matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-08-09 04:22:45 +03:00
Code Activity

Replace serde_with's base64 encoding / decoding with a custom wrapper (#1526)

Browse Source 
Co-authored-by: Quentin Gliech <quenting@element.io>
This commit is contained in:
Jonas Platte
2023-08-24 17:40:25 +02:00
committed by GitHub
parent e94840c7fb
commit 70e6489f17
7 changed files with 230 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

168
crates/jose/src/base64.rs Normal file
View File

@@ -0,0 +1,168 @@
//! Transparent base64 encoding / decoding as part of (de)serialization.
use std::{borrow::Cow, fmt, marker::PhantomData, str};
use base64ct::Encoding;
use serde::{
de::{self, Unexpected, Visitor},
Deserialize, Deserializer, Serialize, Serializer,
};
/// A wrapper around `Vec<u8>` that (de)serializes from / to a base64 string.
///
/// The generic parameter `C` represents the base64 flavor.
#[derive(Clone, PartialEq, Eq, PartialOrd, Ord)]
pub struct Base64<C = base64ct::Base64> {
bytes: Vec<u8>,
// Invariant PhantomData, Send + Sync
_phantom_conf: PhantomData<fn(C) -> C>,
}
pub type Base64UrlNoPad = Base64<base64ct::Base64UrlUnpadded>;
impl<C: Encoding> Base64<C> {
/// Create a `Base64` instance from raw bytes, to be base64-encoded in
/// serialization.
#[must_use]
pub fn new(bytes: Vec<u8>) -> Self {
Self {
bytes,
_phantom_conf: PhantomData,
}
}
/// Get a reference to the raw bytes held by this `Base64` instance.
#[must_use]
pub fn as_bytes(&self) -> &[u8] {
self.bytes.as_ref()
}
/// Encode the bytes contained in this `Base64` instance to unpadded base64.
#[must_use]
pub fn encode(&self) -> String {
C::encode_string(self.as_bytes())
}
/// Get the raw bytes held by this `Base64` instance.
#[must_use]
pub fn into_inner(self) -> Vec<u8> {
self.bytes
}
/// Create a `Base64` instance containing an empty `Vec<u8>`.
#[must_use]
pub fn empty() -> Self {
Self::new(Vec::new())
}
/// Parse some base64-encoded data to create a `Base64` instance.
pub fn parse(encoded: &str) -> Result<Self, base64ct::Error> {
C::decode_vec(encoded).map(Self::new)
}
}
impl<C: Encoding> fmt::Debug for Base64<C> {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
self.encode().fmt(f)
}
}
impl<C: Encoding> fmt::Display for Base64<C> {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
self.encode().fmt(f)
}
}
impl<'de, C: Encoding> Deserialize<'de> for Base64<C> {
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where
D: Deserializer<'de>,
{
let encoded = deserialize_cow_str(deserializer)?;
Self::parse(&encoded).map_err(de::Error::custom)
}
}
impl<C: Encoding> Serialize for Base64<C> {
fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where
S: Serializer,
{
serializer.serialize_str(&self.encode())
}
}
/// Deserialize a `Cow<'de, str>`.
///
/// Different from serde's implementation of `Deserialize` for `Cow` since it
/// borrows from the input when possible.
pub fn deserialize_cow_str<'de, D>(deserializer: D) -> Result<Cow<'de, str>, D::Error>
where
D: Deserializer<'de>,
{
deserializer.deserialize_string(CowStrVisitor)
}
struct CowStrVisitor;
impl<'de> Visitor<'de> for CowStrVisitor {
type Value = Cow<'de, str>;
fn expecting(&self, formatter: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
formatter.write_str("a string")
}
fn visit_borrowed_str<E>(self, v: &'de str) -> Result<Self::Value, E>
where
E: de::Error,
{
Ok(Cow::Borrowed(v))
}
fn visit_borrowed_bytes<E>(self, v: &'de [u8]) -> Result<Self::Value, E>
where
E: de::Error,
{
match str::from_utf8(v) {
Ok(s) => Ok(Cow::Borrowed(s)),
Err(_) => Err(de::Error::invalid_value(Unexpected::Bytes(v), &self)),
}
}
fn visit_str<E>(self, v: &str) -> Result<Self::Value, E>
where
E: de::Error,
{
Ok(Cow::Owned(v.to_owned()))
}
fn visit_string<E>(self, v: String) -> Result<Self::Value, E>
where
E: de::Error,
{
Ok(Cow::Owned(v))
}
fn visit_bytes<E>(self, v: &[u8]) -> Result<Self::Value, E>
where
E: de::Error,
{
match str::from_utf8(v) {
Ok(s) => Ok(Cow::Owned(s.to_owned())),
Err(_) => Err(de::Error::invalid_value(Unexpected::Bytes(v), &self)),
}
}
fn visit_byte_buf<E>(self, v: Vec<u8>) -> Result<Self::Value, E>
where
E: de::Error,
{
match String::from_utf8(v) {
Ok(s) => Ok(Cow::Owned(s)),
Err(e) => Err(de::Error::invalid_value(
Unexpected::Bytes(&e.into_bytes()),
&self,
)),
}
}
}

