diff --git a/Cargo.lock b/Cargo.lock index 811216154..6612420b6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -10,9 +10,9 @@ checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" [[package]] name = "aead" -version = "0.4.2" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e3e798aa0c8239776f54415bc06f3d74b1850f3f830b45c35cfc80556973f70" +checksum = "0b613b8e1e3cf911a086f53f03bf286f52fd7a7258e4fa606f0ef220d39d8877" dependencies = [ "generic-array 0.14.4", "rand_core 0.6.3", @@ -26,7 +26,7 @@ checksum = "43bb833f0bf979d8475d38fbf09ed3b8a55e1885fe93ad3f93239fc6a4f17b98" dependencies = [ "getrandom 0.2.3", "once_cell", - "version_check", + "version_check 0.9.3", ] [[package]] @@ -64,26 +64,21 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.42" +version = "1.0.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "595d3cfa7a60d4555cb5067b99f07142a08ea778de5cf993f7b75c7d8fabc486" +checksum = "28ae2b3dec75a406790005a200b1bd89785afc02517a00ca99ecfe093ee9e6cf" [[package]] name = "argon2" -version = "0.2.2" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ab8b02347b6f46e0287e74f75c611c7e3a350a1e7df449b7fc8c16f1e8d238e" +checksum = "d805bb12b532be9ce066df7913311f43716b41d8d780e9322113e8a6ae7c41ab" dependencies = [ + "base64ct", "blake2", "password-hash", ] -[[package]] -name = "arrayvec" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23b62fc65de8e4e7f52534fb52b0f3ed04746ae267519eef2a83941e8085068b" - [[package]] name = "async-compression" version = "0.3.8" @@ -124,7 +119,7 @@ version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c3410529e8288c463bedb5930f82833bc0c90e5d2fe639a56582a4d09220b281" dependencies = [ - "autocfg", + "autocfg 1.0.1", ] [[package]] @@ -138,6 +133,12 @@ dependencies = [ "winapi", ] +[[package]] +name = "autocfg" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d49d90015b3c36167a20fe2810c5cd875ad504b39cff3d4eae7977e6b7c1cb2" + [[package]] name = "autocfg" version = "1.0.1" @@ -167,9 +168,9 @@ checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd" [[package]] name = "base64ct" -version = "1.0.0" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0d27fb6b6f1e43147af148af49d49329413ba781aa0d5e10979831c210173b5" +checksum = "8a32fd6af2b5827bce66c29053ba0e7c42b9dcab01835835058558c10851a46b" [[package]] name = "bincode" @@ -182,9 +183,9 @@ dependencies = [ [[package]] name = "bitflags" -version = "1.3.1" +version = "1.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2da1976d75adbe5fbc88130ecd119529cf1cc6a93ae1546d8696ee66f0d21af1" +checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitvec" @@ -200,9 +201,9 @@ dependencies = [ [[package]] name = "blake2" -version = "0.9.1" +version = "0.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "10a5720225ef5daecf08657f23791354e1685a8c91a4c60c7f3d3b2892f978f4" +checksum = "0a4e37d16930f5459780f5621038b6382b9bb37c19016f39fb6b5808d831f174" dependencies = [ "crypto-mac 0.8.0", "digest 0.9.0", @@ -279,12 +280,6 @@ dependencies = [ "safemem", ] -[[package]] -name = "build_const" -version = "0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4ae4235e6dac0694637c763029ecea1a2ec9e4e06ec2729bd21ba4d9c863eb7" - [[package]] name = "bumpalo" version = "3.7.0" @@ -305,15 +300,15 @@ checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" [[package]] name = "bytes" -version = "1.0.1" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b700ce4376041dcd0a327fd0097c41095743c4c8af8887265942faf1100bd040" +checksum = "c4872d67bab6358e59559027aa3b9157c53d9358c51423c17554809a8858e0f8" [[package]] name = "cc" -version = "1.0.69" +version = "1.0.70" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e70cc2f62c6ce1868963827bd677764c62d07c3d9a3e1fb1177ee1a9ab199eb2" +checksum = "d26a6ce4b6a484fa3edb70f7efa6fc430fd2b87285fe8b84304fd0936faa0dc0" [[package]] name = "cfg-if" @@ -329,9 +324,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "chacha20" -version = "0.7.2" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ea8756167ea0aca10e066cdbe7813bd71d2f24e69b0bc7b50509590cef2ce0b9" +checksum = "01b72a433d0cf2aef113ba70f62634c56fddb0f244e6377185c56a7cadbd8f91" dependencies = [ "cfg-if 1.0.0", "cipher", @@ -341,9 +336,9 @@ dependencies = [ [[package]] name = "chacha20poly1305" -version = "0.8.1" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "175a11316f33592cf2b71416ee65283730b5b7849813c4891d02a12906ed9acc" +checksum = "3b84ed6d1d5f7aa9bdde921a5090e0ca4d934d250ea3b402a5fab3a994e28a2a" dependencies = [ "aead", "chacha20", @@ -387,9 +382,9 @@ dependencies = [ [[package]] name = "clap" -version = "3.0.0-beta.2" +version = "3.0.0-beta.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4bd1061998a501ee7d4b6d449020df3266ca3124b941ec56cf2005c3779ca142" +checksum = "fcd70aa5597dbc42f7217a543f9ef2768b2ef823ba29036072d30e1d88e98406" dependencies = [ "atty", "bitflags", @@ -400,15 +395,14 @@ dependencies = [ "strsim", "termcolor", "textwrap", - "unicode-width", "vec_map", ] [[package]] name = "clap_derive" -version = "3.0.0-beta.2" +version = "3.0.0-beta.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "370f715b81112975b1b69db93e0b56ea4cd4e5002ac43b2da8474106a54096a1" +checksum = "0b5bb0d655624a0b8770d1c178fb8ffcb1f91cc722cb08f451e3dc72465421ac" dependencies = [ "heck", "proc-macro-error", @@ -417,6 +411,12 @@ dependencies = [ "syn", ] +[[package]] +name = "const-oid" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44c32f031ea41b4291d695026c023b95d59db2d8a2c7640800ed56bc8f510f22" + [[package]] name = "const_fn" version = "0.4.8" @@ -430,27 +430,18 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d5f1c7727e460397e56abc4bddc1d49e07a1ad78fc98eb2e1c8f032a58a2f80d" dependencies = [ "time 0.2.27", - "version_check", + "version_check 0.9.3", ] [[package]] name = "cpufeatures" -version = "0.1.5" +version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "66c99696f6c9dd7f35d486b9d04d7e6e202aa3e8c40d553f2fdf5e7e0c6a71ef" +checksum = "95059428f66df56b63431fdb4e1947ed2190586af5c5a8a8b71122bdf5a7f469" dependencies = [ "libc", ] -[[package]] -name = "crc" -version = "1.