From d384af956482a918e9f7c54566f3d64abc292077 Mon Sep 17 00:00:00 2001
From: tl-flavio-barinas <flavio.barinas@truelayer.com>
Date: Tue, 5 Mar 2024 11:34:09 +0000
Subject: [PATCH] make it lass breaking

---
 rust/src/lib.rs        |  70 ++++++++++++++++++++++
 rust/src/sign/mod.rs   |  24 +++++---
 rust/src/verify/mod.rs |  45 +++++---------
 rust/tests/usage.rs    | 130 ++++++++++++-----------------------------
 4 files changed, 140 insertions(+), 129 deletions(-)

diff --git a/rust/src/lib.rs b/rust/src/lib.rs
index ce2e94e4..c2bdfaf4 100644
--- a/rust/src/lib.rs
+++ b/rust/src/lib.rs
@@ -7,11 +7,81 @@ mod openssl;
 mod sign;
 mod verify;
 
+use common::Unset;
 pub use http::Method;
 pub use jws::JwsHeader;
 pub use sign::{CustomSigner, Signer, SignerBuilder};
+use verify::PublicKey;
 pub use verify::{CustomVerifier, Verifier, VerifierBuilder};
 
+/// Start building a request `Tl-Signature` header value using private key
+/// pem data & the key's `kid`.
+///
+/// # Example
+/// ```no_run
+/// # fn main() -> Result<(), truelayer_signing::Error> {
+/// # let (kid, private_key, idempotency_key, body) = unimplemented!();
+/// let tl_signature = truelayer_signing::sign_with_pem(kid, private_key)
+///     .method(truelayer_signing::Method::Post)
+///     .path("/payouts")
+///     .header("Idempotency-Key", idempotency_key)
+///     .body(body)
+///     .build_signer()
+///     .sign()?;
+/// # Ok(()) }
+/// ```
+pub fn sign_with_pem<'a>(
+    kid: &'a str,
+    private_key_pem: &'a [u8],
+) -> SignerBuilder<'a, &'a str, &'a [u8], Unset, Unset, Unset> {
+    SignerBuilder::build_with_pem(kid, private_key_pem)
+}
+
+/// Start building a `Tl-Signature` header verifier using public key pem data.
+///
+/// # Example
+/// ```no_run
+/// # fn main() -> Result<(), truelayer_signing::Error> {
+/// # let (public_key, idempotency_key, body, tl_signature) = unimplemented!();
+/// truelayer_signing::verify_with_pem(public_key)
+///     .method(truelayer_signing::Method::Post)
+///     .path("/payouts")
+///     .require_header("Idempotency-Key")
+///     .header("Idempotency-Key", idempotency_key)
+///     .body(body)
+///     .build_verifier()
+///     .verify(tl_signature)?;
+/// # Ok(()) }
+/// ```
+pub fn verify_with_pem(
+    public_key_pem: &[u8],
+) -> VerifierBuilder<'_, PublicKey<'_>, Unset, Unset, Unset> {
+    VerifierBuilder::pem(public_key_pem)
+}
+
+/// Start building a `Tl-Signature` header verifier using public key JWKs JSON response data.
+///
+/// See <https://datatracker.ietf.org/doc/html/rfc7517>.
+///
+/// # Example
+/// ```no_run
+/// # fn main() -> Result<(), truelayer_signing::Error> {
+/// # let (jwks, body, tl_signature) = unimplemented!();
+/// # let headers: Vec<(&str, &[u8])> = unimplemented!();
+/// // jwks json of form: {"keys":[...]}
+/// truelayer_signing::verify_with_jwks(jwks)
+///     .method(truelayer_signing::Method::Post)
+///     .path("/webhook")
+///     .headers(headers)
+///     .body(body)
+///     .build_verifier()
+///     .verify(tl_signature)?;
+/// # Ok(()) }
+/// ```
+pub fn verify_with_jwks(jwks: &[u8]) -> VerifierBuilder<'_, PublicKey<'_>, Unset, Unset, Unset> {
+    VerifierBuilder::jwks(jwks)
+}
+
 /// Extract [`JwsHeader`] info from a `Tl-Signature` header value.
 ///
 /// This can then be used to pick a verification key using the `kid` etc.
diff --git a/rust/src/sign/mod.rs b/rust/src/sign/mod.rs
index 09e1f59c..578d2086 100644
--- a/rust/src/sign/mod.rs
+++ b/rust/src/sign/mod.rs
@@ -15,9 +15,7 @@ use self::signer_v1::SignerV1;
 /// ```no_run
 /// # fn main() -> Result<(), truelayer_signing::Error> {
 /// # let (kid, private_key, idempotency_key, body) = unimplemented!();
-/// let tl_signature = truelayer_signing::SignerBuilder::new()
-///     .private_key(private_key)
-///     .kid(kid)
+/// let tl_signature = truelayer_signing::SignerBuilder::build_with_pem(kid, private_key)
 ///     .method(truelayer_signing::Method::Post)
 ///     .path("/payouts")
 ///     .header("Idempotency-Key", idempotency_key)
@@ -37,7 +35,7 @@ pub struct SignerBuilder<'a, Kid, Pk, Body, Method, Path> {
     jws_jku: Option<&'a str>,
 }
 
