeNoPadding::encode_to_string(SHA256::hash(&self.pk.to_der().unwrap())).unwrap()
721 }
722}
723
724#[derive(Debug, Clone)]
727pub struct PS256KeyPair {
728 key_pair: RSAKeyPair,
729 key_id: Option<String>,
730}
731
732#[derive(Debug, Clone)]
733pub struct PS256PublicKey {
734 pk: RSAPublicKey,
735 key_id: Option<String>,
736}
737
738impl RSAKeyPairLike for PS256KeyPair {
739 fn jwt_alg_name() -> &'static str {
740 "PS256"
741 }
742
743 fn key_pair(&self) -> &RSAKeyPair {
744 &self.key_pair
745 }
746
747 fn key_id(&self) -> &Option<String> {
748 &self.key_id
749 }
750
751 fn metadata(&self) -> &Option<KeyMetadata> {
752 &self.key_pair.metadata
753 }
754
755 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
756 self.key_pair.metadata = Some(metadata);
757 Ok(())
758 }
759
760 fn hash() -> MessageDigest {
761 MessageDigest::sha256()
762 }
763
764 fn padding_scheme(&self) -> Padding {
765 Padding::PKCS1_PSS
766 }
767}
768
769impl PS256KeyPair {
770 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
771 Ok(PS256KeyPair {
772 key_pair: RSAKeyPair::from_der(der)?,
773 key_id: None,
774 })
775 }
776
777 pub fn from_pem(pem: &str) -> Result<Self, Error> {
778 Ok(PS256KeyPair {
779 key_pair: RSAKeyPair::from_pem(pem)?,
780 key_id: None,
781 })
782 }
783
784 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
785 self.key_pair.to_der()
786 }
787
788 pub fn to_pem(&self) -> Result<String, Error> {
789 self.key_pair.to_pem()
790 }
791
792 pub fn public_key(&self) -> PS256PublicKey {
793 PS256PublicKey {
794 pk: self.key_pair.public_key(),
795 key_id: self.key_id.clone(),
796 }
797 }
798
799 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
800 Ok(PS256KeyPair {
801 key_pair: RSAKeyPair::generate(modulus_bits)?,
802 key_id: None,
803 })
804 }
805
806 pub fn with_key_id(mut self, key_id: &str) -> Self {
807 self.key_id = Some(key_id.to_string());
808 self
809 }
810}
811
812impl RSAPublicKeyLike for PS256PublicKey {
813 fn jwt_alg_name() -> &'static str {
814 "PS256"
815 }
816
817 fn hash() -> MessageDigest {
818 MessageDigest::sha256()
819 }
820
821 fn padding_scheme(&self) -> Padding {
822 Padding::PKCS1_PSS
823 }
824
825 fn public_key(&self) -> &RSAPublicKey {
826 &self.pk
827 }
828
829 fn key_id(&self) -> &Option<String> {
830 &self.key_id
831 }
832
833 fn set_key_id(&mut self, key_id: String) {
834 self.key_id = Some(key_id);
835 }
836}
837
838impl PS256PublicKey {
839 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
840 Ok(PS256PublicKey {
841 pk: RSAPublicKey::from_der(der)?,
842 key_id: None,
843 })
844 }
845
846 pub fn from_pem(pem: &str) -> Result<Self, Error> {
847 Ok(PS256PublicKey {
848 pk: RSAPublicKey::from_pem(pem)?,
849 key_id: None,
850 })
851 }
852
853 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
854 Ok(PS256PublicKey {
855 pk: RSAPublicKey::from_components(n, e)?,
856 key_id: None,
857 })
858 }
859
860 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
861 self.pk.to_der()
862 }
863
864 pub fn to_pem(&self) -> Result<String, Error> {
865 self.pk.to_pem()
866 }
867
868 pub fn to_components(&self) -> RSAPublicKeyComponents {
869 self.pk.to_components()
870 }
871
872 pub fn with_key_id(mut self, key_id: &str) -> Self {
873 self.key_id = Some(key_id.to_string());
874 self
875 }
876}
877
878#[derive(Debug, Clone)]
881pub struct PS512KeyPair {
882 key_pair: RSAKeyPair,
883 key_id: Option<String>,
884}
885
886#[derive(Debug, Clone)]
887pub struct PS512PublicKey {
888 pk: RSAPublicKey,
