Implement JWTKeyCollection and hide JWTSigner

Sources/JWTKit/Claims/JWTClaim.swift

@@ -1,7 +1,7 @@
 /// A claim is a codable, top-level property of a JWT payload. Multiple claims form a payload.
 /// Some claims, such as expiration claims, are inherently verifiable. Each claim able to verify
 /// itself provides an appropriate method for doing so, depending on the specific claim.
-public protocol JWTClaim: Codable {
+public protocol JWTClaim: Codable, Sendable {
     /// The associated value type.
     associatedtype Value: Codable
 
@@ -12,22 +12,22 @@ public protocol JWTClaim: Codable {
     init(value: Value)
 }
 
-extension JWTClaim where Value == String, Self: ExpressibleByStringLiteral {
+public extension JWTClaim where Value == String, Self: ExpressibleByStringLiteral {
     /// See `ExpressibleByStringLiteral`.
-    public init(stringLiteral string: String) {
+    init(stringLiteral string: String) {
         self.init(value: string)
     }
 }
 
-extension JWTClaim {
+public extension JWTClaim {
     /// See `Decodable`.
-    public init(from decoder: Decoder) throws {
+    init(from decoder: Decoder) throws {
         let single = try decoder.singleValueContainer()
         try self.init(value: single.decode(Value.self))
     }
 
     /// See `Encodable`.
-    public func encode(to encoder: Encoder) throws {
+    func encode(to encoder: Encoder) throws {
         var single = encoder.singleValueContainer()
         try single.encode(value)
     }

Sources/JWTKit/ECDSA/ECDSACurve.swift

@@ -9,7 +9,7 @@
 ///
 /// The use of ``ECDSACurve`` in cryptographic operations allows for easy specification and interchange of
 /// the elliptic curves based on security requirements and application needs.
-public struct ECDSACurve {
+public struct ECDSACurve: Sendable {
     let curve: String
 
     static var p256: Self {

Sources/JWTKit/ECDSA/ECDSAKeyType.swift

@@ -17,7 +17,7 @@ import X509
 ///   - y: A `String` representing the y-coordinate on the elliptic curve.
 public typealias ECDSAParameters = (x: String, y: String)
 
-public protocol ECDSAPrivateKey {
+public protocol ECDSAPrivateKey: Sendable {
     associatedtype PublicKey: ECDSAPublicKey
     associatedtype Signature: ECDSASignature
     init(compactRepresentable: Bool)
@@ -33,7 +33,7 @@ public protocol ECDSAPrivateKey {
     func signature(for data: some Digest) throws -> Signature
 }
 
-public protocol ECDSAPublicKey {
+public protocol ECDSAPublicKey: Sendable {
     init(rawRepresentation: some ContiguousBytes) throws
     init(compactRepresentation: some ContiguousBytes) throws
     init(x963Representation: some ContiguousBytes) throws
@@ -60,7 +60,7 @@ extension ECDSAPrivateKey {
     }
 }
 
-protocol ECDSAKeyType {
+protocol ECDSAKeyType: Sendable {
     associatedtype PrivateKey: ECDSAPrivateKey
     associatedtype PublicKey: ECDSAPublicKey
 

Sources/JWTKit/ECDSA/JWTKeyCollection+ECDSA.swift

@@ -0,0 +1,37 @@
+extension JWTKeyCollection {
+    // MARK: 256
+
+    @discardableResult
+    func addES256(
+        key: ES256Key,
+        kid: JWKIdentifier? = nil,
+        jsonEncoder: (any JWTJSONEncoder)? = nil,
+        jsonDecoder: (any JWTJSONDecoder)? = nil
+    ) -> Self {
+        add(.init(algorithm: ECDSASigner(key: key, algorithm: .sha256, name: "ES256"), jsonEncoder: jsonEncoder, jsonDecoder: jsonDecoder), for: kid)
+    }
+
+    // MARK: 384
+
+    @discardableResult
+    func addES384(
+        key: ES384Key,
+        kid: JWKIdentifier? = nil,
+        jsonEncoder: (any JWTJSONEncoder)? = nil,
+        jsonDecoder: (any JWTJSONDecoder)? = nil
+    ) -> Self {
+        add(.init(algorithm: ECDSASigner(key: key, algorithm: .sha384, name: "ES384"), jsonEncoder: jsonEncoder, jsonDecoder: jsonDecoder), for: kid)
+    }
+
+    // MARK: 512
+
+    @discardableResult
+    func addES521(
+        key: ES521Key,
+        kid: JWKIdentifier? = nil,
+        jsonEncoder: (any JWTJSONEncoder)? = nil,
+        jsonDecoder: (any JWTJSONDecoder)? = nil
+    ) -> Self {
+        add(.init(algorithm: ECDSASigner(key: key, algorithm: .sha512, name: "ES512"), jsonEncoder: jsonEncoder, jsonDecoder: jsonDecoder), for: kid)
+    }
+}

