airsidemobile · ghost · Oct 24, 2018 · Oct 24, 2018 · Oct 24, 2018 · Oct 24, 2018
diff --git a/JOSESwift.xcodeproj/project.pbxproj b/JOSESwift.xcodeproj/project.pbxproj
@@ -10,6 +10,7 @@
 		6505236E1FB4940100E0B1B1 /* AESEncrypter.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6505236D1FB4940100E0B1B1 /* AESEncrypter.swift */; };
 		650523701FB494BE00E0B1B1 /* AESDecrypter.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6505236F1FB494BE00E0B1B1 /* AESDecrypter.swift */; };
 		6506D9E920F4CA2000F34DD8 /* SymmetricKeyTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6506D9E820F4CA2000F34DD8 /* SymmetricKeyTests.swift */; };
+		6508625B2180D9A00052F9CA /* JWKParameterTypeTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6508625A2180D9A00052F9CA /* JWKParameterTypeTests.swift */; };
 		65125A321FBF85FA007CF3AE /* JWSDeserializationTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 65125A311FBF85FA007CF3AE /* JWSDeserializationTests.swift */; };
 		6514ADC92031DD15008A4DD3 /* ASN1DEREncoding.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6514ADC82031DD15008A4DD3 /* ASN1DEREncoding.swift */; };
 		6514ADCB2031DD27008A4DD3 /* ASN1DEREncodingTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6514ADCA2031DD27008A4DD3 /* ASN1DEREncodingTests.swift */; };
@@ -100,6 +101,7 @@
 		6505236D1FB4940100E0B1B1 /* AESEncrypter.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AESEncrypter.swift; sourceTree = "<group>"; };
 		6505236F1FB494BE00E0B1B1 /* AESDecrypter.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AESDecrypter.swift; sourceTree = "<group>"; };
 		6506D9E820F4CA2000F34DD8 /* SymmetricKeyTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SymmetricKeyTests.swift; sourceTree = "<group>"; };
+		6508625A2180D9A00052F9CA /* JWKParameterTypeTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = JWKParameterTypeTests.swift; sourceTree = "<group>"; };
 		65125A311FBF85FA007CF3AE /* JWSDeserializationTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = JWSDeserializationTests.swift; sourceTree = "<group>"; };
 		6514ADC82031DD15008A4DD3 /* ASN1DEREncoding.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ASN1DEREncoding.swift; sourceTree = "<group>"; };
 		6514ADCA2031DD27008A4DD3 /* ASN1DEREncodingTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ASN1DEREncodingTests.swift; sourceTree = "<group>"; };
@@ -312,6 +314,7 @@
 				65A103A0202B03BB00D22BF5 /* ASN1DERParsingTests.swift */,
 				65A103A2202B0CDF00D22BF5 /* DataRSAPublicKeyTests.swift */,
 				6546D605203580C6007217FB /* JWKRSADecodingTests.swift */,
+				6508625A2180D9A00052F9CA /* JWKParameterTypeTests.swift */,
 				65826AB320286B3A00AFFC46 /* JWKRSAEncodingTests.swift */,
 				65E733D41FEC031B0009EAC6 /* JWKRSAKeysTests.swift */,
 				6536560A2035DC3900A3AC3B /* JWKSetCodingTests.swift */,
@@ -559,6 +562,7 @@
 				C8F096501FC56B25000BEE4D /* RSAEncrypterTests.swift in Sources */,
 				65125A321FBF85FA007CF3AE /* JWSDeserializationTests.swift in Sources */,
 				65A103A3202B0CDF00D22BF5 /* DataRSAPublicKeyTests.swift in Sources */,
+				6508625B2180D9A00052F9CA /* JWKParameterTypeTests.swift in Sources */,
 				C81DD9261FD6F07F00026024 /* (null) in Sources */,
 				C84BDE171FAB1CB60002B5D0 /* RSASignerTests.swift in Sources */,
 				C8EE14541FAC797500A616E4 /* RSAVerifierTests.swift in Sources */,

diff --git a/JOSESwift/Sources/JWK.swift b/JOSESwift/Sources/JWK.swift
@@ -53,15 +53,15 @@ public protocol JWK: Codable {
     /// The parameters of the JWK representing the properties of the key(s), including the value(s).
     /// Check [RFC 7517, Section 4](https://tools.ietf.org/html/rfc7517#section-4) and
     /// [RFC 7518, Section 6](https://tools.ietf.org/html/rfc7518#section-6) for possible parameters.
-    var parameters: [String: String] { get }
+    var parameters: [String: JWKParameterType] { get }
 