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d663548de7f5cca343f1e0a48d14dcfb0e9eb4e079ec58883b7251539fa10aeb" -dependencies = [ - "build_const", -] - [[package]] name = "crc" version = "2.0.0" @@ -524,6 +515,18 @@ dependencies = [ "lazy_static", ] +[[package]] +name = "crypto-bigint" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e49339137316df1914fdb54a5eae75a73f45068fd0d2178fe235b11d93238a6e" +dependencies = [ + "generic-array 0.14.4", + "rand_core 0.6.3", + "subtle", + "zeroize", +] + [[package]] name = "crypto-mac" version = "0.8.0" @@ -544,6 +547,16 @@ dependencies = [ "subtle", ] +[[package]] +name = "crypto-mac" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b1d1a86f49236c215f271d40892d5fc950490551400b02ef360692c29815c714" +dependencies = [ + "generic-array 0.14.4", + "subtle", +] + [[package]] name = "darling" version = "0.13.0" @@ -585,6 +598,16 @@ version = "2.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3ee2393c4a91429dffb4bedf19f4d6abf27d8a732c8ce4980305d782e5426d57" +[[package]] +name = "der" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "31e21d2d0f22cde6e88694108429775c0219760a07779bf96503b434a03d7412" +dependencies = [ + "const-oid", + "crypto-bigint", +] + [[package]] name = "deunicode" version = "0.4.3" @@ -653,6 +676,18 @@ version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ee2626afccd7561a06cf1367e2950c4718ea04565e20fb5029b6c7d8ad09abcf" +[[package]] +name = "ecdsa" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "43ee23aa5b4f68c7a092b5c3beb25f50c406adc75e2363634f242f28ab255372" +dependencies = [ + "der", + "elliptic-curve", + "hmac 0.11.0", + "signature", +] + [[package]] name = "either" version = "1.6.1" @@ -662,12 +697,38 @@ dependencies = [ "serde", ] +[[package]] +name = "elliptic-curve" +version = "0.10.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "beca177dcb8eb540133e7680baff45e7cc4d93bf22002676cec549f82343721b" +dependencies = [ + "crypto-bigint", + "ff", + "generic-array 0.14.4", + "group", + "pkcs8", + "rand_core 0.6.3", + "subtle", + "zeroize", +] + [[package]] name = "fake-simd" version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e88a8acf291dafb59c2d96e8f59828f3838bb1a70398823ade51a84de6a6deed" +[[package]] +name = "ff" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0f40b2dcd8bc322217a5f6559ae5f9e9d1de202a2ecee2e9eafcbece7562a4f" +dependencies = [ + "rand_core 0.6.3", + "subtle", +] + [[package]] name = "figment" version = "0.10.6" @@ -681,14 +742,14 @@ dependencies = [ "serde_yaml", "tempfile", "uncased", - "version_check", + "version_check 0.9.3", ] [[package]] name = "flate2" -version = "1.0.20" +version = "1.0.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd3aec53de10fe96d7d8c565eb17f2c687bb5518a2ec453b5b1252964526abe0" +checksum = "80edafed416a46fb378521624fab1cfa2eb514784fd8921adbe8a8d8321da811" dependencies = [ "cfg-if 1.0.0", "crc32fast", @@ -720,9 +781,9 @@ checksum = "fed34cd105917e91daa4da6b3728c47b068749d6a62c59811f06ed2ac71d9da7" [[package]] name = "futures" -version = "0.3.16" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1adc00f486adfc9ce99f77d717836f0c5aa84965eb0b4f051f4e83f7cab53f8b" +checksum = "a12aa0eb539080d55c3f2d45a67c3b58b6b0773c1a3ca2dfec66d58c97fd66ca" dependencies = [ "futures-channel", "futures-core", @@ -735,9 +796,9 @@ dependencies = [ [[package]] name = "futures-channel" -version = "0.3.16" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74ed2411805f6e4e3d9bc904c95d5d423b89b3b25dc0250aa74729de20629ff9" +checksum = "5da6ba8c3bb3c165d3c7319fc1cc8304facf1fb8db99c5de877183c08a273888" dependencies = [ "futures-core", "futures-sink", @@ -745,15 +806,15 @@ dependencies = [ [[package]] name = "futures-core" -version = "0.3.16" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af51b1b4a7fdff033703db39de8802c673eb91855f2e0d47dcf3bf2c0ef01f99" +checksum = "88d1c26957f23603395cd326b0ffe64124b818f4449552f960d815cfba83a53d" [[package]] name = "futures-executor" -version = "0.3.16" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d0d535a57b87e1ae31437b892713aee90cd2d7b0ee48727cd11fc72ef54761c" +checksum = "45025be030969d763025784f7f355043dc6bc74093e4ecc5000ca4dc50d8745c" dependencies = [ "futures-core", "futures-task", @@ -761,18 +822,29 @@ dependencies = [ ] [[package]] -name = "futures-io" -version = "0.3.16" +name = "futures-intrusive" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b0e06c393068f3a6ef246c75cdca793d6a46347e75286933e5e75fd2fd11582" +checksum = "62007592ac46aa7c2b6416f7deb9a8a8f63a01e0f1d6e1787d5630170db2b63e" +dependencies = [ + "futures-core", + "lock_api", + "parking_lot", +] + +[[package]] +name = "futures-io" +version = "0.3.