Add default feature use_pem
This commit is contained in:
parent
5486f96f52
commit
1a46cfa7c9
|
@ -68,5 +68,8 @@ jobs:
|
||||||
- name: Build System Info
|
- name: Build System Info
|
||||||
run: rustc --version
|
run: rustc --version
|
||||||
|
|
||||||
- name: Run tests
|
- name: Run tests default features
|
||||||
run: cargo test
|
run: cargo test
|
||||||
|
|
||||||
|
- name: Run tests no features
|
||||||
|
run: cargo test --no-default-features
|
||||||
|
|
|
@ -14,6 +14,7 @@
|
||||||
- Error now implements Clone/Eq
|
- Error now implements Clone/Eq
|
||||||
- Change default leeway from 0s to 60s
|
- Change default leeway from 0s to 60s
|
||||||
- Add `Validation::require_spec_claims` to validate presence of the spec claims
|
- Add `Validation::require_spec_claims` to validate presence of the spec claims
|
||||||
|
- Add default feature for pem decoding named `use_pem` that can be disabled to avoid 2 dependencies
|
||||||
|
|
||||||
## 7.2.0 (2020-06-30)
|
## 7.2.0 (2020-06-30)
|
||||||
|
|
||||||
|
|
12
Cargo.toml
12
Cargo.toml
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "jsonwebtoken"
|
name = "jsonwebtoken"
|
||||||
version = "8.0.0-beta.7"
|
version = "8.0.0-beta.8"
|
||||||
authors = ["Vincent Prouillet <hello@vincentprouillet.com>"]
|
authors = ["Vincent Prouillet <hello@vincentprouillet.com>"]
|
||||||
license = "MIT"
|
license = "MIT"
|
||||||
readme = "README.md"
|
readme = "README.md"
|
||||||
|
@ -8,7 +8,7 @@ description = "Create and decode JWTs in a strongly typed way."
|
||||||
homepage = "https://github.com/Keats/jsonwebtoken"
|
homepage = "https://github.com/Keats/jsonwebtoken"
|
||||||
repository = "https://github.com/Keats/jsonwebtoken"
|
repository = "https://github.com/Keats/jsonwebtoken"
|
||||||
keywords = ["jwt", "api", "token", "jwk"]
|
keywords = ["jwt", "api", "token", "jwk"]
|
||||||
edition = "2018"
|
edition = "2021"
|
||||||
include = ["src/**/*", "benches/**/*", "tests/**/*", "LICENSE", "README.md", "CHANGELOG.md"]
|
include = ["src/**/*", "benches/**/*", "tests/**/*", "LICENSE", "README.md", "CHANGELOG.md"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
|
@ -17,14 +17,18 @@ serde = {version = "1.0", features = ["derive"] }
|
||||||
ring = { version = "0.16.5", features = ["std"] }
|
ring = { version = "0.16.5", features = ["std"] }
|
||||||
base64 = "0.13"
|
base64 = "0.13"
|
||||||
# For PEM decoding
|
# For PEM decoding
|
||||||
pem = "1"
|
pem = {version = "1", optional = true}
|
||||||
simple_asn1 = "0.6"
|
simple_asn1 = {version = "0.6", optional = true}
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
# For the custom time example
|
# For the custom time example
|
||||||
time = "0.3"
|
time = "0.3"
|
||||||
criterion = "0.3"
|
criterion = "0.3"
|
||||||
|
|
||||||
|
[features]
|
||||||
|
default = ["use_pem"]
|
||||||
|
use_pem = ["pem", "simple_asn1"]
|
||||||
|
|
||||||
[[bench]]
|
[[bench]]
|
||||||
name = "jwt"
|
name = "jwt"
|
||||||
harness = false
|
harness = false
|
||||||
|
|
|
@ -11,6 +11,8 @@ Add the following to Cargo.toml:
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
jsonwebtoken = "8"
|
jsonwebtoken = "8"
|
||||||
|
# If you do not need pem decoding, you can disable the default feature `use_pem` that way:
|
||||||
|
# jsonwebtoken = {version = "8", default-features = false }
|
||||||
serde = {version = "1.0", features = ["derive"] }
|
serde = {version = "1.0", features = ["derive"] }
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,7 @@ use crate::algorithms::AlgorithmFamily;
|
||||||
use crate::crypto::verify;
|
use crate::crypto::verify;
|
||||||
use crate::errors::{new_error, ErrorKind, Result};
|
use crate::errors::{new_error, ErrorKind, Result};
|
||||||
use crate::header::Header;
|
use crate::header::Header;
|
||||||
|
#[cfg(feature = "use_pem")]
|
||||||
use crate::pem::decoder::PemEncodedKey;
|
use crate::pem::decoder::PemEncodedKey;
|
||||||
use crate::serialization::{b64_decode, DecodedJwtPartClaims};
|
use crate::serialization::{b64_decode, DecodedJwtPartClaims};
|
||||||
use crate::validation::{validate, Validation};
|
use crate::validation::{validate, Validation};
|
||||||
|
@ -59,6 +60,8 @@ impl DecodingKey {
|
||||||
}
|
}
|
||||||
|
|
||||||
/// If you are loading a public RSA key in a PEM format, use this.
