Skip to content

Commit dc5c066

Browse files
kleinmrkkleinmrk
committed
add interfaces to set pkeys directly to ECDSA and PSS algorithms
1 parent 48a359a commit dc5c066

File tree

1 file changed

+60
-4
lines changed

1 file changed

+60
-4
lines changed

include/jwt-cpp/jwt.h

Lines changed: 60 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -854,6 +854,40 @@ namespace jwt {
854854
}
855855
} // namespace helper
856856

857+
class key {
858+
public:
859+
static key symmetric(const std::string& bytes) { return key(bytes); }
860+
861+
static key asymmetric(std::shared_ptr<EVP_PKEY> pkey) { return key(pkey); }
862+
863+
std::string get_symmetric_key() const {
864+
if (!is_symmetric) { throw std::logic_error("not a symmetric key"); }
865+
866+
return oct_key;
867+
}
868+
869+
std::shared_ptr<EVP_PKEY> get_asymmetric_key() const {
870+
if (is_symmetric) { throw std::logic_error("not an asymmetric key"); }
871+
872+
return pkey;
873+
}
874+
875+
private:
876+
key(const std::string& key) {
877+
is_symmetric = true;
878+
oct_key = key;
879+
}
880+
881+
key(std::shared_ptr<EVP_PKEY> key) {
882+
is_symmetric = false;
883+
pkey = key;
884+
}
885+
886+
bool is_symmetric;
887+
std::shared_ptr<EVP_PKEY> pkey;
888+
std::string oct_key;
889+
};
890+
857891
/**
858892
* \brief Various cryptographic algorithms when working with JWT
859893
*
@@ -1100,6 +1134,9 @@ namespace jwt {
11001134
throw ecdsa_exception(error::ecdsa_error::invalid_key_size);
11011135
}
11021136

1137+
ecdsa(helper::evp_pkey_handle pkey, const EVP_MD* (*md)(), std::string name, size_t siglen)
1138+
: pkey(pkey), md(md), alg_name(std::move(name)), signature_length(siglen) {}
1139+
11031140
/**
11041141
* Sign jwt data
11051142
* \param data The data to sign
@@ -1459,6 +1496,9 @@ namespace jwt {
14591496
throw rsa_exception(error::rsa_error::no_key_provided);
14601497
}
14611498

1499+
pss(helper::evp_pkey_handle pkey, const EVP_MD* (*md)(), std::string name)
1500+
: pkey(pkey), md(md), alg_name(std::move(name)) {}
1501+
14621502
/**
14631503
* Sign jwt data
14641504
* \param data The data to sign
@@ -1670,6 +1710,8 @@ namespace jwt {
16701710
explicit es256(const std::string& public_key, const std::string& private_key = "",
16711711
const std::string& public_key_password = "", const std::string& private_key_password = "")
16721712
: ecdsa(public_key, private_key, public_key_password, private_key_password, EVP_sha256, "ES256", 64) {}
1713+
1714+
explicit es256(helper::evp_pkey_handle pkey) : ecdsa(pkey, EVP_sha256, "ES256", 64) {}
16731715
};
16741716
/**
16751717
* ES384 algorithm
@@ -1687,6 +1729,8 @@ namespace jwt {
16871729
explicit es384(const std::string& public_key, const std::string& private_key = "",
16881730
const std::string& public_key_password = "", const std::string& private_key_password = "")
16891731
: ecdsa(public_key, private_key, public_key_password, private_key_password, EVP_sha384, "ES384", 96) {}
1732+
1733+
explicit es384(helper::evp_pkey_handle pkey) : ecdsa(pkey, EVP_sha384, "ES384", 96) {}
16901734
};
16911735
/**
16921736
* ES512 algorithm
@@ -1704,6 +1748,8 @@ namespace jwt {
17041748
explicit es512(const std::string& public_key, const std::string& private_key = "",
17051749
const std::string& public_key_password = "", const std::string& private_key_password = "")
17061750
: ecdsa(public_key, private_key, public_key_password, private_key_password, EVP_sha512, "ES512", 132) {}
1751+
1752+
explicit es512(helper::evp_pkey_handle pkey) : ecdsa(pkey, EVP_sha512, "ES512", 132) {}
17071753
};
17081754
/**
17091755
* ES256K algorithm
@@ -1720,6 +1766,8 @@ namespace jwt {
17201766
explicit es256k(const std::string& public_key, const std::string& private_key = "",
17211767
const std::string& public_key_password = "", const std::string& private_key_password = "")
17221768
: ecdsa(public_key, private_key, public_key_password, private_key_password, EVP_sha256, "ES256K", 64) {}
1769+
1770+
explicit es256k(helper::evp_pkey_handle pkey) : ecdsa(pkey, EVP_sha256, "ES256K", 64) {}
17231771
};
17241772

