ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2024-12-19 04:57:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Remove jsonwebtoken package dependency

Browse Source 
Replaced with rust-jwt.  `jsonwebtoken` relies on the ring package which explodes on non-x86/x64 architectures
This commit is contained in:
Grant Limberg 2022-01-31 11:58:40 -08:00
parent 6fc636535f
commit 9c487cbfb8
No known key found for this signature in database
GPG Key ID: 2BA62CCABBB4095A
3 changed files with 101 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

152
zeroidc/Cargo.lock generated
View File

@ -28,12 +28,6 @@ version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
[[package]]
name = "base64"
version = "0.12.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3441f0f7b02788e948e47f457ca01f1d7e6d92c693bc132c22b087d3141c03ff"
[[package]] [[package]]
name = "base64" name = "base64"
version = "0.13.0" version = "0.13.0"
@ -55,6 +49,15 @@ dependencies = [
"generic-array", "generic-array",
] ]
[[package]]
name = "block-buffer"
version = "0.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f1d36a02058e76b040de25a4464ba1c80935655595b661505c8b39b664828b95"
dependencies = [
"generic-array",
]
[[package]] [[package]]
name = "bumpalo" name = "bumpalo"
version = "3.8.0" version = "3.8.0"
@ -108,7 +111,6 @@ dependencies = [
"num-integer", "num-integer",
"num-traits", "num-traits",
"serde", "serde",
"time 0.1.43",
"winapi", "winapi",
] ]
@ -152,6 +154,15 @@ dependencies = [
"libc", "libc",
] ]
[[package]]
name = "crypto-common"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "683d6b536309245c849479fba3da410962a43ed8e51c26b729208ec0ac2798d0"
dependencies = [
"generic-array",
]
[[package]] [[package]]
name = "digest" name = "digest"
version = "0.9.0" version = "0.9.0"
@ -161,6 +172,18 @@ dependencies = [
"generic-array", "generic-array",
] ]
[[package]]
name = "digest"
version = "0.10.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b697d66081d42af4fba142d56918a3cb21dc8eb63372c6b85d14f44fb9c5979b"
dependencies = [
"block-buffer 0.10.0",
"crypto-common",
"generic-array",
"subtle",
]
[[package]] [[package]]
name = "either" name = "either"
version = "1.6.1" version = "1.6.1"
@ -322,6 +345,15 @@ dependencies = [
"libc", "libc",
] ]
[[package]]
name = "hmac"
version = "0.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ddca131f3e7f2ce2df364b57949a9d47915cfbd35e46cfee355ccebbf794d6a2"
dependencies = [
"digest 0.10.1",
]
[[package]] [[package]]
name = "http" name = "http"
version = "0.2.5" version = "0.2.5"
@ -458,17 +490,18 @@ dependencies = [
] ]
[[package]] [[package]]
name = "jsonwebtoken" name = "jwt"
version = "7.2.0" version = "0.16.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "afabcc15e437a6484fc4f12d0fd63068fe457bf93f1c148d3d9649c60b103f32" checksum = "6204285f77fe7d9784db3fdc449ecce1a0114927a51d5a41c4c7a292011c015f"
dependencies = [ dependencies = [
"base64 0.12.3", "base64",
"pem", "crypto-common",
"ring", "digest 0.10.1",
"hmac",
"serde", "serde",
"serde_json", "serde_json",
"simple_asn1", "sha2 0.10.1",
] ]
[[package]] [[package]]
@ -559,17 +592,6 @@ dependencies = [
"winapi", "winapi",
] ]
[[package]]
name = "num-bigint"
version = "0.2.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "090c7f9998ee0ff65aa5b723e4009f7b217707f1fb5ea551329cc4d6231fb304"
dependencies = [
"autocfg",
"num-integer",
"num-traits",
]
[[package]] [[package]]
name = "num-bigint" name = "num-bigint"
version = "0.4.3" version = "0.4.3"
@ -616,7 +638,7 @@ version = "4.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "80e47cfc4c0a1a519d9a025ebfbac3a2439d1b5cdf397d72dcb79b11d9920dab" checksum = "80e47cfc4c0a1a519d9a025ebfbac3a2439d1b5cdf397d72dcb79b11d9920dab"
dependencies = [ dependencies = [
"base64 0.13.0", "base64",
"chrono", "chrono",
"getrandom", "getrandom",
"http", "http",
@ -625,7 +647,7 @@ dependencies = [
"serde", "serde",
"serde_json", "serde_json",
"serde_path_to_error", "serde_path_to_error",
"sha2", "sha2 0.9.8",
"thiserror", "thiserror",
"url", "url",
] ]