     /// Accesses the specified parameter.
     /// The parameters of the JWK representing the properties of the key(s), including the value(s).
     /// Check [RFC 7517, Section 4](https://tools.ietf.org/html/rfc7517#section-4) and
     /// [RFC 7518, Section 6](https://tools.ietf.org/html/rfc7518#section-6) for possible parameters.
     ///
     /// - Parameter parameter: The desired parameter.
-    subscript(parameter: String) -> String? { get }
+    subscript(parameter: String) -> Any? { get }
 
     /// Initializes a JWK from given JSON data.
     ///

diff --git a/JOSESwift/Sources/JWKExtensions.swift b/JOSESwift/Sources/JWKExtensions.swift
@@ -26,7 +26,7 @@ import Foundation
 // MARK: Subscript
 
 public extension JWK {
-    subscript(parameter: String) -> String? {
+    subscript(parameter: String) -> Any? {
         return parameters[parameter]
     }
 }
@@ -46,3 +46,59 @@ public extension JWK {
         return try? JSONEncoder().encode(self)
     }
 }
+
+// MARK: Parameter getters
+
+extension JWK {
+    /// The public key use parameter identifies the intended use of a public key.
+    /// See [RFC-7517](https://tools.ietf.org/html/rfc7517#section-4.2).
+    var keyUse: String? {
+        return parameters[JWKParameter.keyUse.rawValue] as? String
+    }
+
+    /// The key operations parameter identifies the operation(s) for which the key is intended to be used.
+    /// See [RFC-7517](https://tools.ietf.org/html/rfc7517#section-4.3).
+    var keyOperations: [String]? {
+        return parameters[JWKParameter.keyOperations.rawValue] as? [String]
+    }
+
+    /// The algorithm parameter identifies the algorithm intended for use with the key.
+    /// See [RFC-7517](https://tools.ietf.org/html/rfc7517#section-4.4).
+    var algorithm: String? {
+        return parameters[JWKParameter.algorithm.rawValue] as? String
+    }
+
+    /// The key identifier parameter is used to match a specific key.
+    /// See [RFC-7517](https://tools.ietf.org/html/rfc7517#section-4.5).
+    var keyIdentifier: String? {
+        return parameters[JWKParameter.keyIdentifier.rawValue] as? String
+    }
+
+    /// The X.509 URL parameter is a URI that refers to a resource for an X.509 public key certificate
+    /// or certificate chain.
+    /// See [RFC-7517](https://tools.ietf.org/html/rfc7517#section-4.6).
+    var X509URL: String? {
+        return parameters[JWKParameter.X509URL.rawValue] as? String
+    }
+
+    /// The X.509 certificate chain parameter contains a chain of one or more PKIX certificates.
+    /// See [RFC-7517](https://tools.ietf.org/html/rfc7517#section-4.7).
+    var X509CertificateChain: [String]? {
+        return parameters[JWKParameter.X509CertificateChain.rawValue] as? [String]
+    }
+
+    /// The X.509 certificate SHA-1 thumbprint parameter is a base64url-encoded SHA-1 thumbprint (a.k.a. digest)
+    /// of the DER encoding of an X.509 certificate.
+    /// See [RFC-7517](https://tools.ietf.org/html/rfc7517#section-4.8).
+    var X509CertificateSHA1Thumbprint: String? {
+        return parameters[JWKParameter.X509CertificateSHA1Thumbprint.rawValue] as? String
+    }
+
+    /// The X.509 certificate SHA-256 thumbprint parameter is a base64url-encoded SHA-256 thumbprint (a.k.a. digest)
+    /// of the DER encoding of an X.509 certificate.
+    /// See [RFC-7517](https://tools.ietf.org/html/rfc7517#section-4.9).
+    var X509CertificateSHA256Thumbprint: String? {
+        return parameters[JWKParameter.X509CertificateSHA256Thumbprint.rawValue] as? String
+    }
+}
+
diff --git a/JOSESwift/Sources/JWKParameters.swift b/JOSESwift/Sources/JWKParameters.swift
@@ -23,6 +23,12 @@
 
