From 1bc4a2f6c741f1c94716c5f4d897b0f3eaa06fbe Mon Sep 17 00:00:00 2001 From: Julien Kauffmann Date: Wed, 28 Jun 2023 17:46:54 -0400 Subject: [PATCH] Update dependencies to latest (#117) --- Cargo-1.65.lock | 235 ++++++++++++++++++++++++++++---------------- Cargo.toml | 10 +- src/core/crypto.rs | 12 +-- src/core/jwk.rs | 115 +++++++++++++--------- src/id_token.rs | 65 +++++++++--- src/jwt.rs | 6 +- src/registration.rs | 8 +- src/types.rs | 2 +- src/verification.rs | 22 ++++- 9 files changed, 309 insertions(+), 166 deletions(-) diff --git a/Cargo-1.65.lock b/Cargo-1.65.lock index c205d4af..5fe5ca8b 100644 --- a/Cargo-1.65.lock +++ b/Cargo-1.65.lock @@ -75,9 +75,9 @@ dependencies = [ [[package]] name = "base16ct" -version = "0.1.1" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "349a06037c7bf932dd7e7d1f653678b2038b9ad46a74102f1fc7bd7872678cce" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" [[package]] name = "base64" @@ -85,6 +85,12 @@ version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" +[[package]] +name = "base64" +version = "0.21.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "604178f6c5c21f02dc555784810edfb88d34ac2c73b2eae109655649ee73ce3d" + [[package]] name = "base64ct" version = "1.5.0" @@ -218,9 +224,9 @@ dependencies = [ [[package]] name = "crypto-bigint" -version = "0.4.9" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef2b4b23cddf68b89b8f8069890e8c270d54e2d5fe1b143820234805e4cb17ef" +checksum = "cf4c2f4e1afd912bc40bfd6fed5d9dc1f288e0ba01bfcc835cc5bc3eb13efe15" dependencies = [ "generic-array", "rand_core", @@ -245,7 +251,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6d2301688392eb071b0bf1a37be05c469d3cc4dbbd95df672fe28ab021e6a096" dependencies = [ "quote", - "syn", + "syn 1.0.107", ] [[package]] @@ -302,7 +308,7 @@ dependencies = [ "proc-macro2", "quote", "scratch", - "syn", + "syn 1.0.107", ] [[package]] @@ -319,14 +325,14 @@ checksum = "3e7e2adeb6a0d4a282e581096b06e1791532b7d576dcde5ccd9382acf55db8e6" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.107", ] [[package]] name = "darling" -version = "0.13.4" +version = "0.20.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a01d95850c592940db9b8194bc39f4bc0e89dee5c4265e4b1807c34a9aba453c" +checksum = "0558d22a7b463ed0241e993f76f09f30b126687447751a8638587b864e4b3944" dependencies = [ "darling_core", "darling_macro", @@ -334,34 +340,34 @@ dependencies = [ [[package]] name = "darling_core" -version = "0.13.4" +version = "0.20.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "859d65a907b6852c9361e3185c862aae7fafd2887876799fa55f5f99dc40d610" +checksum = "ab8bfa2e259f8ee1ce5e97824a3c55ec4404a0d772ca7fa96bf19f0752a046eb" dependencies = [ "fnv", "ident_case", "proc-macro2", "quote", "strsim", - "syn", + "syn 2.0.22", ] [[package]] name = "darling_macro" -version = "0.13.4" +version = "0.20.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c972679f83bdf9c42bd905396b6c3588a843a17f0f16dfcfa3e2c5d57441835" +checksum = "29a358ff9f12ec09c3e61fef9b5a9902623a695a46a917b07f269bff1445611a" dependencies = [ "darling_core", "quote", - "syn", + "syn 2.0.22", ] [[package]] name = "der" -version = "0.6.1" +version = "0.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de" +checksum = "56acb310e15652100da43d130af8d97b509e95af61aab1c5a7939ef24337ee17" dependencies = [ "const-oid", "pem-rfc7468", @@ -394,14 +400,16 @@ checksum = "c9b0705efd4599c15a38151f4721f7bc388306f61084d3bfd50bd07fbca5cb60" [[package]] name = "ecdsa" -version = "0.14.8" +version = "0.16.