Move try_get_hmac_secret directly into en-/decoding key impls

Author: sulami

src/crypto/aws_lc/hmac.rs

@@ -4,9 +4,6 @@
 use aws_lc_rs::hmac;
 use signature::{Signer, Verifier};
 
-use crate::crypto::utils::{
-    try_get_hmac_secret_from_decoding_key, try_get_hmac_secret_from_encoding_key,
-};
 use crate::crypto::{JwtSigner, JwtVerifier};
 use crate::errors::Result;
 use crate::{Algorithm, DecodingKey, EncodingKey};
@@ -17,10 +14,7 @@ macro_rules! define_hmac_signer {
 
         impl $name {
             pub(crate) fn new(encoding_key: &EncodingKey) -> Result<Self> {
-                Ok(Self(hmac::Key::new(
-                    $hmac_alg,
-                    try_get_hmac_secret_from_encoding_key(encoding_key)?,
-                )))
+                Ok(Self(hmac::Key::new($hmac_alg, encoding_key.try_get_hmac_secret()?)))
             }
         }
 
@@ -44,10 +38,7 @@ macro_rules! define_hmac_verifier {
 
         impl $name {
             pub(crate) fn new(decoding_key: &DecodingKey) -> Result<Self> {
-                Ok(Self(hmac::Key::new(
-                    $hmac_alg,
-                    try_get_hmac_secret_from_decoding_key(decoding_key)?,
-                )))
+                Ok(Self(hmac::Key::new($hmac_alg, decoding_key.try_get_hmac_secret()?)))
             }
         }
 

src/crypto/mod.rs

@@ -10,7 +10,6 @@ use crate::{DecodingKey, EncodingKey};
 pub(crate) mod aws_lc;
 #[cfg(feature = "rust_crypto")]
 pub(crate) mod rust_crypto;
-pub(crate) mod utils;
 
 use crate::serialization::{b64_decode, b64_encode};
 use signature::{Signer, Verifier};

src/crypto/rust_crypto/hmac.rs

@@ -5,9 +5,6 @@ use hmac::{Hmac, Mac};
 use sha2::{Sha256, Sha384, Sha512};
 use signature::{Signer, Verifier};
 
-use crate::crypto::utils::{
-    try_get_hmac_secret_from_decoding_key, try_get_hmac_secret_from_encoding_key,
-};
 use crate::crypto::{JwtSigner, JwtVerifier};
 use crate::errors::Result;
 use crate::{Algorithm, DecodingKey, EncodingKey};
@@ -23,10 +20,8 @@ macro_rules! define_hmac_signer {
 
         impl $name {
             pub(crate) fn new(encoding_key: &EncodingKey) -> Result<Self> {
-                let inner = <$hmac_type>::new_from_slice(try_get_hmac_secret_from_encoding_key(
-                    encoding_key,
-                )?)
-                .map_err(|_e| crate::errors::ErrorKind::InvalidKeyFormat)?;
+                let inner = <$hmac_type>::new_from_slice(encoding_key.try_get_hmac_secret()?)
+                    .map_err(|_e| crate::errors::ErrorKind::InvalidKeyFormat)?;
 
                 Ok(Self(inner))
             }
@@ -57,10 +52,8 @@ macro_rules! define_hmac_verifier {
 
         impl $name {
             pub(crate) fn new(decoding_key: &DecodingKey) -> Result<Self> {
-                let inner = <$hmac_type>::new_from_slice(try_get_hmac_secret_from_decoding_key(
-                    decoding_key,
-                )?)
-                .map_err(|_e| crate::errors::ErrorKind::InvalidKeyFormat)?;
+                let inner = <$hmac_type>::new_from_slice(decoding_key.try_get_hmac_secret()?)
+                    .map_err(|_e| crate::errors::ErrorKind::InvalidKeyFormat)?;
 
                 Ok(Self(inner))
             }

src/crypto/utils.rs

@@ -221,6 +221,14 @@ impl DecodingKey {
             DecodingKeyKind::RsaModulusExponent { .. } => unreachable!(),
         }
     }
+
+    pub(crate) fn try_get_hmac_secret(&self) -> Result<&[u8]> {
+        if self.family == AlgorithmFamily::Hmac {
+            Ok(self.as_bytes())
+        } else {
+            Err(new_error(ErrorKind::InvalidKeyFormat))
+        }
+    }
 }
 
 /// Decode and validate a JWT

src/decoding.rs

@@ -114,6 +114,14 @@ impl EncodingKey {
     pub(crate) fn inner(&self) -> &[u8] {
         &self.content
     }
+
+    pub(crate) fn try_get_hmac_secret(&self) -> Result<&[u8]> {
+        if self.family == AlgorithmFamily::Hmac {
+            Ok(self.inner())
+        } else {
+            Err(new_error(ErrorKind::InvalidKeyFormat))
+        }
+    }
 }
 
 /// Encode the header and claims given and sign the payload using the algorithm from the header and the key.