pierre/VirtWeb
1
0
Fork 0
Code Issues Pull Requests 3 Packages Projects Releases 5 Wiki Activity

WIP
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details

Browse Source
This commit is contained in:
Pierre HUBERT
2024-04-08 22:46:17 +02:00
parent ab7907d947
commit 0217d1c53d
3 changed files with 206 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
virtweb_backend/src/utils/jwt_utils.rs
View File

@ -1,5 +1,8 @@
use elliptic_curve::pkcs8::EncodePublicKey;
use jsonwebtoken::{Algorithm, DecodingKey, EncodingKey, Validation};
use ring::signature::{KeyPair, UnparsedPublicKey};
use p384::ecdsa::{SigningKey, VerifyingKey};
use p384::pkcs8::{EncodePrivateKey, LineEnding};
use rand::rngs::OsRng;
use serde::de::DeserializeOwned;
use serde::Serialize;
@ -23,25 +26,14 @@ pub enum TokenPrivKey {
/// Generate a new token keypair
pub fn generate_key_pair() -> anyhow::Result<(TokenPubKey, TokenPrivKey)> {
let doc = ring::signature::EcdsaKeyPair::generate_pkcs8(
&ring::signature::ECDSA_P384_SHA384_ASN1_SIGNING,
&ring::rand::SystemRandom::new(),
)?;
let signing_key = SigningKey::random(&mut OsRng);
let priv_pem = signing_key
.to_pkcs8_der()?
.to_pem("PRIVATE KEY", LineEnding::LF)?
.to_string();
let priv_pem = pem::encode(&pem::Pem::new("PRIVATE KEY", doc.as_ref()));
let pair = ring::signature::EcdsaKeyPair::from_pkcs8(
&ring::signature::ECDSA_P384_SHA384_ASN1_SIGNING,
doc.as_ref(),
&ring::rand::SystemRandom::new(),
)?;
let pub_pem = pem::encode(&pem::Pem::new("PUBLIC KEY", pair.public_key().as_ref()));
let pk = pair.public_key();
let unp = UnparsedPublicKey::new(&ring::signature::ECDSA_P384_SHA384_ASN1_SIGNING, pk.as_ref());
let decoding_key = DecodingKey::from_ec_pem(pub_pem.as_bytes()).expect("aie ai");
let pub_key = VerifyingKey::from(signing_key);
let pub_pem = pub_key.to_public_key_pem(LineEnding::LF)?;
Ok((
TokenPubKey::ES384 { r#pub: pub_pem },
@ -99,11 +91,10 @@ mod test {
exp: time() + 100,
};
let jwt = sign_jwt(&priv_key, &claims).expect("Failed to sign JWT!");
println!("pub {pub_key:?}");
println!("priv {priv_key:?}");
let claims_out = validate_jwt(&pub_key, &jwt).expect("Failed to validate JWT!");
assert_eq!(claims, claims_out)
}
// TODO : complete tests
}