matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-08-07 17:03:01 +03:00
Code Activity

Some cleanups

Browse Source
This commit is contained in:
Quentin Gliech
2022-09-01 16:10:54 +02:00
parent 97ed342ca0
commit b9e46dfc55
9 changed files with 116 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
crates/jose/src/constraints.rs
View File

@@ -76,11 +76,15 @@ pub enum ConstraintDecision {
}
pub trait Constrainable {
/// List of available algorithms for this key
fn algs(&self) -> Option<Vec<JsonWebSignatureAlg>> {
fn alg(&self) -> Option<JsonWebSignatureAlg> {
None
}
/// List of available algorithms for this key
fn algs(&self) -> &[JsonWebSignatureAlg] {
&[]
}
/// Key ID (`kid`) of this key
fn kid(&self) -> Option<&str> {
None
@@ -99,25 +103,36 @@ impl<'a> Constraint<'a> {
fn decide<T: Constrainable>(&self, constrainable: &T) -> ConstraintDecision {
match self {
Constraint::Alg { constraint_alg } => {
if let Some(algs) = constrainable.algs() {
if algs.contains(constraint_alg) {
// If the constrainable has one specific alg defined, use that
if let Some(alg) = constrainable.alg() {
if alg == *constraint_alg {
ConstraintDecision::Positive
} else {
ConstraintDecision::Negative
}
} else {
// If not, check that the requested alg is valid for this
// constrainable
} else if constrainable.algs().contains(constraint_alg) {
ConstraintDecision::Neutral
} else {
ConstraintDecision::Negative
}
}
Constraint::Algs { constraint_algs } => {
if let Some(algs) = constrainable.algs() {
if algs.iter().any(|alg| constraint_algs.contains(alg)) {
if let Some(alg) = constrainable.alg() {
if constraint_algs.contains(&alg) {
ConstraintDecision::Positive
} else {
ConstraintDecision::Negative
}
} else {
} else if constrainable
.algs()
.iter()
.any(|alg| constraint_algs.contains(alg))
{
ConstraintDecision::Neutral
} else {
ConstraintDecision::Negative
}
}
Constraint::Kid { constraint_kid } => {

2
crates/jose/src/jwa/rsa.rs
View File

@@ -17,7 +17,7 @@
use super::signature::Signature;
pub trait RsaHashIdentifier {
pub(crate) trait RsaHashIdentifier {
const HASH: rsa::Hash;
}

67
crates/jose/src/jwk/mod.rs
View File

@@ -27,7 +27,7 @@ use serde_with::{
};
use url::Url;
use crate::constraints::Constrainable;
use crate::constraints::{Constrainable, Constraint, ConstraintSet};
pub(crate) mod private_parameters;
pub(crate) mod public_parameters;
@@ -39,9 +39,11 @@ pub use self::{
pub trait ParametersInfo {
fn kty(&self) -> JsonWebKeyType;
fn possible_algs(&self) -> &'static [JsonWebSignatureAlg];
fn possible_algs(&self) -> &[JsonWebSignatureAlg];
}
/// An utilitary trait to figure out the [`JsonWebKeyEcEllipticCurve`] value for
/// elliptic curves
trait JwkEcCurve {
const CRV: JsonWebKeyEcEllipticCurve;
}
@@ -239,12 +241,12 @@ where
self.parameters.kty()
}
fn algs(&self) -> Option<Vec<JsonWebSignatureAlg>> {
if let Some(alg) = self.alg {
Some(vec![alg])
} else {
Some(self.parameters.possible_algs().to_vec())
}
fn algs(&self) -> &[JsonWebSignatureAlg] {
self.parameters.possible_algs()
}
fn alg(&self) -> Option<JsonWebSignatureAlg> {
self.alg
}
fn use_(&self) -> Option<JsonWebKeyUse> {
@@ -293,6 +295,55 @@ impl<P> JsonWebKeySet<P> {
pub fn new(keys: Vec<JsonWebKey<P>>) -> Self {
Self { keys }
}
/// Find the best key given the constraints
#[must_use]
pub fn find_key(&self, constraints: &ConstraintSet) -> Option<&JsonWebKey<P>>
where
P: ParametersInfo,
{
constraints.filter(&self.keys).pop()
}
/// Find the list of keys which match the given constraints
#[must_use]
pub fn find_keys(&self, constraints: &ConstraintSet) -> Vec<&JsonWebKey<P>>
where
P: ParametersInfo,
{
constraints.filter(&self.keys)
}
/// Find a key for the given algorithm. Returns `None` if no suitable key
/// was found.
#[must_use]
pub fn signing_key_for_algorithm(&self, alg: JsonWebSignatureAlg) -> Option<&JsonWebKey<P>>
where
P: ParametersInfo,
{
let constraints = ConstraintSet::new([
Constraint::alg(alg),
Constraint::use_(mas_iana::jose::JsonWebKeyUse::Sig),
]);
self.find_key(&constraints)
}
/// Get a list of available signing algorithms for this [`Keystore`]
#[must_use]
pub fn available_signing_algorithms(&self) -> Vec<JsonWebSignatureAlg>
where
P: ParametersInfo,
{
let mut algs: Vec<_> = self
.keys
.iter()
.flat_map(|key| key.params().possible_algs())
.copied()
.collect();
algs.sort();
algs.dedup();
algs
}
}
impl<P> FromIterator<JsonWebKey<P>> for JsonWebKeySet<P> {