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "522de2a0fe3e380f1bc577ba0474108faf3f6b18321dbf60b3b9c39a75073377" [[package]] name = "futures-macro" -version = "0.3.16" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c54913bae956fb8df7f4dc6fc90362aa72e69148e3f39041fbe8742d21e0ac57" +checksum = "18e4a4b95cea4b4ccbcf1c5675ca7c4ee4e9e75eb79944d07defde18068f79bb" dependencies = [ - "autocfg", + "autocfg 1.0.1", "proc-macro-hack", "proc-macro2", "quote", @@ -781,23 +853,23 @@ dependencies = [ [[package]] name = "futures-sink" -version = "0.3.16" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0f30aaa67363d119812743aa5f33c201a7a66329f97d1a887022971feea4b53" +checksum = "36ea153c13024fe480590b3e3d4cad89a0cfacecc24577b68f86c6ced9c2bc11" [[package]] name = "futures-task" -version = "0.3.16" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbe54a98670017f3be909561f6ad13e810d9a51f3f061b902062ca3da80799f2" +checksum = "1d3d00f4eddb73e498a54394f228cd55853bdf059259e8e7bc6e69d408892e99" [[package]] name = "futures-util" -version = "0.3.16" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67eb846bfd58e44a8481a00049e82c43e0ccb5d61f8dc071057cb19249dd4d78" +checksum = "36568465210a3a6ee45e1f165136d68671471a501e632e9a98d96872222b5481" dependencies = [ - "autocfg", + "autocfg 1.0.1", "futures-channel", "futures-core", "futures-io", @@ -828,7 +900,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "501466ecc8a30d1d3b7fc9229b122b2ce8ed6e9d9223f1138d4babb253e51817" dependencies = [ "typenum", - "version_check", + "version_check 0.9.3", ] [[package]] @@ -878,10 +950,21 @@ dependencies = [ ] [[package]] -name = "h2" -version = "0.3.3" +name = "group" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "825343c4eef0b63f541f8903f395dc5beb362a979b5799a84062527ef1e37726" +checksum = "1c363a5301b8f153d80747126a04b3c82073b9fe3130571a9d170cacdeaf7912" +dependencies = [ + "ff", + "rand_core 0.6.3", + "subtle", +] + +[[package]] +name = "h2" +version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d7f3675cfef6a30c8031cf9e6493ebdc3bb3272a3fea3923c4210d1830e6a472" dependencies = [ "bytes", "fnv", @@ -896,6 +979,12 @@ dependencies = [ "tracing", ] +[[package]] +name = "half" +version = "1.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "62aca2aba2d62b4a7f5b33f3712cb1b0692779a56fb510499d5c0aa594daeaf3" + [[package]] name = "hashbrown" version = "0.11.2" @@ -924,7 +1013,7 @@ dependencies = [ "byteorder", "crossbeam-channel 0.3.9", "flate2", - "nom 4.1.1", + "nom 4.2.3", "num-traits", ] @@ -940,7 +1029,7 @@ dependencies = [ "headers-core", "http", "mime", - "sha-1 0.9.7", + "sha-1 0.9.8", "time 0.1.44", ] @@ -987,6 +1076,16 @@ dependencies = [ "digest 0.9.0", ] +[[package]] +name = "hmac" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b" +dependencies = [ + "crypto-mac 0.11.1", + "digest 0.9.0", +] + [[package]] name = "http" version = "0.2.4" @@ -1011,9 +1110,9 @@ dependencies = [ [[package]] name = "httparse" -version = "1.4.1" +version = "1.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3a87b616e37e93c22fb19bcd386f02f3af5ea98a25670ad0fce773de23c5e68" +checksum = "acd94fdbe1d4ff688b67b04eee2e17bd50995534a61539e45adfefb45e5e5503" [[package]] name = "httpdate" @@ -1029,9 +1128,9 @@ checksum = "02296996cb8796d7c6e3bc2d9211b7802812d36999a51bb754123ead7d37d026" [[package]] name = "hyper" -version = "0.14.11" +version = "0.14.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b61cf2d1aebcf6e6352c97b81dc2244ca29194be1b276f5d8ad5c6330fffb11" +checksum = "13f67199e765030fa08fe0bd581af683f0d5bc04ea09c2b1102012c5fb90e7fd" dependencies = [ "bytes", "futures-channel", @@ -1092,7 +1191,7 @@ version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bc633605454125dec4b66843673f01c7df2b89479b32e0ed634e43a91cff62a5" dependencies = [ - "autocfg", + "autocfg 1.0.1", "hashbrown", ] @@ -1149,19 +1248,52 @@ dependencies = [ [[package]] name = "itoa" -version = "0.4.7" +version = "0.4.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd25036021b0de88a0aff6b850051563c6516d0bf53f8638938edbb9de732736" +checksum = "b71991ff56294aa922b450139ee08b3bfc70982c6b2c7562771375cf73542dd4" [[package]] name = "js-sys" -version = "0.3.52" +version = "0.3.54" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce791b7ca6638aae45be056e068fc756d871eb3b3b10b8efa62d1c9cec616752" +checksum = "1866b355d9c878e5e607473cbe3f63282c0b7aad2db1dbebf55076c686918254" dependencies = [ "wasm-bindgen", ] +[[package]] +name = "jwt-compact" +version = "0.4.0" +source = "git+https://github.com/slowli/jwt-compact.git?rev=7a6dee6824c1d4e7c7f81019c9a968e5c9e44923#7a6dee6824c1d4e7c7f81019c9a968e5c9e44923" +dependencies = [ + "anyhow", + "base64ct", + "chrono", + "hmac 0.11.0", + "k256", + "rand_core 0.6.3", + "rsa", + "serde", + "serde_cbor", + "serde_json", + "sha2", + "smallvec", + "subtle", + "zeroize", +] + +[[package]] +name = "k256" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "903ae2481bcdfdb7b68e0a9baa4b7c9aff600b9ae2e8e5bb5833b8c91ab851ea" +dependencies = [ + "cfg-if 1.0.0", + "ecdsa", + "elliptic-curve", + "sha2", +] + [[package]] name = "language-tags" version = "0.3.2" @@ -1176,25 +1308,21 @@ name = "lazy_static" version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" - -[[package]] -name = "lexical-core" -version = "0.7.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6607c62aa161d23d17a9072cc5da0be67cdfc89d3afb1e8d9c842bebc2525ffe" dependencies = [ - "arrayvec", - "bitflags", - "cfg-if 1.0.0", - "ryu", - "static_assertions", + "spin", ] [[package]] name = "libc" -version = "0.2.99" +version = "0.2.101" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7f823d141fe0a24df1e23b4af4e3c7ba9e5966ec514ea068c93024aa7deb765" +checksum = "3cb00336871be5ed2c8ed44b60ae9959dc5b9f08539422ed43f09e34ecaeba21" + +[[package]] +name = "libm" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c7d73b3f436185384286bd8098d17ec07c9a7d2388a6599f824d8502b529702a" [[package]] name = "linked-hash-map" @@ -1204,9 +1332,9 @@ checksum = "7fb9b38af92608140b86b693604b9ffcc5824240a484d1ecd4795bacb2fe88f3" [[package]] name = "lock_api" -version = "0.4.4" +version = "0.