|
/// If you are loading a public RSA key in a PEM format, use this.
|
||||||
|
/// Only exists if the feature `use_pem` is enabled.
|
||||||
|
#[cfg(feature = "use_pem")]
|
||||||
pub fn from_rsa_pem(key: &[u8]) -> Result<Self> {
|
pub fn from_rsa_pem(key: &[u8]) -> Result<Self> {
|
||||||
let pem_key = PemEncodedKey::new(key)?;
|
let pem_key = PemEncodedKey::new(key)?;
|
||||||
let content = pem_key.as_rsa_key()?;
|
let content = pem_key.as_rsa_key()?;
|
||||||
|
@ -87,6 +90,8 @@ impl DecodingKey {
|
||||||
}
|
}
|
||||||
|
|
||||||
/// If you have a ECDSA public key in PEM format, use this.
|
/// If you have a ECDSA public key in PEM format, use this.
|
||||||
|
/// Only exists if the feature `use_pem` is enabled.
|
||||||
|
#[cfg(feature = "use_pem")]
|
||||||
pub fn from_ec_pem(key: &[u8]) -> Result<Self> {
|
pub fn from_ec_pem(key: &[u8]) -> Result<Self> {
|
||||||
let pem_key = PemEncodedKey::new(key)?;
|
let pem_key = PemEncodedKey::new(key)?;
|
||||||
let content = pem_key.as_ec_public_key()?;
|
let content = pem_key.as_ec_public_key()?;
|
||||||
|
@ -97,6 +102,8 @@ impl DecodingKey {
|
||||||
}
|
}
|
||||||
|
|
||||||
/// If you have a EdDSA public key in PEM format, use this.
|
/// If you have a EdDSA public key in PEM format, use this.
|
||||||
|
/// Only exists if the feature `use_pem` is enabled.
|
||||||
|
#[cfg(feature = "use_pem")]
|
||||||
pub fn from_ed_pem(key: &[u8]) -> Result<Self> {
|
pub fn from_ed_pem(key: &[u8]) -> Result<Self> {
|
||||||
let pem_key = PemEncodedKey::new(key)?;
|
let pem_key = PemEncodedKey::new(key)?;
|
||||||
let content = pem_key.as_ed_public_key()?;
|
let content = pem_key.as_ed_public_key()?;
|
||||||
|
|
|
@ -4,6 +4,7 @@ use crate::algorithms::AlgorithmFamily;
|
||||||
use crate::crypto;
|
use crate::crypto;
|
||||||
use crate::errors::{new_error, ErrorKind, Result};
|
use crate::errors::{new_error, ErrorKind, Result};
|
||||||
use crate::header::Header;
|
use crate::header::Header;
|
||||||
|
#[cfg(feature = "use_pem")]
|
||||||
use crate::pem::decoder::PemEncodedKey;
|
use crate::pem::decoder::PemEncodedKey;
|
||||||
use crate::serialization::b64_encode_part;
|
use crate::serialization::b64_encode_part;
|
||||||
|
|
||||||
|
@ -29,12 +30,14 @@ impl EncodingKey {
|
||||||
|
|
||||||
/// If you are loading a RSA key from a .pem file.
|
/// If you are loading a RSA key from a .pem file.
|
||||||
/// This errors if the key is not a valid RSA key.
|
/// This errors if the key is not a valid RSA key.
|
||||||
|
/// Only exists if the feature `use_pem` is enabled.
|
||||||
///
|
///
|
||||||
/// # NOTE
|
/// # NOTE
|
||||||
///
|
///
|
||||||
/// According to the [ring doc](https://briansmith.org/rustdoc/ring/signature/struct.RsaKeyPair.html#method.from_pkcs8),
|
/// According to the [ring doc](https://briansmith.org/rustdoc/ring/signature/struct.RsaKeyPair.html#method.from_pkcs8),
|
||||||
/// the key should be at least 2047 bits.
