Fixed conflicts
This commit is contained in:
commit
20013a4e4f
|
@ -106,6 +106,9 @@ This library currently supports the following:
|
||||||
- RS256
|
- RS256
|
||||||
- RS384
|
- RS384
|
||||||
- RS512
|
- RS512
|
||||||
|
- PS256
|
||||||
|
- PS384
|
||||||
|
- PS512
|
||||||
- ES256
|
- ES256
|
||||||
- ES384
|
- ES384
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,7 @@ extern crate jsonwebtoken as jwt;
|
||||||
extern crate serde_derive;
|
extern crate serde_derive;
|
||||||
|
|
||||||
use jwt::errors::ErrorKind;
|
use jwt::errors::ErrorKind;
|
||||||
use jwt::{decode, encode, Algorithm, Header, Validation, Key};
|
use jwt::{decode, encode, Algorithm, Header, Key, Validation};
|
||||||
|
|
||||||
#[derive(Debug, Serialize, Deserialize)]
|
#[derive(Debug, Serialize, Deserialize)]
|
||||||
struct Claims {
|
struct Claims {
|
||||||
|
|
|
@ -3,7 +3,7 @@ extern crate jsonwebtoken as jwt;
|
||||||
extern crate serde_derive;
|
extern crate serde_derive;
|
||||||
|
|
||||||
use jwt::errors::ErrorKind;
|
use jwt::errors::ErrorKind;
|
||||||
use jwt::{decode, encode, Header, Validation, Key};
|
use jwt::{decode, encode, Header, Key, Validation};
|
||||||
|
|
||||||
#[derive(Debug, Serialize, Deserialize)]
|
#[derive(Debug, Serialize, Deserialize)]
|
||||||
struct Claims {
|
struct Claims {
|
||||||
|
|
|
@ -22,6 +22,13 @@ pub enum Algorithm {
|
||||||
RS384,
|
RS384,
|
||||||
/// RSASSA-PKCS1-v1_5 using SHA-512
|
/// RSASSA-PKCS1-v1_5 using SHA-512
|
||||||
RS512,
|
RS512,
|
||||||
|
|
||||||
|
/// RSASSA-PSS using SHA-256
|
||||||
|
PS256,
|
||||||
|
/// RSASSA-PSS using SHA-384
|
||||||
|
PS384,
|
||||||
|
/// RSASSA-PSS using SHA-512
|
||||||
|
PS512,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Default for Algorithm {
|
impl Default for Algorithm {
|
||||||
|
@ -41,6 +48,9 @@ impl FromStr for Algorithm {
|
||||||
"ES384" => Ok(Algorithm::ES384),
|
"ES384" => Ok(Algorithm::ES384),
|
||||||
"RS256" => Ok(Algorithm::RS256),
|
"RS256" => Ok(Algorithm::RS256),
|
||||||
"RS384" => Ok(Algorithm::RS384),
|
"RS384" => Ok(Algorithm::RS384),
|
||||||
|
"PS256" => Ok(Algorithm::PS256),
|
||||||
|
"PS384" => Ok(Algorithm::PS384),
|
||||||
|
"PS512" => Ok(Algorithm::PS512),
|
||||||
"RS512" => Ok(Algorithm::RS512),
|
"RS512" => Ok(Algorithm::RS512),
|
||||||
_ => Err(new_error(ErrorKind::InvalidAlgorithmName)),
|
_ => Err(new_error(ErrorKind::InvalidAlgorithmName)),
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,7 +34,6 @@ fn sign_ecdsa(
|
||||||
return Err(new_error(ErrorKind::InvalidKeyFormat));
|
return Err(new_error(ErrorKind::InvalidKeyFormat));
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
let rng = rand::SystemRandom::new();
|
let rng = rand::SystemRandom::new();
|
||||||
let sig = signing_key.sign(&rng, untrusted::Input::from(signing_input.as_bytes()))?;
|
let sig = signing_key.sign(&rng, untrusted::Input::from(signing_input.as_bytes()))?;
|
||||||
Ok(base64::encode_config(&sig, base64::URL_SAFE_NO_PAD))
|
Ok(base64::encode_config(&sig, base64::URL_SAFE_NO_PAD))
|
||||||
|
@ -83,6 +82,10 @@ pub fn sign(signing_input: &str, key: Key, algorithm: Algorithm) -> Result<Strin
|
||||||
Algorithm::RS256 => sign_rsa(&signature::RSA_PKCS1_SHA256, key, signing_input),
|
Algorithm::RS256 => sign_rsa(&signature::RSA_PKCS1_SHA256, key, signing_input),
|
||||||
Algorithm::RS384 => sign_rsa(&signature::RSA_PKCS1_SHA384, key, signing_input),