Sources/JWTKit/ECDSA/P256+CurveType.swift

@@ -34,4 +34,4 @@ extension P256.Signing.PublicKey: ECDSAPublicKey {
 extension P256.Signing.ECDSASignature: ECDSASignature {}
 extension P256.Signing.PrivateKey: ECDSAPrivateKey {}
 
-public typealias P256Key = ECDSAKey<P256>
+public typealias ES256Key = ECDSAKey<P256>

Sources/JWTKit/ECDSA/P384+CurveType.swift

@@ -34,4 +34,4 @@ extension P384.Signing.PublicKey: ECDSAPublicKey {
 extension P384.Signing.ECDSASignature: ECDSASignature {}
 extension P384.Signing.PrivateKey: ECDSAPrivateKey {}
 
-public typealias P384Key = ECDSAKey<P384>
+public typealias ES384Key = ECDSAKey<P384>

Sources/JWTKit/ECDSA/P521+CurveType.swift

@@ -35,4 +35,4 @@ extension P521.Signing.PublicKey: ECDSAPublicKey {
 extension P521.Signing.ECDSASignature: ECDSASignature {}
 extension P521.Signing.PrivateKey: ECDSAPrivateKey {}
 
-public typealias P521Key = ECDSAKey<P521>
+public typealias ES521Key = ECDSAKey<P521>

Sources/JWTKit/EdDSA/EdDSAKey.swift

@@ -1,8 +1,8 @@
 import Crypto
 import Foundation
 
-public struct EdDSAKey {
-    public enum Curve: String, Codable {
+public struct EdDSAKey: Sendable {
+    public enum Curve: String, Codable, Sendable {
         case ed25519 = "Ed25519"
     }
 

Sources/JWTKit/EdDSA/EdDSASigner.swift

@@ -1,7 +1,7 @@
 import Crypto
 import Foundation
 
-struct EdDSASigner: JWTAlgorithm {
+struct EdDSASigner: JWTAlgorithm, Sendable {
     let key: EdDSAKey
     let name = "EdDSA"
 

Sources/JWTKit/EdDSA/JWTKeyCollection+EdDSA.swift

@@ -0,0 +1,13 @@
+import Crypto
+import Foundation
+
+public extension JWTKeyCollection {
+    func addEdDSA(
+        key: EdDSAKey,
+        kid: JWKIdentifier? = nil,
+        jsonEncoder: (any JWTJSONEncoder)? = nil,
+        jsonDecoder: (any JWTJSONDecoder)? = nil
+    ) -> Self {
+        add(.init(algorithm: EdDSASigner(key: key), jsonEncoder: jsonEncoder, jsonDecoder: jsonDecoder), for: kid)
+    }
+}

