feat: Use original encoding and decoding key structs

Author: sidrubs

src/crypto/aws_lc/mod.rs

@@ -1 +1,2 @@
 pub(crate) mod hmac;
+// pub(crate) mod rsa;

src/crypto/hmac.rs

@@ -6,7 +6,6 @@ use crate::algorithms::Algorithm;
 
 #[cfg(feature = "aws_lc_rs")]
 pub(crate) mod aws_lc;
-pub(crate) mod hmac;
 #[cfg(feature = "rust_crypto")]
 pub(crate) mod rust_crypto;
 

src/crypto/mod.rs

@@ -6,25 +6,28 @@ use sha2::{Sha256, Sha384, Sha512};
 use signature::{Signer, Verifier};
 
 use crate::crypto::{JwtSigner, JwtVerifier};
+use crate::decoding::try_get_hmac_secret_from_decoding_key;
+use crate::encoding::try_get_hmac_secret_from_encoding_key;
 use crate::errors::Result;
-use crate::{Algorithm, HmacSecret};
+use crate::{Algorithm, DecodingKey, EncodingKey};
 
 type HmacSha256 = Hmac<Sha256>;
 type HmacSha384 = Hmac<Sha384>;
 type HmacSha512 = Hmac<Sha512>;
 
-pub struct Hs256(HmacSha256);
+pub struct Hs256Signer(HmacSha256);
 
-impl Hs256 {
-    pub(crate) fn new(secret: HmacSecret) -> Result<Self> {
-        let inner = HmacSha256::new_from_slice(&secret)
-            .map_err(|_e| crate::errors::ErrorKind::InvalidKeyFormat)?;
+impl Hs256Signer {
+    pub(crate) fn new(encoding_key: &EncodingKey) -> Result<Self> {
+        let inner =
+            HmacSha256::new_from_slice(try_get_hmac_secret_from_encoding_key(encoding_key)?)
+                .map_err(|_e| crate::errors::ErrorKind::InvalidKeyFormat)?;
 
         Ok(Self(inner))
     }
 }
 
-impl Signer<Vec<u8>> for Hs256 {
+impl Signer<Vec<u8>> for Hs256Signer {
     fn try_sign(&self, msg: &[u8]) -> std::result::Result<Vec<u8>, signature::Error> {
         let mut signer = self.0.clone();
         signer.reset();
@@ -34,13 +37,25 @@ impl Signer<Vec<u8>> for Hs256 {
     }
 }
 
-impl JwtSigner for Hs256 {
+impl JwtSigner for Hs256Signer {
     fn algorithm(&self) -> Algorithm {
         Algorithm::HS256
     }
 }
 
-impl Verifier<Vec<u8>> for Hs256 {
+pub struct Hs256Verifier(HmacSha256);
+
+impl Hs256Verifier {
+    pub(crate) fn new(decoding_key: &DecodingKey) -> Result<Self> {
+        let inner =
+            HmacSha256::new_from_slice(&try_get_hmac_secret_from_decoding_key(decoding_key)?)
+                .map_err(|_e| crate::errors::ErrorKind::InvalidKeyFormat)?;
+
+        Ok(Self(inner))
+    }
+}
+
+impl Verifier<Vec<u8>> for Hs256Verifier {
     fn verify(&self, msg: &[u8], signature: &Vec<u8>) -> std::result::Result<(), signature::Error> {
         let mut verifier = self.0.clone();
         verifier.reset();
@@ -50,24 +65,25 @@ impl Verifier<Vec<u8>> for Hs256 {
     }
 }
 
-impl JwtVerifier for Hs256 {
+impl JwtVerifier for Hs256Verifier {
     fn algorithm(&self) -> Algorithm {
         Algorithm::HS256
     }
 }
 
-pub(crate) struct Hs384(HmacSha384);
+pub struct Hs384Signer(HmacSha384);
 