-impl<K, Pk, Body, Method, Path> fmt::Debug for SignerBuilder<'_, K, Pk, Body, Method, Path> {
+impl<Kid, Pk, Body, Method, Path> fmt::Debug for SignerBuilder<'_, Kid, Pk, Body, Method, Path> {
     fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
         write!(fmt, "Signer")
     }
@@ -57,6 +55,20 @@ impl<'a> SignerBuilder<'a, Unset, Unset, Unset, Unset, Unset> {
     }
 }
 
+impl<'a> SignerBuilder<'a, &'a str, &'a [u8], Unset, Unset, Unset> {
+    pub fn build_with_pem(kid: &'a str, private_key: &'a [u8]) -> Self {
+        SignerBuilder {
+            kid,
+            private_key,
+            body: Unset,
+            method: Unset,
+            path: Unset,
+            headers: <_>::default(),
+            jws_jku: <_>::default(),
+        }
+    }
+}
+
 impl<'a, Pk, Body, Method, Path> SignerBuilder<'a, Unset, Pk, Body, Method, Path> {
     /// Add the private key kid.
     pub fn kid(self, kid: &str) -> SignerBuilder<'a, &str, Pk, Body, Method, Path> {
@@ -258,9 +270,7 @@ impl<'a> SignerBuilder<'a, &'a str, &'a [u8], &'a [u8], Method, &'a str> {
 /// ```no_run
 /// # fn main() -> Result<(), truelayer_signing::Error> {
 /// # let (kid, private_key, idempotency_key, body) = unimplemented!();
-/// let tl_signature = truelayer_signing::SignerBuilder::new()
-///     .private_key(private_key)
-///     .kid(kid)
+/// let tl_signature = truelayer_signing::SignerBuilder::build_with_pem(kid, private_key)
 ///     .method(truelayer_signing::Method::Post)
 ///     .path("/payouts")
 ///     .header("Idempotency-Key", idempotency_key)
diff --git a/rust/src/verify/mod.rs b/rust/src/verify/mod.rs
index 340b2085..3deaa645 100644
--- a/rust/src/verify/mod.rs
+++ b/rust/src/verify/mod.rs
@@ -19,8 +19,7 @@ mod verifier_v1;
 /// ```no_run
 /// # fn main() -> Result<(), truelayer_signing::Error> {
 /// # let (public_key, idempotency_key, body, tl_signature) = unimplemented!();
-/// truelayer_signing::VerifierBuilder::new()
-///     .pem(public_key)
+/// truelayer_signing::VerifierBuilder::pem(public_key)
 ///     .method(truelayer_signing::Method::Post)
 ///     .path("/payouts")
 ///     .require_header("Idempotency-Key")
@@ -58,11 +57,11 @@ impl<Pk, Body, Method, Path> fmt::Debug for VerifierBuilder<'_, Pk, Body, Method
     }
 }
 
