make it lass breaking

TrueLayer · Mar 5, 2024 · d384af9 · d384af9
1 parent 6b5a3ce
commit d384af9
Show file tree

Hide file tree

Showing 4 changed files with 140 additions and 129 deletions.
diff --git a/rust/src/lib.rs b/rust/src/lib.rs
@@ -7,11 +7,81 @@ mod openssl;
 mod sign;
 mod verify;
 
+use common::Unset;
 pub use http::Method;
 pub use jws::JwsHeader;
 pub use sign::{CustomSigner, Signer, SignerBuilder};
+use verify::PublicKey;
 pub use verify::{CustomVerifier, Verifier, VerifierBuilder};
 
+/// Start building a request `Tl-Signature` header value using private key
+/// pem data & the key's `kid`.
+///
+/// # Example
+/// ```no_run
+/// # fn main() -> Result<(), truelayer_signing::Error> {
+/// # let (kid, private_key, idempotency_key, body) = unimplemented!();
+/// let tl_signature = truelayer_signing::sign_with_pem(kid, private_key)
+///     .method(truelayer_signing::Method::Post)
+///     .path("/payouts")
+///     .header("Idempotency-Key", idempotency_key)
+///     .body(body)
+///     .build_signer()
+///     .sign()?;
+/// # Ok(()) }
+/// ```
+pub fn sign_with_pem<'a>(
+    kid: &'a str,
+    private_key_pem: &'a [u8],
+) -> SignerBuilder<'a, &'a str, &'a [u8], Unset, Unset, Unset> {
+    SignerBuilder::build_with_pem(kid, private_key_pem)
+}
+
+/// Start building a `Tl-Signature` header verifier using public key pem data.
+///
+/// # Example
+/// ```no_run
+/// # fn main() -> Result<(), truelayer_signing::Error> {
+/// # let (public_key, idempotency_key, body, tl_signature) = unimplemented!();
+/// truelayer_signing::verify_with_pem(public_key)
+///     .method(truelayer_signing::Method::Post)
+///     .path("/payouts")
+///     .require_header("Idempotency-Key")
+///     .header("Idempotency-Key", idempotency_key)
+///     .body(body)
+///     .build_verifier()
+///     .verify(tl_signature)?;
+/// # Ok(()) }
+/// ```
+pub fn verify_with_pem(
+    public_key_pem: &[u8],
+) -> VerifierBuilder<'_, PublicKey<'_>, Unset, Unset, Unset> {
+    VerifierBuilder::pem(public_key_pem)
+}
+
+/// Start building a `Tl-Signature` header verifier using public key JWKs JSON response data.
+///
+/// See <https://datatracker.ietf.org/doc/html/rfc7517>.
+///
+/// # Example
+/// ```no_run
+/// # fn main() -> Result<(), truelayer_signing::Error> {
+/// # let (jwks, body, tl_signature) = unimplemented!();
+/// # let headers: Vec<(&str, &[u8])> = unimplemented!();
+/// // jwks json of form: {"keys":[...]}
+/// truelayer_signing::verify_with_jwks(jwks)
+///     .method(truelayer_signing::Method::Post)
+///     .path("/webhook")
+///     .headers(headers)
+///     .body(body)
+///     .build_verifier()
+///     .verify(tl_signature)?;
+/// # Ok(()) }
+/// ```
+pub fn verify_with_jwks(jwks: &[u8]) -> VerifierBuilder<'_, PublicKey<'_>, Unset, Unset, Unset> {
+    VerifierBuilder::jwks(jwks)
+}
+
 /// Extract [`JwsHeader`] info from a `Tl-Signature` header value.
 ///
 /// This can then be used to pick a verification key using the `kid` etc.

diff --git a/rust/src/sign/mod.rs b/rust/src/sign/mod.rs
@@ -15,9 +15,7 @@ use self::signer_v1::SignerV1;
 /// ```no_run
 /// # fn main() -> Result<(), truelayer_signing::Error> {
 /// # let (kid, private_key, idempotency_key, body) = unimplemented!();
-/// let tl_signature = truelayer_signing::SignerBuilder::new()
-///     .private_key(private_key)
-///     .kid(kid)
+/// let tl_signature = truelayer_signing::SignerBuilder::build_with_pem(kid, private_key)
 ///     .method(truelayer_signing::Method::Post)
 ///     .path("/payouts")
 ///     .header("Idempotency-Key", idempotency_key)
@@ -37,7 +35,7 @@ pub struct SignerBuilder<'a, Kid, Pk, Body, Method, Path> {
     jws_jku: Option<&'a str>,
 }
 
-impl<K, Pk, Body, Method, Path> fmt::Debug for SignerBuilder<'_, K, Pk, Body, Method, Path> {
+impl<Kid, Pk, Body, Method, Path> fmt::Debug for SignerBuilder<'_, Kid, Pk, Body, Method, Path> {
     fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
         write!(fmt, "Signer")
     }
@@ -57,6 +55,20 @@ impl<'a> SignerBuilder<'a, Unset, Unset, Unset, Unset, Unset> {
     }
 }
 