-impl Hs384 {
-    pub(crate) fn new(secret: HmacSecret) -> Result<Self> {
-        let inner = HmacSha384::new_from_slice(&secret)
-            .map_err(|_e| crate::errors::ErrorKind::InvalidKeyFormat)?;
+impl Hs384Signer {
+    pub(crate) fn new(encoding_key: &EncodingKey) -> Result<Self> {
+        let inner =
+            HmacSha384::new_from_slice(try_get_hmac_secret_from_encoding_key(encoding_key)?)
+                .map_err(|_e| crate::errors::ErrorKind::InvalidKeyFormat)?;
 
         Ok(Self(inner))
     }
 }
 
-impl Signer<Vec<u8>> for Hs384 {
+impl Signer<Vec<u8>> for Hs384Signer {
     fn try_sign(&self, msg: &[u8]) -> std::result::Result<Vec<u8>, signature::Error> {
         let mut signer = self.0.clone();
         signer.reset();
@@ -77,13 +93,25 @@ impl Signer<Vec<u8>> for Hs384 {
     }
 }
 
-impl JwtSigner for Hs384 {
+impl JwtSigner for Hs384Signer {
     fn algorithm(&self) -> Algorithm {
         Algorithm::HS384
     }
 }
 
-impl Verifier<Vec<u8>> for Hs384 {
+pub struct Hs384Verifier(HmacSha384);
+
+impl Hs384Verifier {
+    pub(crate) fn new(decoding_key: &DecodingKey) -> Result<Self> {
+        let inner =
+            HmacSha384::new_from_slice(&try_get_hmac_secret_from_decoding_key(decoding_key)?)
+                .map_err(|_e| crate::errors::ErrorKind::InvalidKeyFormat)?;
+
+        Ok(Self(inner))
+    }
+}
+
+impl Verifier<Vec<u8>> for Hs384Verifier {
     fn verify(&self, msg: &[u8], signature: &Vec<u8>) -> std::result::Result<(), signature::Error> {
         let mut verifier = self.0.clone();
         verifier.reset();
@@ -93,24 +121,25 @@ impl Verifier<Vec<u8>> for Hs384 {
     }
 }
 
-impl JwtVerifier for Hs384 {
+impl JwtVerifier for Hs384Verifier {
     fn algorithm(&self) -> Algorithm {
         Algorithm::HS384
     }
 }
 
-pub struct Hs512(HmacSha512);
+pub struct Hs512Signer(HmacSha512);
 
-impl Hs512 {
-    pub(crate) fn new(secret: HmacSecret) -> Result<Self> {
-        let inner = HmacSha512::new_from_slice(&secret)
-            .map_err(|_e| crate::errors::ErrorKind::InvalidKeyFormat)?;
+impl Hs512Signer {
+    pub(crate) fn new(encoding_key: &EncodingKey) -> Result<Self> {
+        let inner =
+            HmacSha512::new_from_slice(try_get_hmac_secret_from_encoding_key(encoding_key)?)
+                .map_err(|_e| crate::errors::ErrorKind::InvalidKeyFormat)?;
 
         Ok(Self(inner))
     }
 }
 
-impl Signer<Vec<u8>> for Hs512 {
+impl Signer<Vec<u8>> for Hs512Signer {
     fn try_sign(&self, msg: &[u8]) -> std::result::Result<Vec<u8>, signature::Error> {
         let mut signer = self.0.clone();
         signer.reset();
@@ -120,13 +149,25 @@ impl Signer<Vec<u8>> for Hs512 {
     }
 }
 
-impl JwtSigner for Hs512 {
+impl JwtSigner for Hs512Signer {
     fn algorithm(&self) -> Algorithm {
         Algorithm::HS512
     }
 }
 
-impl Verifier<Vec<u8>> for Hs512 {
+pub struct Hs512Verifier(HmacSha512);
+
+impl Hs512Verifier {
+    pub(crate) fn new(decoding_key: &DecodingKey) -> Result<Self> {
+        let inner =
+            HmacSha512::new_from_slice(&try_get_hmac_secret_from_decoding_key(decoding_key)?)
+                .map_err(|_e| crate::errors::ErrorKind::InvalidKeyFormat)?;
+
+        Ok(Self(inner))
+    }
+}
+
+impl Verifier<Vec<u8>> for Hs512Verifier {
     fn verify(&self, msg: &[u8], signature: &Vec<u8>) -> std::result::Result<(), signature::Error> {
         let mut verifier = self.0.clone();
         verifier.reset();
@@ -136,7 +177,7 @@ impl Verifier<Vec<u8>> for Hs512 {
     }
 }
 