|
/// the key should be at least 2047 bits.
|
||||||
///
|
///
|
||||||
|
#[cfg(feature = "use_pem")]
|
||||||
pub fn from_rsa_pem(key: &[u8]) -> Result<Self> {
|
pub fn from_rsa_pem(key: &[u8]) -> Result<Self> {
|
||||||
let pem_key = PemEncodedKey::new(key)?;
|
let pem_key = PemEncodedKey::new(key)?;
|
||||||
let content = pem_key.as_rsa_key()?;
|
let content = pem_key.as_rsa_key()?;
|
||||||
|
@ -43,6 +46,7 @@ impl EncodingKey {
|
||||||
|
|
||||||
/// If you are loading a ECDSA key from a .pem file
|
/// If you are loading a ECDSA key from a .pem file
|
||||||
/// This errors if the key is not a valid private EC key
|
/// This errors if the key is not a valid private EC key
|
||||||
|
/// Only exists if the feature `use_pem` is enabled.
|
||||||
///
|
///
|
||||||
/// # NOTE
|
/// # NOTE
|
||||||
///
|
///
|
||||||
|
@ -54,6 +58,7 @@ impl EncodingKey {
|
||||||
/// openssl ecparam -genkey -noout -name prime256v1 \
|
/// openssl ecparam -genkey -noout -name prime256v1 \
|
||||||
/// | openssl pkcs8 -topk8 -nocrypt -out ec-private.pem
|
/// | openssl pkcs8 -topk8 -nocrypt -out ec-private.pem
|
||||||
/// ```
|
/// ```
|
||||||
|
#[cfg(feature = "use_pem")]
|
||||||
pub fn from_ec_pem(key: &[u8]) -> Result<Self> {
|
pub fn from_ec_pem(key: &[u8]) -> Result<Self> {
|
||||||
let pem_key = PemEncodedKey::new(key)?;
|
let pem_key = PemEncodedKey::new(key)?;
|
||||||
let content = pem_key.as_ec_private_key()?;
|
let content = pem_key.as_ec_private_key()?;
|
||||||
|
@ -62,6 +67,8 @@ impl EncodingKey {
|
||||||
|
|
||||||
/// If you are loading a EdDSA key from a .pem file
|
/// If you are loading a EdDSA key from a .pem file
|
||||||
/// This errors if the key is not a valid private Ed key
|
/// This errors if the key is not a valid private Ed key
|
||||||
|
/// Only exists if the feature `use_pem` is enabled.
|
||||||
|
#[cfg(feature = "use_pem")]
|
||||||
pub fn from_ed_pem(key: &[u8]) -> Result<Self> {
|
pub fn from_ed_pem(key: &[u8]) -> Result<Self> {
|
||||||
let pem_key = PemEncodedKey::new(key)?;
|
let pem_key = PemEncodedKey::new(key)?;
|
||||||
let content = pem_key.as_ed_private_key()?;
|
let content = pem_key.as_ed_private_key()?;
|
||||||
|
|
|
@ -12,6 +12,7 @@ mod encoding;
|
||||||
pub mod errors;
|
pub mod errors;
|
||||||
mod header;
|
mod header;
|
||||||
pub mod jwk;
|
pub mod jwk;
|
||||||
|
#[cfg(feature = "use_pem")]
|
||||||
mod pem;
|
mod pem;
|
||||||
mod serialization;
|
mod serialization;
|
||||||
mod validation;
|
mod validation;
|
||||||
|
|
|
@ -25,6 +25,7 @@ fn round_trip_sign_verification_pk8() {
|
||||||
assert!(is_valid);
|
assert!(is_valid);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[cfg(feature = "use_pem")]
|
||||||
#[test]
|
#[test]
|
||||||
fn round_trip_sign_verification_pem() {
|
fn round_trip_sign_verification_pem() {
|
||||||
let privkey_pem = include_bytes!("private_ecdsa_key.pem");
|
let privkey_pem = include_bytes!("private_ecdsa_key.pem");
|
||||||
|
@ -42,6 +43,7 @@ fn round_trip_sign_verification_pem() {
|
||||||
assert!(is_valid);
|
assert!(is_valid);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[cfg(feature = "use_pem")]
|
||||||
#[test]
|
#[test]
|
||||||
fn round_trip_claim() {
|
fn round_trip_claim() {
|
||||||
let privkey_pem = include_bytes!("private_ecdsa_key.pem");
|
let privkey_pem = include_bytes!("private_ecdsa_key.pem");
|
||||||
|
@ -67,6 +69,7 @@ fn round_trip_claim() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// https://jwt.io/ is often used for examples so ensure their example works with jsonwebtoken
