From 317bf287600d250314de8129411e8cde70ef3214 Mon Sep 17 00:00:00 2001
From: Alex Rudy <github@alexrudy.net>
Date: Mon, 4 Dec 2023 21:12:01 +0000
Subject: [PATCH] Clean up examples

Removes unnecessary low level std::io work, and cleans up comments, removing redundant parts.
---
 README.md             |  8 +-------
 examples/dyn-key.rs   | 18 ++++++++----------
 examples/rfc7515a2.rs |  8 +-------
 examples/save-key.rs  | 22 ++++++----------------
 4 files changed, 16 insertions(+), 40 deletions(-)

diff --git a/README.md b/README.md
index 066b4b6..33ac63f 100644
--- a/README.md
+++ b/README.md
@@ -127,9 +127,6 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
     .unwrap();
 
     // We will sign the JWT with the RS256 algorithm: RSA with SHA-256.
-    // RsaPkcs1v15 is really an alias to the digital signature algorithm
-    // implementation in the `rsa` crate, but provided in JAWS to make
-    // it clear which types are compatible with JWTs.
     let alg = rsa::pkcs1v15::SigningKey::<Sha256>::new(key);
 
     // Claims can combine registered and custom fields. The claims object
@@ -150,6 +147,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
     // but a custom type could be passed if we wanted to have custom header
     // fields.
     let mut token = Token::compact((), claims);
+
     // We can modify the headers freely before signing the JWT. In this case,
     // we provide the `typ` header, which is optional in the JWT spec.
     *token.header_mut().r#type() = Some("JWT".to_string());
@@ -159,7 +157,6 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
     token.header_mut().key().derived();
 
     println!("=== Initial JWT ===");
-
     // Initially the JWT has no defined signature:
     println!("{}", token.formatted());
 
@@ -198,12 +195,9 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
 
     assert_eq!(&key, alg.verifying_key().as_ref());
     println!("=== Verification === ");
-
-    // let alg: rsa::pkcs1v15::VerifyingKey<Sha256> = rsa::pkcs1v15::VerifyingKey::new(key);
     let alg: rsa::pkcs1v15::VerifyingKey<Sha256> = alg.verifying_key();
 
     // We can't access the claims until we verify the token.
-    // let verified = token.verify::<_, rsa::pkcs1v15::Signature>(&alg).unwrap();
     let verified = token
         .verify::<_, jaws::algorithms::SignatureBytes>(&alg)
         .unwrap();
diff --git a/examples/dyn-key.rs b/examples/dyn-key.rs
index b3cd277..d510056 100644
--- a/examples/dyn-key.rs
+++ b/examples/dyn-key.rs
@@ -31,9 +31,13 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
     .unwrap();
     let verify_key: rsa::pkcs1v15::VerifyingKey<Sha256> =
         rsa::pkcs1v15::VerifyingKey::new(key.to_public_key());
-    let verify_alg: Box<dyn TokenVerifier<SignatureBytes>> = Box::new(verify_key.clone());
+
+    // We will sign the JWT with a type-erased algorithm, and use a type-erased
+    // verifier to verify it. This allows you to use a set of verifiers which
+    // are not known at compile time.
     let alg: Box<dyn TokenSigningKey> =
         Box::new(rsa::pkcs1v15::SigningKey::<Sha256>::new(key.clone()));
+    let verify_alg: Box<dyn TokenVerifier<SignatureBytes>> = Box::new(verify_key.clone());
 
     // Claims can combine registered and custom fields. The claims object
     // can be any type which implements [serde::Serialize].
@@ -94,10 +98,10 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
         .clone()
         .verify::<_, rsa::pkcs1v15::Signature>(&verify_key)
         .unwrap();
-    println!("Verified with dyn verify key (typed)");
+    println!("Verified with verify key (typed)");
 
