Add new higher level fn's, switch a test

This commit is contained in:
Thomas Gideon 2017-02-15 13:45:13 -05:00
parent 3c624ad482
commit ef8680fe3d

View file

@ -1,10 +1,33 @@
use base64::{decode_config, encode_config, URL_SAFE}; use base64::{decode_config, encode_config, URL_SAFE};
use header::Algorithm;
use openssl::hash::MessageDigest; use openssl::hash::MessageDigest;
use openssl::memcmp; use openssl::memcmp;
use openssl::pkey::PKey; use openssl::pkey::PKey;
use openssl::rsa::Rsa; use openssl::rsa::Rsa;
use openssl::sign::{Signer, Verifier}; use openssl::sign::{Signer, Verifier};
pub fn sign(data: &str, key: &[u8], algorithm: &Algorithm) -> String {
match algorithm {
&Algorithm::HS256 => sign_hmac(data, key, MessageDigest::sha256()),
&Algorithm::HS384 => sign_hmac(data, key, MessageDigest::sha384()),
&Algorithm::HS512 => sign_hmac(data, key, MessageDigest::sha512()),
&Algorithm::RS256 => sign_rsa(data, key, MessageDigest::sha256()),
&Algorithm::RS384 => sign_rsa(data, key, MessageDigest::sha384()),
&Algorithm::RS512 => sign_rsa(data, key, MessageDigest::sha512()),
}
}
pub fn verify(target: &str, data: &str, key: &[u8], algorithm: &Algorithm) -> bool {
match algorithm {
&Algorithm::HS256 => verify_hmac(target, data, key, MessageDigest::sha256()),
&Algorithm::HS384 => verify_hmac(target, data, key, MessageDigest::sha384()),
&Algorithm::HS512 => verify_hmac(target, data, key, MessageDigest::sha512()),
&Algorithm::RS256 => verify_rsa(target, data, key, MessageDigest::sha256()),
&Algorithm::RS384 => verify_rsa(target, data, key, MessageDigest::sha384()),
&Algorithm::RS512 => verify_rsa(target, data, key, MessageDigest::sha512()),
}
}
pub fn sign_hmac(data: &str, key: &[u8], digest: MessageDigest) -> String { pub fn sign_hmac(data: &str, key: &[u8], digest: MessageDigest) -> String {
let secret_key = PKey::hmac(key).unwrap(); let secret_key = PKey::hmac(key).unwrap();
@ -48,10 +71,11 @@ pub fn verify_rsa(signature: &str, data: &str, key: &[u8], digest: MessageDigest
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use super::{sign_hmac, sign_rsa, verify_hmac, verify_rsa}; use header::Algorithm;
use openssl::hash::MessageDigest;
use std::io::{Error, Read}; use std::io::{Error, Read};
use std::fs::File; use std::fs::File;
use openssl::hash::MessageDigest; use super::{sign, sign_hmac, sign_rsa, verify, verify_hmac, verify_rsa};
#[derive(Default, Debug, Serialize, Deserialize, PartialEq)] #[derive(Default, Debug, Serialize, Deserialize, PartialEq)]
struct EmptyClaim { } struct EmptyClaim { }
@ -63,7 +87,8 @@ mod tests {
let real_sig = "TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ="; let real_sig = "TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ=";
let data = format!("{}.{}", header, claims); let data = format!("{}.{}", header, claims);
let sig = sign_hmac(&*data, "secret".as_bytes(), MessageDigest::sha256()); //let sig = sign_hmac(&*data, "secret".as_bytes(), MessageDigest::sha256());
let sig = sign(&*data, "secret".as_bytes(), &Algorithm::HS256);
assert_eq!(sig, real_sig); assert_eq!(sig, real_sig);
} }