Add PEM decoding support

[LeviSchuck]

This adds a new top level function decode_pem, and a subsequent function as_key on the result type for use with sign and verify.

This contributes to #76 and #77
However it does not include X.509 certificate support.

I have an idea on how to do that but this should handle many cases that users want as PEM files are the common output from openssl

It supports both PKCS#1 and PKCS#8 RSA keys, it supports PKCS#8 EC keys, however it doesn't assert that the curve ID but within JWT contexts the curve is predefined by the spec.

[Keats]

That looks good!
I will probably change the API to make it easy for users but all the effort it very appreciated.

How did you generate the PEM keys? I will add all the defaut ones from jwt.io later on to ensure everything is fine.

[Keats]

this sentence seems like it's missing stuff?

[LeviSchuck]

I've updated the readme a little.

[LeviSchuck]

How did you generate the PEM keys? I will add all the defaut ones from jwt.io later on to ensure everything is fine.

All of the key data is derived from what was already in the repo. I renamed the private_rsa_key.pem to its corresponding _pkcs8 type. I've gone through my zsh history for exact answers.

The PKCS#1 keys are the base64 encoded .der keys already in the repository with the corresponding PEM tag PRIVATE RSA KEY or PUBLIC RSA KEY.

The PKCS#8 RSA public key was created from the private key with an openssl command.
openssl pkcs8 -topk8 -in private_rsa_key.pem -out private_rsa_key_pkcs8.pem -nocrypt

The PKCS#8 EC private key was created from the .pk8 file already in the repository.
base64 public_ecdsa_key.pk8 | awk '{gsub(/.{64}/,"&\n")}1' > public_ecdsa_key.pem followed by manually adding the PEM Tagging -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- around the existing file.

And the public key was then derived from that
openssl ec -in private_ecdsa_key.pem -pubout -out public_ecdsa_key.pem

[LeviSchuck]

I will probably change the API to make it easy for users but all the effort it very appreciated.

Sure, I'm not set on how the API came out, though I struggled with lifetimes. There's the challenges I experienced that resulted in this API.

1. PEM Decoding allocates its own Vec<u8> for the base64 contents.
2. ASN1 Parsing references the slice made from the Vec<u8> above
3. The Key::(Der|Pkcs8) enums use a slice reference, which may either be directly from the PEM decoded contents or from a subsection as selected from the ASN1 parsing.

This is the first real rust and opensource contribution I've made so I appreciate the critique you give.

[LeviSchuck]

Your PR seems to have landed Keats, and is now on crate
jcreekmore/pem-rs#19
https://crates.io/crates/pem

I'll update the PR by bumping the pem version

[Keats]

Thanks!

This is the first real rust and opensource contribution I've made so I appreciate the critique you give.

I'll give a better review then but that will have to wait the weekend/next week.

[Keats]

Not much to say, it's pretty good!
Don't worry about fixing them, the API might change significantly

[Keats]

I would put all of those at the top above the struct.

[Keats]

You can (and should) put those derive in a single command: #[derive(Debug, PartialEq)]

[Keats]

you can remove that

[LeviSchuck]

oh yes definitely, that was a debugging helper.

[Keats]

No need for Option::

[Keats]

you can replace that line by None

[Keats]

Note: I'll merge it in the pem-handling branch first to experiment with the API and to make it easy for you to follow all the changes/give feedback.

[LeviSchuck]

I look forward to it.