diff --git a/zeroidc/Cargo.lock b/zeroidc/Cargo.lock index 889142175..77d11d7b2 100644 --- a/zeroidc/Cargo.lock +++ b/zeroidc/Cargo.lock @@ -28,12 +28,6 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" -[[package]] -name = "base64" -version = "0.12.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3441f0f7b02788e948e47f457ca01f1d7e6d92c693bc132c22b087d3141c03ff" - [[package]] name = "base64" version = "0.13.0" @@ -55,6 +49,15 @@ dependencies = [ "generic-array", ] +[[package]] +name = "block-buffer" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1d36a02058e76b040de25a4464ba1c80935655595b661505c8b39b664828b95" +dependencies = [ + "generic-array", +] + [[package]] name = "bumpalo" version = "3.8.0" @@ -108,7 +111,6 @@ dependencies = [ "num-integer", "num-traits", "serde", - "time 0.1.43", "winapi", ] @@ -152,6 +154,15 @@ dependencies = [ "libc", ] +[[package]] +name = "crypto-common" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "683d6b536309245c849479fba3da410962a43ed8e51c26b729208ec0ac2798d0" +dependencies = [ + "generic-array", +] + [[package]] name = "digest" version = "0.9.0" @@ -161,6 +172,18 @@ dependencies = [ "generic-array", ] +[[package]] +name = "digest" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b697d66081d42af4fba142d56918a3cb21dc8eb63372c6b85d14f44fb9c5979b" +dependencies = [ + "block-buffer 0.10.0", + "crypto-common", + "generic-array", + "subtle", +] + [[package]] name = "either" version = "1.6.1" @@ -322,6 +345,15 @@ dependencies = [ "libc", ] +[[package]] +name = "hmac" +version = "0.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ddca131f3e7f2ce2df364b57949a9d47915cfbd35e46cfee355ccebbf794d6a2" +dependencies = [ + "digest 0.10.1", +] + [[package]] name = "http" version = "0.2.5" @@ -458,17 +490,18 @@ dependencies = [ ] [[package]] -name = "jsonwebtoken" -version = "7.2.0" +name = "jwt" +version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "afabcc15e437a6484fc4f12d0fd63068fe457bf93f1c148d3d9649c60b103f32" +checksum = "6204285f77fe7d9784db3fdc449ecce1a0114927a51d5a41c4c7a292011c015f" dependencies = [ - "base64 0.12.3", - "pem", - "ring", + "base64", + "crypto-common", + "digest 0.10.1", + "hmac", "serde", "serde_json", - "simple_asn1", + "sha2 0.10.1", ] [[package]] @@ -559,17 +592,6 @@ dependencies = [ "winapi", ] -[[package]] -name = "num-bigint" -version = "0.2.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "090c7f9998ee0ff65aa5b723e4009f7b217707f1fb5ea551329cc4d6231fb304" -dependencies = [ - "autocfg", - "num-integer", - "num-traits", -] - [[package]] name = "num-bigint" version = "0.4.3" @@ -616,7 +638,7 @@ version = "4.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "80e47cfc4c0a1a519d9a025ebfbac3a2439d1b5cdf397d72dcb79b11d9920dab" dependencies = [ - "base64 0.13.0", + "base64", "chrono", "getrandom", "http", @@ -625,7 +647,7 @@ dependencies = [ "serde", "serde_json", "serde_path_to_error", - "sha2", + "sha2 0.9.8", "thiserror", "url", ] @@ -644,16 +666,16 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "openidconnect" -version = "2.1.2" +version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d523cf32bdf7696f36bc4198a42c34b65f0227b97f2f501ebfbe016baa5bc52" +checksum = "f6db0c030c3036f53c7108668641151b244358d221303a17985b07ac9bb60091" dependencies = [ - "base64 0.13.0", + "base64", "chrono", "http", "itertools", "log", - "num-bigint 0.4.3", + "num-bigint", "oauth2", "rand", "ring", @@ -709,17 +731,6 @@ dependencies = [ "num-traits", ] -[[package]] -name = "pem" -version = "0.8.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd56cbd21fea48d0c440b41cd69c589faacade08c992d9a54e471b79d0fd13eb" -dependencies = [ - "base64 0.13.0", - "once_cell", - "regex", -] - [[package]] name = "percent-encoding" version = "2.1.0" @@ -817,21 +828,6 @@ dependencies = [ "bitflags", ] -[[package]] -name = "regex" -version = "1.5.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d07a8629359eb56f1e2fb1652bb04212c072a87ba68546a04065d525673ac461" -dependencies = [ - "regex-syntax", -] - -[[package]] -name = "regex-syntax" -version = "0.6.25" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b" - [[package]] name = "remove_dir_all" version = "0.5.3" @@ -847,7 +843,7 @@ version = "0.11.