@ -644,16 +666,16 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
[[package]] [[package]]
name = "openidconnect" name = "openidconnect"
version = "2.1.2" version = "2.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7d523cf32bdf7696f36bc4198a42c34b65f0227b97f2f501ebfbe016baa5bc52" checksum = "f6db0c030c3036f53c7108668641151b244358d221303a17985b07ac9bb60091"
dependencies = [ dependencies = [
"base64 0.13.0", "base64",
"chrono", "chrono",
"http", "http",
"itertools", "itertools",
"log", "log",
"num-bigint 0.4.3", "num-bigint",
"oauth2", "oauth2",
"rand", "rand",
"ring", "ring",
@ -709,17 +731,6 @@ dependencies = [
"num-traits", "num-traits",
] ]
[[package]]
name = "pem"
version = "0.8.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fd56cbd21fea48d0c440b41cd69c589faacade08c992d9a54e471b79d0fd13eb"
dependencies = [
"base64 0.13.0",
"once_cell",
"regex",
]
[[package]] [[package]]
name = "percent-encoding" name = "percent-encoding"
version = "2.1.0" version = "2.1.0"
@ -817,21 +828,6 @@ dependencies = [
"bitflags", "bitflags",
] ]
[[package]]
name = "regex"
version = "1.5.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d07a8629359eb56f1e2fb1652bb04212c072a87ba68546a04065d525673ac461"
dependencies = [
"regex-syntax",
]
[[package]]
name = "regex-syntax"
version = "0.6.25"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b"
[[package]] [[package]]
name = "remove_dir_all" name = "remove_dir_all"
version = "0.5.3" version = "0.5.3"
@ -847,7 +843,7 @@ version = "0.11.7"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "07bea77bc708afa10e59905c3d4af7c8fd43c9214251673095ff8b14345fcbc5" checksum = "07bea77bc708afa10e59905c3d4af7c8fd43c9214251673095ff8b14345fcbc5"
dependencies = [ dependencies = [
"base64 0.13.0", "base64",
"bytes", "bytes",
"encoding_rs", "encoding_rs",
"futures-core", "futures-core",
@ -914,7 +910,7 @@ version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5eebeaeb360c87bfb72e84abdb3447159c0eaececf1bef2aecd65a8be949d1c9" checksum = "5eebeaeb360c87bfb72e84abdb3447159c0eaececf1bef2aecd65a8be949d1c9"
dependencies = [ dependencies = [
"base64 0.13.0", "base64",
] ]
[[package]] [[package]]
@ -1034,22 +1030,22 @@ version = "0.9.8"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b69f9a4c9740d74c5baa3fd2e547f9525fa8088a8a958e0ca2409a514e33f5fa" checksum = "b69f9a4c9740d74c5baa3fd2e547f9525fa8088a8a958e0ca2409a514e33f5fa"
dependencies = [ dependencies = [
"block-buffer", "block-buffer 0.9.0",
"cfg-if", "cfg-if",
"cpufeatures", "cpufeatures",
"digest", "digest 0.9.0",
"opaque-debug", "opaque-debug",
] ]
[[package]] [[package]]
name = "simple_asn1" name = "sha2"
version = "0.4.1" version = "0.10.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "692ca13de57ce0613a363c8c2f1de925adebc81b04c923ac60c5488bb44abe4b" checksum = "99c3bd8169c58782adad9290a9af5939994036b76187f7b4f0e6de91dbbfc0ec"
dependencies = [ dependencies = [
"chrono", "cfg-if",
"num-bigint 0.2.6", "cpufeatures",
"num-traits", "digest 0.10.1",
] ]
[[package]] [[package]]
@ -1080,6 +1076,12 @@ version = "0.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a" checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a"
[[package]]
name = "subtle"
version = "2.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601"
[[package]] [[package]]
name = "syn" name = "syn"
version = "1.0.81" version = "1.0.81"
@ -1134,16 +1136,6 @@ dependencies = [
"syn", "syn",
] ]
[[package]]
name = "time"
version = "0.1.43"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ca8a50ef2360fbd1eeb0ecd46795a87a19024eb4b53c5dc916ca1fd95fe62438"
dependencies = [
"libc",
"winapi",
]
[[package]] [[package]]
name = "time" name = "time"
version = "0.3.5" version = "0.3.5"
@ -1493,14 +1485,14 @@ dependencies = [
name = "zeroidc" name = "zeroidc"
version = "0.1.0" version = "0.1.0"
dependencies = [ dependencies = [
"base64 0.13.0", "base64",
"bytes", "bytes",
"cbindgen", "cbindgen",
"jsonwebtoken", "jwt",
"openidconnect", "openidconnect",
"reqwest", "reqwest",
"serde", "serde",
"thiserror", "thiserror",
"time 0.3.5", "time",
"url", "url",
] ]

