diff options
Diffstat (limited to 'src/scm/webid-oidc/jws.scm')
-rw-r--r-- | src/scm/webid-oidc/jws.scm | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/src/scm/webid-oidc/jws.scm b/src/scm/webid-oidc/jws.scm index 24a8bbc..3e5e50b 100644 --- a/src/scm/webid-oidc/jws.scm +++ b/src/scm/webid-oidc/jws.scm @@ -23,6 +23,7 @@ #:use-module (ice-9 receive) #:use-module (ice-9 exceptions) #:use-module (ice-9 match) + #:use-module (oop goops) #:declarative? #t #:export ( @@ -228,10 +229,22 @@ error)))) (try-with-key keys)) (lambda () - (stubs:verify alg next-key payload signature)) + (stubs:verify alg (key->jwk next-key) payload signature)) #:unwind? #t #:unwind-for-type stubs:&invalid-signature))))) +;; For verification, we can supply a JWKS, or a public key, or a list +;; of public keys. The JWKS case is handled in (webid-oidc jwk). + +(define-method (keys (key <public-key>)) + (list key)) + +(define-method (keys (key <key-pair>)) + (list (public-key key))) + +(define-method (keys (keys <list>)) + (map public-key keys)) + (define (jws-decode str lookup-keys) (with-exception-handler (lambda (error) @@ -248,11 +261,8 @@ (lambda () (parse str (lambda (jws payload signature) - (let ((keys (lookup-keys jws))) - (let ((keys (cond ((jwk? keys) (list keys)) - ((jwks? keys) (jwks-keys keys)) - (else keys)))) - (verify-any (jws-alg jws) keys payload signature)))))))) + (let ((k (keys (lookup-keys jws)))) + (verify-any (jws-alg jws) k payload signature))))))) (define (jws-encode jws key) (with-exception-handler @@ -275,5 +285,5 @@ (let ((header (stubs:base64-encode header)) (payload (stubs:base64-encode payload))) (let ((payload (string-append header "." payload))) - (let ((signature (stubs:sign (jws-alg jws) key payload))) + (let ((signature (stubs:sign (jws-alg jws) (key->jwk key) payload))) (string-append payload "." signature)))))))))) |