-impl<'a> VerifierBuilder<'a, Unset, Unset, Unset, Unset> {
-    /// create new Builder with Unset Values.
-    pub fn new() -> Self {
+impl<'a> VerifierBuilder<'a, PublicKey<'a>, Unset, Unset, Unset> {
+    /// Add public key via pem.
+    pub fn pem(pem: &'a [u8]) -> VerifierBuilder<'a, PublicKey<'a>, Unset, Unset, Unset> {
         VerifierBuilder {
-            public_key: Unset,
+            public_key: PublicKey::Pem(pem),
             body: Unset,
             method: Unset,
             path: Unset,
@@ -70,30 +69,16 @@ impl<'a> VerifierBuilder<'a, Unset, Unset, Unset, Unset> {
             required_headers: <_>::default(),
         }
     }
-}
-
-impl<'a, Body, Method, Path> VerifierBuilder<'a, Unset, Body, Method, Path> {
-    /// Add public key via pem.
-    pub fn pem(self, pem: &'a [u8]) -> VerifierBuilder<'a, PublicKey<'a>, Body, Method, Path> {
-        VerifierBuilder {
-            public_key: PublicKey::Pem(pem),
-            body: self.body,
-            method: self.method,
-            path: self.path,
-            headers: self.headers,
-            required_headers: self.required_headers,
-        }
-    }
 
     /// Add public key via a jwks.
-    pub fn jwks(self, jwk: &'a [u8]) -> VerifierBuilder<'a, PublicKey<'a>, Body, Method, Path> {
+    pub fn jwks(jwk: &'a [u8]) -> VerifierBuilder<'a, PublicKey<'a>, Unset, Unset, Unset> {
         VerifierBuilder {
             public_key: PublicKey::Jwks(jwk),
-            body: self.body,
-            method: self.method,
-            path: self.path,
-            headers: self.headers,
-            required_headers: self.required_headers,
+            body: Unset,
+            method: Unset,
+            path: Unset,
+            headers: <_>::default(),
+            required_headers: <_>::default(),
         }
     }
 }
@@ -166,8 +151,9 @@ impl<'a, Pk, Body, Method, Path> VerifierBuilder<'a, Pk, Body, Method, Path> {
     /// [`Verifier::require_header`].
     ///
     /// # Example
-    /// ```
-    /// truelayer_signing::VerifierBuilder::new()
+    /// ```no_run
+    /// # let public_key = unimplemented!();
+    /// truelayer_signing::VerifierBuilder::pem(public_key)
     ///     .headers([("X-Head-A", "123".as_bytes()), ("X-Head-B", "345".as_bytes())]);
     /// ```
     pub fn headers(mut self, headers: impl IntoIterator<Item = (&'a str, &'a [u8])>) -> Self {
@@ -227,8 +213,7 @@ impl<'a> VerifierBuilder<'a, PublicKey<'a>, &'a [u8], Unset, Unset> {
 /// ```no_run
 /// # fn main() -> Result<(), truelayer_signing::Error> {
 /// # let (public_key, idempotency_key, body, tl_signature) = unimplemented!();
-/// truelayer_signing::VerifierBuilder::new()
-///     .pem(public_key)
+/// truelayer_signing::VerifierBuilder::pem(public_key)
 ///     .method(truelayer_signing::Method::Post)
 ///     .path("/payouts")
 ///     .require_header("Idempotency-Key")
diff --git a/rust/tests/usage.rs b/rust/tests/usage.rs
index 84c8b327..1b074a4d 100644
--- a/rust/tests/usage.rs
+++ b/rust/tests/usage.rs
@@ -17,9 +17,7 @@ fn full_request_signature() {
     let idempotency_key = b"idemp-2076717c-9005-4811-a321-9e0787fa0382";
     let path = "/merchant_accounts/a61acaef-ee05-4077-92f3-25543a11bd8d/sweeping";
 