21
crates/jose/src/jwk/mod.rs
View File

@@ -20,14 +20,13 @@ use mas_iana::jose::{
};
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};
use serde_with::{
base64::{Base64, Standard, UrlSafe},
formats::{Padded, Unpadded},
serde_as, skip_serializing_none,
};
use serde_with::skip_serializing_none;
use url::Url;
use crate::constraints::{Constrainable, Constraint, ConstraintSet};
use crate::{
base64::{Base64, Base64UrlNoPad},
constraints::{Constrainable, Constraint, ConstraintSet},
};
pub(crate) mod private_parameters;
pub(crate) mod public_parameters;
@@ -60,7 +59,6 @@ impl JwkEcCurve for k256::Secp256k1 {
const CRV: JsonWebKeyEcEllipticCurve = JsonWebKeyEcEllipticCurve::Secp256K1;
}
#[serde_as]
#[skip_serializing_none]
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, JsonSchema)]
pub struct JsonWebKey<P> {
@@ -85,18 +83,15 @@ pub struct JsonWebKey<P> {
#[schemars(with = "Vec<String>")]
#[serde(default)]
#[serde_as(as = "Option<Vec<Base64<Standard, Padded>>>")]
x5c: Option<Vec<Vec<u8>>>,
x5c: Option<Vec<Base64>>,
#[schemars(with = "Option<String>")]
#[serde(default)]
#[serde_as(as = "Option<Base64<UrlSafe, Unpadded>>")]
x5t: Option<Vec<u8>>,
x5t: Option<Base64UrlNoPad>,
#[schemars(with = "Option<String>")]
#[serde(default, rename = "x5t#S256")]
#[serde_as(as = "Option<Base64<UrlSafe, Unpadded>>")]
x5t_s256: Option<Vec<u8>>,
x5t_s256: Option<Base64UrlNoPad>,
}
pub type PublicJsonWebKey = JsonWebKey<self::public_parameters::JsonWebKeyPublicParameters>;