17251773
#if !defined(JWT_OPENSSL_1_0_0) && !defined(JWT_OPENSSL_1_1_0)
@@ -1782,6 +1830,8 @@ namespace jwt {
17821830
explicit ps256(const std::string& public_key, const std::string& private_key = "",
17831831
const std::string& public_key_password = "", const std::string& private_key_password = "")
17841832
: pss(public_key, private_key, public_key_password, private_key_password, EVP_sha256, "PS256") {}
1833+
1834+
explicit ps256(helper::evp_pkey_handle pkey) : pss(pkey, EVP_sha256, "PS256") {}
17851835
};
17861836
/**
17871837
* PS384 algorithm
@@ -1797,6 +1847,8 @@ namespace jwt {
17971847
explicit ps384(const std::string& public_key, const std::string& private_key = "",
17981848
const std::string& public_key_password = "", const std::string& private_key_password = "")
17991849
: pss(public_key, private_key, public_key_password, private_key_password, EVP_sha384, "PS384") {}
1850+
1851+
explicit ps384(helper::evp_pkey_handle pkey) : pss(pkey, EVP_sha384, "PS384") {}
18001852
};
18011853
/**
18021854
* PS512 algorithm
@@ -1812,6 +1864,8 @@ namespace jwt {
18121864
explicit ps512(const std::string& public_key, const std::string& private_key = "",
18131865
const std::string& public_key_password = "", const std::string& private_key_password = "")
18141866
: pss(public_key, private_key, public_key_password, private_key_password, EVP_sha512, "PS512") {}
1867+
1868+
explicit ps512(helper::evp_pkey_handle pkey) : pss(pkey, EVP_sha512, "PS512") {}
18151869
};
18161870
} // namespace algorithm
18171871

@@ -3158,7 +3212,7 @@ namespace jwt {
31583212
JWT_CLAIM_EXPLICIT jwk(const typename json_traits::value_type& json) : jwk(json_traits::as_object(json)) {}
31593213

31603214
JWT_CLAIM_EXPLICIT jwk(const typename json_traits::object_type& json)
3161-
: jwk_claims(json), key(build_key(jwk_claims)) {
3215+
: jwk_claims(json), k(build_key(jwk_claims)) {
31623216
// https://datatracker.ietf.org/doc/html/rfc7518#section-6.1
31633217
// * indicate required params
31643218
// "kty"* : "EC", "RSA", "oct"
@@ -3354,9 +3408,9 @@ namespace jwt {
33543408

33553409
bool empty() const noexcept { return jwk_claims.empty(); }
33563410

3357-
helper::evp_pkey_handle get_pkey() const { return key.get_asymmetric_key(); }
3411+
helper::evp_pkey_handle get_pkey() const { return k.get_asymmetric_key(); }
33583412

3359-
std::string get_oct_key() const { return key.get_symmetric_key(); }
3413+
std::string get_oct_key() const { return k.get_symmetric_key(); }
33603414

33613415
bool supports(const std::string& alg_name) const {
33623416
const alg_list& x = supported_alg.find(get_key_type())->second;
@@ -3460,7 +3514,7 @@ namespace jwt {
34603514
}
34613515
}
34623516

3463-
key key;
3517+
key k;
34643518
};
34653519

34663520
/**
@@ -3553,6 +3607,8 @@ namespace jwt {
35533607
return std::make_unique<algo<jwt::algorithm::es384>>(jwt::algorithm::es384(key.get_pkey()));
35543608
} else if (alg_name == "ES512") {
35553609
return std::make_unique<algo<jwt::algorithm::es512>>(jwt::algorithm::es512(key.get_pkey()));
3610+
} else if (alg_name == "ES256K") {
3611+
return std::make_unique<algo<jwt::algorithm::es256k>>(jwt::algorithm::es256k(key.get_pkey()));
35563612
} else if (alg_name == "HS256") {
35573613
return std::make_unique<algo<jwt::algorithm::hs256>>(jwt::algorithm::hs256(key.get_oct_key()));
35583614
} else if (alg_name == "HS384") {

0 commit comments

Comments
 (0)