1#![allow(missing_docs)]
2use crate::Algorithm;
8use serde::{de, Deserialize, Deserializer, Serialize, Serializer};
9use std::fmt;
10
11#[derive(Clone, Debug, Eq, PartialEq, Hash)]
13pub enum PublicKeyUse {
14 Signature,
16 Encryption,
18 Other(String),
20}
21
22impl Serialize for PublicKeyUse {
23 fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
24 where
25 S: Serializer,
26 {
27 let string = match self {
28 PublicKeyUse::Signature => "sig",
29 PublicKeyUse::Encryption => "enc",
30 PublicKeyUse::Other(other) => other,
31 };
32
33 serializer.serialize_str(string)
34 }
35}
36
37impl<'de> Deserialize<'de> for PublicKeyUse {
38 fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
39 where
40 D: Deserializer<'de>,
41 {
42 struct PublicKeyUseVisitor;
43 impl<'de> de::Visitor<'de> for PublicKeyUseVisitor {
44 type Value = PublicKeyUse;
45
46 fn expecting(&self, formatter: &mut fmt::Formatter<'_>) -> fmt::Result {
47 write!(formatter, "a string")
48 }
49
50 fn visit_str<E>(self, v: &str) -> Result<Self::Value, E>
51 where
52 E: de::Error,
53 {
54 Ok(match v {
55 "sig" => PublicKeyUse::Signature,
56 "enc" => PublicKeyUse::Encryption,
57 other => PublicKeyUse::Other(other.to_string()),
58 })
59 }
60 }
61
62 deserializer.deserialize_string(PublicKeyUseVisitor)
63 }
64}
65
66#[derive(Clone, Debug, Eq, PartialEq, Hash)]
68pub enum KeyOperations {
69 Sign,
71 Verify,
73 Encrypt,
75 Decrypt,
77 WrapKey,
79 UnwrapKey,
81 DeriveKey,
83 DeriveBits,
85 Other(String),
87}
88
89impl Serialize for KeyOperations {
90 fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
91 where
92 S: Serializer,
93 {
94 let string = match self {
95 KeyOperations::Sign => "sign",
96 KeyOperations::Verify => "verify",
97 KeyOperations::Encrypt => "encrypt",
98 KeyOperations::Decrypt => "decrypt",
99 KeyOperations::WrapKey => "wrapKey",
100 KeyOperations::UnwrapKey => "unwrapKey",
101 KeyOperations::DeriveKey => "deriveKey",
102 KeyOperations::DeriveBits => "deriveBits",
103 KeyOperations::Other(other) => other,
104 };
105
106 serializer.serialize_str(string)
107 }
108}
109
110impl<'de> Deserialize<'de> for KeyOperations {
111 fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
112 where
113 D: Deserializer<'de>,
114 {
115 struct KeyOperationsVisitor;
116 impl<'de> de::Visitor<'de> for KeyOperationsVisitor {
117 type Value = KeyOperations;
118
119 fn expecting(&self, formatter: &mut fmt::Formatter<'_>) -> fmt::Result {
120 write!(formatter, "a string")
121 }
122
123 fn visit_str<E>(self, v: &str) -> Result<Self::Value, E>
124 where
125 E: de::Error,
126 {
127 Ok(match v {
128 "sign" => KeyOperations::Sign,
129 "verify" => KeyOperations::Verify,
130 "encrypt" => KeyOperations::Encrypt,
131 "decrypt" => KeyOperations::Decrypt,
132 "wrapKey" => KeyOperations::WrapKey,
133 "unwrapKey" => KeyOperations::UnwrapKey,
134 "deriveKey" => KeyOperations::DeriveKey,
135 "deriveBits" => KeyOperations::DeriveBits,
136 other => KeyOperations::Other(other.to_string()),
137 })
138 }
139 }
140
141 deserializer.deserialize_string(KeyOperationsVisitor)
142 }
143}
144
145#[derive(Debug, Clone, Eq, PartialEq, Serialize, Deserialize, Default, Hash)]
147pub struct CommonParameters {
148 #[serde(rename = "use", skip_serializing_if = "Option::is_none", default)]
151 pub public_key_use: Option<PublicKeyUse>,
152
153 #[serde(rename = "key_ops", skip_serializing_if = "Option::is_none", default)]
160 pub key_operations: Option<Vec<KeyOperations>>,
161
162 #[serde(rename = "alg", skip_serializing_if = "Option::is_none", default)]
164 pub algorithm: Option<Algorithm>,
165
166 #[serde(rename = "kid", skip_serializing_if = "Option::is_none", default)]
168 pub key_id: Option<String>,
169
170 #[serde(rename = "x5u", skip_serializing_if = "Option::is_none")]
174 pub x509_url: Option<String>,
175
176 #[serde(rename = "x5c", skip_serializing_if = "Option::is_none")]
180 pub x509_chain: Option<Vec<String>>,
181
182 #[serde(rename = "x5t", skip_serializing_if = "Option::is_none")]
186 pub x509_sha1_fingerprint: Option<String>,
187
188 #[serde(rename = "x5t#S256", skip_serializing_if = "Option::is_none")]
192 pub x509_sha256_fingerprint: Option<String>,