     // Check it against the verified key
-    token
+    let verified = token
         .clone()
         .verify::<_, SignatureBytes>(verify_alg.as_ref())
         .unwrap();
@@ -108,13 +112,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
         .clone()
         .verify::<_, rsa::pkcs1v15::Signature>(&key)
         .unwrap();
-    println!("Verified with JWT");
-
-    // We can't access the claims until we verify the token.
-    let verified = token
-        .verify::<_, SignatureBytes>(verify_alg.as_ref())
-        .unwrap();
-    println!("Verified with original key");
+    println!("Verified with JWK");
 
     println!("=== Verified JWT ===");
     println!("JWT:");
diff --git a/examples/rfc7515a2.rs b/examples/rfc7515a2.rs
index 32dda7c..a03c6ff 100644
--- a/examples/rfc7515a2.rs
+++ b/examples/rfc7515a2.rs
@@ -44,9 +44,6 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
     .unwrap();
 
     // We will sign the JWT with the RS256 algorithm: RSA with SHA-256.
-    // RsaPkcs1v15 is really an alias to the digital signature algorithm
-    // implementation in the `rsa` crate, but provided in JAWS to make
-    // it clear which types are compatible with JWTs.
     let alg = rsa::pkcs1v15::SigningKey::<Sha256>::new(key);
 
     // Claims can combine registered and custom fields. The claims object
@@ -67,6 +64,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
     // but a custom type could be passed if we wanted to have custom header
     // fields.
     let mut token = Token::compact((), claims);
+
     // We can modify the headers freely before signing the JWT. In this case,
     // we provide the `typ` header, which is optional in the JWT spec.
     *token.header_mut().r#type() = Some("JWT".to_string());
@@ -76,7 +74,6 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
     token.header_mut().key().derived();
 
     println!("=== Initial JWT ===");
-
     // Initially the JWT has no defined signature:
     println!("{}", token.formatted());
 
@@ -115,12 +112,9 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
 
     assert_eq!(&key, alg.verifying_key().as_ref());
     println!("=== Verification === ");
-
-    // let alg: rsa::pkcs1v15::VerifyingKey<Sha256> = rsa::pkcs1v15::VerifyingKey::new(key);
     let alg: rsa::pkcs1v15::VerifyingKey<Sha256> = alg.verifying_key();
 
     // We can't access the claims until we verify the token.
-    // let verified = token.verify::<_, rsa::pkcs1v15::Signature>(&alg).unwrap();
     let verified = token
         .verify::<_, jaws::algorithms::SignatureBytes>(&alg)
         .unwrap();
diff --git a/examples/save-key.rs b/examples/save-key.rs
index efdb22f..e799014 100644
--- a/examples/save-key.rs
+++ b/examples/save-key.rs
@@ -1,5 +1,3 @@
-use std::io::Write;
-
 use jaws::key::DeserializeJWK as _;
 use rsa::{pkcs1::EncodeRsaPublicKey, pkcs8::EncodePrivateKey};
 use serde_json::json;
@@ -40,14 +38,10 @@ fn main() {
 
     let pemdata = pkey.to_pkcs8_pem(Default::default()).unwrap();
 
-    std::io::BufWriter::new(
-        std::fs::File::create(concat!(
-            env!("CARGO_MANIFEST_DIR"),
-            "/examples/rfc7515a2.pem"
-        ))
-        .unwrap(),
+    std::fs::write(
+        concat!(env!("CARGO_MANIFEST_DIR"), "/examples/rfc7515a2.pem"),
+        pemdata,
     )
-    .write_all(pemdata.as_bytes())
     .unwrap();
 
     let pemdata = pkey
@@ -55,13 +49,9 @@ fn main() {
         .to_pkcs1_pem(Default::default())
         .unwrap();
 
-    std::io::BufWriter::new(
-        std::fs::File::create(concat!(
-            env!("CARGO_MANIFEST_DIR"),
-            "/examples/rfc7515a2.pub"
-        ))
-        .unwrap(),
+    std::fs::write(
+        concat!(env!("CARGO_MANIFEST_DIR"), "/examples/rfc7515a2.pub"),
+        pemdata,
     )
-    .write_all(pemdata.as_bytes())
     .unwrap();
 }