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "413301934810f597c1d19ca71c8710e99a3f1ba28a0d2ebc01551a2daeea3c5c" +checksum = "0997c976637b606099b9985693efa3581e84e41f5c11ba5255f88711058ad428" dependencies = [ "der", + "digest", "elliptic-curve", "rfc6979", "signature", + "spki", ] [[package]] @@ -412,13 +420,12 @@ checksum = "90e5c1c8368803113bf0c9584fc495a58b86dc8a29edbf8fe877d21d9507e797" [[package]] name = "elliptic-curve" -version = "0.12.3" +version = "0.13.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3" +checksum = "968405c8fdc9b3bf4df0a6638858cc0b52462836ab6b1c87377785dd09cf1c0b" dependencies = [ "base16ct", "crypto-bigint", - "der", "digest", "ff", "generic-array", @@ -465,9 +472,9 @@ dependencies = [ [[package]] name = "ff" -version = "0.12.1" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160" +checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449" dependencies = [ "rand_core", "subtle", @@ -506,9 +513,9 @@ checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" [[package]] name = "form_urlencoded" -version = "1.1.0" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a9c384f161156f5260c24a097c56119f9be8c798586aecc13afbcbe7b7e26bf8" +checksum = "a62bc1cf6f830c2ec14a513a9fb124d0a213a629668a4186f329db21fe045652" dependencies = [ "percent-encoding", ] @@ -569,6 +576,7 @@ checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9" dependencies = [ "typenum", "version_check", + "zeroize", ] [[package]] @@ -592,9 +600,9 @@ checksum = "dec7af912d60cdbd3677c1af9352ebae6fb8394d165568a2234df0fa00f87793" [[package]] name = "group" -version = "0.12.1" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7" +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" dependencies = [ "ff", "rand_core", @@ -644,6 +652,12 @@ dependencies = [ "libc", ] +[[package]] +name = "hex" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" + [[package]] name = "hkdf" version = "0.12.3" @@ -784,9 +798,9 @@ checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" [[package]] name = "idna" -version = "0.3.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e14ddfc70884202db2244c223200c204c2bda1bc6e0998d11b5e024d657209e6" +checksum = "7d20d6b07bfbc108882d88ed8e37d39636dcc260e15e30c45e6ba089610b917c" dependencies = [ "unicode-bidi", "unicode-normalization", @@ -800,6 +814,7 @@ checksum = "1885e79c1fc4b10f0e172c475f458b7f7b93061064d98c3293e98c5ba0c8b399" dependencies = [ "autocfg", "hashbrown", + "serde", ] [[package]] @@ -1007,7 +1022,7 @@ version = "4.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "09a6e2a2b13a56ebeabba9142f911745be6456163fd6c3d361274ebcd891a80c" dependencies = [ - "base64", + "base64 0.13.1", "chrono", "curl", "getrandom", @@ -1043,7 +1058,7 @@ name = "openidconnect" version = "3.3.0" dependencies = [ "anyhow", - "base64", + "base64 0.13.1", "chrono", "color-backtrace", "dyn-clone", @@ -1096,7 +1111,7 @@ checksum = "b501e44f11665960c7e7fcf062c7d96a14ade4aa98116c004b2e37b5be7d736c" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.107", ] [[package]] @@ -1138,40 +1153,42 @@ dependencies = [ [[package]] name = "p256" -version = "0.11.1" +version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51f44edd08f51e2ade572f141051021c5af22677e42b7dd28a88155151c33594" +checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b" dependencies = [ "ecdsa", "elliptic-curve", + "primeorder", "sha2", ] [[package]] name = "p384" -version = "0.11.2" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dfc8c5bf642dde52bb9e87c0ecd8ca5a76faac2eeed98dedb7c717997e1080aa" +checksum = "70786f51bcc69f6a4c0360e063a4cac5419ef7c5cd5b3c99ad70f3be5ba79209" dependencies = [ "ecdsa", "elliptic-curve", + "primeorder", "sha2", ] [[package]] name = "pem-rfc7468" -version = "0.6.0" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "24d159833a9105500e0398934e205e0773f0b27529557134ecfc51c27646adac" +checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" dependencies = [ "base64ct", ] [[package]] name = "percent-encoding" -version = "2.2.0" +version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "478c572c3d73181ff3c2539045f6eb99e5491218eae919370993b890cdbdd98e" +checksum = "9b2a4787296e9989611394c33f193f676704af1686e70b8f8033ab5ba9a35a94" [[package]] name = "pin-project-lite" @@ -1187,21 +1204,20 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "pkcs1" -version = "0.4.1" +version = "0.7.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eff33bdbdfc54cc98a2eca766ebdec3e1b8fb7387523d5c9c9a2891da856f719" +checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" dependencies = [ "der", "pkcs8", "spki", - "zeroize", ] [[package]] name = "pkcs8" -version = "0.9.0" +version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" dependencies = [ "der", "spki", @@ -1231,20 +1247,29 @@ dependencies = [ "yansi", ] +[[package]] +name = "primeorder" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3c2fcef82c0ec6eefcc179b978446c399b3cdf73c392c35604e399eee6df1ee3" +dependencies = [ + "elliptic-curve", +] + [[package]] name = "proc-macro2" -version = "1.0.49" +version = "1.0.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57a8eca9f9c4ffde41714334dee777596264c7825420f521abc92b5b5deb63a5" +checksum = "7b368fba921b0dce7e60f5e04ec15e565b3303972b42bcfde1d0713b881959eb" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.23" +version = "1.0.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8856d8364d252a14d474036ea1358d63c9e6965c8e5c1885c18f73d70bff9c7b" +checksum = "1b9ab9c7eadfd8df19006f1cf1a4aed13540ed5cbc047010ece5826e10825488" dependencies = [ "proc-macro2", ] @@ -1320,7 +1345,7 @@ version = "0.11.13" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "68cc60575865c7831548863cc02356512e3f1dc2f3f82cb837d7fc4cc8f3c97c" dependencies = [ - "base64", + "base64 0.13.1", "bytes", "encoding_rs", "futures-core", @@ -1367,13 +1392,12 @@ dependencies = [ [[package]] name = "rfc6979" -version = "0.3.1" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7743f17af12fa0b03b803ba12cd6a8d9483a587e89c69445e3909655c0b9fabb" +checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" dependencies = [ - "crypto-bigint", "hmac", - "zeroize", + "subtle", ] [[package]] @@ -1393,11 +1417,12 @@ dependencies = [ [[package]] name = "rsa" -version = "0.7.2" +version = "0.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "094052d5470cbcef561cb848a7209968c9f12dfa6d668f4bca048ac5de51099c" +checksum = "6ab43bb47d23c1a631b4b680199a45255dce26fa9ab2fa902581f624ff13e6a8" dependencies = [ "byteorder", + "const-oid", "digest", "num-bigint-dig", "num-integer", @@ -1407,7 +1432,7 @@ dependencies = [ "pkcs8", "rand_core", "signature", - "smallvec", + "spki", "subtle", "zeroize", ] @@ -1436,7 +1461,7 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0864aeff53f8c05aa08d86e5ef839d3dfcf07aeba2db32f12db0ef716e87bd55" dependencies = [ - "base64", + "base64 0.13.1", ] [[package]] @@ -1473,9 +1498,9 @@ dependencies = [ [[package]] name = "sec1" -version = "0.3.0" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3be24c1842290c45df0a7bf069e0c268a747ad05a192f2fd7dcfdbc1cba40928" +checksum = "48518a2b5775ba8ca5b46596aae011caa431e6ce7e4a67ead66d92f08884220e" dependencies = [ "base16ct", "der", @@ -1510,9 +1535,9 