193}
194
195#[derive(Clone, Copy, Debug, Eq, PartialEq, Serialize, Deserialize, Hash)]
198pub enum EllipticCurveKeyType {
199 EC,
201}
202
203impl Default for EllipticCurveKeyType {
204 fn default() -> Self {
205 EllipticCurveKeyType::EC
206 }
207}
208
209#[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize, Hash)]
212pub enum EllipticCurve {
213 #[serde(rename = "P-256")]
215 P256,
216 #[serde(rename = "P-384")]
218 P384,
219 #[serde(rename = "P-521")]
221 P521,
222 #[serde(rename = "Ed25519")]
224 Ed25519,
225}
226
227impl Default for EllipticCurve {
228 fn default() -> Self {
229 EllipticCurve::P256
230 }
231}
232
233#[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize, Default, Hash)]
235pub struct EllipticCurveKeyParameters {
236 #[serde(rename = "kty")]
238 pub key_type: EllipticCurveKeyType,
239 #[serde(rename = "crv")]
242 pub curve: EllipticCurve,
243 pub x: String,
246 pub y: String,
249}
250
251#[derive(Clone, Copy, Debug, Eq, PartialEq, Serialize, Deserialize, Hash)]
254pub enum RSAKeyType {
255 RSA,
257}
258
259impl Default for RSAKeyType {
260 fn default() -> Self {
261 RSAKeyType::RSA
262 }
263}
264
265#[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize, Default, Hash)]
267pub struct RSAKeyParameters {
268 #[serde(rename = "kty")]
270 pub key_type: RSAKeyType,
271
272 pub n: String,
275
276 pub e: String,
279}
280
281#[derive(Clone, Copy, Debug, Eq, PartialEq, Serialize, Deserialize, Hash)]
284pub enum OctetKeyType {
285 #[serde(rename = "oct")]
287 Octet,
288}
289
290impl Default for OctetKeyType {
291 fn default() -> Self {
292 OctetKeyType::Octet
293 }
294}
295
296#[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize, Default, Hash)]
298pub struct OctetKeyParameters {
299 #[serde(rename = "kty")]
301 pub key_type: OctetKeyType,
302 #[serde(rename = "k")]
304 pub value: String,
305}
306
307#[derive(Clone, Copy, Debug, Eq, PartialEq, Serialize, Deserialize, Hash)]
310pub enum OctetKeyPairType {
311 #[serde(rename = "OKP")]
313 OctetKeyPair,
314}
315
316impl Default for OctetKeyPairType {
317 fn default() -> Self {
318 OctetKeyPairType::OctetKeyPair
319 }
320}
321
322#[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize, Default, Hash)]
324pub struct OctetKeyPairParameters {
325 #[serde(rename = "kty")]
327 pub key_type: OctetKeyPairType,
328 #[serde(rename = "crv")]
331 pub curve: EllipticCurve,
332 pub x: String,
334}
335
336#[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize, Hash)]
338#[serde(untagged)]
339pub enum AlgorithmParameters {
340 EllipticCurve(EllipticCurveKeyParameters),
341 RSA(RSAKeyParameters),
342 OctetKey(OctetKeyParameters),
343 OctetKeyPair(OctetKeyPairParameters),
344}
345
346#[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize, Hash)]
347pub struct Jwk {
348 #[serde(flatten)]
349 pub common: CommonParameters,
350 #[serde(flatten)]
352 pub algorithm: AlgorithmParameters,
353}
354
355#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
357pub struct JwkSet {
358 pub keys: Vec<Jwk>,
359}
360
361impl JwkSet {
362 pub fn find(&self, kid: &str) -> Option<&Jwk> {
364 self.keys
365 .iter()
366 .find(|jwk| jwk.common.key_id.is_some() && jwk.common.key_id.as_ref().unwrap() == kid)
367 }
368}
369
370#[cfg(test)]
371mod tests {
372 use crate::jwk::{AlgorithmParameters, JwkSet, OctetKeyType};
373 use crate::serialization::b64_encode;
374 use crate::Algorithm;
375 use serde_json::json;
376
377 #[test]
378 fn check_hs256() {
379 let key = b64_encode("abcdefghijklmnopqrstuvwxyz012345");
380 let jwks_json = json!({
381 "keys": [
382 {
383 "kty": "oct",
384 "alg": "HS256",
385 "kid": "abc123",
386 "k": key
387 }
388 ]
389 });
390
391 let set: JwkSet = serde_json::from_value(jwks_json).expect("Failed HS256 check");
392 assert_eq!(set.keys.len(), 1);
393 let key = &set.keys[0];
394 assert_eq!(key.common.key_id, Some("abc123".to_string()));
395 assert_eq!(key.common.algorithm, Some(Algorithm::HS256));
396 match &key.algorithm {
397 AlgorithmParameters::OctetKey(key) => {
398 assert_eq!(key.key_type, OctetKeyType::Octet);
399 assert_eq!(key.value, key.value)
400 }
401 _ => panic!("Unexpected key algorithm"),
402 }
403 }
404}