|
Algorithm::RS384 => sign_rsa(&signature::RSA_PKCS1_SHA384, key, signing_input),
|
||||||
Algorithm::RS512 => sign_rsa(&signature::RSA_PKCS1_SHA512, key, signing_input),
|
Algorithm::RS512 => sign_rsa(&signature::RSA_PKCS1_SHA512, key, signing_input),
|
||||||
|
|
||||||
|
Algorithm::PS256 => sign_rsa(&signature::RSA_PSS_SHA256, key, signing_input),
|
||||||
|
Algorithm::PS384 => sign_rsa(&signature::RSA_PSS_SHA384, key, signing_input),
|
||||||
|
Algorithm::PS512 => sign_rsa(&signature::RSA_PSS_SHA512, key, signing_input),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -144,44 +147,38 @@ fn verify_ring_rsa(
|
||||||
pub fn verify(
|
pub fn verify(
|
||||||
signature: &str,
|
signature: &str,
|
||||||
signing_input: &str,
|
signing_input: &str,
|
||||||
public_key: Key,
|
key: Key,
|
||||||
algorithm: Algorithm,
|
algorithm: Algorithm,
|
||||||
) -> Result<bool> {
|
) -> Result<bool> {
|
||||||
match algorithm {
|
match algorithm {
|
||||||
Algorithm::HS256 | Algorithm::HS384 | Algorithm::HS512 => {
|
Algorithm::HS256 | Algorithm::HS384 | Algorithm::HS512 => {
|
||||||
// we just re-sign the data with the key and compare if they are equal
|
// we just re-sign the data with the key and compare if they are equal
|
||||||
let signed = sign(signing_input, public_key, algorithm)?;
|
let signed = sign(signing_input, key, algorithm)?;
|
||||||
Ok(verify_slices_are_equal(signature.as_ref(), signed.as_ref()).is_ok())
|
Ok(verify_slices_are_equal(signature.as_ref(), signed.as_ref()).is_ok())
|
||||||
}
|
}
|
||||||
Algorithm::ES256 => verify_ring_es(
|
Algorithm::ES256 => {
|
||||||
&signature::ECDSA_P256_SHA256_FIXED,
|
verify_ring_es(&signature::ECDSA_P256_SHA256_FIXED, signature, signing_input, key)
|
||||||
signature,
|
}
|
||||||
signing_input,
|
Algorithm::ES384 => {
|
||||||
public_key,
|
verify_ring_es(&signature::ECDSA_P384_SHA384_FIXED, signature, signing_input, key)
|
||||||
),
|
}
|
||||||
Algorithm::ES384 => verify_ring_es(
|
Algorithm::RS256 => {
|
||||||
&signature::ECDSA_P384_SHA384_FIXED,
|
verify_ring_rsa(&signature::RSA_PKCS1_2048_8192_SHA256, signature, signing_input, key)
|
||||||
signature,
|
}
|
||||||
signing_input,
|
Algorithm::RS384 => {
|
||||||
public_key,
|
verify_ring_rsa(&signature::RSA_PKCS1_2048_8192_SHA384, signature, signing_input, key)
|
||||||
),
|
}
|
||||||
Algorithm::RS256 => verify_ring_rsa(
|
Algorithm::RS512 => {
|
||||||
&signature::RSA_PKCS1_2048_8192_SHA256,
|
verify_ring_rsa(&signature::RSA_PKCS1_2048_8192_SHA512, signature, signing_input, key)
|
||||||
signature,
|
}
|
||||||
signing_input,
|
Algorithm::PS256 => {
|
||||||
public_key,
|
verify_ring_rsa(&signature::RSA_PSS_2048_8192_SHA256, signature, signing_input, key)
|
||||||
),
|
}
|
||||||
Algorithm::RS384 => verify_ring_rsa(
|
Algorithm::PS384 => {
|
||||||
&signature::RSA_PKCS1_2048_8192_SHA384,
|
verify_ring_rsa(&signature::RSA_PSS_2048_8192_SHA384, signature, signing_input, key)
|
||||||
signature,
|
}
|
||||||
signing_input,
|
Algorithm::PS512 => {
|
||||||
public_key,
|
verify_ring_rsa(&signature::RSA_PSS_2048_8192_SHA512, signature, signing_input, key)
|
||||||
),
|
}
|
||||||
Algorithm::RS512 => verify_ring_rsa(
|
|
||||||
&signature::RSA_PKCS1_2048_8192_SHA512,
|
|
||||||
signature,
|
|
||||||
signing_input,
|
|
||||||
public_key,
|
|
||||||
),