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.151" +version = "1.0.164" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97fed41fc1a24994d044e6db6935e69511a1153b52c15eb42493b26fa87feba0" +checksum = "9e8c8cf938e98f769bc164923b06dce91cea1751522f46f8466461af04c9027d" dependencies = [ "serde_derive", ] @@ -1529,13 +1554,13 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.151" +version = "1.0.164" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "255abe9a125a985c05190d687b320c12f9b1f0b99445e608c21ba0782c719ad8" +checksum = "d9735b638ccc51c28bf6914d90a2e9725b377144fc612c49a611fddd1b631d68" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.22", ] [[package]] @@ -1581,24 +1606,30 @@ dependencies = [ [[package]] name = "serde_with" -version = "1.14.0" +version = "3.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "678b5a069e50bf00ecd22d0cd8ddf7c236f68581b03db652061ed5eb13a312ff" +checksum = "9f02d8aa6e3c385bf084924f660ce2a3a6bd333ba55b35e8590b321f35d88513" dependencies = [ + "base64 0.21.2", + "chrono", + "hex", + "indexmap", "serde", + "serde_json", "serde_with_macros", + "time", ] [[package]] name = "serde_with_macros" -version = "1.5.2" +version = "3.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e182d6ec6f05393cc0e5ed1bf81ad6db3a8feedf8ee515ecdd369809bcce8082" +checksum = "edc7d5d3932fb12ce722ee5e64dd38c504efba37567f0c402f6ca728c3b8b070" dependencies = [ "darling", "proc-macro2", "quote", - "syn", + "syn 2.0.22", ] [[package]] @@ -1614,9 +1645,9 @@ dependencies = [ [[package]] name = "signature" -version = "1.6.4" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c" +checksum = "5e1788eed21689f9cf370582dfc467ef36ed9c707f073528ddafa8d83e3b8500" dependencies = [ "digest", "rand_core", @@ -1655,9 +1686,9 @@ checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" [[package]] name = "spki" -version = "0.6.0" +version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b" +checksum = "9d1e996ef02c474957d681f1b05213dfb0abab947b446a62d37770b23500184a" dependencies = [ "base64ct", "der", @@ -1686,6 +1717,17 @@ dependencies = [ "unicode-ident", ] +[[package]] +name = "syn" +version = "2.0.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2efbeae7acf4eabd6bcdcbd11c92f45231ddda7539edc7806bd1a04a03b24616" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + [[package]] name = "tempfile" version = "3.3.0" @@ -1726,7 +1768,34 @@ checksum = "1fb327af4685e4d03fa8cbcf1716380da910eeb2bb8be417e7f9fd3fb164f36f" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.107", +] + +[[package]] +name = "time" +version = "0.3.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea9e1b3cf1243ae005d9e74085d4d542f3125458f3a81af210d901dcd7411efd" +dependencies = [ + "itoa", + "serde", + "time-core", + "time-macros", +] + +[[package]] +name = "time-core" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb" + +[[package]] +name = "time-macros" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "372950940a5f07bf38dbe211d7283c9e6d7327df53794992d293e534c733d09b" +dependencies = [ + "time-core", ] [[package]] @@ -1836,9 +1905,9 @@ checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba" [[package]] name = "unicode-bidi" -version = "0.3.8" +version = "0.3.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "099b7128301d285f79ddd55b9a83d5e6b9e97c92e0ea0daebee7263e932de992" +checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460" [[package]] name = "unicode-ident" @@ -1873,7 +1942,7 @@ version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b97acb4c28a254fd7a4aeec976c46a7fa404eac4d7c134b30c75144846d7cb8f" dependencies = [ - "base64", + "base64 0.13.1", "chunked_transfer", "flate2", "log", @@ -1886,9 +1955,9 @@ dependencies = [ [[package]] name = "url" -version = "2.3.1" +version = "2.