feat(jws): support eddsa

beatt83 · Jan 17, 2024 · 8304835 · 8304835
1 parent ca01114
commit 8304835
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 2 deletions.
diff --git a/Sources/JSONWebSignature/JWK+SigningAlgorithm.swift b/Sources/JSONWebSignature/JWK+SigningAlgorithm.swift
@@ -52,6 +52,18 @@ extension JWK {
             default:
                 throw JWS.JWSError.unsupportedAlgorithm(keyType: keyType.rawValue, algorithm: algorithm, curve: curve.rawValue)
             }
+        case .octetKeyPair:
+            guard let curve else { throw JWS.JWSError.missingCurve }
+            switch curve {
+            case .ed25519:
+                return SigningAlgorithm.EdDSA
+            default:
+                throw JWS.JWSError.unsupportedAlgorithm(
+                    keyType: keyType.rawValue,
+                    algorithm: algorithm,
+                    curve: curve.rawValue
+                )
+            }
         case .octetSequence:
             switch algorithm {
             case SigningAlgorithm.HS256.rawValue:
@@ -63,8 +75,6 @@ extension JWK {
             default:
                 throw JWS.JWSError.unsupportedAlgorithm(keyType: keyType.rawValue, algorithm: algorithm, curve: curve?.rawValue)
             }
-        default:
-            throw JWS.JWSError.unsupportedAlgorithm(keyType: keyType.rawValue, algorithm: algorithm, curve: curve?.rawValue)
         }
     }
 }
diff --git a/Tests/JWSTests/JWSJsonTests.swift b/Tests/JWSTests/JWSJsonTests.swift
@@ -126,4 +126,21 @@ final class JWSJsonTests: XCTestCase {
 
         XCTAssertThrowsError(try JWS.verify(jwsJson: jws.data(using: .utf8)!, jwk: jwkWithoutKid))
     }
+
+    func testJsonSerializationOneKeyOnlyEdDSA() throws {
+        var keyJWK = JWK.testingCurve25519KPair
+        keyJWK.keyID = "1"
+
+        let payload = "{\"iss\":\"joe\",\"exp\":1300819380,\"http://example.com/is_root\":true}"
+
+        let jws: Data = try JWS.jsonSerialization(payload: payload.data(using: .utf8)!, keys: [keyJWK])
+
+        let jsonSerilization = try JSONDecoder()
+            .decode(JWSJson<DefaultJWSHeaderImpl, DefaultJWSHeaderImpl>.self, from: jws)
+
+        XCTAssertEqual(jsonSerilization.signatures.count, 1)
+        XCTAssertEqual(try jsonSerilization.signatures.first!.validateAlg(), .EdDSA)
+        XCTAssertEqual(try jsonSerilization.signatures.first!.getKid(), "1")
+        XCTAssertTrue(try JWS.verify(jwsJson: jws, jwk: keyJWK))
+    }
 }
diff --git a/Tests/JWSTests/Mocks/JWK+Testing.swift b/Tests/JWSTests/Mocks/JWK+Testing.swift
@@ -35,6 +35,11 @@ extension JWK {
         return privateKey.jwkRepresentation
     }
 
+    static var testingCurve25519KPair: JWK {
+        let privateKey = Curve25519.Signing.PrivateKey()
+        return privateKey.jwkRepresentation
+    }
+
     static var testingES256KPair: JWK {
         let privateKey = try! secp256k1.Signing.PrivateKey()
         return privateKey.jwkRepresentation