|
// https://jwt.io/ is often used for examples so ensure their example works with jsonwebtoken
|
||||||
|
#[cfg(feature = "use_pem")]
|
||||||
#[test]
|
#[test]
|
||||||
fn roundtrip_with_jwtio_example() {
|
fn roundtrip_with_jwtio_example() {
|
||||||
// We currently do not support SEC1 so we use the converted PKCS8 formatted
|
// We currently do not support SEC1 so we use the converted PKCS8 formatted
|
||||||
|
|
|
@ -25,6 +25,7 @@ fn round_trip_sign_verification_pk8() {
|
||||||
assert!(is_valid);
|
assert!(is_valid);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[cfg(feature = "use_pem")]
|
||||||
#[test]
|
#[test]
|
||||||
fn round_trip_sign_verification_pem() {
|
fn round_trip_sign_verification_pem() {
|
||||||
let privkey_pem = include_bytes!("private_ed25519_key.pem");
|
let privkey_pem = include_bytes!("private_ed25519_key.pem");
|
||||||
|
@ -42,6 +43,7 @@ fn round_trip_sign_verification_pem() {
|
||||||
assert!(is_valid);
|
assert!(is_valid);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[cfg(feature = "use_pem")]
|
||||||
#[test]
|
#[test]
|
||||||
fn round_trip_claim() {
|
fn round_trip_claim() {
|
||||||
let privkey_pem = include_bytes!("private_ed25519_key.pem");
|
let privkey_pem = include_bytes!("private_ed25519_key.pem");
|
||||||
|
|
|
@ -21,6 +21,7 @@ pub struct Claims {
|
||||||
exp: i64,
|
exp: i64,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[cfg(feature = "use_pem")]
|
||||||
#[test]
|
#[test]
|
||||||
fn round_trip_sign_verification_pem_pkcs1() {
|
fn round_trip_sign_verification_pem_pkcs1() {
|
||||||
let privkey_pem = include_bytes!("private_rsa_key_pkcs1.pem");
|
let privkey_pem = include_bytes!("private_rsa_key_pkcs1.pem");
|
||||||
|
@ -40,6 +41,7 @@ fn round_trip_sign_verification_pem_pkcs1() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[cfg(feature = "use_pem")]
|
||||||
#[test]
|
#[test]
|
||||||
fn round_trip_sign_verification_pem_pkcs8() {
|
fn round_trip_sign_verification_pem_pkcs8() {
|
||||||
let privkey_pem = include_bytes!("private_rsa_key_pkcs8.pem");
|
let privkey_pem = include_bytes!("private_rsa_key_pkcs8.pem");
|
||||||
|
@ -73,6 +75,7 @@ fn round_trip_sign_verification_der() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[cfg(feature = "use_pem")]
|
||||||
#[test]
|
#[test]
|
||||||
fn round_trip_claim() {
|
fn round_trip_claim() {
|
||||||
let my_claims = Claims {
|
let my_claims = Claims {
|
||||||
|
@ -98,6 +101,7 @@ fn round_trip_claim() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[cfg(feature = "use_pem")]
|
||||||
#[test]
|
#[test]
|
||||||
fn rsa_modulus_exponent() {
|
fn rsa_modulus_exponent() {
|
||||||
let privkey = include_str!("private_rsa_key_pkcs1.pem");
|
let privkey = include_str!("private_rsa_key_pkcs1.pem");
|
||||||
|
@ -124,6 +128,7 @@ fn rsa_modulus_exponent() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// https://jwt.io/ is often used for examples so ensure their example works with jsonwebtoken
|
// https://jwt.io/ is often used for examples so ensure their example works with jsonwebtoken
|
||||||
|
#[cfg(feature = "use_pem")]
|
||||||
#[test]
|
#[test]
|
||||||
fn roundtrip_with_jwtio_example_jey() {
|
fn roundtrip_with_jwtio_example_jey() {
|
||||||
let privkey_pem = include_bytes!("private_jwtio.pem");
|
let privkey_pem = include_bytes!("private_jwtio.pem");
|
||||||
|
|
Loading…
Reference in New Issue