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07bea77bc708afa10e59905c3d4af7c8fd43c9214251673095ff8b14345fcbc5" dependencies = [ - "base64 0.13.0", + "base64", "bytes", "encoding_rs", "futures-core", @@ -914,7 +910,7 @@ version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5eebeaeb360c87bfb72e84abdb3447159c0eaececf1bef2aecd65a8be949d1c9" dependencies = [ - "base64 0.13.0", + "base64", ] [[package]] @@ -1034,22 +1030,22 @@ version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b69f9a4c9740d74c5baa3fd2e547f9525fa8088a8a958e0ca2409a514e33f5fa" dependencies = [ - "block-buffer", + "block-buffer 0.9.0", "cfg-if", "cpufeatures", - "digest", + "digest 0.9.0", "opaque-debug", ] [[package]] -name = "simple_asn1" -version = "0.4.1" +name = "sha2" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "692ca13de57ce0613a363c8c2f1de925adebc81b04c923ac60c5488bb44abe4b" +checksum = "99c3bd8169c58782adad9290a9af5939994036b76187f7b4f0e6de91dbbfc0ec" dependencies = [ - "chrono", - "num-bigint 0.2.6", - "num-traits", + "cfg-if", + "cpufeatures", + "digest 0.10.1", ] [[package]] @@ -1080,6 +1076,12 @@ version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a" +[[package]] +name = "subtle" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" + [[package]] name = "syn" version = "1.0.81" @@ -1134,16 +1136,6 @@ dependencies = [ "syn", ] -[[package]] -name = "time" -version = "0.1.43" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca8a50ef2360fbd1eeb0ecd46795a87a19024eb4b53c5dc916ca1fd95fe62438" -dependencies = [ - "libc", - "winapi", -] - [[package]] name = "time" version = "0.3.5" @@ -1493,14 +1485,14 @@ dependencies = [ name = "zeroidc" version = "0.1.0" dependencies = [ - "base64 0.13.0", + "base64", "bytes", "cbindgen", - "jsonwebtoken", + "jwt", "openidconnect", "reqwest", "serde", "thiserror", - "time 0.3.5", + "time", "url", ] diff --git a/zeroidc/Cargo.toml b/zeroidc/Cargo.toml index e630bcb01..92b3ee792 100644 --- a/zeroidc/Cargo.toml +++ b/zeroidc/Cargo.toml @@ -12,11 +12,11 @@ crate-type = ["staticlib","rlib"] # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -openidconnect = "2.1" +openidconnect = "2.2" base64 = "0.13" url = "2.2" reqwest = "0.11" -jsonwebtoken = "7.2" +jwt = "0.16" serde = "1.0" time = { version = "0.3", features = ["formatting"] } bytes = "1.1" diff --git a/zeroidc/src/lib.rs b/zeroidc/src/lib.rs index 579dad7d9..4130dbd50 100644 --- a/zeroidc/src/lib.rs +++ b/zeroidc/src/lib.rs @@ -22,7 +22,7 @@ extern crate url; use crate::error::ZeroIDCError; use bytes::Bytes; -use jsonwebtoken::{dangerous_insecure_decode}; +use jwt::{Token}; use openidconnect::core::{CoreClient, CoreProviderMetadata, CoreResponseType}; use openidconnect::reqwest::http_client; use openidconnect::{AccessToken, AccessTokenHash, AuthorizationCode, AuthenticationFlow, ClientId, CsrfToken, IssuerUrl, Nonce, OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, RefreshToken, Scope, TokenResponse}; @@ -277,15 +277,20 @@ impl ZeroIDC { let access_token = res.access_token(); let at = access_token.secret(); - // yes this function is called `dangerous_insecure_decode` - // and it doesn't validate the jwt token signature, - // but if we've gotten this far, our claims have already - // been validated up above - let exp = dangerous_insecure_decode::(&at); + + let t: Result>, jwt::Error>= Token::parse_unverified(at); - if let Ok(e) = exp { - (*inner_local.lock().unwrap()).exp_time = e.claims.exp - } + if let Ok(t) = t { + let claims = t.claims().registered.clone(); + match claims.expiration { + Some(exp) => { + (*inner_local.lock().unwrap()).exp_time = exp; + }, + None => { + panic!("expiration is None. This shouldn't happen") + } + } + } (*inner_local.lock().unwrap()).access_token = Some(access_token.clone()); if let Some(t) = res.refresh_token() { @@ -544,10 +549,19 @@ impl ZeroIDC { let at = tok.access_token().secret(); // see previous note about this function's use - let exp = dangerous_insecure_decode::(&at); - if let Ok(e) = exp { - i.exp_time = e.claims.exp - } + let t: Result>, jwt::Error>= Token::parse_unverified(at); + + if let Ok(t) = t { + let claims = t.claims().registered.clone(); + match claims.expiration { + Some(exp) => { + i.exp_time = exp; + }, + None => { + panic!("expiration is None. This shouldn't happen") + } + } + } i.access_token = Some(tok.access_token().clone()); if let Some(t) = tok.refresh_token() {