polimec_common::credentials::jwk

Enum JsonWebKey

Source 
#[non_exhaustive]
pub enum JsonWebKey<'a> {
    Rsa {
        modulus: Cow<'a, [u8]>,
        public_exponent: Cow<'a, [u8]>,
        private_parts: Option<RsaPrivateParts<'a>>,
    },
    EllipticCurve {
        curve: Cow<'a, str>,
        x: Cow<'a, [u8]>,
        y: Cow<'a, [u8]>,
        secret: Option<SecretBytes<'a>>,
    },
    Symmetric {
        secret: SecretBytes<'a>,
    },
    KeyPair {
        curve: Cow<'a, str>,
        x: Cow<'a, [u8]>,
        secret: Option<SecretBytes<'a>>,
    },
}
Expand description

Basic JWK functionality: (de)serialization and creating thumbprints.

See RFC 7518 for the details about the fields for various key types.

Self::thumbprint() and the Display implementation allow to get the overall presentation of the key. The latter returns JSON serialization of the key with fields ordered alphabetically. That is, this output for verifying keys can be used to compute key thumbprints.

§Serialization

For human-readable formats (e.g., JSON, TOML, YAML), byte fields in JsonWebKey and embedded types (SecretBytes, RsaPrivateParts, RsaPrimeFactor) will be serialized in base64-url encoding with no padding, as per the JWK spec. For other formats (e.g., CBOR), byte fields will be serialized as byte sequences.

Because of the limitations of the CBOR support in serde, a JsonWebKey serialized in CBOR is not compliant with the CBOR Object Signing and Encryption spec (COSE). It can still be a good way to decrease the serialized key size.

§Conversions

A JWK can be obtained from signing and verifying keys defined in the alg module via From / Into traits. Conversion from a JWK to a specific key is fallible and can be performed via TryFrom with JwkError as an error type.

As a part of conversion for asymmetric signing keys, it is checked whether the signing and verifying parts of the JWK match; JwkError::MismatchedKeys is returned otherwise. This check is not performed for verifying keys even if the necessary data is present in the provided JWK.

Warning. Conversions for private RSA keys are not fully compliant with RFC 7518. See the docs for the relevant impls for more details.

Variants (Non-exhaustive)§

This enum is marked as non-exhaustive
Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.
§

Rsa

Public or private RSA key. Has kty field set to RSA.

Fields

§modulus: Cow<'a, [u8]>

Key modulus (n).

§public_exponent: Cow<'a, [u8]>

Public exponent (e).

§private_parts: Option<RsaPrivateParts<'a>>

Private RSA parameters. Only present for private keys.

§

EllipticCurve

Public or private key in an ECDSA crypto system. Has kty field set to EC.

Fields

§curve: Cow<'a, str>

Curve name (crv), such as secp256k1.

§x: Cow<'a, [u8]>

x coordinate of the curve point.

§y: Cow<'a, [u8]>

y coordinate of the curve point.

§secret: Option<SecretBytes<'a>>

Secret scalar (d); not present for public keys.

§

Symmetric

Generic symmetric key, e.g. for HS256 algorithm. Has kty field set to oct.

Fields

§secret: SecretBytes<'a>

Bytes representing this key.

§

KeyPair

Generic asymmetric keypair. This key type is used e.g. for Ed25519 keys.

Fields

§curve: Cow<'a, str>

Curve name (crv), such as Ed25519.

§x: Cow<'a, [u8]>

Public key. For Ed25519, this is the standard 32-byte public key presentation (x coordinate of a point on the curve + sign).

§secret: Option<SecretBytes<'a>>

Secret key (d). For Ed25519, this is the seed.

Implementations§

Source§

impl JsonWebKey<'_>

Source

pub const fn key_type(&self) -> KeyType

Gets the type of this key.

Source

pub const fn is_signing_key(&self) -> bool

Returns true if this key can be used for signing (has SecretBytes fields).

Source

pub fn to_verifying_key(&self) -> JsonWebKey<'_>

Returns a copy of this key with parts not necessary for signature verification removed.

Source

pub fn thumbprint<D>( &self, ) -> GenericArray<u8, <D as OutputSizeUser>::OutputSize>
where D: Digest,

Computes a thumbprint of this JWK. The result complies with the key thumbprint defined in RFC 7638.

Trait Implementations§

Source§

impl<'a> Clone for JsonWebKey<'a>

Source§

fn clone(&self) -> JsonWebKey<'a>

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<'a> Debug for JsonWebKey<'a>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl<'de, 'a> Deserialize<'de> for JsonWebKey<'a>

Source§

fn deserialize<__D>( __deserializer: __D, ) -> Result<JsonWebKey<'a>, <__D as Deserializer<'de>>::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Display for JsonWebKey<'_>

Source§

fn fmt(&self, formatter: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl<'a> From<&'a Hs256Key> for JsonWebKey<'a>

