Open krishna-kashyap opened 1 year ago
I think the current situation is fine, can you write some pseudo-code on how it would look with what you're proposing?
Something like this? However this needed changing a few permissions from the other module. This is possibly not the best approach, better one would actually be to possibly expose the type and content of the key for the decoding/encoding keys in the decoder. More like as_private_key
and as_public_key
which provides the information about the Family and the Content
+ /// If you are loading a public key in a PEM format, use this.
+ #[cfg(feature = "use_pem")]
+ pub fn from_pem(key: &[u8]) -> Result<Self> {
+ let pem_key = PemEncodedKey::new(key)?;
+ match pem_key.pem_type {
+ PemType::EcPublic => {
+ Ok(DecodingKey {
+ family: AlgorithmFamily::Ec,
+ kind: DecodingKeyKind::SecretOrDer(pem_key.as_ec_public_key().unwrap().to_vec()),
+ })
+ },
+ PemType::EdPublic => {
+ Ok(DecodingKey {
+ family: AlgorithmFamily::Ed,
+ kind: DecodingKeyKind::SecretOrDer(pem_key.as_ed_public_key().unwrap().to_vec()),
+ })
+ },
+ PemType::RsaPublic => {
+ Ok(DecodingKey {
+ family: AlgorithmFamily::Rsa,
+ kind: DecodingKeyKind::SecretOrDer(pem_key.as_rsa_key().unwrap().to_vec()),
+ })
...skipping 1 line
+
+ _ => Err(ErrorKind::InvalidKeyFormat.into()),
+ }
+ }
+
I think I prefer seeing the expected alg type in the user code.
However I see this more like from_jwt instead of expecting user to instead call the from components themselves by actually parsing the key component from the token when they have a PEM key instead of the standard components.
I was looking at using the from PEM options for the Decoding key and seems like despite of having all the information from the parsing at the time of creating PemEncodingKey, the methods exposed need the user to explicitly specify the type of the key which is then checked on a match and and error emitted.
So could we have a
from_pem
constructor which in turn does a match and creates the encoding and decoding keys?If it makes sense, I'd be interested in adding it