4
zeroidc/Cargo.toml
View File

@ -12,11 +12,11 @@ crate-type = ["staticlib","rlib"]
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies] [dependencies]
openidconnect = "2.1" openidconnect = "2.2"
base64 = "0.13" base64 = "0.13"
url = "2.2" url = "2.2"
reqwest = "0.11" reqwest = "0.11"
jsonwebtoken = "7.2" jwt = "0.16"
serde = "1.0" serde = "1.0"
time = { version = "0.3", features = ["formatting"] } time = { version = "0.3", features = ["formatting"] }
bytes = "1.1" bytes = "1.1"

40
zeroidc/src/lib.rs
View File

@ -22,7 +22,7 @@ extern crate url;
use crate::error::ZeroIDCError; use crate::error::ZeroIDCError;
use bytes::Bytes; use bytes::Bytes;
use jsonwebtoken::{dangerous_insecure_decode}; use jwt::{Token};
use openidconnect::core::{CoreClient, CoreProviderMetadata, CoreResponseType}; use openidconnect::core::{CoreClient, CoreProviderMetadata, CoreResponseType};
use openidconnect::reqwest::http_client; use openidconnect::reqwest::http_client;
use openidconnect::{AccessToken, AccessTokenHash, AuthorizationCode, AuthenticationFlow, ClientId, CsrfToken, IssuerUrl, Nonce, OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, RefreshToken, Scope, TokenResponse}; use openidconnect::{AccessToken, AccessTokenHash, AuthorizationCode, AuthenticationFlow, ClientId, CsrfToken, IssuerUrl, Nonce, OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, RefreshToken, Scope, TokenResponse};
@ -277,15 +277,20 @@ impl ZeroIDC {
let access_token = res.access_token(); let access_token = res.access_token();
let at = access_token.secret(); let at = access_token.secret();
// yes this function is called `dangerous_insecure_decode`
// and it doesn't validate the jwt token signature, let t: Result<Token<jwt::Header, jwt::Claims, jwt::Unverified<'_>>, jwt::Error>= Token::parse_unverified(at);
// but if we've gotten this far, our claims have already
// been validated up above
let exp = dangerous_insecure_decode::<Exp>(&at);
if let Ok(e) = exp { if let Ok(t) = t {
(*inner_local.lock().unwrap()).exp_time = e.claims.exp let claims = t.claims().registered.clone();
} match claims.expiration {
Some(exp) => {
(*inner_local.lock().unwrap()).exp_time = exp;
},
None => {
panic!("expiration is None. This shouldn't happen")
}
}
}
(*inner_local.lock().unwrap()).access_token = Some(access_token.clone()); (*inner_local.lock().unwrap()).access_token = Some(access_token.clone());
if let Some(t) = res.refresh_token() { if let Some(t) = res.refresh_token() {
@ -544,10 +549,19 @@ impl ZeroIDC {
let at = tok.access_token().secret(); let at = tok.access_token().secret();
// see previous note about this function's use // see previous note about this function's use
let exp = dangerous_insecure_decode::<Exp>(&at); let t: Result<Token<jwt::Header, jwt::Claims, jwt::Unverified<'_>>, jwt::Error>= Token::parse_unverified(at);
if let Ok(e) = exp {
i.exp_time = e.claims.exp if let Ok(t) = t {
} let claims = t.claims().registered.clone();
match claims.expiration {
Some(exp) => {
i.exp_time = exp;
},
None => {
panic!("expiration is None. This shouldn't happen")
}
}
}
i.access_token = Some(tok.access_token().clone()); i.access_token = Some(tok.access_token().clone());
if let Some(t) = tok.refresh_token() { if let Some(t) = tok.refresh_token() {