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0382880606dff6d15c9476c416d18690b72742aa7b605bb6dd6ec9030fbf07eb" +checksum = "712a4d093c9976e24e7dbca41db895dabcbac38eb5f4045393d17a95bdfb1109" dependencies = [ "scopeguard", ] @@ -1253,18 +1381,24 @@ dependencies = [ "chrono", "clap", "cookie", - "crc 2.0.0", + "crc", "data-encoding", "dotenv", + "elliptic-curve", "figment", "futures-util", "headers", "hyper", + "indoc", "itertools", + "jwt-compact", + "k256", "mime", "oauth2-types", "password-hash", + "pkcs8", "rand 0.8.4", + "rsa", "schemars", "serde", "serde_json", @@ -1297,9 +1431,9 @@ dependencies = [ [[package]] name = "memchr" -version = "2.4.0" +version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b16bd47d9e329435e309c58469fe0791c2d0d1ba96ec0954152a5ae2b04387dc" +checksum = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a" [[package]] name = "mime" @@ -1317,6 +1451,12 @@ dependencies = [ "unicase", ] +[[package]] +name = "minimal-lexical" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c835948974f68e0bd58636fc6c5b1fbff7b297e3046f11b3b3c18bbac012c6d" + [[package]] name = "miniz_oxide" version = "0.4.4" @@ -1324,7 +1464,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a92518e98c078586bc6c934028adcca4c92a53d6a958196de835170a01d84e4b" dependencies = [ "adler", - "autocfg", + "autocfg 1.0.1", ] [[package]] @@ -1369,11 +1509,12 @@ dependencies = [ [[package]] name = "nom" -version = "4.1.1" +version = "4.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c349f68f25f596b9f44cf0e7c69752a5c633b0550c3ff849518bfba0233774a" +checksum = "2ad2a91a8e869eeb30b9cb3119ae87773a8f4ae617f41b1eb9c154b2905f7bd6" dependencies = [ "memchr", + "version_check 0.1.5", ] [[package]] @@ -1384,9 +1525,19 @@ checksum = "e7413f999671bd4745a7b624bd370a569fb6bc574b23c83a3c5ed2e453f3d5e2" dependencies = [ "bitvec", "funty", - "lexical-core", "memchr", - "version_check", + "version_check 0.9.3", +] + +[[package]] +name = "nom" +version = "7.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ffd9d26838a953b4af82cbeb9f1592c6798916983959be223a7124e992742c1" +dependencies = [ + "memchr", + "minimal-lexical", + "version_check 0.9.3", ] [[package]] @@ -1398,13 +1549,42 @@ dependencies = [ "winapi", ] +[[package]] +name = "num-bigint-dig" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4547ee5541c18742396ae2c895d0717d0f886d8823b8399cdaf7b07d63ad0480" +dependencies = [ + "autocfg 0.1.7", + "byteorder", + "lazy_static", + "libm", + "num-integer", + "num-iter", + "num-traits", + "rand 0.8.4", + "smallvec", + "zeroize", +] + [[package]] name = "num-integer" version = "0.1.44" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d2cc698a63b549a70bc047073d2949cce27cd1c7b0a4a862d08a8031bc2801db" dependencies = [ - "autocfg", + "autocfg 1.0.1", + "num-traits", +] + +[[package]] +name = "num-iter" +version = "0.1.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2021c8337a54d21aca0d59a92577a029af9431cb59b909b03252b9c164fad59" +dependencies = [ + "autocfg 1.0.1", + "num-integer", "num-traits", ] @@ -1414,7 +1594,8 @@ version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a64b1ec5cda2586e284722486d802acf1f7dbdc623e2bfc57e65ca1cd099290" dependencies = [ - "autocfg", + "autocfg 1.0.1", + "libm", ] [[package]] @@ -1463,15 +1644,15 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "os_str_bytes" -version = "2.4.0" +version = "3.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "afb2e1c3ee07430c2cf76151675e583e0f19985fa6efae47d6848a3e2c824f85" +checksum = "6acbef58a60fe69ab50510a55bc8cdd4d6cf2283d27ad338f54cb52747a9cf2d" [[package]] name = "parking_lot" -version = "0.11.1" +version = "0.11.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6d7744ac029df22dca6284efe4e898991d28e3085c706c972bcd7da4a27a15eb" +checksum = "7d17b78036a60663b797adeaee46f5c9dfebb86948d1255007a1d6be0271ff99" dependencies = [ "instant", "lock_api", @@ -1480,9 +1661,9 @@ dependencies = [ [[package]] name = "parking_lot_core" -version = "0.8.3" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa7a782938e745763fe6907fc6ba86946d72f49fe7e21de074e08128a99fb018" +checksum = "d76e8e1493bcac0d2766c42737f34458f1c8c50c0d23bcb24ea953affb273216" dependencies = [ "cfg-if 1.0.0", "instant", @@ -1529,9 +1710,9 @@ dependencies = [ [[package]] name = "password-hash" -version = "0.2.2" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd482dfb8cfba5a93ec0f91e1c0f66967cb2fdc1a8dba646c4f9202c5d05d785" +checksum = "7ad7268ef9bc463fddde8361d358fbfae1aeeb1fb62eca111cd8c763bf1c5891" dependencies = [ "base64ct", "rand_core 0.6.3", @@ -1561,6 +1742,15 @@ dependencies = [ "syn", ] +[[package]] +name = "pem-rfc7468" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8fe90c78c9a17442665a41a1a45dcd24bbab0e1794748edc19b27fffb146c13" +dependencies = [ + "base64ct", +] + [[package]] name = "percent-encoding" version = "2.1.0" @@ -1643,10 +1833,34 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] -name = "poly1305" -version = "0.7.1" +name = "pkcs1" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fcffab1f78ebbdf4b93b68c1ffebc24037eedf271edaca795732b24e5e4e349" +checksum = "359e7852310174a810f078124edb73c66e88a1a731b2fd586dba34ee32dbe416" +dependencies = [ + "der", + "pem-rfc7468", + "zeroize", +] + +[[package]] +name = "pkcs8" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fbee84ed13e44dd82689fa18348a49934fa79cc774a344c42fc9b301c71b140a" +dependencies = [ + "der", + "pem-rfc7468", + "pkcs1", + "spki", + "zeroize", +] + +[[package]] +name = "poly1305" +version = "0.