michael/jsonwebtoken
michael
/
jsonwebtoken
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed conflicts

This commit is contained in:
Vincent Prouillet 2019-06-16 18:00:00 +02:00
parent 84ee604e88 c26bdf7e06
commit 20013a4e4f
9 changed files with 85 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -106,6 +106,9 @@ This library currently supports the following:
- RS256 - RS256
- RS384 - RS384
- RS512 - RS512
- PS256
- PS384
- PS512
- ES256 - ES256
- ES384 - ES384

2
examples/custom_header.rs
View File

@ -3,7 +3,7 @@ extern crate jsonwebtoken as jwt;
extern crate serde_derive; extern crate serde_derive;
use jwt::errors::ErrorKind; use jwt::errors::ErrorKind;
use jwt::{decode, encode, Algorithm, Header, Validation, Key}; use jwt::{decode, encode, Algorithm, Header, Key, Validation};
#[derive(Debug, Serialize, Deserialize)] #[derive(Debug, Serialize, Deserialize)]
struct Claims { struct Claims {

2
examples/validation.rs
View File

@ -3,7 +3,7 @@ extern crate jsonwebtoken as jwt;
extern crate serde_derive; extern crate serde_derive;
use jwt::errors::ErrorKind; use jwt::errors::ErrorKind;
use jwt::{decode, encode, Header, Validation, Key}; use jwt::{decode, encode, Header, Key, Validation};
#[derive(Debug, Serialize, Deserialize)] #[derive(Debug, Serialize, Deserialize)]
struct Claims { struct Claims {

10
src/algorithms.rs
View File

@ -22,6 +22,13 @@ pub enum Algorithm {
RS384, RS384,
/// RSASSA-PKCS1-v1_5 using SHA-512 /// RSASSA-PKCS1-v1_5 using SHA-512
RS512, RS512,
/// RSASSA-PSS using SHA-256
PS256,
/// RSASSA-PSS using SHA-384
PS384,
/// RSASSA-PSS using SHA-512
PS512,
} }
impl Default for Algorithm { impl Default for Algorithm {
@ -41,6 +48,9 @@ impl FromStr for Algorithm {
"ES384" => Ok(Algorithm::ES384), "ES384" => Ok(Algorithm::ES384),
"RS256" => Ok(Algorithm::RS256), "RS256" => Ok(Algorithm::RS256),
"RS384" => Ok(Algorithm::RS384), "RS384" => Ok(Algorithm::RS384),
"PS256" => Ok(Algorithm::PS256),
"PS384" => Ok(Algorithm::PS384),
"PS512" => Ok(Algorithm::PS512),
"RS512" => Ok(Algorithm::RS512), "RS512" => Ok(Algorithm::RS512),
_ => Err(new_error(ErrorKind::InvalidAlgorithmName)), _ => Err(new_error(ErrorKind::InvalidAlgorithmName)),
} }