-    let tl_signature = truelayer_signing::SignerBuilder::new()
-        .private_key(PRIVATE_KEY)
-        .kid(KID)
+    let tl_signature = truelayer_signing::SignerBuilder::build_with_pem(KID, PRIVATE_KEY)
         .method(Method::Post)
         .path(path)
         .header("Idempotency-Key", idempotency_key)
@@ -31,8 +29,7 @@ fn full_request_signature() {
     // Note: Can be used as new `test-resources/tl-signature.txt`
     eprintln!("signature: {tl_signature}");
 
-    truelayer_signing::VerifierBuilder::new()
-        .pem(PUBLIC_KEY)
+    truelayer_signing::VerifierBuilder::pem(PUBLIC_KEY)
         .method(Method::Post)
         .path(path)
         .require_header("Idempotency-Key")
@@ -50,9 +47,7 @@ fn full_request_signature_no_headers() {
     let body = br#"{"currency":"GBP","max_amount_in_minor":5000000}"#;
     let path = "/merchant_accounts/a61acaef-ee05-4077-92f3-25543a11bd8d/sweeping";
 
-    let tl_signature = truelayer_signing::SignerBuilder::new()
-        .private_key(PRIVATE_KEY)
-        .kid(KID)
+    let tl_signature = truelayer_signing::SignerBuilder::build_with_pem(KID, PRIVATE_KEY)
         .method(Method::Post)
         .path(path)
         .body(body)
@@ -60,8 +55,7 @@ fn full_request_signature_no_headers() {
         .sign()
         .expect("sign");
 
-    truelayer_signing::VerifierBuilder::new()
-        .pem(PUBLIC_KEY)
+    truelayer_signing::VerifierBuilder::pem(PUBLIC_KEY)
         .method(Method::Post)
         .path(path)
         .header("X-Whatever", b"aoitbeh")
@@ -82,8 +76,7 @@ fn mismatched_signature_with_attached_valid_body() {
       QHIE5gQ4m5uU3ee69XfwwU_RpEIMFypycxwq1HOf4LzTLXqP_CDT8DdyX8oTwYdUB\
       d2d3D17Wd9UA";
 
-    truelayer_signing::VerifierBuilder::new()
-        .pem(PUBLIC_KEY)
+    truelayer_signing::VerifierBuilder::pem(PUBLIC_KEY)
         .method(Method::Post)
         .path("/foo") // not bar so should fail
         .body("{}".as_bytes())
@@ -103,8 +96,7 @@ fn mismatched_signature_with_attached_valid_body_trailing_dots() {
       QHIE5gQ4m5uU3ee69XfwwU_RpEIMFypycxwq1HOf4LzTLXqP_CDT8DdyX8oTwYdUB\
       d2d3D17Wd9UA....";
 
-    truelayer_signing::VerifierBuilder::new()
-        .pem(PUBLIC_KEY)
+    truelayer_signing::VerifierBuilder::pem(PUBLIC_KEY)
         .method(Method::Post)
         .path("/foo") // not bar so should fail
         .body("{}".as_bytes())
@@ -120,8 +112,7 @@ fn verify_full_request_static_signature() {
     let path = "/merchant_accounts/a61acaef-ee05-4077-92f3-25543a11bd8d/sweeping";
     let tl_signature = include_str!("../../test-resources/tl-signature.txt").trim();
 
-    truelayer_signing::VerifierBuilder::new()
-        .pem(PUBLIC_KEY)
+    truelayer_signing::VerifierBuilder::pem(PUBLIC_KEY)
         .method(Method::Post)
         .path(path)
         .header("X-Whatever-2", b"t2345d")
@@ -138,8 +129,7 @@ fn verify_with_invalid_signature_should_error() {
     let idempotency_key = b"idemp-2076717c-9005-4811-a321-9e0787fa0382";
     let path = "/merchant_accounts/a61acaef-ee05-4077-92f3-25543a11bd8d/sweeping";
 
