Support passing public keys too for ssl library key handles

Author: sandro97git

include/jwt-cpp/jwt.h

@@ -1570,11 +1570,9 @@ namespace jwt {
 					throw error::ecdsa_exception(error::ecdsa_error::invalid_key_size);
 			}
 
-			ecdsa(helper::evp_pkey_handle private_key, const EVP_MD* (*md)(), std::string name, size_t siglen)
-				: pkey(std::move(private_key)), md(md), alg_name(std::move(name)), signature_length(siglen) {
-				if (pkey) {
-					check_private_key(pkey.get());
-				} else {
+			ecdsa(helper::evp_pkey_handle key_pair, const EVP_MD* (*md)(), std::string name, size_t siglen)
+				: pkey(std::move(key_pair)), md(md), alg_name(std::move(name)), signature_length(siglen) {
+				if (!pkey) {
 					throw error::ecdsa_exception(error::ecdsa_error::no_key_provided);
 				}
 				size_t keysize = EVP_PKEY_bits(pkey.get());
@@ -1773,6 +1771,16 @@ namespace jwt {
 			const size_t signature_length;
 		};
 
+		// enum class ecdsa_algorithm { es384 };
+		//
+		// struct ecdsa_algorithm_builder {
+		// 	ecdsa_algorithm_builder(ecdsa_algorithm algorithm) {}
+		//
+		// 	ecdsa build() { return ecdsa(); }
+		//
+		// private:
+		// };
+
 #if !defined(JWT_OPENSSL_1_0_0) && !defined(JWT_OPENSSL_1_1_0)
 		/**
 		 * \brief Base class for EdDSA family of algorithms

tests/TokenTest.cpp

@@ -175,6 +175,28 @@ TEST(TokenTest, CreateTokenES256) {
 	ASSERT_NO_THROW(jwt::verify().allow_algorithm(jwt::algorithm::es256(ecdsa256_pub_key, "", "", "")).verify(decoded));
 }
 
+TEST(TokenTest, CreateTokenEvpPkeyES256) {
+
+	auto token = jwt::create().set_issuer("auth0").set_type("JWS").sign(jwt::algorithm::ecdsa(
+		jwt::helper::load_private_ec_key_from_string(ecdsa256_priv_key), EVP_sha256, "ES256", 64));
+
+	auto decoded = jwt::decode(token);
+
+	ASSERT_THROW(
+		jwt::verify().allow_algorithm(jwt::algorithm::es256(ecdsa256_pub_key_invalid, "", "", "")).verify(decoded),
+		jwt::error::signature_verification_exception);
+	ASSERT_NO_THROW(jwt::verify().allow_algorithm(jwt::algorithm::es256(ecdsa256_pub_key, "", "", "")).verify(decoded));
+}
+
+TEST(TokenTest, CreateTokenEvpPkeyES256NoPrivate) {
+	ASSERT_THROW(
+		[]() {
+			auto token = jwt::create().set_issuer("auth0").set_type("JWS").sign(jwt::algorithm::ecdsa(
+				jwt::helper::load_public_ec_key_from_string(ecdsa256_pub_key), EVP_sha256, "ES256", 64));
+		}(),
+		jwt::error::signature_generation_exception);
+}
+
 TEST(TokenTest, CreateTokenES256NoPrivate) {
 	ASSERT_THROW(
 		[]() {
@@ -548,6 +570,17 @@ TEST(TokenTest, VerifyTokenES256FailNoKey) {
 		jwt::error::ecdsa_exception);
 }
 
+TEST(TokenTest, VerifyTokenEvpPkeyES256FailNoKey) {
+	ASSERT_THROW(
+		[]() {
+			auto verify = jwt::verify()
+							  .allow_algorithm(
+								  jwt::algorithm::ecdsa(jwt::helper::evp_pkey_handle{nullptr}, EVP_sha256, "ES256", 64))
+							  .with_issuer("auth0");
+		}(),
+		jwt::error::ecdsa_exception);
+}
+
 TEST(TokenTest, VerifyTokenES256) {
 	const std::string token = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9.4iVk3-Y0v4RT4_9IaQlp-8dZ_"
 							  "4fsTzIylgrPTDLrEvTHBTyVS3tgPbr2_IZfLETtiKRqCg0aQ5sh9eIsTTwB1g";
@@ -558,6 +591,17 @@ TEST(TokenTest, VerifyTokenES256) {
 	verify.verify(decoded_token);
 }
 
+TEST(TokenTest, VerifyTokenEvpPkeyES256) {
+	const std::string token = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9.4iVk3-Y0v4RT4_9IaQlp-8dZ_"
+							  "4fsTzIylgrPTDLrEvTHBTyVS3tgPbr2_IZfLETtiKRqCg0aQ5sh9eIsTTwB1g";
+
+	auto verify = jwt::verify().allow_algorithm(
+		jwt::algorithm::ecdsa(jwt::helper::load_public_ec_key_from_string(ecdsa256_pub_key), EVP_sha256, "ES256", 64));
+	auto decoded_token = jwt::decode(token);
+
+	verify.verify(decoded_token);
+}
+
 TEST(TokenTest, VerifyTokenES256Fail) {
 	const std::string token = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9.4iVk3-Y0v4RT4_9IaQlp-8dZ_"
 							  "4fsTzIylgrPTDLrEvTHBTyVS3tgPbr2_IZfLETtiKRqCg0aQ5sh9eIsTTwB1g";