-impl JwtVerifier for Hs512 {
+impl JwtVerifier for Hs512Verifier {
     fn algorithm(&self) -> Algorithm {
         Algorithm::HS512
     }

src/crypto/rust_crypto/hmac.rs

@@ -2,7 +2,6 @@ use base64::{engine::general_purpose::STANDARD, Engine};
 use serde::de::DeserializeOwned;
 
 use crate::algorithms::AlgorithmFamily;
-use crate::crypto::hmac::HmacSecret;
 use crate::crypto::JwtVerifier;
 use crate::errors::{new_error, Error, ErrorKind, Result};
 use crate::header::Header;
@@ -17,7 +16,7 @@ use crate::Algorithm;
 #[cfg(feature = "aws_lc_rs")]
 use crate::crypto::aws_lc::hmac::{Hs256, Hs384, Hs512};
 #[cfg(feature = "rust_crypto")]
-use crate::crypto::rust_crypto::hmac::{Hs256, Hs384, Hs512};
+use crate::crypto::rust_crypto::hmac::{Hs256Verifier, Hs384Verifier, Hs512Verifier};
 
 /// The return type of a successful call to [decode](fn.decode.html).
 #[derive(Debug)]
@@ -257,9 +256,9 @@ pub fn _decode<T: DeserializeOwned>(
 /// Return the correct [`JwtVerifier`] based on the `algorithm`.
 fn jwt_verifier_factory(algorithm: &Algorithm, key: &DecodingKey) -> Result<Box<dyn JwtVerifier>> {
     let jwt_encoder = match algorithm {
-        Algorithm::HS256 => Box::new(Hs256::new(key.try_into()?)?) as Box<dyn JwtVerifier>,
-        Algorithm::HS384 => Box::new(Hs384::new(key.try_into()?)?) as Box<dyn JwtVerifier>,
-        Algorithm::HS512 => Box::new(Hs512::new(key.try_into()?)?) as Box<dyn JwtVerifier>,
+        Algorithm::HS256 => Box::new(Hs256Verifier::new(key)?) as Box<dyn JwtVerifier>,
+        Algorithm::HS384 => Box::new(Hs384Verifier::new(key)?) as Box<dyn JwtVerifier>,
+        Algorithm::HS512 => Box::new(Hs512Verifier::new(key)?) as Box<dyn JwtVerifier>,
         Algorithm::ES256 => todo!(),
         Algorithm::ES384 => todo!(),
         Algorithm::RS256 => todo!(),
@@ -274,20 +273,6 @@ fn jwt_verifier_factory(algorithm: &Algorithm, key: &DecodingKey) -> Result<Box<
     Ok(jwt_encoder)
 }
 
-/// Convert a [`&DecodingKey`] into an [`HmacSecret`]
-impl TryInto<HmacSecret> for &DecodingKey {
-    type Error = Error;
-
-    fn try_into(self) -> std::result::Result<HmacSecret, Self::Error> {
-        match self.kind.clone() {
-            DecodingKeyKind::SecretOrDer(vec) => Ok(HmacSecret::from_secret(&vec)),
-            DecodingKeyKind::RsaModulusExponent { .. } => {
-                Err(new_error(crate::errors::ErrorKind::InvalidKeyFormat))
-            }
-        }
-    }
-}
-
 /// Decode a JWT without any signature verification/validations and return its [Header](struct.Header.html).
 ///
 /// If the token has an invalid format (ie 3 parts separated by a `.`), it will return an error.
@@ -341,3 +326,19 @@ fn verify_signature<'a>(
 
