1
0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-08-07 17:03:01 +03:00

Use new generated enums & query supported signing algs from the keystore

This commit is contained in:
Quentin Gliech
2022-01-11 18:46:26 +01:00
parent 0e70af0a75
commit 9003eaf0c2
11 changed files with 77 additions and 60 deletions

View File

@@ -12,6 +12,8 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use std::collections::HashSet;
use anyhow::bail;
use async_trait::async_trait;
use hmac::{Hmac, Mac};
@@ -34,6 +36,16 @@ impl<'a> SharedSecret<'a> {
#[async_trait]
impl<'a> SigningKeystore for &SharedSecret<'a> {
fn supported_algorithms(self) -> HashSet<JsonWebSignatureAlgorithm> {
let mut algorithms = HashSet::with_capacity(3);
algorithms.insert(JsonWebSignatureAlgorithm::Hs256);
algorithms.insert(JsonWebSignatureAlgorithm::Hs384);
algorithms.insert(JsonWebSignatureAlgorithm::Hs512);
algorithms
}
async fn prepare_header(self, alg: JsonWebSignatureAlgorithm) -> anyhow::Result<JwtHeader> {
if !matches!(
alg,

View File

@@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use std::collections::HashMap;
use std::collections::{HashMap, HashSet};
use anyhow::bail;
use async_trait::async_trait;
@@ -126,6 +126,26 @@ impl StaticKeystore {
#[async_trait]
impl SigningKeystore for &StaticKeystore {
fn supported_algorithms(self) -> HashSet<JsonWebSignatureAlgorithm> {
let has_rsa = !self.rsa_keys.is_empty();
let has_es256 = !self.es256_keys.is_empty();
let capacity = (if has_rsa { 3 } else { 0 }) + (if has_es256 { 1 } else { 0 });
let mut algorithms = HashSet::with_capacity(capacity);
if has_rsa {
algorithms.insert(JsonWebSignatureAlgorithm::Rs256);
algorithms.insert(JsonWebSignatureAlgorithm::Rs384);
algorithms.insert(JsonWebSignatureAlgorithm::Rs512);
}
if has_es256 {
algorithms.insert(JsonWebSignatureAlgorithm::Es256);
}
algorithms
}
async fn prepare_header(self, alg: JsonWebSignatureAlgorithm) -> anyhow::Result<JwtHeader> {
let header = JwtHeader::new(alg);

View File

@@ -12,12 +12,16 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use std::collections::HashSet;
use async_trait::async_trait;
use crate::{iana::JsonWebSignatureAlgorithm, JsonWebKeySet, JwtHeader};
#[async_trait]
pub trait SigningKeystore {
fn supported_algorithms(self) -> HashSet<JsonWebSignatureAlgorithm>;
async fn prepare_header(self, alg: JsonWebSignatureAlgorithm) -> anyhow::Result<JwtHeader>;
async fn sign(self, header: &JwtHeader, msg: &[u8]) -> anyhow::Result<Vec<u8>>;

View File

@@ -19,8 +19,9 @@
#![allow(clippy::missing_errors_doc)]
#![allow(clippy::module_name_repetitions)]
pub(crate) use mas_iana::jose as iana;
pub mod claims;
pub(crate) mod iana;
pub(crate) mod jwk;
pub(crate) mod jwt;
mod keystore;