trustee-guest-components/0004-Fedora-remove-jwt-simple-dependency.patch
Uri Lublin f5a12748a0 Initial commit on c10s
Added gating.yaml

Resolves: RHEL-73770
2025-01-21 15:01:46 +02:00

96 lines
3.2 KiB
Diff

From 5325bd8707afb0ac8504c5e845c96c62f8cd4b93 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Tue, 10 Sep 2024 17:17:03 +0300
Subject: [PATCH] Fedora: remove jwt-simple dependency
Content-type: text/plain
jwt-simple requires some crypto crates.
The code checks time validity. Use std::time instead for this.
Signed-off-by: Uri Lublin <uril@redhat.com>
---
Cargo.toml | 1 -
attestation-agent/kbs_protocol/Cargo.toml | 1 -
.../kbs_protocol/src/token_provider/mod.rs | 19 +++++++++----------
3 files changed, 9 insertions(+), 12 deletions(-)
diff --git a/Cargo.toml b/Cargo.toml
index bb4a534..db72ef9 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -23,7 +23,6 @@ const_format = "0.2.33"
env_logger = "0.11.5"
hex = "0.4.3"
hmac = "0.12.1"
-jwt-simple = { version = "0.12", default-features = false, features = ["pure-rust"] }
kbs-types = "0.7.0"
lazy_static = "1.5.0"
log = "0.4.22"
diff --git a/attestation-agent/kbs_protocol/Cargo.toml b/attestation-agent/kbs_protocol/Cargo.toml
index 92fccce..d012487 100644
--- a/attestation-agent/kbs_protocol/Cargo.toml
+++ b/attestation-agent/kbs_protocol/Cargo.toml
@@ -13,7 +13,6 @@ base64.workspace = true
clap = { workspace = true, features = ["derive"], optional = true }
crypto = { path = "../deps/crypto", default-features = false }
env_logger = { workspace = true, optional = true }
-jwt-simple.workspace = true
kbs-types.workspace = true
log.workspace = true
protobuf = { workspace = true, optional = true}
diff --git a/attestation-agent/kbs_protocol/src/token_provider/mod.rs b/attestation-agent/kbs_protocol/src/token_provider/mod.rs
index 8f4d7ae..844680c 100644
--- a/attestation-agent/kbs_protocol/src/token_provider/mod.rs
+++ b/attestation-agent/kbs_protocol/src/token_provider/mod.rs
@@ -14,11 +14,9 @@ pub use aa::*;
use anyhow::*;
use async_trait::async_trait;
use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine};
-use jwt_simple::{
- claims::JWTClaims,
- prelude::{Clock, UnixTimeStamp},
-};
use serde_json::Value;
+use std::time::SystemTime;
+
use crate::keypair::TeeKeyPair;
@@ -33,8 +31,8 @@ pub trait TokenProvider: Send + Sync {
#[derive(Clone, Debug)]
pub struct Token {
pub content: String,
- exp: Option<UnixTimeStamp>,
- nbf: Option<UnixTimeStamp>,
+ exp: Option<u64>,
+ nbf: Option<u64>,
}
impl Token {
@@ -44,16 +42,17 @@ impl Token {
.nth(1)
.ok_or_else(|| anyhow!("illegal token format"))?;
let claims = URL_SAFE_NO_PAD.decode(claims_b64)?;
- let claims = serde_json::from_slice::<JWTClaims<Value>>(&claims)?;
+ let claims = serde_json::from_slice::<Value>(&claims)?;
Ok(Self {
content: token,
- exp: claims.expires_at,
- nbf: claims.invalid_before,
+ exp: claims["exp"].as_u64(),
+ nbf: claims["nbf"].as_u64(),
})
}
pub fn check_valid(&self) -> Result<()> {
- let now = Clock::now_since_epoch();
+ let now = SystemTime::now().duration_since(SystemTime::UNIX_EPOCH)
+ .unwrap().as_secs();
if let Some(exp) = self.exp {
if exp < now {
bail!("token expired");
--
2.47.1