63
src/crypto.rs
View File

@ -34,7 +34,6 @@ fn sign_ecdsa(
return Err(new_error(ErrorKind::InvalidKeyFormat)); return Err(new_error(ErrorKind::InvalidKeyFormat));
} }
}; };
let rng = rand::SystemRandom::new(); let rng = rand::SystemRandom::new();
let sig = signing_key.sign(&rng, untrusted::Input::from(signing_input.as_bytes()))?; let sig = signing_key.sign(&rng, untrusted::Input::from(signing_input.as_bytes()))?;
Ok(base64::encode_config(&sig, base64::URL_SAFE_NO_PAD)) Ok(base64::encode_config(&sig, base64::URL_SAFE_NO_PAD))
@ -83,6 +82,10 @@ pub fn sign(signing_input: &str, key: Key, algorithm: Algorithm) -> Result<Strin
Algorithm::RS256 => sign_rsa(&signature::RSA_PKCS1_SHA256, key, signing_input), Algorithm::RS256 => sign_rsa(&signature::RSA_PKCS1_SHA256, key, signing_input),
Algorithm::RS384 => sign_rsa(&signature::RSA_PKCS1_SHA384, key, signing_input), Algorithm::RS384 => sign_rsa(&signature::RSA_PKCS1_SHA384, key, signing_input),
Algorithm::RS512 => sign_rsa(&signature::RSA_PKCS1_SHA512, key, signing_input), Algorithm::RS512 => sign_rsa(&signature::RSA_PKCS1_SHA512, key, signing_input),
Algorithm::PS256 => sign_rsa(&signature::RSA_PSS_SHA256, key, signing_input),
Algorithm::PS384 => sign_rsa(&signature::RSA_PSS_SHA384, key, signing_input),
Algorithm::PS512 => sign_rsa(&signature::RSA_PSS_SHA512, key, signing_input),
} }
} }
@ -144,44 +147,38 @@ fn verify_ring_rsa(
pub fn verify( pub fn verify(
signature: &str, signature: &str,
signing_input: &str, signing_input: &str,
public_key: Key, key: Key,
algorithm: Algorithm, algorithm: Algorithm,
) -> Result<bool> { ) -> Result<bool> {
match algorithm { match algorithm {
Algorithm::HS256 | Algorithm::HS384 | Algorithm::HS512 => { Algorithm::HS256 | Algorithm::HS384 | Algorithm::HS512 => {
// we just re-sign the data with the key and compare if they are equal // we just re-sign the data with the key and compare if they are equal
let signed = sign(signing_input, public_key, algorithm)?; let signed = sign(signing_input, key, algorithm)?;
Ok(verify_slices_are_equal(signature.as_ref(), signed.as_ref()).is_ok()) Ok(verify_slices_are_equal(signature.as_ref(), signed.as_ref()).is_ok())
} }
Algorithm::ES256 => verify_ring_es( Algorithm::ES256 => {
&signature::ECDSA_P256_SHA256_FIXED, verify_ring_es(&signature::ECDSA_P256_SHA256_FIXED, signature, signing_input, key)
signature, }
signing_input, Algorithm::ES384 => {
public_key, verify_ring_es(&signature::ECDSA_P384_SHA384_FIXED, signature, signing_input, key)
), }
Algorithm::ES384 => verify_ring_es( Algorithm::RS256 => {
&signature::ECDSA_P384_SHA384_FIXED, verify_ring_rsa(&signature::RSA_PKCS1_2048_8192_SHA256, signature, signing_input, key)
signature, }
signing_input, Algorithm::RS384 => {
public_key, verify_ring_rsa(&signature::RSA_PKCS1_2048_8192_SHA384, signature, signing_input, key)
), }
Algorithm::RS256 => verify_ring_rsa( Algorithm::RS512 => {
&signature::RSA_PKCS1_2048_8192_SHA256, verify_ring_rsa(&signature::RSA_PKCS1_2048_8192_SHA512, signature, signing_input, key)
signature, }
signing_input, Algorithm::PS256 => {
public_key, verify_ring_rsa(&signature::RSA_PSS_2048_8192_SHA256, signature, signing_input, key)
), }
Algorithm::RS384 => verify_ring_rsa( Algorithm::PS384 => {
&signature::RSA_PKCS1_2048_8192_SHA384, verify_ring_rsa(&signature::RSA_PSS_2048_8192_SHA384, signature, signing_input, key)
signature, }
signing_input, Algorithm::PS512 => {
public_key, verify_ring_rsa(&signature::RSA_PSS_2048_8192_SHA512, signature, signing_input, key)
), }
Algorithm::RS512 => verify_ring_rsa(
&signature::RSA_PKCS1_2048_8192_SHA512,
signature,
signing_input,
public_key,
),
} }
} }

2
src/errors.rs
View File

@ -99,7 +99,7 @@ impl StdError for Error {
} }
} }
fn cause(&self) -> Option<&StdError> { fn cause(&self) -> Option<&dyn StdError> {
match *self.0 { match *self.0 {
ErrorKind::InvalidToken => None, ErrorKind::InvalidToken => None,
ErrorKind::InvalidSignature => None, ErrorKind::InvalidSignature => None,

5
tests/ecdsa.rs
View File

@ -4,7 +4,7 @@ extern crate serde_derive;
extern crate chrono; extern crate chrono;
use chrono::Utc; use chrono::Utc;
use jsonwebtoken::{decode, encode, sign, verify, Algorithm, Key, Header, Validation}; use jsonwebtoken::{decode, encode, sign, verify, Algorithm, Header, Key, Validation};
#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)]
struct Claims { struct Claims {
@ -33,7 +33,8 @@ fn round_trip_claim() {
let token = let token =
encode(&Header::new(Algorithm::ES256), &my_claims, Key::Pkcs8(&privkey[..])).unwrap(); encode(&Header::new(Algorithm::ES256), &my_claims, Key::Pkcs8(&privkey[..])).unwrap();
let pubkey = include_bytes!("public_ecdsa_key.pk8"); let pubkey = include_bytes!("public_ecdsa_key.pk8");
let token_data = decode::<Claims>(&token, Key::Pkcs8(pubkey), &Validation::new(Algorithm::ES256)).unwrap(); let token_data =
decode::<Claims>(&token, Key::Pkcs8(pubkey), &Validation::new(Algorithm::ES256)).unwrap();
assert_eq!(my_claims, token_data.claims); assert_eq!(my_claims, token_data.claims);
assert!(token_data.header.kid.is_none()); assert!(token_data.header.kid.is_none());
} }

