Skip to main content

wire_e2e_identity/
utils.rs

1use jwt_simple::{
2    algorithms::{ECDSAP256PublicKeyLike as _, ECDSAP384PublicKeyLike as _, ECDSAP521PublicKeyLike as _},
3    prelude::{ES256KeyPair, ES384KeyPair, ES512KeyPair, Ed25519KeyPair, Jwk},
4};
5use rusty_jwt_tools::{
6    jwk::TryIntoJwk as _,
7    prelude::{JwsAlgorithm, Pem},
8};
9use spki::AlgorithmIdentifierOwned;
10
11use crate::error::E2eIdentityResult;
12
13pub fn generate_key(sign_alg: JwsAlgorithm) -> E2eIdentityResult<Pem> {
14    let pem = match sign_alg {
15        JwsAlgorithm::P256 => ES256KeyPair::generate().to_pem()?,
16        JwsAlgorithm::P384 => ES384KeyPair::generate().to_pem()?,
17        JwsAlgorithm::P521 => ES512KeyPair::generate().to_pem()?,
18        JwsAlgorithm::Ed25519 => Ed25519KeyPair::generate().to_pem(),
19    };
20    Ok(pem.into())
21}
22
23pub fn pem_from_bytes(bytes: &[u8], sign_alg: JwsAlgorithm) -> E2eIdentityResult<Pem> {
24    let pem = match sign_alg {
25        JwsAlgorithm::P256 => ES256KeyPair::from_bytes(bytes)?.to_pem()?,
26        JwsAlgorithm::P384 => ES384KeyPair::from_bytes(bytes)?.to_pem()?,
27        JwsAlgorithm::P521 => ES512KeyPair::from_bytes(bytes)?.to_pem()?,
28        JwsAlgorithm::Ed25519 => Ed25519KeyPair::from_bytes(bytes)?.to_pem(),
29    };
30    Ok(pem.into())
31}
32
33pub fn public_jwk_from_pem_keypair(alg: JwsAlgorithm, keypair: &Pem) -> E2eIdentityResult<Jwk> {
34    let jwk = match alg {
35        JwsAlgorithm::P256 => ES256KeyPair::from_pem(keypair)?.public_key().try_into_jwk()?,
36        JwsAlgorithm::P384 => ES384KeyPair::from_pem(keypair)?.public_key().try_into_jwk()?,
37        JwsAlgorithm::P521 => ES512KeyPair::from_pem(keypair)?.public_key().try_into_jwk()?,
38        JwsAlgorithm::Ed25519 => Ed25519KeyPair::from_pem(keypair)?.public_key().try_into_jwk()?,
39    };
40    Ok(jwk)
41}
42
43pub(crate) fn public_key_bytes(alg: JwsAlgorithm, keypair: &Pem) -> E2eIdentityResult<Vec<u8>> {
44    let bytes = match alg {
45        JwsAlgorithm::P256 => ES256KeyPair::from_pem(keypair)?
46            .public_key()
47            .public_key()
48            .to_bytes_uncompressed(),
49        JwsAlgorithm::P384 => ES384KeyPair::from_pem(keypair)?
50            .public_key()
51            .public_key()
52            .to_bytes_uncompressed(),
53        JwsAlgorithm::P521 => ES512KeyPair::from_pem(keypair)?
54            .public_key()
55            .public_key()
56            .to_bytes_uncompressed(),
57        JwsAlgorithm::Ed25519 => Ed25519KeyPair::from_pem(keypair)?.public_key().to_bytes(),
58    };
59    Ok(bytes)
60}
61
62pub(crate) fn jws_alg_to_x509_identifier(alg: JwsAlgorithm) -> AlgorithmIdentifierOwned {
63    match alg {
64        JwsAlgorithm::Ed25519 => AlgorithmIdentifierOwned {
65            oid: const_oid::db::rfc8410::ID_ED_25519,
66            parameters: None,
67        },
68        JwsAlgorithm::P256 => AlgorithmIdentifierOwned {
69            oid: const_oid::db::rfc5912::ID_EC_PUBLIC_KEY,
70            parameters: Some(const_oid::db::rfc5912::SECP_256_R_1.into()),
71        },
72        JwsAlgorithm::P384 => AlgorithmIdentifierOwned {
73            oid: const_oid::db::rfc5912::ID_EC_PUBLIC_KEY,
74            parameters: Some(const_oid::db::rfc5912::SECP_384_R_1.into()),
75        },
76        JwsAlgorithm::P521 => AlgorithmIdentifierOwned {
77            oid: const_oid::db::rfc5912::ID_EC_PUBLIC_KEY,
78            parameters: Some(const_oid::db::rfc5912::SECP_521_R_1.into()),
79        },
80    }
81}