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0d68c799ae75762b8c3fe375feb6600ef5602c883c5d21eb51c09f22b83c4643" +checksum = "50bff7831e19200a85b17131d085c25d7811bc4e186efdaf54bbd132994a88cb" dependencies = [ "form_urlencoded", "idna", @@ -1945,7 +2014,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn", + "syn 1.0.107", "wasm-bindgen-shared", ] @@ -1979,7 +2048,7 @@ checksum = "07bc0c051dc5f23e307b13285f9d75df86bfdf816c5721e573dec1f9b8aa193c" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.107", "wasm-bindgen-backend", "wasm-bindgen-shared", ] diff --git a/Cargo.toml b/Cargo.toml index 3ccb9c42..9b36d535 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -40,19 +40,19 @@ log = "0.4" oauth2 = { version = "4.4.1", default-features = false } rand = "0.8.5" hmac = "0.12.1" -rsa = "0.7.2" +rsa = "0.9.2" sha2 = { version = "0.10.6", features = ["oid"] } # Object ID needed for pkcs1v15 padding -p256 = "0.11.1" -p384 = "0.11.2" +p256 = "0.13.2" +p384 = "0.13.0" dyn-clone = "1.0.10" serde = "1.0" serde_derive = "1.0" serde_json = "1.0" serde_path_to_error = "0.1" serde_plain = "1.0" -serde_with = "1.13" +serde_with = "3" serde-value = "0.7" -url = { version = "2.1", features = ["serde"] } +url = { version = "2.4", features = ["serde"] } subtle = "2.4" [dev-dependencies] diff --git a/src/core/crypto.rs b/src/core/crypto.rs index bf1f9dfc..6fc6b83e 100644 --- a/src/core/crypto.rs +++ b/src/core/crypto.rs @@ -54,12 +54,10 @@ fn ec_public_key( pub fn verify_rsa_signature( key: &CoreJsonWebKey, - padding: rsa::PaddingScheme, + padding: impl rsa::traits::SignatureScheme, msg: &[u8], signature: &[u8], ) -> Result<(), SignatureVerificationError> { - use rsa::PublicKey; - let (n, e) = rsa_public_key(key).map_err(SignatureVerificationError::InvalidKey)?; // let's n and e as a big integers to prevent issues with leading zeros // according to https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.1.1 @@ -86,7 +84,7 @@ pub fn verify_ec_signature( msg: &[u8], signature: &[u8], ) -> Result<(), SignatureVerificationError> { - use p256::ecdsa::signature::{Signature, Verifier}; + use p256::ecdsa::signature::Verifier; let (x, y, crv) = ec_public_key(key).map_err(SignatureVerificationError::InvalidKey)?; let mut pk = vec![0x04]; @@ -99,7 +97,7 @@ pub fn verify_ec_signature( public_key .verify( msg, - &p256::ecdsa::Signature::from_bytes(signature).map_err(|_| { + &p256::ecdsa::Signature::from_slice(signature).map_err(|_| { SignatureVerificationError::CryptoError("Invalid signature".to_string()) })?, ) @@ -113,7 +111,7 @@ pub fn verify_ec_signature( public_key .verify( msg, - &p384::ecdsa::Signature::from_bytes(signature).map_err(|_| { + &p384::ecdsa::Signature::from_slice(signature).map_err(|_| { SignatureVerificationError::CryptoError("Invalid signature".to_string()) })?, ) @@ -157,7 +155,7 @@ mod tests { assert! { verify_rsa_signature( &key, - rsa::PaddingScheme::new_pkcs1v15_sign::(), + rsa::Pkcs1v15Sign::new::(), &hash, &signature, ).is_ok() diff --git a/src/core/jwk.rs b/src/core/jwk.rs index 9381fda7..220dcf2b 100644 --- a/src/core/jwk.rs +++ b/src/core/jwk.rs @@ -182,7 +182,7 @@ impl JsonWebKey }; crypto::verify_rsa_signature( self, - rsa::PaddingScheme::new_pkcs1v15_sign::(), + rsa::Pkcs1v15Sign::new::(), message, signature, ) @@ -195,7 +195,7 @@ impl JsonWebKey }; crypto::verify_rsa_signature( self, - rsa::PaddingScheme::new_pkcs1v15_sign::(), + rsa::Pkcs1v15Sign::new::(), message, signature, ) @@ -208,7 +208,7 @@ impl JsonWebKey }; crypto::verify_rsa_signature( self, - rsa::PaddingScheme::new_pkcs1v15_sign::(), + rsa::Pkcs1v15Sign::new::(), message, signature, ) @@ -221,7 +221,7 @@ impl JsonWebKey }; crypto::verify_rsa_signature( self, - rsa::PaddingScheme::new_pss::(), + rsa::Pss::new::(), message, signature, ) @@ -234,7 +234,7 @@ impl JsonWebKey }; crypto::verify_rsa_signature( self, - rsa::PaddingScheme::new_pss::(), + rsa::Pss::new::(), message, signature, ) @@ -247,7 +247,7 @@ impl JsonWebKey }; crypto::verify_rsa_signature( self, - rsa::PaddingScheme::new_pss::(), + rsa::Pss::new::(), message, signature, ) @@ -449,82 +449,99 @@ impl signature_alg: &CoreJwsSigningAlgorithm, msg: &[u8], ) -> Result, SigningError> { - let (padding_alg, hash) = match *signature_alg { + match *signature_alg { CoreJwsSigningAlgorithm::RsaSsaPkcs1V15Sha256 => { let mut hasher = sha2::Sha256::new(); hasher.update(msg); let hash = hasher.finalize().to_vec(); - ( - rsa::PaddingScheme::new_pkcs1v15_sign::(), - hash, - ) + + self.key_pair + .sign_with_rng( + &mut dyn_clone::clone_box(&self.rng), + rsa::Pkcs1v15Sign::new::(), + &hash, + ) + .map_err(|_| SigningError::CryptoError) } CoreJwsSigningAlgorithm::RsaSsaPkcs1V15Sha384 => { let mut hasher = sha2::Sha384::new(); hasher.update(msg); let hash = hasher.finalize().to_vec(); - ( - rsa::PaddingScheme::new_pkcs1v15_sign::(), - hash, - ) + + self.key_pair + .sign_with_rng( + &mut dyn_clone::clone_box(&self.rng), + rsa::Pkcs1v15Sign::new::(), + &hash, + ) + .map_err(|_| SigningError::CryptoError) } CoreJwsSigningAlgorithm::RsaSsaPkcs1V15Sha512 => { let mut hasher = sha2::Sha512::new(); hasher.update(msg); let hash = hasher.finalize().to_vec(); - ( - rsa::PaddingScheme::new_pkcs1v15_sign::(), - hash, - ) + + self.key_pair + .sign_with_rng( + &mut dyn_clone::clone_box(&self.rng), + rsa::Pkcs1v15Sign::new::(), + &hash, + ) + .map_err(|_| SigningError::CryptoError) } CoreJwsSigningAlgorithm::RsaSsaPssSha256 => { let mut hasher = sha2::Sha256::new(); hasher.update(msg); let hash = hasher.finalize().to_vec(); - ( - rsa::PaddingScheme::new_pss_with_salt::(hash.len()), - hash, - ) + + self.key_pair + .sign_with_rng( + &mut dyn_clone::clone_box(&self.rng), + rsa::Pss::new_with_salt::(hash.len()), + &hash, + ) + .map_err(|_| SigningError::CryptoError) } CoreJwsSigningAlgorithm::RsaSsaPssSha384 => { let mut hasher = sha2::Sha384::new(); hasher.update(msg); let hash = hasher.finalize().to_vec(); - ( - rsa::PaddingScheme::new_pss_with_salt::(hash.len()), - hash, - ) + + self.key_pair + .sign_with_rng( + &mut dyn_clone::clone_box(&self.rng), + rsa::Pss::new_with_salt::(hash.len()), + &hash, + ) + .map_err(|_| SigningError::CryptoError) } CoreJwsSigningAlgorithm::RsaSsaPssSha512 => { let mut hasher = sha2::Sha512::new(); hasher.update(msg); let hash = hasher.finalize().to_vec(); - ( - rsa::PaddingScheme::new_pss_with_salt::(hash.len()), - hash, - ) - } - ref other => { - return Err(SigningError::UnsupportedAlg( - serde_plain::to_string(other).unwrap_or_else(|err| { - panic!( - "signature alg {:?} failed to serialize to a string: {}", - other, err - ) - }), - )) - } - }; - let sig = self - .key_pair - .sign_blinded(&mut dyn_clone::clone_box(&self.rng), padding_alg, &hash) - .map_err(|_| SigningError::CryptoError)?; - Ok(sig) + self.key_pair + .sign_with_rng( + &mut dyn_clone::clone_box(&self.rng), + rsa::Pss::new_with_salt::(hash.len()), + &hash, + ) + .map_err(|_| SigningError::CryptoError) + } + ref other => Err(SigningError::UnsupportedAlg( + serde_plain::to_string(other).unwrap_or_else(|err| { + panic!