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "048aeb476be11a4b6ca432ca569e375810de9294ae78f4774e78ea98a9246ede" dependencies = [ "cpufeatures", "opaque-debug 0.3.0", @@ -1669,7 +1883,7 @@ dependencies = [ "proc-macro2", "quote", "syn", - "version_check", + "version_check 0.9.3", ] [[package]] @@ -1680,7 +1894,7 @@ checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" dependencies = [ "proc-macro2", "quote", - "version_check", + "version_check 0.9.3", ] [[package]] @@ -1697,9 +1911,9 @@ checksum = "bc881b2c22681370c6a780e47af9840ef841837bc98118431d4e1868bd0c1086" [[package]] name = "proc-macro2" -version = "1.0.28" +version = "1.0.29" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c7ed8b8c7b886ea3ed7dde405212185f423ab44682667c8c6dd14aa1d9f6612" +checksum = "b9f5105d4fdaab20335ca9565e106a5d9b82b6219b5ba735731124ac6711d23d" dependencies = [ "unicode-xid", ] @@ -1713,7 +1927,7 @@ dependencies = [ "proc-macro2", "quote", "syn", - "version_check", + "version_check 0.9.3", "yansi", ] @@ -1888,6 +2102,26 @@ dependencies = [ "winapi", ] +[[package]] +name = "rsa" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e05c2603e2823634ab331437001b411b9ed11660fbc4066f3908c84a9439260d" +dependencies = [ + "byteorder", + "digest 0.9.0", + "lazy_static", + "num-bigint-dig", + "num-integer", + "num-iter", + "num-traits", + "pkcs1", + "pkcs8", + "rand 0.8.4", + "subtle", + "zeroize", +] + [[package]] name = "rustc_version" version = "0.2.3" @@ -2002,18 +2236,28 @@ checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3" [[package]] name = "serde" -version = "1.0.127" +version = "1.0.130" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f03b9878abf6d14e6779d3f24f07b2cfa90352cfec4acc5aab8f1ac7f146fae8" +checksum = "f12d06de37cf59146fbdecab66aa99f9fe4f78722e3607577a5375d66bd0c913" dependencies = [ "serde_derive", ] [[package]] -name = "serde_derive" -version = "1.0.127" +name = "serde_cbor" +version = "0.11.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a024926d3432516606328597e0f224a51355a493b49fdd67e9209187cbe55ecc" +checksum = "2bef2ebfde456fb76bbcf9f59315333decc4fda0b2b44b420243c11e0f5ec1f5" +dependencies = [ + "half", + "serde", +] + +[[package]] +name = "serde_derive" +version = "1.0.130" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d7bc1a1ab1961464eae040d96713baa5a724a8152c1222492465b54322ec508b" dependencies = [ "proc-macro2", "quote", @@ -2033,9 +2277,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.66" +version = "1.0.67" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "336b10da19a12ad094b59d870ebde26a45402e5b470add4b5fd03c5048a32127" +checksum = "a7f9e390c27c3c0ce8bc5d725f6e4d30a29d26659494aa4b17535f7522c5c950" dependencies = [ "indexmap", "itoa", @@ -2057,9 +2301,9 @@ dependencies = [ [[package]] name = "serde_with" -version = "1.9.4" +version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ad9fdbb69badc8916db738c25efd04f0a65297d26c2f8de4b62e57b8c12bc72" +checksum = "062b87e45d8f26714eacfaef0ed9a583e2bfd50ebd96bdd3c200733bd5758e2c" dependencies = [ "chrono", "hex", @@ -2070,9 +2314,9 @@ dependencies = [ [[package]] name = "serde_with_macros" -version = "1.4.2" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e1569374bd54623ec8bd592cf22ba6e03c0f177ff55fbc8c29a49e296e7adecf" +checksum = "98c1fcca18d55d1763e1c16873c4bde0ac3ef75179a28c7b372917e0494625be" dependencies = [ "darling", "proc-macro2", @@ -2082,12 +2326,12 @@ dependencies = [ [[package]] name = "serde_yaml" -version = "0.8.17" +version = "0.8.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15654ed4ab61726bf918a39cb8d98a2e2995b002387807fa6ba58fdf7f59bb23" +checksum = "ad104641f3c958dab30eb3010e834c2622d1f3f4c530fef1dee20ad9485f3c09" dependencies = [ "dtoa", - "linked-hash-map", + "indexmap", "serde", "yaml-rust", ] @@ -2106,9 +2350,9 @@ dependencies = [ [[package]] name = "sha-1" -version = "0.9.7" +version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a0c8611594e2ab4ebbf06ec7cbbf0a99450b8570e96cbf5188b5d5f6ef18d81" +checksum = "99cd6713db3cf16b6c84e06321e049a9b9f699826e16096d23bbcc44d15d51a6" dependencies = [ "block-buffer 0.9.0", "cfg-if 1.0.0", @@ -2125,9 +2369,9 @@ checksum = "2579985fda508104f7587689507983eadd6a6e84dd35d6d115361f530916fa0d" [[package]] name = "sha2" -version = "0.9.5" +version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b362ae5752fd2137731f9fa25fd4d9058af34666ca1966fb969119cc35719f12" +checksum = "b69f9a4c9740d74c5baa3fd2e547f9525fa8088a8a958e0ca2409a514e33f5fa" dependencies = [ "block-buffer 0.9.0", "cfg-if 1.0.0", @@ -2154,6 +2398,16 @@ dependencies = [ "libc", ] +[[package]] +name = "signature" +version = "1.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c19772be3c4dd2ceaacf03cb41d5885f2a02c4d8804884918e3a258480803335" +dependencies = [ + "digest 0.9.0", + "rand_core 0.6.3", +] + [[package]] name = "slab" version = "0.4.4" @@ -2192,23 +2446,32 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" [[package]] -name = "sqlformat" -version = "0.1.6" +name = "spki" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6d86e3c77ff882a828346ba401a7ef4b8e440df804491c6064fe8295765de71c" +checksum = "987637c5ae6b3121aba9d513f869bd2bff11c4cc086c22473befd6649c0bd521" +dependencies = [ + "der", +] + +[[package]] +name = "sqlformat" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "684001e7985ec1a9a66963b77ed151ef22a7876b3fdd7e37a57ec774f54b7d96" dependencies = [ "lazy_static", "maplit", - "nom 6.1.2", + "nom 7.0.0", "regex", "unicode_categories", ] [[package]] name = "sqlx" -version = "0.5.5" +version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba82f79b31f30acebf19905bcd8b978f46891b9d0723f578447361a8910b6584" +checksum = "0e4b94ab0f8c21ee4899b93b06451ef5d965f1a355982ee73684338228498440" dependencies = [ "sqlx-core", "sqlx-macros", @@ -2216,9 +2479,9 @@ dependencies = [ [[package]] name = "sqlx-core" -version = "0.5.5" +version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f23af36748ec8ea8d49ef8499839907be41b0b1178a4e82b8cb45d29f531dc9" +checksum = "ec28b91a01e1fe286d6ba66f68289a2286df023fc97444e1fd86c2fd6d5dc026" dependencies = [ "ahash", "atoi", @@ -2227,7 +2490,7 @@ dependencies = [ "byteorder", "bytes", "chrono", - "crc 1.8.1", + "crc", "crossbeam-channel 0.5.1", "crossbeam-queue", "crossbeam-utils 0.8.5", @@ -2235,10 +2498,11 @@ dependencies = [ "either", "futures-channel", "futures-core", + "futures-intrusive", "futures-util", "hashlink", "hex", - "hmac", + "hmac 0.10.1", "itoa", "libc", "log", @@ -2251,7 +2515,7 @@ dependencies = [ "rustls", "serde", "serde_json", - "sha-1 0.9.7", + "sha-1 0.9.8", "sha2", "smallvec", "sqlformat", @@ -2267,9 +2531,9 @@ dependencies = [ [[package]] name = "sqlx-macros" -version = "0.5.5" +version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "47e4a2349d1ffd60a03ca0de3f116ba55d7f406e55a0d84c64a5590866d94c06" +checksum = "4dc33c35d54774eed73d54568d47a6ac099aed8af5e1556a017c131be88217d5" dependencies = [ "dotenv", "either", @@ -2290,9 +2554,9 @@ dependencies = [ [[package]] name = "sqlx-rt" -version = "0.5.5" +version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8199b421ecf3493ee9ef3e7bc90c904844cfb2ea7ea2f57347a93f52bfd3e057" +checksum = "14302b678d9c76b28f2e60115211e25e0aabc938269991745a169753dc00e35c" dependencies = [ "once_cell", "tokio", @@ -2305,15 +2569,9 @@ version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e113fb6f3de07a243d434a56ec6f186dfd51cb08448239fe7bcae73f87ff28ff" dependencies = [ - "version_check", + "version_check 0.9.3", ] -[[package]] -name = "static_assertions" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" - [[package]] name = "stdweb" version = "0.4.20" @@ -2410,15 +2668,27 @@ checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" [[package]] name = "syn" -version = "1.0.74" +version = "1.0.76" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1873d832550d4588c3dbc20f01361ab00bfe741048f71e3fecf145a7cc18b29c" +checksum = "c6f107db402c2c2055242dbf4d2af0e69197202e9faacbef9571bbe47f5a1b84" dependencies = [ "proc-macro2", "quote", "unicode-xid", ] +[[package]] +name = "synstructure" +version = "0.12.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "474aaa926faa1603c40b7885a9eaea29b444d1cb2850cb7c0e37bb1a4182f4fa" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "unicode-xid", +] + [[package]] name = "tap" version = "1.0.1" @@ -2472,27 +2742,27 @@ dependencies = [ [[package]] name = "textwrap" -version = "0.12.1" +version = "0.14.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "203008d98caf094106cfaba70acfed15e18ed3ddb7d94e49baec153a2b462789" +checksum = "0066c8d12af8b5acd21e00547c3797fde4e8677254a7ee429176ccebbe93dd80" dependencies = [ "unicode-width", ] [[package]] name = "thiserror" -version = "1.0.26" +version = "1.0.29" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93119e4feac1cbe6c798c34d3a53ea0026b0b1de6a120deef895137c0529bfe2" +checksum = "602eca064b2d83369e2b2f34b09c70b605402801927c65c11071ac911d299b88" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.26" +version = "1.0.29" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "060d69a0afe7796bf42e9e2ff91f5ee691fb15c53d38b4b62a9a53eb23164745" +checksum = "bad553cc2c78e8de258400763a647e80e6d1b31ee237275d756f6836d204494c" dependencies = [ "proc-macro2", "quote", @@ -2530,7 +2800,7 @@ dependencies = [ "standback", "stdweb", "time-macros", - "version_check", + "version_check 0.9.3", "winapi", ] @@ -2574,11 +2844,11 @@ checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c" [[package]] name = "tokio" -version = "1.10.0" +version = "1.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01cf844b23c6131f624accf65ce0e4e9956a8bb329400ea5bcc26ae3a5c20b0b" +checksum = "b4efe6fc2395938c8155973d7be49fe8d03a843726e285e100a8a383cc0154ce" dependencies = [ - "autocfg", + "autocfg 1.0.1", "bytes", "libc", "memchr", @@ -2640,9 +2910,9 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.6.7" +version = "0.6.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1caa0b0c8d94a049db56b5acf8cba99dc0623aab1b26d5b5f5e2d945846b3592" +checksum = "08d3725d3efa29485e87311c5b699de63cde14b00ed4d256b8318aa30ca452cd" dependencies = [ "bytes", "futures-core", @@ -2736,9 +3006,9 @@ dependencies = [ [[package]] name = "tracing-core" -version = "0.1.18" +version = "0.1.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a9ff14f98b1a4b289c6248a023c1c2fa1491062964e9fed67ab29c4e4da4a052" +checksum = "2ca517f43f0fb96e0c3072ed5c275fe5eece87e8cb52f4a77b69226d3b1c9df8" dependencies = [ "lazy_static", ] @@ -2766,9 +3036,9 @@ dependencies = [ [[package]] name = "tracing-subscriber" -version = "0.2.19" +version = "0.