diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d1c75fa..c966ea1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -68,5 +68,8 @@ jobs: - name: Build System Info run: rustc --version - - name: Run tests + - name: Run tests default features run: cargo test + + - name: Run tests no features + run: cargo test --no-default-features diff --git a/CHANGELOG.md b/CHANGELOG.md index 4d530e6..7df0457 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ - Error now implements Clone/Eq - Change default leeway from 0s to 60s - Add `Validation::require_spec_claims` to validate presence of the spec claims +- Add default feature for pem decoding named `use_pem` that can be disabled to avoid 2 dependencies ## 7.2.0 (2020-06-30) diff --git a/Cargo.toml b/Cargo.toml index b7ce88d..d05cfd3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "jsonwebtoken" -version = "8.0.0-beta.7" +version = "8.0.0-beta.8" authors = ["Vincent Prouillet "] license = "MIT" readme = "README.md" @@ -8,7 +8,7 @@ description = "Create and decode JWTs in a strongly typed way." homepage = "https://github.com/Keats/jsonwebtoken" repository = "https://github.com/Keats/jsonwebtoken" keywords = ["jwt", "api", "token", "jwk"] -edition = "2018" +edition = "2021" include = ["src/**/*", "benches/**/*", "tests/**/*", "LICENSE", "README.md", "CHANGELOG.md"] [dependencies] @@ -17,14 +17,18 @@ serde = {version = "1.0", features = ["derive"] } ring = { version = "0.16.5", features = ["std"] } base64 = "0.13" # For PEM decoding -pem = "1" -simple_asn1 = "0.6" +pem = {version = "1", optional = true} +simple_asn1 = {version = "0.6", optional = true} [dev-dependencies] # For the custom time example time = "0.3" criterion = "0.3" +[features] +default = ["use_pem"] +use_pem = ["pem", "simple_asn1"] + [[bench]] name = "jwt" harness = false diff --git a/README.md b/README.md index fd6efca..1cc9750 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,8 @@ Add the following to Cargo.toml: ```toml jsonwebtoken = "8" +# If you do not need pem decoding, you can disable the default feature `use_pem` that way: +# jsonwebtoken = {version = "8", default-features = false } serde = {version = "1.0", features = ["derive"] } ``` diff --git a/src/decoding.rs b/src/decoding.rs index 1856877..145a24d 100644 --- a/src/decoding.rs +++ b/src/decoding.rs @@ -4,6 +4,7 @@ use crate::algorithms::AlgorithmFamily; use crate::crypto::verify; use crate::errors::{new_error, ErrorKind, Result}; use crate::header::Header; +#[cfg(feature = "use_pem")] use crate::pem::decoder::PemEncodedKey; use crate::serialization::{b64_decode, DecodedJwtPartClaims}; use crate::validation::{validate, Validation}; @@ -59,6 +60,8 @@ impl DecodingKey { } /// If you are loading a public RSA key in a PEM format, use this. + /// Only exists if the feature `use_pem` is enabled. + #[cfg(feature = "use_pem")] pub fn from_rsa_pem(key: &[u8]) -> Result { let pem_key = PemEncodedKey::new(key)?; let content = pem_key.as_rsa_key()?; @@ -87,6 +90,8 @@ impl DecodingKey { } /// If you have a ECDSA public key in PEM format, use this. + /// Only exists if the feature `use_pem` is enabled. + #[cfg(feature = "use_pem")] pub fn from_ec_pem(key: &[u8]) -> Result { let pem_key = PemEncodedKey::new(key)?; let content = pem_key.as_ec_public_key()?; @@ -97,6 +102,8 @@ impl DecodingKey { } /// If you have a EdDSA public key in PEM format, use this. + /// Only exists if the feature `use_pem` is enabled. + #[cfg(feature = "use_pem")] pub fn from_ed_pem(key: &[u8]) -> Result { let pem_key = PemEncodedKey::new(key)?; let content = pem_key.as_ed_public_key()?; diff --git a/src/encoding.rs b/src/encoding.rs index b0f8315..d268b8d 100644 --- a/src/encoding.rs +++ b/src/encoding.rs @@ -4,6 +4,7 @@ use crate::algorithms::AlgorithmFamily; use crate::crypto; use crate::errors::{new_error, ErrorKind, Result}; use crate::header::Header; +#[cfg(feature = "use_pem")] use crate::pem::decoder::PemEncodedKey; use crate::serialization::b64_encode_part; @@ -29,12 +30,14 @@ impl EncodingKey { /// If you are loading a RSA key from a .pem file. /// This errors