77
crates/jose/src/jwk/private_parameters.rs
View File

@@ -17,16 +17,11 @@ use mas_iana::jose::{
};
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};
use serde_with::{
base64::{Base64, UrlSafe},
formats::Unpadded,
serde_as,
};
use thiserror::Error;
use super::{public_parameters::JsonWebKeyPublicParameters, ParametersInfo};
use crate::base64::Base64UrlNoPad;
#[serde_as]
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, JsonSchema)]
#[serde(tag = "kty")]
pub enum JsonWebKeyPrivateParameters {
@@ -114,13 +109,11 @@ impl TryFrom<JsonWebKeyPrivateParameters> for JsonWebKeyPublicParameters {
}
}
#[serde_as]
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, JsonSchema)]
pub struct OctPrivateParameters {
/// Key Value
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
k: Vec<u8>,
k: Base64UrlNoPad,
}
impl ParametersInfo for OctPrivateParameters {
@@ -137,48 +130,39 @@ impl ParametersInfo for OctPrivateParameters {
}
}
#[serde_as]
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, JsonSchema)]
pub struct RsaPrivateParameters {
/// Modulus
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
n: Vec<u8>,
n: Base64UrlNoPad,
/// Exponent
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
e: Vec<u8>,
e: Base64UrlNoPad,
/// Private Exponent
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
d: Vec<u8>,
d: Base64UrlNoPad,
/// First Prime Factor
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
p: Vec<u8>,
p: Base64UrlNoPad,
/// Second Prime Factor
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
q: Vec<u8>,
q: Base64UrlNoPad,
/// First Factor CRT Exponent
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
dp: Vec<u8>,
dp: Base64UrlNoPad,
/// Second Factor CRT Exponent
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
dq: Vec<u8>,
dq: Base64UrlNoPad,
/// First CRT Coefficient
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
qi: Vec<u8>,
qi: Base64UrlNoPad,
/// Other Primes Info
#[serde(skip_serializing_if = "Option::is_none")]
@@ -208,23 +192,19 @@ impl From<RsaPrivateParameters> for super::public_parameters::RsaPublicParameter
}
}
#[serde_as]
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, JsonSchema)]
struct RsaOtherPrimeInfo {
/// Prime Factor
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
r: Vec<u8>,
r: Base64UrlNoPad,
/// Factor CRT Exponent
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
d: Vec<u8>,
d: Base64UrlNoPad,
/// Factor CRT Coefficient
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
t: Vec<u8>,
t: Base64UrlNoPad,
}
mod rsa_impls {
@@ -244,14 +224,14 @@ mod rsa_impls {
#[allow(clippy::many_single_char_names)]
fn try_from(value: &RsaPrivateParameters) -> Result<Self, Self::Error> {
let n = BigUint::from_bytes_be(&value.n);
let e = BigUint::from_bytes_be(&value.e);
let d = BigUint::from_bytes_be(&value.d);
let n = BigUint::from_bytes_be(value.n.as_bytes());
let e = BigUint::from_bytes_be(value.e.as_bytes());
let d = BigUint::from_bytes_be(value.d.as_bytes());
let primes = [&value.p, &value.q]
.into_iter()
.chain(value.oth.iter().flatten().map(|o| &o.r))
.map(|i| BigUint::from_bytes_be(i))
.map(|i| BigUint::from_bytes_be(i.as_bytes()))
.collect();
let key = RsaPrivateKey::from_components(n, e, d, primes)?;
@@ -263,22 +243,18 @@ mod rsa_impls {
}
}
#[serde_as]
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, JsonSchema)]
pub struct EcPrivateParameters {
pub(crate) crv: JsonWebKeyEcEllipticCurve,
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
x: Vec<u8>,
x: Base64UrlNoPad,
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
y: Vec<u8>,
y: Base64UrlNoPad,
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
d: Vec<u8>,
d: Base64UrlNoPad,
}
impl ParametersInfo for EcPrivateParameters {
@@ -310,6 +286,7 @@ mod ec_impls {
};
use super::{super::JwkEcCurve, EcPrivateParameters};
use crate::base64::Base64UrlNoPad;
impl<C> TryFrom<EcPrivateParameters> for SecretKey<C>
where
@@ -328,7 +305,7 @@ mod ec_impls {
type Error = elliptic_curve::Error;
fn try_from(value: &EcPrivateParameters) -> Result<Self, Self::Error> {
SecretKey::from_slice(&value.d)
SecretKey::from_slice(value.d.as_bytes())
}
}
@@ -357,22 +334,20 @@ mod ec_impls {
let d = key.to_bytes();
EcPrivateParameters {
crv: C::CRV,
x: x.to_vec(),
y: y.to_vec(),
d: d.to_vec(),
x: Base64UrlNoPad::new(x.to_vec()),
y: Base64UrlNoPad::new(y.to_vec()),
d: Base64UrlNoPad::new(d.to_vec()),
}
}
}
}
#[serde_as]
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, JsonSchema)]
pub struct OkpPrivateParameters {
crv: JsonWebKeyOkpEllipticCurve,
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
x: Vec<u8>,
x: Base64UrlNoPad,
}
impl ParametersInfo for OkpPrivateParameters {