-    let error = truelayer_signing::VerifierBuilder::new()
-        .pem(PUBLIC_KEY)
+    let error = truelayer_signing::VerifierBuilder::pem(PUBLIC_KEY)
         .method(Method::Post)
         .path(path)
         .header("X-Whatever-2", b"t2345d")
@@ -157,9 +147,7 @@ fn verify_with_invalid_signature_should_error() {
 fn verify_without_signed_trailing_slash() {
     let body = br#"{"foo":"bar"}"#;
 
-    let tl_signature = truelayer_signing::SignerBuilder::new()
-        .private_key(PRIVATE_KEY)
-        .kid(KID)
+    let tl_signature = truelayer_signing::SignerBuilder::build_with_pem(KID, PRIVATE_KEY)
         .method(Method::Post)
         .path("/tl-webhook/")
         .body(body)
@@ -167,8 +155,7 @@ fn verify_without_signed_trailing_slash() {
         .sign()
         .expect("sign");
 
-    truelayer_signing::VerifierBuilder::new()
-        .pem(PUBLIC_KEY)
+    truelayer_signing::VerifierBuilder::pem(PUBLIC_KEY)
         .method(Method::Post)
         .path("/tl-webhook") // missing trailing slash
         .body(body)
@@ -183,9 +170,7 @@ fn verify_without_signed_trailing_slash() {
 fn verify_with_unsigned_trailing_slash() {
     let body = br#"{"foo":"bar"}"#;
 
-    let tl_signature = truelayer_signing::SignerBuilder::new()
-        .private_key(PRIVATE_KEY)
-        .kid(KID)
+    let tl_signature = truelayer_signing::SignerBuilder::build_with_pem(KID, PRIVATE_KEY)
         .method(Method::Post)
         .path("/tl-webhook")
         .body(body)
@@ -193,8 +178,7 @@ fn verify_with_unsigned_trailing_slash() {
         .sign()
         .expect("sign");
 
-    truelayer_signing::VerifierBuilder::new()
-        .pem(PUBLIC_KEY)
+    truelayer_signing::VerifierBuilder::pem(PUBLIC_KEY)
         .method(Method::Post)
         .path("/tl-webhook/") // additional trailing slash
         .body(body)
@@ -206,17 +190,14 @@ fn verify_with_unsigned_trailing_slash() {
 #[test]
 #[should_panic = r#"Invalid path "https://example.com/the-path" must start with '/'"#]
 fn sign_an_invalid_path() {
-    truelayer_signing::SignerBuilder::new()
-        .private_key(PRIVATE_KEY)
-        .kid(KID)
+    truelayer_signing::SignerBuilder::build_with_pem(KID, PRIVATE_KEY)
         .path("https://example.com/the-path");
 }
 
 #[test]
 #[should_panic = r#"Invalid path "https://example.com/the-path" must start with '/'"#]
 fn verify_an_invalid_path() {
-    truelayer_signing::VerifierBuilder::new()
-        .pem(PUBLIC_KEY)
+    truelayer_signing::VerifierBuilder::pem(PUBLIC_KEY)
         .method(Method::Post)
         .path("https://example.com/the-path");
 }
@@ -227,9 +208,7 @@ fn full_request_signature_method_mismatch() {
     let idempotency_key = b"idemp-2076717c-9005-4811-a321-9e0787fa0382";
     let path = "/merchant_accounts/a61acaef-ee05-4077-92f3-25543a11bd8d/sweeping";
 
-    let tl_signature = truelayer_signing::SignerBuilder::new()
-        .private_key(PRIVATE_KEY)
-        .kid(KID)
+    let tl_signature = truelayer_signing::SignerBuilder::build_with_pem(KID, PRIVATE_KEY)
         .method(Method::Post)
         .path(path)
         .header("Idempotency-Key", idempotency_key)
@@ -238,8 +217,7 @@ fn full_request_signature_method_mismatch() {
         .sign()
         .expect("sign");
 