 import Foundation
 
+// Common protocol for all types that can be used as JWK parameters.
+public protocol JWKParameterType: Encodable, Decodable { }
+
+extension String: JWKParameterType { }
+extension Array: JWKParameterType where Element == String { }
+
 /// Possible common JWK parameters.
 /// See [RFC-7517, Section 4](https://tools.ietf.org/html/rfc7517#section-4) for details.
 public enum JWKParameter: String, CodingKey {
@@ -36,10 +42,15 @@ public enum JWKParameter: String, CodingKey {
     case X509CertificateSHA1Thumbprint = "x5t"
     case X509CertificateSHA256Thumbprint = "x5t#S256"
 
-    static let nonStringParameters: [JWKParameter] = [
-        .keyOperations,
-        .X509CertificateChain
-    ]
+    var type: Codable.Type {
+        switch self {
+        case .keyType, .keyUse, .algorithm, .keyIdentifier,
+             .X509URL, .X509CertificateSHA1Thumbprint, .X509CertificateSHA256Thumbprint:
+            return String.self
+        case .keyOperations, .X509CertificateChain:
+            return [String].self
+        }
+    }
 }
 
 /// RSA specific JWK parameters.

diff --git a/JOSESwift/Sources/RSAKeyCodable.swift b/JOSESwift/Sources/RSAKeyCodable.swift
@@ -33,8 +33,14 @@ extension RSAPublicKey: Encodable {
         // Other common parameters are optional.
         for parameter in parameters {
             // Only encode known parameters.
-            if let key = JWKParameter(rawValue: parameter.key) {
-                try commonParameters.encode(parameter.value, forKey: key)
+            guard let key = JWKParameter(rawValue: parameter.key) else {
+                continue
+            }
+
+            if let value = parameter.value as? String {
+                try commonParameters.encode(value, forKey: key)
+            } else if let value = parameter.value as? [String] {
+                try commonParameters.encode(value, forKey: key)
             }
         }
 
@@ -61,11 +67,16 @@ extension RSAPublicKey: Decodable {
         }
 
         // Other common parameters are optional.
-        var parameters: [String: String] = [:]
-        for key in commonParameters.allKeys where !JWKParameter.nonStringParameters.contains(key) {
+        var parameters: [String: JWKParameterType] = [:]
+
+        for key in commonParameters.allKeys where key.type == String.self {
             parameters[key.rawValue] = try commonParameters.decode(String.self, forKey: key)
         }
 
+        for key in commonParameters.allKeys where key.type == [String].self {
+            parameters[key.rawValue] = try commonParameters.decode([String].self, forKey: key)
+        }
+
         // RSA public key specific parameters.
         let rsaParameters = try decoder.container(keyedBy: RSAParameter.self)
         let modulus = try rsaParameters.decode(String.self, forKey: .modulus)
@@ -89,8 +100,14 @@ extension RSAPrivateKey: Encodable {
         // Other common parameters are optional.
         for parameter in parameters {
             // Only encode known parameters.
-            if let key = JWKParameter(rawValue: parameter.key) {
-                try commonParameters.encode(parameter.value, forKey: key)
+            guard let key = JWKParameter(rawValue: parameter.key) else {
+                continue
+            }
+
+            if let value = parameter.value as? String {
+                try commonParameters.encode(value, forKey: key)
+            } else if let value = parameter.value as? [String] {
+                try commonParameters.encode(value, forKey: key)
             }
         }
 
@@ -118,11 +135,16 @@ extension RSAPrivateKey: Decodable {
         }
 
         // Other common parameters are optional.
-        var parameters: [String: String] = [:]
-        for key in commonParameters.allKeys where !JWKParameter.nonStringParameters.contains(key) {
+        var parameters: [String: JWKParameterType] = [:]
+
+        for key in commonParameters.allKeys where key.type == String.self {
             parameters[key.rawValue] = try commonParameters.decode(String.self, forKey: key)
         }
 