47
crates/jose/src/jwk/public_parameters.rs
View File

@@ -17,15 +17,10 @@ use mas_iana::jose::{
};
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};
use serde_with::{
base64::{Base64, UrlSafe},
formats::Unpadded,
serde_as,
};
use super::ParametersInfo;
use crate::base64::Base64UrlNoPad;
#[serde_as]
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, JsonSchema)]
#[serde(tag = "kty")]
pub enum JsonWebKeyPublicParameters {
@@ -83,16 +78,13 @@ impl ParametersInfo for JsonWebKeyPublicParameters {
}
}
#[serde_as]
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, JsonSchema)]
pub struct RsaPublicParameters {
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
n: Vec<u8>,
n: Base64UrlNoPad,
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
e: Vec<u8>,
e: Base64UrlNoPad,
}
impl ParametersInfo for RsaPublicParameters {
@@ -113,27 +105,24 @@ impl ParametersInfo for RsaPublicParameters {
}
impl RsaPublicParameters {
pub const fn new(n: Vec<u8>, e: Vec<u8>) -> Self {
pub const fn new(n: Base64UrlNoPad, e: Base64UrlNoPad) -> Self {
Self { n, e }
}
}
#[serde_as]
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, JsonSchema)]
pub struct EcPublicParameters {
pub(crate) crv: JsonWebKeyEcEllipticCurve,
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
x: Vec<u8>,
x: Base64UrlNoPad,
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
y: Vec<u8>,
y: Base64UrlNoPad,
}
impl EcPublicParameters {
pub const fn new(crv: JsonWebKeyEcEllipticCurve, x: Vec<u8>, y: Vec<u8>) -> Self {
pub const fn new(crv: JsonWebKeyEcEllipticCurve, x: Base64UrlNoPad, y: Base64UrlNoPad) -> Self {
Self { crv, x, y }
}
}
@@ -154,14 +143,12 @@ impl ParametersInfo for EcPublicParameters {
}
}
#[serde_as]
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, JsonSchema)]
pub struct OkpPublicParameters {
crv: JsonWebKeyOkpEllipticCurve,
#[schemars(with = "String")]
#[serde_as(as = "Base64<UrlSafe, Unpadded>")]
x: Vec<u8>,
x: Base64UrlNoPad,
}
impl ParametersInfo for OkpPublicParameters {
@@ -175,7 +162,7 @@ impl ParametersInfo for OkpPublicParameters {
}
impl OkpPublicParameters {
pub const fn new(crv: JsonWebKeyOkpEllipticCurve, x: Vec<u8>) -> Self {
pub const fn new(crv: JsonWebKeyOkpEllipticCurve, x: Base64UrlNoPad) -> Self {
Self { crv, x }
}
}
@@ -184,6 +171,7 @@ mod rsa_impls {
use rsa::{traits::PublicKeyParts, BigUint, RsaPublicKey};
use super::{JsonWebKeyPublicParameters, RsaPublicParameters};
use crate::base64::Base64UrlNoPad;
impl From<RsaPublicKey> for JsonWebKeyPublicParameters {
fn from(key: RsaPublicKey) -> Self {
@@ -206,8 +194,8 @@ mod rsa_impls {
impl From<&RsaPublicKey> for RsaPublicParameters {
fn from(key: &RsaPublicKey) -> Self {
Self {
n: key.n().to_bytes_be(),
e: key.e().to_bytes_be(),
n: Base64UrlNoPad::new(key.n().to_bytes_be()),
e: Base64UrlNoPad::new(key.e().to_bytes_be()),
}
}
}
@@ -222,8 +210,8 @@ mod rsa_impls {
impl TryFrom<&RsaPublicParameters> for RsaPublicKey {
type Error = rsa::errors::Error;
fn try_from(value: &RsaPublicParameters) -> Result<Self, Self::Error> {
let n = BigUint::from_bytes_be(&value.n);
let e = BigUint::from_bytes_be(&value.e);
let n = BigUint::from_bytes_be(value.n.as_bytes());
let e = BigUint::from_bytes_be(value.e.as_bytes());
let key = RsaPublicKey::new(n, e)?;
Ok(key)
}
@@ -239,6 +227,7 @@ mod ec_impls {
};
use super::{super::JwkEcCurve, EcPublicParameters, JsonWebKeyPublicParameters};
use crate::base64::Base64UrlNoPad;
impl<C> TryFrom<&EcPublicParameters> for PublicKey<C>
where
@@ -250,10 +239,12 @@ mod ec_impls {
fn try_from(value: &EcPublicParameters) -> Result<Self, Self::Error> {
let x = value
.x
.as_bytes()
.get(..C::FieldBytesSize::USIZE)
.ok_or(elliptic_curve::Error)?;
let y = value
.y
.as_bytes()
.get(..C::FieldBytesSize::USIZE)
.ok_or(elliptic_curve::Error)?;
@@ -311,8 +302,8 @@ mod ec_impls {
};
EcPublicParameters {
crv: C::CRV,
x: x.to_vec(),
y: y.to_vec(),
x: Base64UrlNoPad::new(x.to_vec()),
y: Base64UrlNoPad::new(y.to_vec()),
}
}
}