9
tests/lib.rs
View File

@ -41,7 +41,8 @@ fn encode_with_custom_header() {
let mut header = Header::default(); let mut header = Header::default();
header.kid = Some("kid".to_string()); header.kid = Some("kid".to_string());
let token = encode(&header, &my_claims, Key::Hmac(b"secret")).unwrap(); let token = encode(&header, &my_claims, Key::Hmac(b"secret")).unwrap();
let token_data = decode::<Claims>(&token, Key::Hmac(b"secret"), &Validation::default()).unwrap(); let token_data =
decode::<Claims>(&token, Key::Hmac(b"secret"), &Validation::default()).unwrap();
assert_eq!(my_claims, token_data.claims); assert_eq!(my_claims, token_data.claims);
assert_eq!("kid", token_data.header.kid.unwrap()); assert_eq!("kid", token_data.header.kid.unwrap());
} }
@ -54,7 +55,8 @@ fn round_trip_claim() {
exp: Utc::now().timestamp() + 10000, exp: Utc::now().timestamp() + 10000,
}; };
let token = encode(&Header::default(), &my_claims, Key::Hmac(b"secret")).unwrap(); let token = encode(&Header::default(), &my_claims, Key::Hmac(b"secret")).unwrap();
let token_data = decode::<Claims>(&token, Key::Hmac(b"secret"), &Validation::default()).unwrap(); let token_data =
decode::<Claims>(&token, Key::Hmac(b"secret"), &Validation::default()).unwrap();
assert_eq!(my_claims, token_data.claims); assert_eq!(my_claims, token_data.claims);
assert!(token_data.header.kid.is_none()); assert!(token_data.header.kid.is_none());
} }
@ -166,5 +168,8 @@ fn generate_algorithm_enum_from_str() {
assert!(Algorithm::from_str("RS256").is_ok()); assert!(Algorithm::from_str("RS256").is_ok());
assert!(Algorithm::from_str("RS384").is_ok()); assert!(Algorithm::from_str("RS384").is_ok());
assert!(Algorithm::from_str("RS512").is_ok()); assert!(Algorithm::from_str("RS512").is_ok());
assert!(Algorithm::from_str("PS256").is_ok());
assert!(Algorithm::from_str("PS384").is_ok());
assert!(Algorithm::from_str("PS512").is_ok());
assert!(Algorithm::from_str("").is_err()); assert!(Algorithm::from_str("").is_err());
} }

45
tests/rsa.rs
View File

@ -4,7 +4,16 @@ extern crate serde_derive;
extern crate chrono; extern crate chrono;
use chrono::Utc; use chrono::Utc;
use jsonwebtoken::{decode, encode, sign, verify, Algorithm, Key, Header, Validation}; use jsonwebtoken::{decode, encode, sign, verify, Algorithm, Header, Key, Validation};
const RSA_ALGORITHMS: &[Algorithm] = &[
Algorithm::RS256,
Algorithm::RS384,
Algorithm::RS512,
Algorithm::PS256,
Algorithm::PS384,
Algorithm::PS512,
];
#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)]
struct Claims { struct Claims {
@ -16,11 +25,13 @@ struct Claims {
#[test] #[test]
fn round_trip_sign_verification() { fn round_trip_sign_verification() {
let privkey = include_bytes!("private_rsa_key.der"); let privkey = include_bytes!("private_rsa_key.der");
let encrypted = sign("hello world", Key::Der(&privkey[..]), Algorithm::RS256).unwrap(); for &alg in RSA_ALGORITHMS {
let is_valid = let encrypted = sign("hello world", Key::Der(&privkey[..]), alg).unwrap();
verify(&encrypted, "hello world", Key::Der(include_bytes!("public_rsa_key.der")), Algorithm::RS256) let is_valid =
.unwrap(); verify(&encrypted, "hello world", Key::Der(include_bytes!("public_rsa_key.der")), alg)
assert!(is_valid); .unwrap();
assert!(is_valid);
}
} }
#[test] #[test]
@ -31,16 +42,18 @@ fn round_trip_claim() {
exp: Utc::now().timestamp() + 10000, exp: Utc::now().timestamp() + 10000,
}; };
let privkey = include_bytes!("private_rsa_key.der"); let privkey = include_bytes!("private_rsa_key.der");
let token =
encode(&Header::new(Algorithm::RS256), &my_claims, Key::Der(&privkey[..])).unwrap(); for &alg in RSA_ALGORITHMS {
let token_data = decode::<Claims>( let token = encode(&Header::new(alg), &my_claims, Key::Der(&privkey[..])).unwrap();
&token, let token_data = decode::<Claims>(
Key::Der(include_bytes!("public_rsa_key.der")), &token,
&Validation::new(Algorithm::RS256), Key::Der(include_bytes!("public_rsa_key.der")),
) &Validation::new(alg),
.unwrap(); )
assert_eq!(my_claims, token_data.claims); .unwrap();
assert!(token_data.header.kid.is_none()); assert_eq!(my_claims, token_data.claims);
assert!(token_data.header.kid.is_none());
}
} }
#[test] #[test]