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ab69019741fca4d98be3c62d2b75254528b5432233fd8a4d2739fec20278de48" +checksum = "b9cbe87a2fa7e35900ce5de20220a582a9483a7063811defce79d7cbd59d4cfe" dependencies = [ "ansi_term", "chrono", @@ -2806,7 +3076,7 @@ dependencies = [ "input_buffer", "log", "rand 0.8.4", - "sha-1 0.9.7", + "sha-1 0.9.8", "url", "utf-8", ] @@ -2822,9 +3092,9 @@ dependencies = [ [[package]] name = "typenum" -version = "1.13.0" +version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "879f6906492a7cd215bfa4cf595b600146ccfac0c79bcbd1f3000162af5e8b06" +checksum = "b63708a265f51345575b27fe43f9500ad611579e764c79edbc2037b1121959ec" [[package]] name = "ucd-trie" @@ -2838,7 +3108,7 @@ version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5baeed7327e25054889b9bd4f975f32e5f4c5d434042d59ab6cd4142c0a76ed0" dependencies = [ - "version_check", + "version_check 0.9.3", ] [[package]] @@ -2897,7 +3167,7 @@ version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "50f37be617794602aabbeee0be4f259dc1778fabe05e2d67ee8f79326d5cb4f6" dependencies = [ - "version_check", + "version_check 0.9.3", ] [[package]] @@ -2986,6 +3256,12 @@ version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191" +[[package]] +name = "version_check" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "914b1a6776c4c929a602fafd8bc742e06365d4bcbe48c30f9cca5824f70dc9dd" + [[package]] name = "version_check" version = "0.9.3" @@ -3056,9 +3332,9 @@ checksum = "1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f" [[package]] name = "wasm-bindgen" -version = "0.2.75" +version = "0.2.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b608ecc8f4198fe8680e2ed18eccab5f0cd4caaf3d83516fa5fb2e927fda2586" +checksum = "5e68338db6becec24d3c7977b5bf8a48be992c934b5d07177e3931f5dc9b076c" dependencies = [ "cfg-if 1.0.0", "wasm-bindgen-macro", @@ -3066,9 +3342,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.75" +version = "0.2.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "580aa3a91a63d23aac5b6b267e2d13cb4f363e31dce6c352fca4752ae12e479f" +checksum = "f34c405b4f0658583dba0c1c7c9b694f3cac32655db463b56c254a1c75269523" dependencies = [ "bumpalo", "lazy_static", @@ -3081,9 +3357,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.75" +version = "0.2.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "171ebf0ed9e1458810dfcb31f2e766ad6b3a89dbda42d8901f2b268277e5f09c" +checksum = "b9d5a6580be83b19dc570a8f9c324251687ab2184e57086f71625feb57ec77c8" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -3091,9 +3367,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.75" +version = "0.2.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c2657dd393f03aa2a659c25c6ae18a13a4048cebd220e147933ea837efc589f" +checksum = "e3775a030dc6f5a0afd8a84981a21cc92a781eb429acef9ecce476d0c9113e92" dependencies = [ "proc-macro2", "quote", @@ -3104,15 +3380,15 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.75" +version = "0.2.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2e0c4a743a309662d45f4ede961d7afa4ba4131a59a639f29b0069c3798bbcc2" +checksum = "c279e376c7a8e8752a8f1eaa35b7b0bee6bb9fb0cdacfa97cc3f1f289c87e2b4" [[package]] name = "web-sys" -version = "0.3.52" +version = "0.3.54" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01c70a82d842c9979078c772d4a1344685045f1a5628f677c2b2eab4dd7d2696" +checksum = "0a84d70d1ec7d2da2d26a5bd78f4bca1b8c3254805363ce743b7a05bc30d195a" dependencies = [ "js-sys", "wasm-bindgen", @@ -3139,9 +3415,9 @@ dependencies = [ [[package]] name = "whoami" -version = "1.1.2" +version = "1.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4abacf325c958dfeaf1046931d37f2a901b6dfe0968ee965a29e94c6766b2af6" +checksum = "f7741161a40200a867c96dfa5574544efa4178cf4c8f770b62dd1cc0362d7ae1" dependencies = [ "wasm-bindgen", "web-sys", @@ -3201,6 +3477,21 @@ checksum = "9fc79f4a1e39857fc00c3f662cbf2651c771f00e9c15fe2abc341806bd46bd71" [[package]] name = "zeroize" -version = "1.3.0" +version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4756f7db3f7b5574938c3eb1c117038b8e07f95ee6718c0efad4ac21508f1efd" +checksum = "377db0846015f7ae377174787dd452e1c5f5a9050bc6f954911d01f116daa0cd" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a2c1e130bebaeab2f23886bf9acbaca14b092408c452543c857f66399cd6dab1" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] diff --git a/matrix-authentication-service/Cargo.toml b/matrix-authentication-service/Cargo.toml index 106c893e4..a7221456b 100644 --- a/matrix-authentication-service/Cargo.toml +++ b/matrix-authentication-service/Cargo.toml @@ -7,45 +7,54 @@ license = "Apache-2.0" [dependencies] # Async runtime -tokio = { version = "1.10.0", features = ["full"] } +tokio = { version = "1.11.0", features = ["full"] } async-trait = "0.1.51" tokio-stream = "0.1.7" -futures-util = "0.3.16" +futures-util = "0.3.17" # Logging and tracing tracing = "0.1.26" -tracing-subscriber = "0.2.19" +tracing-subscriber = "0.2.20" # Error management -thiserror = "1.0.26" -anyhow = "1.0.42" +thiserror = "1.0.29" +anyhow = "1.0.43" # Web server warp = "0.3.1" tower = { version = "0.4.8", features = ["full"] } tower-http = { version = "0.1.1", features = ["full"] } -hyper = { version = "0.14.11", features = ["full"] } +hyper = { version = "0.14.12", features = ["full"] } # Template engine tera = "1.12.1" # Database access -sqlx = { version = "0.5.5", features = ["runtime-tokio-rustls", "postgres", "migrate", "chrono", "offline"] } +sqlx = { version = "0.5.7", features = ["runtime-tokio-rustls", "postgres", "migrate", "chrono", "offline"] } # Various structure (de)serialization -serde = { version = "1.0.127", features = ["derive"] } -serde_yaml = "0.8.17" -serde_with = { version = "1.9.4", features = ["hex", "chrono"] } +serde = { version = "1.0.130", features = ["derive"] } +serde_yaml = "0.8.20" +serde_with = { version = "1.10.0", features = ["hex", "chrono"] } +serde_json = "1.0.67" +serde_urlencoded = "0.7.0" # Argument & config parsing -clap = "3.0.0-beta.2" +clap = "3.0.0-beta.4" figment = { version = "0.10.6", features = ["env", "yaml", "test"] } schemars = { version = "0.8.3", features = ["url", "chrono"] } dotenv = "0.15.0" # Password