rustauth_core/crypto/
jwe_secret.rs1use crate::crypto::SecretConfig;
2use crate::error::RustAuthError;
3
4#[derive(Debug, Clone, PartialEq, Eq)]
5pub struct JweSecret {
6 pub(crate) value: String,
7}
8
9pub trait JweSecretSource {
11 fn current_jwe_secret(&self) -> Result<String, RustAuthError>;
12 fn all_jwe_secrets(&self) -> Result<Vec<JweSecret>, RustAuthError>;
13}
14
15impl JweSecretSource for str {
16 fn current_jwe_secret(&self) -> Result<String, RustAuthError> {
17 Ok(self.to_owned())
18 }
19
20 fn all_jwe_secrets(&self) -> Result<Vec<JweSecret>, RustAuthError> {
21 Ok(vec![JweSecret {
22 value: self.to_owned(),
23 }])
24 }
25}
26
27impl JweSecretSource for String {
28 fn current_jwe_secret(&self) -> Result<String, RustAuthError> {
29 self.as_str().current_jwe_secret()
30 }
31
32 fn all_jwe_secrets(&self) -> Result<Vec<JweSecret>, RustAuthError> {
33 self.as_str().all_jwe_secrets()
34 }
35}
36
37impl JweSecretSource for SecretConfig {
38 fn current_jwe_secret(&self) -> Result<String, RustAuthError> {
39 self.keys
40 .get(&self.current_version)
41 .cloned()
42 .ok_or_else(|| {
43 RustAuthError::InvalidSecretConfig(format!(
44 "secret version {} not found in keys",
45 self.current_version
46 ))
47 })
48 }
49
50 fn all_jwe_secrets(&self) -> Result<Vec<JweSecret>, RustAuthError> {
51 let mut secrets = Vec::new();
52 secrets.push(JweSecret {
53 value: self.current_jwe_secret()?,
54 });
55 for (version, value) in &self.keys {
56 if *version != self.current_version {
57 secrets.push(JweSecret {
58 value: value.clone(),
59 });
60 }
61 }
62 if let Some(legacy_secret) = &self.legacy_secret {
63 if !secrets.iter().any(|secret| secret.value == *legacy_secret) {
64 secrets.push(JweSecret {
65 value: legacy_secret.clone(),
66 });
67 }
68 }
69 Ok(secrets)
70 }
71}