889 key_id: Option<String>,
890}
891
892impl RSAKeyPairLike for PS512KeyPair {
893 fn jwt_alg_name() -> &'static str {
894 "PS512"
895 }
896
897 fn key_pair(&self) -> &RSAKeyPair {
898 &self.key_pair
899 }
900
901 fn key_id(&self) -> &Option<String> {
902 &self.key_id
903 }
904
905 fn metadata(&self) -> &Option<KeyMetadata> {
906 &self.key_pair.metadata
907 }
908
909 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
910 self.key_pair.metadata = Some(metadata);
911 Ok(())
912 }
913
914 fn hash() -> MessageDigest {
915 MessageDigest::sha512()
916 }
917
918 fn padding_scheme(&self) -> Padding {
919 Padding::PKCS1_PSS
920 }
921}
922
923impl PS512KeyPair {
924 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
925 Ok(PS512KeyPair {
926 key_pair: RSAKeyPair::from_der(der)?,
927 key_id: None,
928 })
929 }
930
931 pub fn from_pem(pem: &str) -> Result<Self, Error> {
932 Ok(PS512KeyPair {
933 key_pair: RSAKeyPair::from_pem(pem)?,
934 key_id: None,
935 })
936 }
937
938 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
939 self.key_pair.to_der()
940 }
941
942 pub fn to_pem(&self) -> Result<String, Error> {
943 self.key_pair.to_pem()
944 }
945
946 pub fn public_key(&self) -> PS512PublicKey {
947 PS512PublicKey {
948 pk: self.key_pair.public_key(),
949 key_id: self.key_id.clone(),
950 }
951 }
952
953 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
954 Ok(PS512KeyPair {
955 key_pair: RSAKeyPair::generate(modulus_bits)?,
956 key_id: None,
957 })
958 }
959
960 pub fn with_key_id(mut self, key_id: &str) -> Self {
961 self.key_id = Some(key_id.to_string());
962 self
963 }
964}
965
966impl RSAPublicKeyLike for PS512PublicKey {
967 fn jwt_alg_name() -> &'static str {
968 "PS512"
969 }
970
971 fn hash() -> MessageDigest {
972 MessageDigest::sha512()
973 }
974
975 fn padding_scheme(&self) -> Padding {
976 Padding::PKCS1_PSS
977 }
978
979 fn public_key(&self) -> &RSAPublicKey {
980 &self.pk
981 }
982
983 fn key_id(&self) -> &Option<String> {
984 &self.key_id
985 }
986
987 fn set_key_id(&mut self, key_id: String) {
988 self.key_id = Some(key_id);
989 }
990}
991
992impl PS512PublicKey {
993 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
994 Ok(PS512PublicKey {
995 pk: RSAPublicKey::from_der(der)?,
996 key_id: None,
997 })
998 }
999
1000 pub fn from_pem(pem: &str) -> Result<Self, Error> {
1001 Ok(PS512PublicKey {
1002 pk: RSAPublicKey::from_pem(pem)?,
1003 key_id: None,
1004 })
1005 }
1006
1007 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
1008 Ok(PS512PublicKey {
1009 pk: RSAPublicKey::from_components(n, e)?,
1010 key_id: None,
1011 })
1012 }
1013
1014 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
1015 self.pk.to_der()
1016 }
1017
1018 pub fn to_pem(&self) -> Result<String, Error> {
1019 self.pk.to_pem()
1020 }
1021
1022 pub fn to_components(&self) -> RSAPublicKeyComponents {
1023 self.pk.to_components()
1024 }
1025
1026 pub fn with_key_id(mut self, key_id: &str) -> Self {
1027 self.key_id = Some(key_id.to_string());
1028 self
1029 }
1030
1031 pub fn sha1_thumbprint(&self) -> String {
1032 Base64UrlSafeNoPadding::encode_to_string(SHA1::hash(&self.pk.to_der().unwrap())).unwrap()
1033 }
1034
1035 pub fn sha256_thumbprint(&self) -> String {
1036 Base64UrlSafeNoPadding::encode_to_string(SHA256::hash(&self.pk.to_der().unwrap())).unwrap()
1037 }
1038}
1039
1040#[derive(Debug, Clone)]
1043pub struct PS384KeyPair {
1044 key_pair: RSAKeyPair,
1045 key_id: Option<String>,
1046}
1047
1048#[derive(Debug, Clone)]
1049pub struct PS384PublicKey {
