From 7cc935244dd1630ef344e6a644c2148fb4cb14f9 Mon Sep 17 00:00:00 2001 From: Thomas Gideon Date: Wed, 15 Feb 2017 13:53:00 -0500 Subject: [PATCH] Finish clean up --- src/crypt.rs | 8 ++++---- src/lib.rs | 27 +-------------------------- 2 files changed, 5 insertions(+), 30 deletions(-) diff --git a/src/crypt.rs b/src/crypt.rs index 9f35022..407d9d7 100644 --- a/src/crypt.rs +++ b/src/crypt.rs @@ -28,7 +28,7 @@ pub fn verify(target: &str, data: &str, key: &[u8], algorithm: &Algorithm) -> bo } } -pub fn sign_hmac(data: &str, key: &[u8], digest: MessageDigest) -> String { +fn sign_hmac(data: &str, key: &[u8], digest: MessageDigest) -> String { let secret_key = PKey::hmac(key).unwrap(); let mut signer = Signer::new(digest, &secret_key).unwrap(); @@ -38,7 +38,7 @@ pub fn sign_hmac(data: &str, key: &[u8], digest: MessageDigest) -> String { encode_config(&mac, URL_SAFE) } -pub fn sign_rsa(data: &str, key: &[u8], digest: MessageDigest) -> String { +fn sign_rsa(data: &str, key: &[u8], digest: MessageDigest) -> String { let private_key = Rsa::private_key_from_pem(key).unwrap(); let pkey = PKey::from_rsa(private_key).unwrap(); @@ -48,7 +48,7 @@ pub fn sign_rsa(data: &str, key: &[u8], digest: MessageDigest) -> String { encode_config(&sig, URL_SAFE) } -pub fn verify_hmac(target: &str, data: &str, key: &[u8], digest: MessageDigest) -> bool { +fn verify_hmac(target: &str, data: &str, key: &[u8], digest: MessageDigest) -> bool { let target_bytes: Vec = decode_config(target, URL_SAFE).unwrap(); let secret_key = PKey::hmac(key).unwrap(); @@ -60,7 +60,7 @@ pub fn verify_hmac(target: &str, data: &str, key: &[u8], digest: MessageDigest) memcmp::eq(&mac, &target_bytes) } -pub fn verify_rsa(signature: &str, data: &str, key: &[u8], digest: MessageDigest) -> bool { +fn verify_rsa(signature: &str, data: &str, key: &[u8], digest: MessageDigest) -> bool { let signature_bytes: Vec = decode_config(signature, URL_SAFE).unwrap(); let public_key = Rsa::public_key_from_pem(key).unwrap(); let pkey = PKey::from_rsa(public_key).unwrap(); diff --git a/src/lib.rs b/src/lib.rs index 9e9847d..4c0bad0 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -6,7 +6,6 @@ extern crate serde_derive; extern crate serde_json; use base64::{decode_config, encode_config, URL_SAFE}; -use openssl::hash::MessageDigest; use serde::{Serialize, Deserialize}; pub use error::Error; pub use header::DefaultHeader; @@ -77,17 +76,6 @@ impl Token /// Verify a from_base64 token with a key and the token's specific algorithm pub fn verify(&self, key: &[u8]) -> bool { - match self.header.alg() { - &Algorithm::HS256 => self.verify_hmac(key, MessageDigest::sha256()), - &Algorithm::HS384 => self.verify_hmac(key, MessageDigest::sha384()), - &Algorithm::HS512 => self.verify_hmac(key, MessageDigest::sha512()), - &Algorithm::RS256 => self.verify_rsa(key, MessageDigest::sha256()), - &Algorithm::RS384 => self.verify_rsa(key, MessageDigest::sha384()), - &Algorithm::RS512 => self.verify_rsa(key, MessageDigest::sha512()), - } - } - - fn verify_hmac(&self, key: &[u8], digest: MessageDigest) -> bool { let raw = match self.raw { Some(ref s) => s, None => return false, @@ -97,20 +85,7 @@ impl Token let sig = pieces[0]; let data = pieces[1]; - crypt::verify_hmac(sig, data, key, digest) - } - - fn verify_rsa(&self, key: &[u8], digest: MessageDigest) -> bool { - let raw = match self.raw { - Some(ref s) => s, - None => return false, - }; - - let pieces: Vec<_> = raw.rsplitn(2, '.').collect(); - let sig = pieces[0]; - let data = pieces[1]; - - crypt::verify_rsa(sig, data, key, digest) + crypt::verify(sig, data, key, &self.header.alg()) } /// Generate the signed token from a key and the specific algorithm