You've already forked authentication-service
mirror of
https://github.com/matrix-org/matrix-authentication-service.git
synced 2025-08-07 17:03:01 +03:00
Use new generated enums & query supported signing algs from the keystore
This commit is contained in:
@@ -12,6 +12,8 @@
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
use std::collections::HashSet;
|
||||
|
||||
use anyhow::bail;
|
||||
use async_trait::async_trait;
|
||||
use hmac::{Hmac, Mac};
|
||||
@@ -34,6 +36,16 @@ impl<'a> SharedSecret<'a> {
|
||||
|
||||
#[async_trait]
|
||||
impl<'a> SigningKeystore for &SharedSecret<'a> {
|
||||
fn supported_algorithms(self) -> HashSet<JsonWebSignatureAlgorithm> {
|
||||
let mut algorithms = HashSet::with_capacity(3);
|
||||
|
||||
algorithms.insert(JsonWebSignatureAlgorithm::Hs256);
|
||||
algorithms.insert(JsonWebSignatureAlgorithm::Hs384);
|
||||
algorithms.insert(JsonWebSignatureAlgorithm::Hs512);
|
||||
|
||||
algorithms
|
||||
}
|
||||
|
||||
async fn prepare_header(self, alg: JsonWebSignatureAlgorithm) -> anyhow::Result<JwtHeader> {
|
||||
if !matches!(
|
||||
alg,
|
||||
|
@@ -12,7 +12,7 @@
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
use std::collections::HashMap;
|
||||
use std::collections::{HashMap, HashSet};
|
||||
|
||||
use anyhow::bail;
|
||||
use async_trait::async_trait;
|
||||
@@ -126,6 +126,26 @@ impl StaticKeystore {
|
||||
|
||||
#[async_trait]
|
||||
impl SigningKeystore for &StaticKeystore {
|
||||
fn supported_algorithms(self) -> HashSet<JsonWebSignatureAlgorithm> {
|
||||
let has_rsa = !self.rsa_keys.is_empty();
|
||||
let has_es256 = !self.es256_keys.is_empty();
|
||||
|
||||
let capacity = (if has_rsa { 3 } else { 0 }) + (if has_es256 { 1 } else { 0 });
|
||||
let mut algorithms = HashSet::with_capacity(capacity);
|
||||
|
||||
if has_rsa {
|
||||
algorithms.insert(JsonWebSignatureAlgorithm::Rs256);
|
||||
algorithms.insert(JsonWebSignatureAlgorithm::Rs384);
|
||||
algorithms.insert(JsonWebSignatureAlgorithm::Rs512);
|
||||
}
|
||||
|
||||
if has_es256 {
|
||||
algorithms.insert(JsonWebSignatureAlgorithm::Es256);
|
||||
}
|
||||
|
||||
algorithms
|
||||
}
|
||||
|
||||
async fn prepare_header(self, alg: JsonWebSignatureAlgorithm) -> anyhow::Result<JwtHeader> {
|
||||
let header = JwtHeader::new(alg);
|
||||
|
||||
|
@@ -12,12 +12,16 @@
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
use std::collections::HashSet;
|
||||
|
||||
use async_trait::async_trait;
|
||||
|
||||
use crate::{iana::JsonWebSignatureAlgorithm, JsonWebKeySet, JwtHeader};
|
||||
|
||||
#[async_trait]
|
||||
pub trait SigningKeystore {
|
||||
fn supported_algorithms(self) -> HashSet<JsonWebSignatureAlgorithm>;
|
||||
|
||||
async fn prepare_header(self, alg: JsonWebSignatureAlgorithm) -> anyhow::Result<JwtHeader>;
|
||||
|
||||
async fn sign(self, header: &JwtHeader, msg: &[u8]) -> anyhow::Result<Vec<u8>>;
|
||||
|
@@ -19,8 +19,9 @@
|
||||
#![allow(clippy::missing_errors_doc)]
|
||||
#![allow(clippy::module_name_repetitions)]
|
||||
|
||||
pub(crate) use mas_iana::jose as iana;
|
||||
|
||||
pub mod claims;
|
||||
pub(crate) mod iana;
|
||||
pub(crate) mod jwk;
|
||||
pub(crate) mod jwt;
|
||||
mod keystore;
|
||||
|
Reference in New Issue
Block a user