-    truelayer_signing::VerifierBuilder::new()
-        .pem(PUBLIC_KEY)
+    truelayer_signing::VerifierBuilder::pem(PUBLIC_KEY)
         .method(Method::Get) // different
         .path(path)
         .header("X-Whatever", b"aoitbeh")
@@ -256,9 +234,7 @@ fn full_request_signature_path_mismatch() {
     let idempotency_key = b"idemp-2076717c-9005-4811-a321-9e0787fa0382";
     let path = "/merchant_accounts/a61acaef-ee05-4077-92f3-25543a11bd8d/sweeping";
 
-    let tl_signature = truelayer_signing::SignerBuilder::new()
-        .private_key(PRIVATE_KEY)
-        .kid(KID)
+    let tl_signature = truelayer_signing::SignerBuilder::build_with_pem(KID, PRIVATE_KEY)
         .method(Method::Post)
         .path(path)
         .header("Idempotency-Key", idempotency_key)
@@ -267,8 +243,7 @@ fn full_request_signature_path_mismatch() {
         .sign()
         .expect("sign");
 
-    truelayer_signing::VerifierBuilder::new()
-        .pem(PUBLIC_KEY)
+    truelayer_signing::VerifierBuilder::pem(PUBLIC_KEY)
         .method(Method::Post)
         .path("/merchant_accounts/67b5b1cf-1d0c-45d4-a2ea-61bdc044327c/sweeping") // different
         .header("X-Whatever", b"aoitbeh")
@@ -285,9 +260,7 @@ fn full_request_signature_header_mismatch() {
     let idempotency_key = b"idemp-2076717c-9005-4811-a321-9e0787fa0382";
     let path = "/merchant_accounts/a61acaef-ee05-4077-92f3-25543a11bd8d/sweeping";
 
-    let tl_signature = truelayer_signing::SignerBuilder::new()
-        .private_key(PRIVATE_KEY)
-        .kid(KID)
+    let tl_signature = truelayer_signing::SignerBuilder::build_with_pem(KID, PRIVATE_KEY)
         .method(Method::Post)
         .path(path)
         .header("Idempotency-Key", idempotency_key)
@@ -296,8 +269,7 @@ fn full_request_signature_header_mismatch() {
         .sign()
         .expect("sign");
 
-    truelayer_signing::VerifierBuilder::new()
-        .pem(PUBLIC_KEY)
+    truelayer_signing::VerifierBuilder::pem(PUBLIC_KEY)
         .method(Method::Post)
         .path(path)
         .header("X-Whatever", b"aoitbeh")
@@ -314,9 +286,7 @@ fn full_request_signature_body_mismatch() {
     let idempotency_key = b"idemp-2076717c-9005-4811-a321-9e0787fa0382";
     let path = "/merchant_accounts/a61acaef-ee05-4077-92f3-25543a11bd8d/sweeping";
 
-    let tl_signature = truelayer_signing::SignerBuilder::new()
-        .private_key(PRIVATE_KEY)
-        .kid(KID)
+    let tl_signature = truelayer_signing::SignerBuilder::build_with_pem(KID, PRIVATE_KEY)
         .method(Method::Post)
         .path(path)
         .header("Idempotency-Key", idempotency_key)
@@ -325,8 +295,7 @@ fn full_request_signature_body_mismatch() {
         .sign()
         .expect("sign");
 
-    truelayer_signing::VerifierBuilder::new()
-        .pem(PUBLIC_KEY)
+    truelayer_signing::VerifierBuilder::pem(PUBLIC_KEY)
         .method(Method::Post)
         .path(path)
         .header("X-Whatever", b"aoitbeh")
@@ -343,9 +312,7 @@ fn full_request_signature_missing_signature_header() {
     let idempotency_key = b"idemp-2076717c-9005-4811-a321-9e0787fa0382";
     let path = "/merchant_accounts/a61acaef-ee05-4077-92f3-25543a11bd8d/sweeping";
 
-    let tl_signature = truelayer_signing::SignerBuilder::new()
-        .private_key(PRIVATE_KEY)
-        .kid(KID)
+    let tl_signature = truelayer_signing::SignerBuilder::build_with_pem(KID, PRIVATE_KEY)
         .method(Method::Post)
         .path(path)
         .header("Idempotency-Key", idempotency_key)
@@ -354,8 +321,7 @@ fn full_request_signature_missing_signature_header() {
         .sign()
         .expect("sign");
 