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -99,7 +99,7 @@ impl StdError for Error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn cause(&self) -> Option<&StdError> {
|
fn cause(&self) -> Option<&dyn StdError> {
|
||||||
match *self.0 {
|
match *self.0 {
|
||||||
ErrorKind::InvalidToken => None,
|
ErrorKind::InvalidToken => None,
|
||||||
ErrorKind::InvalidSignature => None,
|
ErrorKind::InvalidSignature => None,
|
||||||
|
|
|
@ -4,7 +4,7 @@ extern crate serde_derive;
|
||||||
extern crate chrono;
|
extern crate chrono;
|
||||||
|
|
||||||
use chrono::Utc;
|
use chrono::Utc;
|
||||||
use jsonwebtoken::{decode, encode, sign, verify, Algorithm, Key, Header, Validation};
|
use jsonwebtoken::{decode, encode, sign, verify, Algorithm, Header, Key, Validation};
|
||||||
|
|
||||||
#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)]
|
#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)]
|
||||||
struct Claims {
|
struct Claims {
|
||||||
|
@ -33,7 +33,8 @@ fn round_trip_claim() {
|
||||||
let token =
|
let token =
|
||||||
encode(&Header::new(Algorithm::ES256), &my_claims, Key::Pkcs8(&privkey[..])).unwrap();
|
encode(&Header::new(Algorithm::ES256), &my_claims, Key::Pkcs8(&privkey[..])).unwrap();
|
||||||
let pubkey = include_bytes!("public_ecdsa_key.pk8");
|
let pubkey = include_bytes!("public_ecdsa_key.pk8");
|
||||||
let token_data = decode::<Claims>(&token, Key::Pkcs8(pubkey), &Validation::new(Algorithm::ES256)).unwrap();
|
let token_data =
|
||||||
|
decode::<Claims>(&token, Key::Pkcs8(pubkey), &Validation::new(Algorithm::ES256)).unwrap();
|
||||||
assert_eq!(my_claims, token_data.claims);
|
assert_eq!(my_claims, token_data.claims);
|
||||||
assert!(token_data.header.kid.is_none());
|
assert!(token_data.header.kid.is_none());
|
||||||
}
|
}
|
||||||
|
|
|
@ -41,7 +41,8 @@ fn encode_with_custom_header() {
|
||||||
let mut header = Header::default();
|
let mut header = Header::default();
|
||||||
header.kid = Some("kid".to_string());
|
header.kid = Some("kid".to_string());
|
||||||
let token = encode(&header, &my_claims, Key::Hmac(b"secret")).unwrap();
|
let token = encode(&header, &my_claims, Key::Hmac(b"secret")).unwrap();
|
||||||
let token_data = decode::<Claims>(&token, Key::Hmac(b"secret"), &Validation::default()).unwrap();
|
let token_data =
|
||||||
|
decode::<Claims>(&token, Key::Hmac(b"secret"), &Validation::default()).unwrap();
|
||||||
assert_eq!(my_claims, token_data.claims);
|
assert_eq!(my_claims, token_data.claims);
|
||||||
assert_eq!("kid", token_data.header.kid.unwrap());
|
assert_eq!("kid", token_data.header.kid.unwrap());
|
||||||
}
|
}
|
||||||
|
@ -54,7 +55,8 @@ fn round_trip_claim() {
|
||||||
exp: Utc::now().timestamp() + 10000,
|
exp: Utc::now().timestamp() + 10000,
|
||||||
};
|
};
|
||||||
let token = encode(&Header::default(), &my_claims, Key::Hmac(b"secret")).unwrap();
|
let token = encode(&Header::default(), &my_claims, Key::Hmac(b"secret")).unwrap();
|
||||||
let token_data = decode::<Claims>(&token, Key::Hmac(b"secret"), &Validation::default()).unwrap();
|
let token_data =
|
||||||
|
decode::<Claims>(&token, Key::Hmac(b"secret"), &Validation::default()).unwrap();
|
||||||
assert_eq!(my_claims, token_data.claims);
|
assert_eq!(my_claims, token_data.claims);
|
||||||
assert!(token_data.header.kid.is_none());
|
assert!(token_data.header.kid.is_none());
|
||||||
}
|
}
|
||||||
|
@ -166,5 +168,8 @@ fn generate_algorithm_enum_from_str() {
|