( + "signature alg {:?} failed to serialize to a string: {}", + other, err + ) + }), + )), + } } fn as_verification_key(&self) -> CoreJsonWebKey { - use rsa::PublicKeyParts; + use rsa::traits::PublicKeyParts; + let public_key = self.key_pair.to_public_key(); CoreJsonWebKey { kty: CoreJsonWebKeyType::RSA, diff --git a/src/id_token.rs b/src/id_token.rs index 4d57ead1..0ee77597 100644 --- a/src/id_token.rs +++ b/src/id_token.rs @@ -483,8 +483,18 @@ mod tests { *claims.audiences(), vec![Audience::new("s6BhdRkqt3".to_string())] ); - assert_eq!(claims.expiration(), Utc.timestamp(1311281970, 0)); - assert_eq!(claims.issue_time(), Utc.timestamp(1311280970, 0)); + assert_eq!( + claims.expiration(), + Utc.timestamp_opt(1311281970, 0) + .single() + .expect("valid timestamp") + ); + assert_eq!( + claims.issue_time(), + Utc.timestamp_opt(1311280970, 0) + .single() + .expect("valid timestamp") + ); assert_eq!( *claims.subject(), SubjectIdentifier::new("24400320".to_string()) @@ -524,8 +534,18 @@ mod tests { *claims.audiences(), vec![Audience::new("s6BhdRkqt3".to_string())] ); - assert_eq!(claims.expiration(), Utc.timestamp(1311281970, 0)); - assert_eq!(claims.issue_time(), Utc.timestamp(1311280970, 0)); + assert_eq!( + claims.expiration(), + Utc.timestamp_opt(1311281970, 0) + .single() + .expect("valid timestamp") + ); + assert_eq!( + claims.issue_time(), + Utc.timestamp_opt(1311280970, 0) + .single() + .expect("valid timestamp") + ); assert_eq!( *claims.subject(), SubjectIdentifier::new("24400320".to_string()) @@ -542,8 +562,12 @@ mod tests { let new_claims = CoreIdTokenClaims::new( IssuerUrl::new("https://server.example.com".to_string()).unwrap(), vec![Audience::new("s6BhdRkqt3".to_string())], - Utc.timestamp(1311281970, 0), - Utc.timestamp(1311280970, 0), + Utc.timestamp_opt(1311281970, 0) + .single() + .expect("valid timestamp"), + Utc.timestamp_opt(1311280970, 0) + .single() + .expect("valid timestamp"), StandardClaims::new(SubjectIdentifier::new("24400320".to_string())), EmptyAdditionalClaims {}, ); @@ -666,8 +690,12 @@ mod tests { let new_claims = CoreIdTokenClaims::new( IssuerUrl::new("https://server.example.com".to_string()).unwrap(), vec![Audience::new("s6BhdRkqt3".to_string())], - Utc.timestamp(1311281970, 0), - Utc.timestamp(1311280970, 0), + Utc.timestamp_opt(1311281970, 0) + .single() + .expect("valid timestamp"), + Utc.timestamp_opt(1311280970, 0) + .single() + .expect("valid timestamp"), StandardClaims { sub: SubjectIdentifier::new("24400320".to_string()), name: Some( @@ -794,11 +822,19 @@ mod tests { postal_code: Some(AddressPostalCode::new("90210".to_string())), country: Some(AddressCountry::new("US".to_string())), }), - updated_at: Some(Utc.timestamp(1311283970, 0)), + updated_at: Some( + Utc.timestamp_opt(1311283970, 0) + .single() + .expect("valid timestamp"), + ), }, EmptyAdditionalClaims {}, ) - .set_auth_time(Some(Utc.timestamp(1311282970, 0))) + .set_auth_time(Some( + Utc.timestamp_opt(1311282970, 0) + .single() + .expect("valid timestamp"), + )) .set_nonce(Some(Nonce::new("Zm9vYmFy".to_string()))) .set_auth_context_ref(Some(AuthenticationContextClass::new( "urn:mace:incommon:iap:silver".to_string(), @@ -884,7 +920,14 @@ mod tests { }", ) .expect("failed to deserialize"); - assert_eq!(claims.updated_at(), Some(Utc.timestamp(1640139037, 0))); + assert_eq!