-    truelayer_signing::VerifierBuilder::new()
-        .pem(PUBLIC_KEY)
+    truelayer_signing::VerifierBuilder::pem(PUBLIC_KEY)
         .method(Method::Post)
         .path(path)
         .header("X-Whatever", b"aoitbeh")
@@ -372,9 +338,7 @@ fn full_request_signature_required_header_missing_from_signature() {
     let idempotency_key = b"idemp-2076717c-9005-4811-a321-9e0787fa0382";
     let path = "/merchant_accounts/a61acaef-ee05-4077-92f3-25543a11bd8d/sweeping";
 
-    let tl_signature = truelayer_signing::SignerBuilder::new()
-        .private_key(PRIVATE_KEY)
-        .kid(KID)
+    let tl_signature = truelayer_signing::SignerBuilder::build_with_pem(KID, PRIVATE_KEY)
         .method(Method::Post)
         .path(path)
         .header("Idempotency-Key", idempotency_key)
@@ -383,8 +347,7 @@ fn full_request_signature_required_header_missing_from_signature() {
         .sign()
         .expect("sign");
 
-    truelayer_signing::VerifierBuilder::new()
-        .pem(PUBLIC_KEY)
+    truelayer_signing::VerifierBuilder::pem(PUBLIC_KEY)
         .method(Method::Post)
         .path(path)
         .require_header("X-Required") // missing from signature
@@ -401,9 +364,7 @@ fn full_request_signature_required_header_case_insensitive() {
     let idempotency_key = b"idemp-2076717c-9005-4811-a321-9e0787fa0382";
     let path = "/merchant_accounts/a61acaef-ee05-4077-92f3-25543a11bd8d/sweeping";
 
-    let tl_signature = truelayer_signing::SignerBuilder::new()
-        .private_key(PRIVATE_KEY)
-        .kid(KID)
+    let tl_signature = truelayer_signing::SignerBuilder::build_with_pem(KID, PRIVATE_KEY)
         .method(Method::Post)
         .path(path)
         .header("Idempotency-Key", idempotency_key)
@@ -412,8 +373,7 @@ fn full_request_signature_required_header_case_insensitive() {
         .sign()
         .expect("sign");
 
-    truelayer_signing::VerifierBuilder::new()
-        .pem(PUBLIC_KEY)
+    truelayer_signing::VerifierBuilder::pem(PUBLIC_KEY)
         .method(Method::Post)
         .path(path)
         .require_header("IdEmPoTeNcY-KeY") // case insensitive so should be fine
@@ -430,9 +390,7 @@ fn flexible_header_case_order_verify() {
     let idempotency_key = b"idemp-2076717c-9005-4811-a321-9e0787fa0382";
     let path = "/merchant_accounts/a61acaef-ee05-4077-92f3-25543a11bd8d/sweeping";
 
-    let tl_signature = truelayer_signing::SignerBuilder::new()
-        .kid(KID)
-        .private_key(PRIVATE_KEY)
+    let tl_signature = truelayer_signing::SignerBuilder::build_with_pem(KID, PRIVATE_KEY)
         .method(Method::Post)
         .path(path)
         .header("Idempotency-Key", idempotency_key)
@@ -442,8 +400,7 @@ fn flexible_header_case_order_verify() {
         .sign()
         .expect("sign");
 
-    truelayer_signing::VerifierBuilder::new()
-        .pem(PUBLIC_KEY)
+    truelayer_signing::VerifierBuilder::pem(PUBLIC_KEY)
         .method(Method::Post)
         .path(path)
         .header("X-CUSTOM", b"123") // different order & case, it's ok!
@@ -458,9 +415,7 @@ fn flexible_header_case_order_verify() {
 /// directly, or necessary in all langs.
 #[test]
 fn set_jku() {
-    let tl_signature = truelayer_signing::SignerBuilder::new()
-        .private_key(PRIVATE_KEY)
-        .kid(KID)
+    let tl_signature = truelayer_signing::SignerBuilder::build_with_pem(KID, PRIVATE_KEY)
         .jku("https://webhooks.truelayer.com/.well-known/jwks")
         .method(Method::Post)
         .path("/tl-webhook")
@@ -505,8 +460,7 @@ fn verify_with_jwks() {
     let hook_signature = include_str!("../../test-resources/webhook-signature.txt").trim();
     let jwks = include_bytes!("../../test-resources/jwks.json");
 