if the key is not a valid RSA key. + /// Only exists if the feature `use_pem` is enabled. /// /// # NOTE /// /// According to the [ring doc](https://briansmith.org/rustdoc/ring/signature/struct.RsaKeyPair.html#method.from_pkcs8), /// the key should be at least 2047 bits. /// + #[cfg(feature = "use_pem")] pub fn from_rsa_pem(key: &[u8]) -> Result { let pem_key = PemEncodedKey::new(key)?; let content = pem_key.as_rsa_key()?; @@ -43,6 +46,7 @@ impl EncodingKey { /// If you are loading a ECDSA key from a .pem file /// This errors if the key is not a valid private EC key + /// Only exists if the feature `use_pem` is enabled. /// /// # NOTE /// @@ -54,6 +58,7 @@ impl EncodingKey { /// openssl ecparam -genkey -noout -name prime256v1 \ /// | openssl pkcs8 -topk8 -nocrypt -out ec-private.pem /// ``` + #[cfg(feature = "use_pem")] pub fn from_ec_pem(key: &[u8]) -> Result { let pem_key = PemEncodedKey::new(key)?; let content = pem_key.as_ec_private_key()?; @@ -62,6 +67,8 @@ impl EncodingKey { /// If you are loading a EdDSA key from a .pem file /// This errors if the key is not a valid private Ed key + /// Only exists if the feature `use_pem` is enabled. + #[cfg(feature = "use_pem")] pub fn from_ed_pem(key: &[u8]) -> Result { let pem_key = PemEncodedKey::new(key)?; let content = pem_key.as_ed_private_key()?; diff --git a/src/lib.rs b/src/lib.rs index 7e2c7a8..0c8664b 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -12,6 +12,7 @@ mod encoding; pub mod errors; mod header; pub mod jwk; +#[cfg(feature = "use_pem")] mod pem; mod serialization; mod validation; diff --git a/tests/ecdsa/mod.rs b/tests/ecdsa/mod.rs index a54a5c4..d12ae48 100644 --- a/tests/ecdsa/mod.rs +++ b/tests/ecdsa/mod.rs @@ -25,6 +25,7 @@ fn round_trip_sign_verification_pk8() { assert!(is_valid); } +#[cfg(feature = "use_pem")] #[test] fn round_trip_sign_verification_pem() { let privkey_pem = include_bytes!("private_ecdsa_key.pem"); @@ -42,6 +43,7 @@ fn round_trip_sign_verification_pem() { assert!(is_valid); } +#[cfg(feature = "use_pem")] #[test] fn round_trip_claim() { let privkey_pem = include_bytes!("private_ecdsa_key.pem"); @@ -67,6 +69,7 @@ fn round_trip_claim() { } // https://jwt.io/ is often used for examples so ensure their example works with jsonwebtoken +#[cfg(feature = "use_pem")] #[test] fn roundtrip_with_jwtio_example() { // We currently do not support SEC1 so we use the converted PKCS8 formatted diff --git a/tests/eddsa/mod.rs b/tests/eddsa/mod.rs index a3ca291..9136863 100644 --- a/tests/eddsa/mod.rs +++ b/tests/eddsa/mod.rs @@ -25,6 +25,7 @@ fn round_trip_sign_verification_pk8() { assert!(is_valid); } +#[cfg(feature = "use_pem")] #[test] fn round_trip_sign_verification_pem() { let privkey_pem = include_bytes!("private_ed25519_key.pem"); @@ -42,6 +43,7 @@ fn round_trip_sign_verification_pem() { assert!(is_valid); } +#[cfg(feature = "use_pem")] #[test] fn round_trip_claim() { let privkey_pem = include_bytes!("private_ed25519_key.pem"); diff --git a/tests/rsa/mod.rs b/tests/rsa/mod.rs index 78d8b51..dc0fa93 100644 --- a/tests/rsa/mod.rs +++ b/tests/rsa/mod.rs @@ -21,6 +21,7 @@ pub struct Claims { exp: i64, } +#[cfg(feature = "use_pem")] #[test] fn round_trip_sign_verification_pem_pkcs1() { let privkey_pem = include_bytes!("private_rsa_key_pkcs1.pem"); @@ -40,6 +41,7 @@ fn round_trip_sign_verification_pem_pkcs1() { } } +#[cfg(feature = "use_pem")] #[test] fn round_trip_sign_verification_pem_pkcs8() { let privkey_pem = include_bytes!("private_rsa_key_pkcs8.pem"); @@ -73,6 +75,7 @@ fn round_trip_sign_verification_der() { } } +#[cfg(feature = "use_pem")] #[test] fn round_trip_claim() { let my_claims = Claims { @@ -98,6 +101,7 @@ fn round_trip_claim() { } } +#[cfg(feature = "use_pem")] #[test] fn rsa_modulus_exponent() { let privkey = include_str!("private_rsa_key_pkcs1.pem"); @@ -124,6 +128,7 @@ fn rsa_modulus_exponent() { } // https://jwt.io/ is often used for examples so ensure their example works with jsonwebtoken +#[cfg(feature = "use_pem")] #[test] fn roundtrip_with_jwtio_example_jey() { let privkey_pem = include_bytes!("private_jwtio.pem");