Source§

fn from(key: &'a Hs256Key) -> JsonWebKey<'a>

Converts to this type from the input type.
Source§

impl<'a> From<&'a Hs384Key> for JsonWebKey<'a>

Source§

fn from(key: &'a Hs384Key) -> JsonWebKey<'a>

Converts to this type from the input type.
Source§

impl<'a> From<&'a Hs512Key> for JsonWebKey<'a>

Source§

fn from(key: &'a Hs512Key) -> JsonWebKey<'a>

Converts to this type from the input type.
Source§

impl<'a> From<&'a SigningKey> for JsonWebKey<'a>

Source§

fn from(signing_key: &'a SigningKey) -> JsonWebKey<'a>

Converts to this type from the input type.
Source§

impl<'a> From<&'a VerifyingKey> for JsonWebKey<'a>

Source§

fn from(key: &'a VerifyingKey) -> JsonWebKey<'a>

Converts to this type from the input type.
Source§

impl<'a> PartialEq for JsonWebKey<'a>

Source§

fn eq(&self, other: &JsonWebKey<'a>) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<'a> Serialize for JsonWebKey<'a>

Source§

fn serialize<__S>( &self, __serializer: __S, ) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl TryFrom<&JsonWebKey<'_>> for Hs256Key

Source§

type Error = JwkError

The type returned in the event of a conversion error.
Source§

fn try_from( jwk: &JsonWebKey<'_>, ) -> Result<Hs256Key, <Hs256Key as TryFrom<&JsonWebKey<'_>>>::Error>

Performs the conversion.
Source§

impl TryFrom<&JsonWebKey<'_>> for Hs384Key

Source§

type Error = JwkError

The type returned in the event of a conversion error.
Source§

fn try_from( jwk: &JsonWebKey<'_>, ) -> Result<Hs384Key, <Hs384Key as TryFrom<&JsonWebKey<'_>>>::Error>

Performs the conversion.
Source§

impl TryFrom<&JsonWebKey<'_>> for Hs512Key

Source§

type Error = JwkError

The type returned in the event of a conversion error.
Source§

fn try_from( jwk: &JsonWebKey<'_>, ) -> Result<Hs512Key, <Hs512Key as TryFrom<&JsonWebKey<'_>>>::Error>

Performs the conversion.
Source§

impl<'a> StructuralPartialEq for JsonWebKey<'a>

Auto Trait Implementations§

§

impl<'a> Freeze for JsonWebKey<'a>

§

impl<'a> RefUnwindSafe for JsonWebKey<'a>

§

impl<'a> Send for JsonWebKey<'a>

§

impl<'a> Sync for JsonWebKey<'a>

§

impl<'a> Unpin for JsonWebKey<'a>

§

impl<'a> UnwindSafe for JsonWebKey<'a>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CheckedConversion for T

Source§

fn checked_from<T>(t: T) -> Option<Self>
where Self: TryFrom<T>,

Convert from a value of T into an equivalent instance of Option<Self>. Read more
Source§

fn checked_into<T>(self) -> Option<T>
where Self: TryInto<T>,

Consume self to return Some equivalent value of Option<T>. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dst: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T, U> IntoKey<U> for T
where U: FromKey<T>,

Source§

fn into_key(self) -> U

Source§

impl<T> IsType<T> for T

Source§

fn from_ref(t: &T) -> &T

Cast reference.
Source§

fn into_ref(&self) -> &T

Cast reference.
Source§

fn from_mut(t: &mut T) -> &mut T

Cast mutable reference.
Source§

fn into_mut(&mut self) -> &mut T

Cast mutable reference.
Source§

impl<T, Outer> IsWrappedBy<Outer> for T
where Outer: AsRef<T> + AsMut<T> + From<T>, T: From<Outer>,

Source§

fn from_ref(outer: &Outer) -> &T

Get a reference to the inner from the outer.

Source§

fn from_mut(outer: &mut Outer) -> &mut T

Get a mutable reference to the inner from the outer.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> SaturatedConversion for T

Source§

fn saturated_from<T>(t: T) -> Self
where Self: UniqueSaturatedFrom<T>,

Convert from a value of T into an equivalent instance of Self. Read more
Source§

fn saturated_into<T>(self) -> T
where Self: UniqueSaturatedInto<T>,

Consume self to return an equivalent value of T. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T, U> TryIntoKey<U> for T
where U: TryFromKey<T>,

Source§

type Error = <U as TryFromKey<T>>::Error

Source§

fn try_into_key(self) -> Result<U, <U as TryFromKey<T>>::Error>

Source§

impl<S, T> UncheckedInto<T> for S
where T: UncheckedFrom<S>,

Source§

fn unchecked_into(self) -> T

The counterpart to unchecked_from.
Source§

impl<T, S> UniqueSaturatedInto<T> for S
where T: Bounded, S: TryInto<T>,

Source§

fn unique_saturated_into(self) -> T

Consume self to return an equivalent value of T.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<T> Error for T
where T: 'static + Debug + Display + Send + Sync,

Source§

impl<T> JsonSchemaMaybe for T

Source§

impl<T> MaybeDebug for T
where T: Debug,

Source§

impl<T> MaybeDisplay for T
where T: Display,

Source§

impl<T> MaybeRefUnwindSafe for T
where T: RefUnwindSafe,

Source§

impl<T> MaybeSerialize for T
where T: Serialize,

Source§

impl<T> MaybeSerializeDeserialize for T
where T: DeserializeOwned + Serialize,