96 lines
3.2 KiB
Diff
96 lines
3.2 KiB
Diff
From 5325bd8707afb0ac8504c5e845c96c62f8cd4b93 Mon Sep 17 00:00:00 2001
|
|
From: Uri Lublin <uril@redhat.com>
|
|
Date: Tue, 10 Sep 2024 17:17:03 +0300
|
|
Subject: [PATCH] Fedora: remove jwt-simple dependency
|
|
Content-type: text/plain
|
|
|
|
jwt-simple requires some crypto crates.
|
|
|
|
The code checks time validity. Use std::time instead for this.
|
|
|
|
Signed-off-by: Uri Lublin <uril@redhat.com>
|
|
---
|
|
Cargo.toml | 1 -
|
|
attestation-agent/kbs_protocol/Cargo.toml | 1 -
|
|
.../kbs_protocol/src/token_provider/mod.rs | 19 +++++++++----------
|
|
3 files changed, 9 insertions(+), 12 deletions(-)
|
|
|
|
diff --git a/Cargo.toml b/Cargo.toml
|
|
index bb4a534..db72ef9 100644
|
|
--- a/Cargo.toml
|
|
+++ b/Cargo.toml
|
|
@@ -23,7 +23,6 @@ const_format = "0.2.33"
|
|
env_logger = "0.11.5"
|
|
hex = "0.4.3"
|
|
hmac = "0.12.1"
|
|
-jwt-simple = { version = "0.12", default-features = false, features = ["pure-rust"] }
|
|
kbs-types = "0.7.0"
|
|
lazy_static = "1.5.0"
|
|
log = "0.4.22"
|
|
diff --git a/attestation-agent/kbs_protocol/Cargo.toml b/attestation-agent/kbs_protocol/Cargo.toml
|
|
index 92fccce..d012487 100644
|
|
--- a/attestation-agent/kbs_protocol/Cargo.toml
|
|
+++ b/attestation-agent/kbs_protocol/Cargo.toml
|
|
@@ -13,7 +13,6 @@ base64.workspace = true
|
|
clap = { workspace = true, features = ["derive"], optional = true }
|
|
crypto = { path = "../deps/crypto", default-features = false }
|
|
env_logger = { workspace = true, optional = true }
|
|
-jwt-simple.workspace = true
|
|
kbs-types.workspace = true
|
|
log.workspace = true
|
|
protobuf = { workspace = true, optional = true}
|
|
diff --git a/attestation-agent/kbs_protocol/src/token_provider/mod.rs b/attestation-agent/kbs_protocol/src/token_provider/mod.rs
|
|
index 8f4d7ae..844680c 100644
|
|
--- a/attestation-agent/kbs_protocol/src/token_provider/mod.rs
|
|
+++ b/attestation-agent/kbs_protocol/src/token_provider/mod.rs
|
|
@@ -14,11 +14,9 @@ pub use aa::*;
|
|
use anyhow::*;
|
|
use async_trait::async_trait;
|
|
use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine};
|
|
-use jwt_simple::{
|
|
- claims::JWTClaims,
|
|
- prelude::{Clock, UnixTimeStamp},
|
|
-};
|
|
use serde_json::Value;
|
|
+use std::time::SystemTime;
|
|
+
|
|
|
|
use crate::keypair::TeeKeyPair;
|
|
|
|
@@ -33,8 +31,8 @@ pub trait TokenProvider: Send + Sync {
|
|
#[derive(Clone, Debug)]
|
|
pub struct Token {
|
|
pub content: String,
|
|
- exp: Option<UnixTimeStamp>,
|
|
- nbf: Option<UnixTimeStamp>,
|
|
+ exp: Option<u64>,
|
|
+ nbf: Option<u64>,
|
|
}
|
|
|
|
impl Token {
|
|
@@ -44,16 +42,17 @@ impl Token {
|
|
.nth(1)
|
|
.ok_or_else(|| anyhow!("illegal token format"))?;
|
|
let claims = URL_SAFE_NO_PAD.decode(claims_b64)?;
|
|
- let claims = serde_json::from_slice::<JWTClaims<Value>>(&claims)?;
|
|
+ let claims = serde_json::from_slice::<Value>(&claims)?;
|
|
Ok(Self {
|
|
content: token,
|
|
- exp: claims.expires_at,
|
|
- nbf: claims.invalid_before,
|
|
+ exp: claims["exp"].as_u64(),
|
|
+ nbf: claims["nbf"].as_u64(),
|
|
})
|
|
}
|
|
|
|
pub fn check_valid(&self) -> Result<()> {
|
|
- let now = Clock::now_since_epoch();
|
|
+ let now = SystemTime::now().duration_since(SystemTime::UNIX_EPOCH)
|
|
+ .unwrap().as_secs();
|
|
if let Some(exp) = self.exp {
|
|
if exp < now {
|
|
bail!("token expired");
|
|
--
|
|
2.47.1
|
|
|