-    truelayer_signing::VerifierBuilder::new()
-        .jwks(jwks)
+    truelayer_signing::VerifierBuilder::jwks(jwks)
         .method(Method::Post)
         .path("/tl-webhook")
         .header("x-tl-webhook-timestamp", b"2021-11-29T11:42:55Z")
@@ -516,8 +470,7 @@ fn verify_with_jwks() {
         .verify(hook_signature)
         .expect("verify");
 
-    truelayer_signing::VerifierBuilder::new()
-        .jwks(jwks)
+    truelayer_signing::VerifierBuilder::jwks(jwks)
         .method(Method::Post)
         .path("/tl-webhook")
         .header("x-tl-webhook-timestamp", b"2021-12-02T14:18:00Z") // different
@@ -536,9 +489,7 @@ fn verify_with_jwks() {
 fn body_signature() {
     let body = br#"{"abc":123}"#;
 
-    let tl_signature = truelayer_signing::SignerBuilder::new()
-        .private_key(PRIVATE_KEY)
-        .kid(KID)
+    let tl_signature = truelayer_signing::SignerBuilder::build_with_pem(KID, PRIVATE_KEY)
         .body(body)
         .build_v1_signer()
         .sign_body_only()
@@ -547,8 +498,7 @@ fn body_signature() {
     // Note: Can be used as new static body signature
     eprintln!("signature: {tl_signature}");
 
-    truelayer_signing::VerifierBuilder::new()
-        .pem(PUBLIC_KEY)
+    truelayer_signing::VerifierBuilder::pem(PUBLIC_KEY)
         .body(body)
         .build_v1_verifier()
         .verify_body_only(&tl_signature)
@@ -557,16 +507,13 @@ fn body_signature() {
 
 #[test]
 fn body_signature_mismatch() {
-    let tl_signature = truelayer_signing::SignerBuilder::new()
-        .private_key(PRIVATE_KEY)
-        .kid(KID)
+    let tl_signature = truelayer_signing::SignerBuilder::build_with_pem(KID, PRIVATE_KEY)
         .body(br#"{"abc":123}"#)
         .build_v1_signer()
         .sign_body_only()
         .expect("sign_body");
 
-    truelayer_signing::VerifierBuilder::new()
-        .pem(PUBLIC_KEY)
+    truelayer_signing::VerifierBuilder::pem(PUBLIC_KEY)
         .body(br#"{"abc":124}"#) // different
         .build_v1_verifier()
         .verify_body_only(&tl_signature)
@@ -578,8 +525,7 @@ fn verify_body_static_signature() {
     let body = br#"{"abc":123}"#;
     let tl_signature = "eyJhbGciOiJFUzUxMiIsImtpZCI6IjQ1ZmM3NWNmLTU2NDktNDEzNC04NGIzLTE5MmMyYzc4ZTk5MCJ9..ASwrHoHm-1tuvTWj_YFbrMZiP22sUHEu826cJC7flb9nZLwdfP0L-RDhBA5csNLM2KtkAOD7pnJYS7tnw383gtuxAWnXI_NbJ5rZuYWVgVlqc9VCt8lkvyQZtKOiRQfpFmJWBDNULHWwFTyrX2UaOO_KWHnZ4_8jpNaNsyeQGe61gfk-";
 
-    truelayer_signing::VerifierBuilder::new()
-        .pem(PUBLIC_KEY)
+    truelayer_signing::VerifierBuilder::pem(PUBLIC_KEY)
         .body(body)
         .build_v1_verifier()
         .verify_body_only(tl_signature)