feat(encoder): Add encoder builder

Author: sidrubs

Cargo.toml

@@ -36,6 +36,7 @@ ed25519-dalek = { version = "2.1.1" }
 p256 = { version = "0.13.2", features = ["ecdsa"] }
 p384 = { version = "0.13.0", features = ["ecdsa"] }
 rand_core = "0.6.4"
+signature = "2.2.0"
 [target.'cfg(target_arch = "wasm32")'.dependencies]
 js-sys = "0.3"
 

src/builder.rs

@@ -0,0 +1,90 @@
+//! # Todo
+//!
+//! - Documentation
+
+use serde::Serialize;
+
+use crate::{
+    crypto::JwtSigner,
+    errors::{new_error, Result},
+    serialization::{b64_encode, b64_encode_part},
+    Header,
+};
+
+/// # Todo
+///
+/// - Documentation
+pub struct JwtEncoder<C: JwtSigner> {
+    signing_provider: C,
+    header: Header,
+}
+
+impl<C: JwtSigner> JwtEncoder<C> {
+    /// Create a new [`JwtEncoder`] with any crypto provider that implements the [`CryptoProvider`] trait.
+    pub fn new(signing_provider: C) -> Self {
+        // Determine a default header
+        let mut header = Header::new(signing_provider.algorithm());
+        header.typ = Some("JWT".to_owned());
+
+        Self { signing_provider, header }
+    }
+
+    /// Provide a custom header.
+    ///
+    /// This would be used in the rare cases that fields other than `algorithm` and `type` need to be populated.
+    ///
+    /// # Todo
+    ///
+    /// - Test the the error checking works
+    pub fn with_header(mut self, header: Header) -> Result<Self> {
+        // Check that the header makes use of the correct algorithm
+        if header.alg != self.signing_provider.algorithm() {
+            return Err(new_error(crate::errors::ErrorKind::InvalidAlgorithm));
+        }
+
+        self.header = header;
+        Ok(self)
+    }
+
+    /// Encode and sign the `claims` as a JWT.
+    ///
+    /// # Todo
+    ///
+    /// - Put in example usage.
+    pub fn encode<T: Serialize>(&self, claims: &T) -> Result<String> {
+        let encoded_header = b64_encode_part(&self.header)?;
+        let encoded_claims = b64_encode_part(claims)?;
+        let message = [encoded_header, encoded_claims].join(".");
+
+        let signature = b64_encode(&self.signing_provider.sign(message.as_bytes()));
+
+        Ok([message, signature].join("."))
+    }
+}
+
+#[cfg(test)]
+mod builder_tests {
+    use crate::crypto::hmac::HmacSha256Trait;
+
+    use super::*;
+
+    #[derive(Debug, Serialize)]
+    struct Claims {
+        sub: String,
+        age: u32,
+    }
+
+    #[test]
+    fn test_builder() {
+        // Arrange
+        let claims = Claims { sub: "123345".to_owned(), age: 25 };
+        let signer = HmacSha256Trait::new("k3XTGsWiuO0stzhwPkuF2R6FdFY2crfyAVDjSBX34bW41ektItjp340PNXz1UvLkaq4CcT6ZMl7GXzfTvCvpkFXJbMni1wj40g423FbUxI7ZclVyzIrVFywrB5trt94Rv9AkTpShXzpnEWKGhZdD0MIOrQlg".as_ref()).unwrap();
+
+        // Act
+        let jwt = JwtEncoder::new(signer).encode(&claims).unwrap();
+
+        dbg!(&jwt);
+
+        // Assert
+    }
+}

src/crypto/hmac.rs

@@ -1,14 +1,42 @@
 use hmac::{Hmac, Mac};
 use sha2::{Sha256, Sha384, Sha512};
+use signature::Signer;
 
 use crate::errors::Result;
 use crate::serialization::{b64_decode, b64_encode};
 use crate::Algorithm;
 
+use super::JwtSigner;
+
 type HmacSha256 = Hmac<Sha256>;
 type HmacSha384 = Hmac<Sha384>;
 type HmacSha512 = Hmac<Sha512>;
 
+pub(crate) struct HmacSha256Trait(HmacSha256);
+
+impl HmacSha256Trait {
+    pub(crate) fn new(key: &[u8]) -> Result<Self> {
+        let inner = HmacSha256::new_from_slice(key)
+            .map_err(|_e| crate::errors::ErrorKind::InvalidKeyFormat)?;
+
+        Ok(Self(inner))
+    }
+}
+
+impl Signer<Vec<u8>> for HmacSha256Trait {
+    fn try_sign(&self, msg: &[u8]) -> std::result::Result<Vec<u8>, signature::Error> {
+        let mut signer = self.0.clone();
+
+        Ok(signer.sign(msg))
+    }
+}
+
+impl JwtSigner for HmacSha256Trait {
+    fn algorithm(&self) -> Algorithm {
+        Algorithm::HS256
+    }
+}
+
 pub(crate) fn sign_hmac(alg: Algorithm, key: &[u8], message: &[u8]) -> Result<String> {
     let mut hmac = create_hmac(alg, key)?;
     let digest = hmac.sign(message);

src/crypto/mod.rs

@@ -8,6 +8,24 @@ pub(crate) mod eddsa;
 pub(crate) mod hmac;
 pub(crate) mod rsa;
 
+use signature::{Signer, Verifier};
+
+/// Trait providing the functionality to sign a JWT.
+///
+/// Allows an arbitrary crypto backend to be provided.
+pub trait JwtSigner: Signer<Vec<u8>> {
+    /// Return the [`Algorithm`] corresponding to the signing module.
+    fn algorithm(&self) -> Algorithm;
+}
+
+/// Trait providing the functionality to verify a JWT.
+///
+/// Allows an arbitrary crypto backend to be provided.
+pub trait JwtVerifier: Verifier<Vec<u8>> {
+    /// Return the [`Algorithm`] corresponding to the signing module.
+    fn algorithm(&self) -> Algorithm;
+}
+
 /// Take the payload of a JWT, sign it using the algorithm given and return
 /// the base64 url safe encoded of the result.
 ///

src/lib.rs

@@ -10,6 +10,7 @@ pub use header::Header;
 pub use validation::{get_current_timestamp, Validation};
 
 mod algorithms;
+pub mod builder;
 /// Lower level functions, if you want to do something other than JWTs
 pub mod crypto;
 mod decoding;