From 09e744abe31bc999031a17a4b13c79d2f80ac479 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?John=20Arg=C3=A9rus?= Date: Thu, 26 Oct 2023 13:53:42 +0200 Subject: [PATCH 1/2] [databroker] Update dependencies to support RISC-V --- Cargo.lock | 64 ++++++-------------------- kuksa_databroker/databroker/Cargo.toml | 2 +- 2 files changed, 15 insertions(+), 51 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8139c984..d0b86620 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1714,13 +1714,13 @@ dependencies = [ [[package]] name = "jsonwebtoken" -version = "8.3.0" +version = "9.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6971da4d9c3aa03c3d8f3ff0f4155b534aad021292003895a469716b2a230378" +checksum = "155c4d7e39ad04c172c5e3a99c434ea3b4a7ba7960b38ecd562b270b097cce09" dependencies = [ "base64 0.21.5", "pem", - "ring 0.16.20", + "ring", "serde", "serde_json", "simple_asn1", @@ -2025,11 +2025,12 @@ checksum = "9555b1514d2d99d78150d3c799d4c357a3e2c2a8062cd108e93a06d9057629c5" [[package]] name = "pem" -version = "1.1.1" +version = "3.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8" +checksum = "3163d2912b7c3b52d651a055f2c7eec9ba5cd22d26ef75b8dd3a59980b185923" dependencies = [ - "base64 0.13.1", + "base64 0.21.5", + "serde", ] [[package]] @@ -2356,21 +2357,6 @@ version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" -[[package]] -name = "ring" -version = "0.16.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" -dependencies = [ - "cc", - "libc", - "once_cell", - "spin 0.5.2", - "untrusted 0.7.1", - "web-sys", - "winapi", -] - [[package]] name = "ring" version = "0.17.5" @@ -2380,8 +2366,8 @@ dependencies = [ "cc", "getrandom 0.2.10", "libc", - "spin 0.9.8", - "untrusted 0.9.0", + "spin", + "untrusted", "windows-sys 0.48.0", ] @@ -2423,7 +2409,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "446e14c5cda4f3f30fe71863c34ec70f5ac79d6087097ad0bb433e1be5edf04c" dependencies = [ "log", - "ring 0.17.5", + "ring", "rustls-webpki", "sct", ] @@ -2443,8 +2429,8 @@ version = "0.101.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" dependencies = [ - "ring 0.17.5", - "untrusted 0.9.0", + "ring", + "untrusted", ] [[package]] @@ -2480,8 +2466,8 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" dependencies = [ - "ring 0.17.5", - "untrusted 0.9.0", + "ring", + "untrusted", ] [[package]] @@ -2685,12 +2671,6 @@ dependencies = [ "windows-sys 0.48.0", ] -[[package]] -name = "spin" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" - [[package]] name = "spin" version = "0.9.8" @@ -3194,12 +3174,6 @@ version = "0.1.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e51733f11c9c4f72aa0c160008246859e340b00807569a0da0e7a1079b27ba85" -[[package]] -name = "untrusted" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" - [[package]] name = "untrusted" version = "0.9.0" @@ -3341,16 +3315,6 @@ version = "0.2.87" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ca6ad05a4870b2bf5fe995117d3728437bd27d7cd5f06f13c17443ef369775a1" -[[package]] -name = "web-sys" -version = "0.3.64" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b85cbef8c220a6abc02aefd892dfc0fc23afb1c6a426316ec33253a3877249b" -dependencies = [ - "js-sys", - "wasm-bindgen", -] - [[package]] name = "which" version = "4.4.2" diff --git a/kuksa_databroker/databroker/Cargo.toml b/kuksa_databroker/databroker/Cargo.toml index 25d9752f..f2bd3139 100644 --- a/kuksa_databroker/databroker/Cargo.toml +++ b/kuksa_databroker/databroker/Cargo.toml @@ -48,7 +48,7 @@ clap = { workspace = true, features = [ sqlparser = "0.16.0" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" -jsonwebtoken = "8.2.0" +jsonwebtoken = "9.1.0" regex = "1.7.1" jemallocator = { version = "0.5.0", optional = true } From cab923886becfb082f6ff4663f4ee290d52d48f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?John=20Arg=C3=A9rus?= Date: Thu, 26 Oct 2023 14:34:42 +0200 Subject: [PATCH 2/2] [databroker] Fixes for updated jsonwebtoken Update decoder to work with new version of jsonwebtoken. "aud" should absolutely be checked, and we need to add support supplying a set of valid audiences when running databroker. --- .../databroker/src/authorization/jwt/decoder.rs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/kuksa_databroker/databroker/src/authorization/jwt/decoder.rs b/kuksa_databroker/databroker/src/authorization/jwt/decoder.rs index 63d9f883..584a8c4b 100644 --- a/kuksa_databroker/databroker/src/authorization/jwt/decoder.rs +++ b/kuksa_databroker/databroker/src/authorization/jwt/decoder.rs @@ -68,10 +68,10 @@ impl Decoder { } }; - let validator = Validation::new(Algorithm::RS256); - // validator.leeway = 5; - // validator.set_audience(..); - // validator.set_issuer(..); + // TODO: Make algorithm configurable. + let mut validator = Validation::new(Algorithm::RS256); + // TODO: Make "aud" configurable. + validator.set_audience(&["kuksa.val"]); Ok(Decoder { decoding_key, @@ -168,7 +168,7 @@ AEiqOjPq0D6X45wCzIwjILUCAwEAAQ== Ok(claims) => { assert_eq!(claims.scope, "read:Vehicle.Speed"); } - Err(_) => panic!("decode should succeed"), + Err(err) => panic!("decode should succeed but failed with:{}", err), } } }