1050 pk: RSAPublicKey,
1051 key_id: Option<String>,
1052}
1053
1054impl RSAKeyPairLike for PS384KeyPair {
1055 fn jwt_alg_name() -> &'static str {
1056 "PS384"
1057 }
1058
1059 fn key_pair(&self) -> &RSAKeyPair {
1060 &self.key_pair
1061 }
1062
1063 fn key_id(&self) -> &Option<String> {
1064 &self.key_id
1065 }
1066
1067 fn metadata(&self) -> &Option<KeyMetadata> {
1068 &self.key_pair.metadata
1069 }
1070
1071 fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
1072 self.key_pair.metadata = Some(metadata);
1073 Ok(())
1074 }
1075
1076 fn hash() -> MessageDigest {
1077 MessageDigest::sha384()
1078 }
1079
1080 fn padding_scheme(&self) -> Padding {
1081 Padding::PKCS1_PSS
1082 }
1083}
1084
1085impl PS384KeyPair {
1086 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
1087 Ok(PS384KeyPair {
1088 key_pair: RSAKeyPair::from_der(der)?,
1089 key_id: None,
1090 })
1091 }
1092
1093 pub fn from_pem(pem: &str) -> Result<Self, Error> {
1094 Ok(PS384KeyPair {
1095 key_pair: RSAKeyPair::from_pem(pem)?,
1096 key_id: None,
1097 })
1098 }
1099
1100 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
1101 self.key_pair.to_der()
1102 }
1103
1104 pub fn to_pem(&self) -> Result<String, Error> {
1105 self.key_pair.to_pem()
1106 }
1107
1108 pub fn public_key(&self) -> PS384PublicKey {
1109 PS384PublicKey {
1110 pk: self.key_pair.public_key(),
1111 key_id: self.key_id.clone(),
1112 }
1113 }
1114
1115 pub fn generate(modulus_bits: usize) -> Result<Self, Error> {
1116 Ok(PS384KeyPair {
1117 key_pair: RSAKeyPair::generate(modulus_bits)?,
1118 key_id: None,
1119 })
1120 }
1121
1122 pub fn with_key_id(mut self, key_id: &str) -> Self {
1123 self.key_id = Some(key_id.to_string());
1124 self
1125 }
1126}
1127
1128impl RSAPublicKeyLike for PS384PublicKey {
1129 fn jwt_alg_name() -> &'static str {
1130 "PS384"
1131 }
1132
1133 fn hash() -> MessageDigest {
1134 MessageDigest::sha384()
1135 }
1136
1137 fn padding_scheme(&self) -> Padding {
1138 Padding::PKCS1_PSS
1139 }
1140
1141 fn public_key(&self) -> &RSAPublicKey {
1142 &self.pk
1143 }
1144
1145 fn key_id(&self) -> &Option<String> {
1146 &self.key_id
1147 }
1148
1149 fn set_key_id(&mut self, key_id: String) {
1150 self.key_id = Some(key_id);
1151 }
1152}
1153
1154impl PS384PublicKey {
1155 pub fn from_der(der: &[u8]) -> Result<Self, Error> {
1156 Ok(PS384PublicKey {
1157 pk: RSAPublicKey::from_der(der)?,
1158 key_id: None,
1159 })
1160 }
1161
1162 pub fn from_pem(pem: &str) -> Result<Self, Error> {
1163 Ok(PS384PublicKey {
1164 pk: RSAPublicKey::from_pem(pem)?,
1165 key_id: None,
1166 })
1167 }
1168
1169 pub fn from_components(n: &[u8], e: &[u8]) -> Result<Self, Error> {
1170 Ok(PS384PublicKey {
1171 pk: RSAPublicKey::from_components(n, e)?,
1172 key_id: None,
1173 })
1174 }
1175
1176 pub fn to_der(&self) -> Result<Vec<u8>, Error> {
1177 self.pk.to_der()
1178 }
1179
1180 pub fn to_pem(&self) -> Result<String, Error> {
1181 self.pk.to_pem()
1182 }
1183
1184 pub fn to_components(&self) -> RSAPublicKeyComponents {
1185 self.pk.to_components()
1186 }
1187
1188 pub fn with_key_id(mut self, key_id: &str) -> Self {
1189 self.key_id = Some(key_id.to_string());
1190 self
1191 }
1192
1193 pub fn sha1_thumbprint(&self) -> String {
1194 Base64UrlSafeNoPadding::encode_to_string(SHA1::hash(&self.pk.to_der().unwrap())).unwrap()
1195 }
1196
1197 pub fn sha256_thumbprint(&self) -> String {
1198 Base64UrlSafeNoPadding::encode_to_string(SHA256::hash(&self.pk.to_der().unwrap())).unwrap()
1199 }
1200}