||||||
assert!(Algorithm::from_str("RS256").is_ok());
|
assert!(Algorithm::from_str("RS256").is_ok());
|
||||||
assert!(Algorithm::from_str("RS384").is_ok());
|
assert!(Algorithm::from_str("RS384").is_ok());
|
||||||
assert!(Algorithm::from_str("RS512").is_ok());
|
assert!(Algorithm::from_str("RS512").is_ok());
|
||||||
|
assert!(Algorithm::from_str("PS256").is_ok());
|
||||||
|
assert!(Algorithm::from_str("PS384").is_ok());
|
||||||
|
assert!(Algorithm::from_str("PS512").is_ok());
|
||||||
assert!(Algorithm::from_str("").is_err());
|
assert!(Algorithm::from_str("").is_err());
|
||||||
}
|
}
|
||||||
|
|
45
tests/rsa.rs
45
tests/rsa.rs
|
@ -4,7 +4,16 @@ extern crate serde_derive;
|
||||||
extern crate chrono;
|
extern crate chrono;
|
||||||
|
|
||||||
use chrono::Utc;
|
use chrono::Utc;
|
||||||
use jsonwebtoken::{decode, encode, sign, verify, Algorithm, Key, Header, Validation};
|
use jsonwebtoken::{decode, encode, sign, verify, Algorithm, Header, Key, Validation};
|
||||||
|
|
||||||
|
const RSA_ALGORITHMS: &[Algorithm] = &[
|
||||||
|
Algorithm::RS256,
|
||||||
|
Algorithm::RS384,
|
||||||
|
Algorithm::RS512,
|
||||||
|
Algorithm::PS256,
|
||||||
|
Algorithm::PS384,
|
||||||
|
Algorithm::PS512,
|
||||||
|
];
|
||||||
|
|
||||||
#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)]
|
#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)]
|
||||||
struct Claims {
|
struct Claims {
|
||||||
|
@ -16,11 +25,13 @@ struct Claims {
|
||||||
#[test]
|
#[test]
|
||||||
fn round_trip_sign_verification() {
|
fn round_trip_sign_verification() {
|
||||||
let privkey = include_bytes!("private_rsa_key.der");
|
let privkey = include_bytes!("private_rsa_key.der");
|
||||||
let encrypted = sign("hello world", Key::Der(&privkey[..]), Algorithm::RS256).unwrap();
|
for &alg in RSA_ALGORITHMS {
|
||||||
let is_valid =
|
let encrypted = sign("hello world", Key::Der(&privkey[..]), alg).unwrap();
|
||||||
verify(&encrypted, "hello world", Key::Der(include_bytes!("public_rsa_key.der")), Algorithm::RS256)
|
let is_valid =
|
||||||
.unwrap();
|
verify(&encrypted, "hello world", Key::Der(include_bytes!("public_rsa_key.der")), alg)
|
||||||
assert!(is_valid);
|
.unwrap();
|
||||||
|
assert!(is_valid);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
|
@ -31,16 +42,18 @@ fn round_trip_claim() {
|
||||||
exp: Utc::now().timestamp() + 10000,
|
exp: Utc::now().timestamp() + 10000,
|
||||||
};
|
};
|
||||||
let privkey = include_bytes!("private_rsa_key.der");
|
let privkey = include_bytes!("private_rsa_key.der");
|
||||||
let token =
|
|
||||||
encode(&Header::new(Algorithm::RS256), &my_claims, Key::Der(&privkey[..])).unwrap();
|
for &alg in RSA_ALGORITHMS {
|
||||||
let token_data = decode::<Claims>(
|
let token = encode(&Header::new(alg), &my_claims, Key::Der(&privkey[..])).unwrap();
|
||||||
&token,
|
let token_data = decode::<Claims>(
|
||||||
Key::Der(include_bytes!("public_rsa_key.der")),
|
&token,
|
||||||
&Validation::new(Algorithm::RS256),
|
Key::Der(include_bytes!("public_rsa_key.der")),
|
||||||
)
|
&Validation::new(alg),
|
||||||
.unwrap();
|
)
|
||||||
assert_eq!(my_claims, token_data.claims);
|
.unwrap();
|
||||||
assert!(token_data.header.kid.is_none());
|
assert_eq!(my_claims, token_data.claims);
|
||||||
|
assert!(token_data.header.kid.is_none());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
|
|
Loading…
Reference in New Issue