+        for key in commonParameters.allKeys where key.type == [String].self {
+            parameters[key.rawValue] = try commonParameters.decode([String].self, forKey: key)
+        }
+
         // RSA private key specific parameters.
         let rsaParameters = try decoder.container(keyedBy: RSAParameter.self)
         let modulus = try rsaParameters.decode(String.self, forKey: .modulus)

diff --git a/JOSESwift/Sources/RSAKeys.swift b/JOSESwift/Sources/RSAKeys.swift
@@ -94,7 +94,7 @@ public struct RSAPublicKey: JWK {
     public let keyType: JWKKeyType
 
     /// The JWK parameters.
-    public let parameters: [String: String]
+    public let parameters: [String: JWKParameterType]
 
     /// The modulus value for the RSA public key.
     public let modulus: String
@@ -113,7 +113,7 @@ public struct RSAPublicKey: JWK {
     ///   - exponent: The public exponent value for the RSA public key in `base64urlUInt` encoding
     ///               as specified in [RFC-7518, Section 2](https://tools.ietf.org/html/rfc7518#section-2).
     ///   - parameters: Additional JWK parameters.
-    public init(modulus: String, exponent: String, additionalParameters parameters: [String: String] = [:]) {
+    public init(modulus: String, exponent: String, additionalParameters parameters: [String: JWKParameterType] = [:]) {
         self.keyType = .RSA
         self.modulus = modulus
         self.exponent = exponent
@@ -134,7 +134,8 @@ public struct RSAPublicKey: JWK {
     ///   - publicKey: The public key that the resulting JWK should represent.
     ///   - parameters: Any additional parameters to be contained in the JWK.
     /// - Throws: A `JOSESwiftError` indicating any errors.
-    public init(publicKey: ExpressibleAsRSAPublicKeyComponents, additionalParameters parameters: [String: String] = [:]) throws {
+    public init(publicKey: ExpressibleAsRSAPublicKeyComponents,
+                additionalParameters parameters: [String: JWKParameterType] = [:]) throws {
         guard let components = try? publicKey.rsaPublicKeyComponents() else {
             throw JOSESwiftError.couldNotConstructJWK
         }
@@ -184,7 +185,7 @@ public struct RSAPrivateKey: JWK {
     public let keyType: JWKKeyType
 
     /// The JWK parameters.
-    public let parameters: [String: String]
+    public let parameters: [String: JWKParameterType]
 
     /// The modulus value for the RSA private key.
     public let modulus: String
@@ -205,7 +206,7 @@ public struct RSAPrivateKey: JWK {
     //    - privateExponent: The private exponent value for the RSA private key in `base64urlUInt` encoding
     ///               as specified in [RFC-7518, Section 2](https://tools.ietf.org/html/rfc7518#section-2).
     ///   - parameters: Additional JWK parameters.
-    public init(modulus: String, exponent: String, privateExponent: String, additionalParameters parameters: [String: String] = [:]) {
+    public init(modulus: String, exponent: String, privateExponent: String, additionalParameters parameters: [String: JWKParameterType] = [:]) {
         self.keyType = .RSA
         self.modulus = modulus
         self.exponent = exponent
@@ -228,7 +229,8 @@ public struct RSAPrivateKey: JWK {
     ///   - privateKey: The private key that the resulting JWK should represent.
     ///   - parameters: Any additional parameters to be contained in the JWK.
     /// - Throws: A `JOSESwiftError` indicating any errors.
-    public init(privateKey: ExpressibleAsRSAPrivateKeyComponents, additionalParameters parameters: [String: String] = [:]) throws {
+    public init(privateKey: ExpressibleAsRSAPrivateKeyComponents,
+                additionalParameters parameters: [String: JWKParameterType] = [:]) throws {
         guard let (modulus, exponent, privateExponent) = try? privateKey.rsaPrivateKeyComponents() else {
             throw JOSESwiftError.couldNotConstructJWK
         }