10
crates/jose/src/jwk/private_parameters.rs
View File

@@ -87,7 +87,7 @@ impl ParametersInfo for JsonWebKeyPrivateParameters {
}
}
fn possible_algs(&self) -> &'static [JsonWebSignatureAlg] {
fn possible_algs(&self) -> &[JsonWebSignatureAlg] {
match self {
JsonWebKeyPrivateParameters::Oct(p) => p.possible_algs(),
JsonWebKeyPrivateParameters::Rsa(p) => p.possible_algs(),
@@ -128,7 +128,7 @@ impl ParametersInfo for OctPrivateParameters {
JsonWebKeyType::Oct
}
fn possible_algs(&self) -> &'static [JsonWebSignatureAlg] {
fn possible_algs(&self) -> &[JsonWebSignatureAlg] {
&[
JsonWebSignatureAlg::Hs256,
JsonWebSignatureAlg::Hs384,
@@ -190,7 +190,7 @@ impl ParametersInfo for RsaPrivateParameters {
JsonWebKeyType::Rsa
}
fn possible_algs(&self) -> &'static [JsonWebSignatureAlg] {
fn possible_algs(&self) -> &[JsonWebSignatureAlg] {
&[
JsonWebSignatureAlg::Rs256,
JsonWebSignatureAlg::Rs384,
@@ -330,7 +330,7 @@ impl ParametersInfo for EcPrivateParameters {
JsonWebKeyType::Ec
}
fn possible_algs(&self) -> &'static [JsonWebSignatureAlg] {
fn possible_algs(&self) -> &[JsonWebSignatureAlg] {
match self.crv {
JsonWebKeyEcEllipticCurve::P256 => &[JsonWebSignatureAlg::Es256],
JsonWebKeyEcEllipticCurve::P384 => &[JsonWebSignatureAlg::Es384],
@@ -471,7 +471,7 @@ impl ParametersInfo for OkpPrivateParameters {
JsonWebKeyType::Okp
}
fn possible_algs(&self) -> &'static [JsonWebSignatureAlg] {
fn possible_algs(&self) -> &[JsonWebSignatureAlg] {
&[JsonWebSignatureAlg::EdDsa]
}
}

8
crates/jose/src/jwk/public_parameters.rs
View File

@@ -74,7 +74,7 @@ impl ParametersInfo for JsonWebKeyPublicParameters {
}
}
fn possible_algs(&self) -> &'static [JsonWebSignatureAlg] {
fn possible_algs(&self) -> &[JsonWebSignatureAlg] {
match self {
JsonWebKeyPublicParameters::Rsa(p) => p.possible_algs(),
JsonWebKeyPublicParameters::Ec(p) => p.possible_algs(),
@@ -100,7 +100,7 @@ impl ParametersInfo for RsaPublicParameters {
JsonWebKeyType::Rsa
}
fn possible_algs(&self) -> &'static [JsonWebSignatureAlg] {
fn possible_algs(&self) -> &[JsonWebSignatureAlg] {
&[
JsonWebSignatureAlg::Rs256,
JsonWebSignatureAlg::Rs384,
@@ -147,7 +147,7 @@ impl ParametersInfo for EcPublicParameters {
JsonWebKeyType::Ec
}
fn possible_algs(&self) -> &'static [JsonWebSignatureAlg] {
fn possible_algs(&self) -> &[JsonWebSignatureAlg] {
match self.crv {
JsonWebKeyEcEllipticCurve::P256 => &[JsonWebSignatureAlg::Es256],
JsonWebKeyEcEllipticCurve::P384 => &[JsonWebSignatureAlg::Es384],
@@ -172,7 +172,7 @@ impl ParametersInfo for OkpPublicParameters {
JsonWebKeyType::Okp
}
fn possible_algs(&self) -> &'static [JsonWebSignatureAlg] {
fn possible_algs(&self) -> &[JsonWebSignatureAlg] {
&[JsonWebSignatureAlg::EdDsa]
}
}