@@ -7,8 +7,10 @@ use api::error::VssError;
77use async_trait:: async_trait;
88use base64:: engine:: general_purpose:: { STANDARD , URL_SAFE_NO_PAD } ;
99use base64:: Engine ;
10- use rsa:: sha2:: { Digest , Sha256 } ;
11- use rsa:: { pkcs8:: DecodePublicKey , RsaPublicKey } ;
10+ use openssl:: hash:: MessageDigest ;
11+ use openssl:: pkey:: PKey ;
12+ use openssl:: pkey:: Public ;
13+ use openssl:: sign:: Verifier ;
1214use serde:: Deserialize ;
1315use std:: collections:: HashMap ;
1416
@@ -17,7 +19,7 @@ use std::collections::HashMap;
1719///
1820/// Refer: https://datatracker.ietf.org/doc/html/rfc7519
1921pub struct JWTAuthorizer {
20- jwt_issuer_key : RsaPublicKey ,
22+ jwt_issuer_key : PKey < Public > ,
2123}
2224
2325/// A set of Claims claimed by 'JsonWebToken'
@@ -34,7 +36,7 @@ pub(crate) struct Claims {
3436
3537const BEARER_PREFIX : & str = "Bearer " ;
3638
37- fn parse_public_key_pem ( pem : & str ) -> Result < RsaPublicKey , String > {
39+ fn parse_public_key_pem ( pem : & str ) -> Result < PKey < Public > , String > {
3840 let body = pem
3941 . trim ( )
4042 . strip_prefix ( "-----BEGIN PUBLIC KEY-----" )
@@ -43,7 +45,7 @@ fn parse_public_key_pem(pem: &str) -> Result<RsaPublicKey, String> {
4345 . ok_or ( String :: from ( "Suffix not found" ) ) ?;
4446 let body: String = body. lines ( ) . map ( |line| line. trim ( ) ) . collect ( ) ;
4547 let body = STANDARD . decode ( body) . map_err ( |_| String :: from ( "Base64 decode failed" ) ) ?;
46- RsaPublicKey :: from_public_key_der ( & body) . map_err ( |_| String :: from ( "DER decode failed" ) )
48+ PKey :: public_key_from_der ( & body) . map_err ( |_| String :: from ( "DER decode failed" ) )
4749}
4850
4951impl JWTAuthorizer {
@@ -93,10 +95,14 @@ impl Authorizer for JWTAuthorizer {
9395 let signature = URL_SAFE_NO_PAD
9496 . decode ( signature_base64)
9597 . map_err ( |_| VssError :: AuthError ( String :: from ( "Signature base64 decode failed" ) ) ) ?;
96- let digest = Sha256 :: digest ( message. as_bytes ( ) ) ;
97- self . jwt_issuer_key
98- . verify ( rsa:: pkcs1v15:: Pkcs1v15Sign :: new :: < Sha256 > ( ) , & digest, & signature)
99- . map_err ( |_| VssError :: AuthError ( String :: from ( "RSA verification failed" ) ) ) ?;
98+ let mut verifier = Verifier :: new ( MessageDigest :: sha256 ( ) , & self . jwt_issuer_key )
99+ . map_err ( |_| VssError :: AuthError ( String :: from ( "RSA initialization failed" ) ) ) ?;
100+ if !verifier
101+ . verify_oneshot ( & signature, message. as_bytes ( ) )
102+ . map_err ( |_| VssError :: AuthError ( String :: from ( "RSA verification failed" ) ) ) ?
103+ {
104+ return Err ( VssError :: AuthError ( String :: from ( "RSA verification failed" ) ) ) ;
105+ }
100106
101107 let claims_json = URL_SAFE_NO_PAD
102108 . decode ( claims_base64)
0 commit comments