18
crates/jose/src/jwt/header.rs
View File

@@ -14,16 +14,11 @@
use mas_iana::jose::JsonWebSignatureAlg;
use serde::{Deserialize, Serialize};
use serde_with::{
base64::{Base64, Standard, UrlSafe},
formats::{Padded, Unpadded},
serde_as, skip_serializing_none,
};
use serde_with::skip_serializing_none;
use url::Url;
use crate::jwk::PublicJsonWebKey;
use crate::{base64::Base64UrlNoPad, jwk::PublicJsonWebKey, Base64};
#[serde_as]
#[skip_serializing_none]
#[derive(Debug, Serialize, Deserialize, Clone, PartialEq, Eq)]
pub struct JsonWebSignatureHeader {
@@ -42,16 +37,13 @@ pub struct JsonWebSignatureHeader {
x5u: Option<Url>,
#[serde(default)]
#[serde_as(as = "Option<Vec<Base64<Standard, Padded>>>")]
x5c: Option<Vec<Vec<u8>>>,
x5c: Option<Vec<Base64>>,
#[serde(default)]
#[serde_as(as = "Option<Base64<UrlSafe, Unpadded>>")]
x5t: Option<Vec<u8>>,
x5t: Option<Base64UrlNoPad>,
#[serde(default, rename = "x5t#S256")]
#[serde_as(as = "Option<Base64<UrlSafe, Unpadded>>")]
x5t_s256: Option<Vec<u8>>,
x5t_s256: Option<Base64UrlNoPad>,
#[serde(default)]
typ: Option<String>,

3
crates/jose/src/lib.rs
View File

@@ -17,8 +17,11 @@
#![warn(clippy::pedantic)]
#![allow(clippy::missing_errors_doc, clippy::module_name_repetitions)]
mod base64;
pub mod claims;
pub mod constraints;
pub mod jwa;
pub mod jwk;
pub mod jwt;
pub use self::base64::Base64;