Home Explore Help
Sign In
kestrel
/
uidc
1
0
Fork 0
Files Issues 5 Pull Requests 0 Wiki
Tree: 263f261d8f
Branches Tags
uidc
/
src
/
jwt.rs

jwt.rs 3.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 
  1. #[derive(serde::Serialize, serde::Deserialize)]
    2. 

  2. pub struct JWTData<'l> {
    3. 

  3.     pub sub: &'l str,
    4. 

  4.     pub iss: &'l str,
    5. 

  5.     pub aud: &'l str,
    6. 

  6.     pub iat: u64,
    7. 

  7.     pub exp: u64,
    8. 

  8. 

  9.     #[serde(flatten)]
    10. 

  10.     pub extras: std::collections::HashMap<&'l str, serde_json::Value>,
    11. 

  11. }
    12. 

  12. 

  13. impl<'l> Into<String> for JWTData<'l> {
    14. 

  14.     fn into(self) -> String {
    15. 

  15.         serde_json::to_string(&self).unwrap()
    16. 

  16.     }
    17. 

  17. }
    18. 

  18. 

  19. pub const DEFAULT_HEADER: &'static str = r#"{"alg": "EdDSA", "typ": "JWT"}"#;
    20. 

  20. 

  21. pub struct JWT {
    22. 

  22.     pub header: String,
    23. 

  23.     pub data: String,
    24. 

  24.     pub signature: String,
    25. 

  25. }
    26. 

  26. 

  27. impl JWT {
    28. 

  28.     pub fn verify<B: std::convert::AsRef<[u8]>>(with: &ring::signature::UnparsedPublicKey<B>, from: &str) -> Option<Self> {
    29. 

  29.         let header_split = from.find(".")?;
    30. 

  30.         let header = &from[0..header_split];
    31. 

  31.         let data_split = header_split + 1 + from[header_split+1..].find(".")?;
    32. 

  32.         let data = &from[header_split + 1 .. data_split];
    33. 

  33.         let signature = &from[data_split + 1 ..];
    34. 

  34. 

  35.         let mut to_verify = vec![];
    36. 

  36.         to_verify.extend(header.as_bytes());
    37. 

  37.         to_verify.extend(".".as_bytes());
    38. 

  38.         to_verify.extend(data.as_bytes());
    39. 

  39. 

  40.         let decoded_signature = base64::decode_config(signature.as_bytes(), base64::URL_SAFE_NO_PAD).ok()?;
    41. 

  41.         with.verify(to_verify.as_ref(), decoded_signature.as_ref()).ok()?;
    42. 

  42. 

  43.         // if we got this far, the verification passed
    44. 

  44.         Some(Self {
    45. 

  45.             header: header.into(), data: data.into(), signature: signature.into()
    46. 

  46.         })
    47. 

  47.     }
    48. 

  48. 

  49.     pub fn sign(with: &ring::signature::Ed25519KeyPair, data: JWTData) -> Self {
    50. 

  50.         let header = base64::encode_config(DEFAULT_HEADER, base64::URL_SAFE_NO_PAD);
    51. 

  51.         let data = base64::encode_config(<JWTData as Into::<String>>::into(data), base64::URL_SAFE_NO_PAD);
    52. 

  52. 

  53.         let mut to_sign = vec![];
    54. 

  54.         to_sign.extend(header.as_bytes());
    55. 

  55.         to_sign.extend(".".as_bytes());
    56. 

  56.         to_sign.extend(data.as_bytes());
    57. 

  57.         let signature = base64::encode_config(with.sign(&to_sign).as_ref(), base64::URL_SAFE_NO_PAD);
    58. 

  58. 

  59.         Self {
    60. 

  60.             header,
    61. 

  61.             data,
    62. 

  62.             signature
    63. 

  63.         }
    64. 

  64.     }
    65. 

  65. 

  66.     pub fn into_string(self) -> String {
    67. 

  67.         self.header + "." + self.data.as_str() + "." + self.signature.as_str()
    68. 

  68.     }
    69. 

  69. }
    70. 

  70. 

  71. #[cfg(test)]
    72. 

  72. mod test {
    73. 

  73.     use ring::signature::KeyPair;
    74. 

  74. 

  75.     #[test]
    76. 

  76.     fn simple_round_trip() {
    77. 

  77.         let rng = ring::rand::SystemRandom::new();
    78. 

  78.         let kpair_raw = ring::signature::Ed25519KeyPair::generate_pkcs8(&rng).expect("couldn't generate ephemeral keypair");
    79. 

  79.         let kpair = ring::signature::Ed25519KeyPair::from_pkcs8(kpair_raw.as_ref()).expect("couldn't load keypair");
    80. 

  80. 

  81.         let jdata = super::JWTData {
    82. 

  82.             sub: "sub",
    83. 

  83.             iss: "iss",
    84. 

  84.             aud: "aud",
    85. 

  85.             iat: 1,
    86. 

  86.             exp: 2,
    87. 

  87.             extras: Default::default(),
    88. 

  88.         };
    89. 

  89. 

  90.         let generated = super::JWT::sign(&kpair, jdata).into_string();
    91. 

  91.         println!("generated: {:?}", generated);
    92. 

  92. 

  93.         let pubkey = ring::signature::UnparsedPublicKey::new(&ring::signature::ED25519, kpair.public_key().as_ref());
    94. 

  94. 

  95.         let vresult = super::JWT::verify(&pubkey, generated.as_str());
    96. 

  96. 

  97.         assert!(vresult.is_some());
    98. 

  98.     }
    99. 

  99. }
    100.