( + claims.updated_at(), + Some( + Utc.timestamp_opt(1640139037, 0) + .single() + .expect("valid timestamp") + ) + ); } #[test] diff --git a/src/jwt.rs b/src/jwt.rs index f9bd96e3..e0728f25 100644 --- a/src/jwt.rs +++ b/src/jwt.rs @@ -232,11 +232,11 @@ where let header_json = serde_json::to_string(&header).map_err(JsonWebTokenError::SerializationError)?; - let header_base64 = base64::encode_config(&header_json, base64::URL_SAFE_NO_PAD); + let header_base64 = base64::encode_config(header_json, base64::URL_SAFE_NO_PAD); let serialized_payload = S::serialize(&payload).map_err(JsonWebTokenError::SerializationError)?; - let payload_base64 = base64::encode_config(&serialized_payload, base64::URL_SAFE_NO_PAD); + let payload_base64 = base64::encode_config(serialized_payload, base64::URL_SAFE_NO_PAD); let signing_input = format!("{}.{}", header_base64, payload_base64); @@ -717,7 +717,7 @@ pub mod tests { ) .unwrap(); assert_eq!( - serde_json::to_value(&new_jwt).expect("failed to serialize"), + serde_json::to_value(new_jwt).expect("failed to serialize"), serde_json::Value::String(TEST_JWT.to_string()) ); } diff --git a/src/registration.rs b/src/registration.rs index 1cf91f03..f9c458a5 100644 --- a/src/registration.rs +++ b/src/registration.rs @@ -1280,11 +1280,15 @@ mod tests { ); assert_eq!( registration_response.client_id_issued_at().unwrap(), - Utc.timestamp(1523953306, 0) + Utc.timestamp_opt(1523953306, 0) + .single() + .expect("valid timestamp") ); assert_eq!( registration_response.client_secret_expires_at().unwrap(), - Utc.timestamp(1526545306, 0) + Utc.timestamp_opt(1526545306, 0) + .single() + .expect("valid timestamp") ); assert_eq!( *registration_response.redirect_uris(), diff --git a/src/types.rs b/src/types.rs index 08d79c7e..17ea5d43 100644 --- a/src/types.rs +++ b/src/types.rs @@ -931,7 +931,7 @@ new_secret_type![ /// pub fn new_random_len(num_bytes: u32) -> Self { let random_bytes: Vec = (0..num_bytes).map(|_| thread_rng().gen::()).collect(); - Nonce::new(base64::encode_config(&random_bytes, base64::URL_SAFE_NO_PAD)) + Nonce::new(base64::encode_config(random_bytes, base64::URL_SAFE_NO_PAD)) } } ]; diff --git a/src/verification.rs b/src/verification.rs index 26497238..8b3e1203 100644 --- a/src/verification.rs +++ b/src/verification.rs @@ -1867,14 +1867,22 @@ mod tests { CoreIdTokenClaims::new( issuer.clone(), vec![Audience::new((*client_id).clone())], - Utc.timestamp(1544932149, 0), - Utc.timestamp(1544928549, 0), + Utc.timestamp_opt(1544932149, 0) + .single() + .expect("valid timestamp"), + Utc.timestamp_opt(1544928549, 0) + .single() + .expect("valid timestamp"), StandardClaims::new(SubjectIdentifier::new("subject".to_string())), Default::default(), ) .set_nonce(Some(nonce.clone())) .set_auth_context_ref(Some(AuthenticationContextClass::new("the_acr".to_string()))) - .set_auth_time(Some(Utc.timestamp(1544928548, 0))), + .set_auth_time(Some( + Utc.timestamp_opt(1544928548, 0) + .single() + .expect("valid timestamp"), + )), &rsa_priv_key, CoreJwsSigningAlgorithm::RsaSsaPkcs1V15Sha256, Some(&AccessToken::new("the_access_token".to_string())), @@ -2078,7 +2086,11 @@ mod tests { phone_number: None, phone_number_verified: None, address: None, - updated_at: Some(Utc.timestamp(1544928548, 0)), + updated_at: Some( + Utc.timestamp_opt(1544928548, 0) + .single() + .expect("valid timestamp"), + ), }, Default::default(), ); @@ -2102,7 +2114,7 @@ mod tests { ZD4A4aIn0K7z5J9RvrR3L7DWnc3fJQ0VU2v5QLePyqNWnFxks5eyl8Ios8JrZhwr4Q8GES8Q4Iw8Sz6W9vYpHK\ 2r1YdaACMM4g_TTtV91lpjn-Li2-HxW9NERdLvYvF6HwGIwbss26trp2yjNTARlxBUT6LR7y82oPIJKXIKL1GD\ YeSLeErhb6oTQ0a5gQ", - serde_json::to_value(&claims_jwt).unwrap().as_str().unwrap() + serde_json::to_value(claims_jwt).unwrap().as_str().unwrap() ); } }