diff --git a/JOSESwift/Sources/SymmetricKeyCodable.swift b/JOSESwift/Sources/SymmetricKeyCodable.swift
@@ -33,8 +33,14 @@ extension SymmetricKey: Encodable {
         // Other common parameters are optional.
         for parameter in parameters {
             // Only encode known parameters.
-            if let key = JWKParameter(rawValue: parameter.key) {
-                try commonParameters.encode(parameter.value, forKey: key)
+            guard let key = JWKParameter(rawValue: parameter.key) else {
+                continue
+            }
+
+            if let value = parameter.value as? String {
+                try commonParameters.encode(value, forKey: key)
+            } else if let value = parameter.value as? [String] {
+                try commonParameters.encode(value, forKey: key)
             }
         }
 
@@ -60,12 +66,17 @@ extension SymmetricKey: Decodable {
         }
 
         // Other common parameters are optional.
-        var parameters: [String: String] = [:]
-        for key in commonParameters.allKeys {
+        var parameters: [String: JWKParameterType] = [:]
+
+        for key in commonParameters.allKeys where key.type == String.self {
             parameters[key.rawValue] = try commonParameters.decode(String.self, forKey: key)
         }
 
-        // RSA public key specific parameters.
+        for key in commonParameters.allKeys where key.type == [String].self {
+            parameters[key.rawValue] = try commonParameters.decode([String].self, forKey: key)
+        }
+
+        // Symmetric public key specific parameters.
         let symmetricKeyParameters = try decoder.container(keyedBy: SymmetricKeyParameter.self)
         let key = try symmetricKeyParameters.decode(String.self, forKey: .key)
 

diff --git a/JOSESwift/Sources/SymmetricKeys.swift b/JOSESwift/Sources/SymmetricKeys.swift
@@ -57,7 +57,7 @@ public struct SymmetricKey: JWK {
     public let keyType: JWKKeyType
 
     /// The JWK parameters.
-    public let parameters: [String: String]
+    public let parameters: [String: JWKParameterType]
 
     /// The symmetric key represented as
     /// base64url encoding of the octet sequence containing the key data.
@@ -68,7 +68,7 @@ public struct SymmetricKey: JWK {
     /// - Parameters:
     ///   - key: The octet sequence containing the key data.
     ///   - parameters: Additional JWK parameters.
-    public init(key: Data, additionalParameters parameters: [String: String] = [:]) {
+    public init(key: Data, additionalParameters parameters: [String: JWKParameterType] = [:]) {
         self.keyType = .OCT
         self.key = key.base64URLEncodedString()
 
@@ -87,7 +87,7 @@ public struct SymmetricKey: JWK {
     ///   - key: The symmetirc key that the resulting JWK should represent.
     ///   - parameters: Any additional parameters to be contained in the JWK.
     /// - Throws: A `JOSESwiftError` indicating any errors.
-    public init(key: ExpressibleAsSymmetricKeyComponents, additionalParameters parameters: [String: String] = [:]) throws {
+    public init(key: ExpressibleAsSymmetricKeyComponents, additionalParameters parameters: [String: JWKParameterType] = [:]) throws {
         guard let components = try? key.symmetricKeyComponents() else {
             throw JOSESwiftError.couldNotConstructJWK
         }

diff --git a/README.md b/README.md
@@ -307,8 +307,6 @@ let publicKey: SecKey = try! jwk.converted(to: SecKey.self)
 
 More details about decoding RSA public keys can be found [in the wiki](../../wiki/jwk).
 
-:warning: We currently ignore the key parameters [`"key_ops"`](https://tools.ietf.org/html/rfc7517#section-4.3) and [`"x5c"`](https://tools.ietf.org/html/rfc7517#section-4.7) when decoding. This is due to a bug in our decoding implementation. See [#117](https://github.com/airsidemobile/JOSESwift/issues/117) for details.
-
 ## Security
 
 JOSESwift uses the [iOS Security framework](https://developer.apple.com/documentation/security) and [Apple’s CommonCrypto](https://opensource.apple.com//source/CommonCrypto/) for cryptography.