     Ok((header, payload))
 }
+
+/// # Todo
+///
+/// - Try return a reference.
+pub(crate) fn try_get_hmac_secret_from_decoding_key(decoding_key: &DecodingKey) -> Result<Vec<u8>> {
+    if decoding_key.family != AlgorithmFamily::Hmac {
+        return Err(new_error(ErrorKind::InvalidKeyFormat));
+    }
+
+    match decoding_key.kind.clone() {
+        DecodingKeyKind::SecretOrDer(vec) => Ok(vec),
+        DecodingKeyKind::RsaModulusExponent { .. } => {
+            Err(new_error(crate::errors::ErrorKind::InvalidKeyFormat))
+        }
+    }
+}

src/decoding.rs

@@ -2,20 +2,19 @@ use base64::{engine::general_purpose::STANDARD, Engine};
 use serde::ser::Serialize;
 
 use crate::algorithms::AlgorithmFamily;
-use crate::crypto::hmac::HmacSecret;
 use crate::crypto::JwtSigner;
 use crate::errors::{new_error, ErrorKind, Result};
 use crate::header::Header;
 #[cfg(feature = "use_pem")]
 use crate::pem::decoder::PemEncodedKey;
 use crate::serialization::{b64_encode, b64_encode_part};
-use crate::Algorithm;
+use crate::{Algorithm, DecodingKey};
 
 // Crypto
 #[cfg(feature = "aws_lc_rs")]
 use crate::crypto::aws_lc::hmac::{Hs256, Hs384, Hs512};
 #[cfg(feature = "rust_crypto")]
-use crate::crypto::rust_crypto::hmac::{Hs256, Hs384, Hs512};
+use crate::crypto::rust_crypto::hmac::{Hs256Signer, Hs384Signer, Hs512Signer};
 
 /// A key to encode a JWT with. Can be a secret, a PEM-encoded key or a DER-encoded key.
 /// This key can be re-used so make sure you only initialize it once if you can for better performance.
@@ -160,9 +159,9 @@ pub fn _encode<T: Serialize>(
 /// Return the correct [`JwtSigner`] based on the `algorithm`.
 fn jwt_signer_factory(algorithm: &Algorithm, key: &EncodingKey) -> Result<Box<dyn JwtSigner>> {
     let jwt_signer = match algorithm {
-        Algorithm::HS256 => Box::new(Hs256::new(key.into())?) as Box<dyn JwtSigner>,
-        Algorithm::HS384 => Box::new(Hs384::new(key.into())?) as Box<dyn JwtSigner>,
-        Algorithm::HS512 => Box::new(Hs512::new(key.into())?) as Box<dyn JwtSigner>,
+        Algorithm::HS256 => Box::new(Hs256Signer::new(key)?) as Box<dyn JwtSigner>,
+        Algorithm::HS384 => Box::new(Hs384Signer::new(key)?) as Box<dyn JwtSigner>,
+        Algorithm::HS512 => Box::new(Hs512Signer::new(key)?) as Box<dyn JwtSigner>,
         Algorithm::ES256 => todo!(),
         Algorithm::ES384 => todo!(),
         Algorithm::RS256 => todo!(),
@@ -177,9 +176,12 @@ fn jwt_signer_factory(algorithm: &Algorithm, key: &EncodingKey) -> Result<Box<dy
     Ok(jwt_signer)
 }
 
-/// Convert an [`&EncodingKey`] to an [`HmacSecret`].
-impl From<&EncodingKey> for HmacSecret {
-    fn from(key: &EncodingKey) -> Self {
-        HmacSecret::from_secret(&key.content)
+pub(crate) fn try_get_hmac_secret_from_encoding_key(
+    encoding_key: &EncodingKey,
+) -> Result<&Vec<u8>> {
+    if encoding_key.family == AlgorithmFamily::Hmac {
+        Ok(&encoding_key.content)
+    } else {
+        Err(new_error(ErrorKind::InvalidKeyFormat))
     }
 }

src/encoding.rs

@@ -9,7 +9,6 @@ compile_error!(
 );
 
 pub use algorithms::Algorithm;
-pub use crypto::hmac::HmacSecret;
 pub use decoding::{decode, decode_header, DecodingKey, TokenData, _decode};
 pub use encoding::{encode, EncodingKey, _encode};
 pub use header::Header;