+impl<'a> SignerBuilder<'a, &'a str, &'a [u8], Unset, Unset, Unset> {
+    pub fn build_with_pem(kid: &'a str, private_key: &'a [u8]) -> Self {
+        SignerBuilder {
+            kid,
+            private_key,
+            body: Unset,
+            method: Unset,
+            path: Unset,
+            headers: <_>::default(),
+            jws_jku: <_>::default(),
+        }
+    }
+}
+
 impl<'a, Pk, Body, Method, Path> SignerBuilder<'a, Unset, Pk, Body, Method, Path> {
     /// Add the private key kid.
     pub fn kid(self, kid: &str) -> SignerBuilder<'a, &str, Pk, Body, Method, Path> {
@@ -258,9 +270,7 @@ impl<'a> SignerBuilder<'a, &'a str, &'a [u8], &'a [u8], Method, &'a str> {
 /// ```no_run
 /// # fn main() -> Result<(), truelayer_signing::Error> {
 /// # let (kid, private_key, idempotency_key, body) = unimplemented!();
-/// let tl_signature = truelayer_signing::SignerBuilder::new()
-///     .private_key(private_key)
-///     .kid(kid)
+/// let tl_signature = truelayer_signing::SignerBuilder::build_with_pem(kid, private_key)
 ///     .method(truelayer_signing::Method::Post)
 ///     .path("/payouts")
 ///     .header("Idempotency-Key", idempotency_key)

diff --git a/rust/src/verify/mod.rs b/rust/src/verify/mod.rs
@@ -19,8 +19,7 @@ mod verifier_v1;
 /// ```no_run
 /// # fn main() -> Result<(), truelayer_signing::Error> {
 /// # let (public_key, idempotency_key, body, tl_signature) = unimplemented!();
-/// truelayer_signing::VerifierBuilder::new()
-///     .pem(public_key)
+/// truelayer_signing::VerifierBuilder::pem(public_key)
 ///     .method(truelayer_signing::Method::Post)
 ///     .path("/payouts")
 ///     .require_header("Idempotency-Key")
@@ -58,42 +57,28 @@ impl<Pk, Body, Method, Path> fmt::Debug for VerifierBuilder<'_, Pk, Body, Method
     }
 }
 
-impl<'a> VerifierBuilder<'a, Unset, Unset, Unset, Unset> {
-    /// create new Builder with Unset Values.
-    pub fn new() -> Self {
+impl<'a> VerifierBuilder<'a, PublicKey<'a>, Unset, Unset, Unset> {
+    /// Add public key via pem.
+    pub fn pem(pem: &'a [u8]) -> VerifierBuilder<'a, PublicKey<'a>, Unset, Unset, Unset> {
         VerifierBuilder {
-            public_key: Unset,
+            public_key: PublicKey::Pem(pem),
             body: Unset,
             method: Unset,
             path: Unset,
             headers: <_>::default(),
             required_headers: <_>::default(),
         }
     }
-}
-
-impl<'a, Body, Method, Path> VerifierBuilder<'a, Unset, Body, Method, Path> {
-    /// Add public key via pem.
-    pub fn pem(self, pem: &'a [u8]) -> VerifierBuilder<'a, PublicKey<'a>, Body, Method, Path> {
-        VerifierBuilder {
-            public_key: PublicKey::Pem(pem),
-            body: self.body,
-            method: self.method,
-            path: self.path,
-            headers: self.headers,
-            required_headers: self.required_headers,
-        }
-    }
 
     /// Add public key via a jwks.
-    pub fn jwks(self, jwk: &'a [u8]) -> VerifierBuilder<'a, PublicKey<'a>, Body, Method, Path> {
+    pub fn jwks(jwk: &'a [u8]) -> VerifierBuilder<'a, PublicKey<'a>, Unset, Unset, Unset> {
         VerifierBuilder {
             public_key: PublicKey::Jwks(jwk),
-            body: self.body,
-            method: self.method,
-            path: self.path,
-            headers: self.headers,
-            required_headers: self.required_headers,
+            body: Unset,
+            method: Unset,
+            path: Unset,
+            headers: <_>::default(),
+            required_headers: <_>::default(),
         }
     }
 }
@@ -166,8 +151,9 @@ impl<'a, Pk, Body, Method, Path> VerifierBuilder<'a, Pk, Body, Method, Path> {
     /// [`Verifier::require_header`].
     ///
     /// # Example
-    /// ```
-    /// truelayer_signing::VerifierBuilder::new()
+    /// ```no_run
+    /// # let public_key = unimplemented!();
+    /// truelayer_signing::VerifierBuilder::pem(public_key)
     ///     .headers([("X-Head-A", "123".as_bytes()), ("X-Head-B", "345".as_bytes())]);
     /// ```
     pub fn headers(mut self, headers: impl IntoIterator<Item = (&'a str, &'a [u8])>) -> Self {
@@ -227,8 +213,7 @@ impl<'a> VerifierBuilder<'a, PublicKey<'a>, &'a [u8], Unset, Unset> {
 /// ```no_run
 /// # fn main() -> Result<(), truelayer_signing::Error> {
 /// # let (public_key, idempotency_key, body, tl_signature) = unimplemented!();
-/// truelayer_signing::VerifierBuilder::new()
-///     .pem(public_key)
+/// truelayer_signing::VerifierBuilder::pem(public_key)
 ///     .method(truelayer_signing::Method::Post)
 ///     .path("/payouts")
 ///     .require_header("Idempotency-Key")