Sources/JWTKit/HMAC/JWTKeyCollection+HMAC.swift

@@ -0,0 +1,107 @@
+import Crypto
+import Foundation
+
+public extension JWTKeyCollection {
+    // MARK: 256
+
+    @discardableResult
+    func addHS256(
+        key: String,
+        kid: JWKIdentifier? = nil,
+        jsonEncoder: (any JWTJSONEncoder)? = nil,
+        jsonDecoder: (any JWTJSONDecoder)? = nil
+    ) -> Self {
+        addHS256(key: [UInt8](key.utf8), kid: kid, jsonEncoder: jsonEncoder, jsonDecoder: jsonDecoder)
+    }
+
+    @discardableResult
+    func addHS256(
+        key: some DataProtocol,
+        kid: JWKIdentifier? = nil,
+        jsonEncoder: (any JWTJSONEncoder)? = nil,
+        jsonDecoder: (any JWTJSONDecoder)? = nil
+    ) -> Self {
+        let symmetricKey = SymmetricKey(data: key.copyBytes())
+        return addHS256(key: symmetricKey, kid: kid, jsonEncoder: jsonEncoder, jsonDecoder: jsonDecoder)
+    }
+
+    @discardableResult
+    func addHS256(
+        key: SymmetricKey,
+        kid: JWKIdentifier? = nil,
+        jsonEncoder: (any JWTJSONEncoder)? = nil,
+        jsonDecoder: (any JWTJSONDecoder)? = nil
+    ) -> Self {
+        add(.init(algorithm: HMACSigner<SHA256>(key: key, name: "HS256"), jsonEncoder: jsonEncoder, jsonDecoder: jsonDecoder), for: kid)
+    }
+}
+
+public extension JWTKeyCollection {
+    // MARK: 384
+
+    @discardableResult
+    func addHS384(
+        key: String,
+        kid: JWKIdentifier? = nil,
+        jsonEncoder: (any JWTJSONEncoder)? = nil,
+        jsonDecoder: (any JWTJSONDecoder)? = nil
+    ) -> Self {
+        addHS384(key: [UInt8](key.utf8), kid: kid, jsonEncoder: jsonEncoder, jsonDecoder: jsonDecoder)
+    }
+
+    @discardableResult
+    func addHS384(
+        key: some DataProtocol,
+        kid: JWKIdentifier? = nil,
+        jsonEncoder: (any JWTJSONEncoder)? = nil,
+        jsonDecoder: (any JWTJSONDecoder)? = nil
+    ) -> Self {
+        let symmetricKey = SymmetricKey(data: key.copyBytes())
+        return addHS384(key: symmetricKey, kid: kid, jsonEncoder: jsonEncoder, jsonDecoder: jsonDecoder)
+    }
+
+    @discardableResult
+    func addHS384(
+        key: SymmetricKey,
+        kid: JWKIdentifier? = nil,
+        jsonEncoder: (any JWTJSONEncoder)? = nil,
+        jsonDecoder: (any JWTJSONDecoder)? = nil
+    ) -> Self {
+        add(.init(algorithm: HMACSigner<SHA384>(key: key, name: "HS384"), jsonEncoder: jsonEncoder, jsonDecoder: jsonDecoder), for: kid)
+    }
+}
+
+public extension JWTKeyCollection {
+    // MARK: 512
+
+    @discardableResult
+    func addHS512(
+        key: String,
+        kid: JWKIdentifier? = nil,
+        jsonEncoder: (any JWTJSONEncoder)? = nil,
+        jsonDecoder: (any JWTJSONDecoder)? = nil
+    ) -> Self {
+        addHS512(key: [UInt8](key.utf8), kid: kid, jsonEncoder: jsonEncoder, jsonDecoder: jsonDecoder)
+    }
+
+    @discardableResult
+    func addHS512(
+        key: some DataProtocol,
+        kid: JWKIdentifier? = nil,
+        jsonEncoder: (any JWTJSONEncoder)? = nil,
+        jsonDecoder: (any JWTJSONDecoder)? = nil
+    ) -> Self {
+        let symmetricKey = SymmetricKey(data: key.copyBytes())
+        return addHS512(key: symmetricKey, kid: kid, jsonEncoder: jsonEncoder, jsonDecoder: jsonDecoder)
+    }
+
+    @discardableResult
+    func addHS512(
+        key: SymmetricKey,
+        kid: JWKIdentifier? = nil,
+        jsonEncoder: (any JWTJSONEncoder)? = nil,
+        jsonDecoder: (any JWTJSONDecoder)? = nil
+    ) -> Self {
+        add(.init(algorithm: HMACSigner<SHA512>(key: key, name: "HS512"), jsonEncoder: jsonEncoder, jsonDecoder: jsonDecoder), for: kid)
+    }
+}