Finish clean up

This commit is contained in:
Thomas Gideon 2017-02-15 13:53:00 -05:00
parent 29037a0df7
commit 7cc935244d
2 changed files with 5 additions and 30 deletions

View file

@ -28,7 +28,7 @@ pub fn verify(target: &str, data: &str, key: &[u8], algorithm: &Algorithm) -> bo
} }
} }
pub fn sign_hmac(data: &str, key: &[u8], digest: MessageDigest) -> String { fn sign_hmac(data: &str, key: &[u8], digest: MessageDigest) -> String {
let secret_key = PKey::hmac(key).unwrap(); let secret_key = PKey::hmac(key).unwrap();
let mut signer = Signer::new(digest, &secret_key).unwrap(); let mut signer = Signer::new(digest, &secret_key).unwrap();
@ -38,7 +38,7 @@ pub fn sign_hmac(data: &str, key: &[u8], digest: MessageDigest) -> String {
encode_config(&mac, URL_SAFE) encode_config(&mac, URL_SAFE)
} }
pub fn sign_rsa(data: &str, key: &[u8], digest: MessageDigest) -> String { fn sign_rsa(data: &str, key: &[u8], digest: MessageDigest) -> String {
let private_key = Rsa::private_key_from_pem(key).unwrap(); let private_key = Rsa::private_key_from_pem(key).unwrap();
let pkey = PKey::from_rsa(private_key).unwrap(); let pkey = PKey::from_rsa(private_key).unwrap();
@ -48,7 +48,7 @@ pub fn sign_rsa(data: &str, key: &[u8], digest: MessageDigest) -> String {
encode_config(&sig, URL_SAFE) encode_config(&sig, URL_SAFE)
} }
pub fn verify_hmac(target: &str, data: &str, key: &[u8], digest: MessageDigest) -> bool { fn verify_hmac(target: &str, data: &str, key: &[u8], digest: MessageDigest) -> bool {
let target_bytes: Vec<u8> = decode_config(target, URL_SAFE).unwrap(); let target_bytes: Vec<u8> = decode_config(target, URL_SAFE).unwrap();
let secret_key = PKey::hmac(key).unwrap(); let secret_key = PKey::hmac(key).unwrap();
@ -60,7 +60,7 @@ pub fn verify_hmac(target: &str, data: &str, key: &[u8], digest: MessageDigest)
memcmp::eq(&mac, &target_bytes) memcmp::eq(&mac, &target_bytes)
} }
pub fn verify_rsa(signature: &str, data: &str, key: &[u8], digest: MessageDigest) -> bool { fn verify_rsa(signature: &str, data: &str, key: &[u8], digest: MessageDigest) -> bool {
let signature_bytes: Vec<u8> = decode_config(signature, URL_SAFE).unwrap(); let signature_bytes: Vec<u8> = decode_config(signature, URL_SAFE).unwrap();
let public_key = Rsa::public_key_from_pem(key).unwrap(); let public_key = Rsa::public_key_from_pem(key).unwrap();
let pkey = PKey::from_rsa(public_key).unwrap(); let pkey = PKey::from_rsa(public_key).unwrap();

View file

@ -6,7 +6,6 @@ extern crate serde_derive;
extern crate serde_json; extern crate serde_json;
use base64::{decode_config, encode_config, URL_SAFE}; use base64::{decode_config, encode_config, URL_SAFE};
use openssl::hash::MessageDigest;
use serde::{Serialize, Deserialize}; use serde::{Serialize, Deserialize};
pub use error::Error; pub use error::Error;
pub use header::DefaultHeader; pub use header::DefaultHeader;
@ -77,17 +76,6 @@ impl<H, C> Token<H, C>
/// Verify a from_base64 token with a key and the token's specific algorithm /// Verify a from_base64 token with a key and the token's specific algorithm
pub fn verify(&self, key: &[u8]) -> bool { pub fn verify(&self, key: &[u8]) -> bool {
match self.header.alg() {
&Algorithm::HS256 => self.verify_hmac(key, MessageDigest::sha256()),
&Algorithm::HS384 => self.verify_hmac(key, MessageDigest::sha384()),
&Algorithm::HS512 => self.verify_hmac(key, MessageDigest::sha512()),
&Algorithm::RS256 => self.verify_rsa(key, MessageDigest::sha256()),
&Algorithm::RS384 => self.verify_rsa(key, MessageDigest::sha384()),
&Algorithm::RS512 => self.verify_rsa(key, MessageDigest::sha512()),
}
}
fn verify_hmac(&self, key: &[u8], digest: MessageDigest) -> bool {
let raw = match self.raw { let raw = match self.raw {
Some(ref s) => s, Some(ref s) => s,
None => return false, None => return false,
@ -97,20 +85,7 @@ impl<H, C> Token<H, C>
let sig = pieces[0]; let sig = pieces[0];
let data = pieces[1]; let data = pieces[1];
crypt::verify_hmac(sig, data, key, digest) crypt::verify(sig, data, key, &self.header.alg())
}
fn verify_rsa(&self, key: &[u8], digest: MessageDigest) -> bool {
let raw = match self.raw {
Some(ref s) => s,
None => return false,
};
let pieces: Vec<_> = raw.rsplitn(2, '.').collect();
let sig = pieces[0];
let data = pieces[1];
crypt::verify_rsa(sig, data, key, digest)
} }
/// Generate the signed token from a key and the specific algorithm /// Generate the signed token from a key and the specific algorithm