hashing -argon2 = { version = "0.2.2", features = ["password-hash"] } -password-hash = { version = "0.2.2", features = ["std"] } +argon2 = { version = "0.3.0", features = ["password-hash"] } +password-hash = { version = "0.3.0", features = ["std"] } + +# Crypto and signing stuff +rsa = "0.5.0" +k256 = "0.9.6" +pkcs8 = { version = "0.7.5", features = ["pem"] } +elliptic-curve = { version = "0.10.6", features = ["pem"] } +chacha20poly1305 = { version = "0.9.0", features = ["std"] } # Various data types and utilities data-encoding = "2.3.2" @@ -57,9 +66,15 @@ rand = "0.8.4" bincode = "1.3.3" headers = "0.3.4" cookie = "0.15.1" -chacha20poly1305 = { version = "0.8.1", features = ["std"] } +crc = "2.0.0" oauth2-types = { path = "../oauth2-types", features = ["sqlx_type"] } -serde_json = "1.0.66" -serde_urlencoded = "0.7.0" -crc = "2.0.0" + +[dependencies.jwt-compact] +# Waiting on the next release because of the bump of the `rsa` dependency +git = "https://github.com/slowli/jwt-compact.git" +rev = "7a6dee6824c1d4e7c7f81019c9a968e5c9e44923" +features = ["rsa", "k256"] + +[dev-dependencies] +indoc = "1.0.3" diff --git a/matrix-authentication-service/src/config/mod.rs b/matrix-authentication-service/src/config/mod.rs index d5d86e47b..61c2ac46d 100644 --- a/matrix-authentication-service/src/config/mod.rs +++ b/matrix-authentication-service/src/config/mod.rs @@ -27,13 +27,12 @@ pub use self::{ csrf::CsrfConfig, database::DatabaseConfig, http::HttpConfig, - oauth2::{OAuth2ClientConfig, OAuth2Config}, + oauth2::{Algorithm, KeySet, OAuth2ClientConfig, OAuth2Config}, util::ConfigurationSection, }; #[derive(Debug, Serialize, Deserialize, JsonSchema)] pub struct RootConfig { - #[serde(default)] pub oauth2: OAuth2Config, #[serde(default)] diff --git a/matrix-authentication-service/src/config/oauth2.rs b/matrix-authentication-service/src/config/oauth2.rs index 74b7894eb..231397bce 100644 --- a/matrix-authentication-service/src/config/oauth2.rs +++ b/matrix-authentication-service/src/config/oauth2.rs @@ -12,14 +12,262 @@ // See the License for the specific language governing permissions and // limitations under the License. +use std::convert::TryFrom; + +use anyhow::Context; +use jwt_compact::{ + alg::{self, StrongAlg, StrongKey}, + jwk::JsonWebKey, + AlgorithmExt, Claims, Header, +}; +use pkcs8::{FromPrivateKey, ToPrivateKey}; +use rsa::RsaPrivateKey; use schemars::JsonSchema; -use serde::{Deserialize, Serialize}; +use serde::{ + de::{MapAccess, Visitor}, + ser::SerializeStruct, + Deserialize, Serialize, +}; use serde_with::skip_serializing_none; use thiserror::Error; use url::Url; use super::ConfigurationSection; +// TODO: a lot of the signing logic should go out somewhere else + +const RS256: StrongAlg = StrongAlg(alg::Rsa::rs256()); + +#[derive(Serialize, Deserialize, Clone, Copy)] +#[serde(rename_all = "UPPERCASE")] +pub enum Algorithm { + Rs256, + Es256k, +} + +#[derive(Serialize, Clone)] +pub struct Jwk { + kid: String, + alg: Algorithm, + + #[serde(flatten)] + inner: serde_json::Value, +} + +#[derive(Serialize, Clone)] +pub struct Jwks { + keys: Vec, +} + +#[derive(Serialize, Deserialize, Debug, Clone)] +#[serde(transparent)] +pub struct KeySet(Vec); + +impl KeySet { + pub fn to_public_jwks(&self) -> Jwks { + let keys = self.0.iter().map(Key::to_public_jwk).collect(); + Jwks { keys } + } + + #[allow(dead_code)] + pub fn token( + &self, + alg: Algorithm, + header: Header, + claims: &Claims, + ) -> anyhow::Result + where + T: Serialize, + { + match alg { + Algorithm::Rs256 => { + let (kid, key) = self + .0 + .iter() + .find_map(Key::rsa) + .context("could not find RSA key")?; + let header = header.with_key_id(kid); + // TODO: store them as strong keys + RS256 + .token(header, claims, &StrongKey::try_from(key.clone())?) + .context("failed to sign token") + } + Algorithm::Es256k => { + // TODO: make this const with lazy_static? + let es256k: alg::Es256k = alg::Es256k::default(); + let (kid, key) = self + .0 + .iter() + .find_map(Key::ecdsa) + .context("could not find ECDSA key")?; + let key = k256::ecdsa::SigningKey::from(key); + let header = header.with_key_id(kid); + // TODO: use StrongAlg + es256k + .token(header, claims, &key) + .context("failed to sign token") + } + } + } +} + +#[derive(Debug, Clone)] +#[non_exhaustive] +pub enum Key { + Rsa { key: RsaPrivateKey, kid: String }, + Ecdsa { key: k256::SecretKey, kid: String }, +} + +impl Key { + fn from_ecdsa(key: k256::SecretKey) -> Self { + // TODO: hash the key and use as KID + let kid = String::from("ecdsa-kid"); + Self::Ecdsa { kid, key } + } + + fn from_ecdsa_pem(key: &str) -> anyhow::Result { + let key = k256::SecretKey::from_pkcs8_pem(key)?; + Ok(Self::from_ecdsa(key)) + } + + fn from_rsa(key: RsaPrivateKey) -> Self { + // TODO: hash the key and use as KID + let kid = String::from("rsa-kid"); + Self::Rsa { kid, key } + } + + fn from_rsa_pem(key: &str) -> anyhow::Result { + let key = RsaPrivateKey::from_pkcs8_pem(key)?; + Ok(Self::from_rsa(key)) + } + + fn to_public_jwk(&self) -> Jwk { + match self { + Key::Rsa { key, kid } => { + let pubkey = key.to_public_key(); + let inner = JsonWebKey::from(&pubkey); + let inner = serde_json::to_value(&inner).unwrap(); + let kid = kid.to_string(); + let alg = Algorithm::Rs256; + Jwk { kid, alg, inner } + } + Key::Ecdsa { key, kid } => { + let pubkey = k256::ecdsa::VerifyingKey::from(key.public_key()); + let inner = JsonWebKey::from(&pubkey); + let inner = serde_json::to_value(&inner).unwrap(); + let kid = kid.to_string(); + let alg = Algorithm::Es256k; + Jwk { kid, alg, inner } + } + } + } + + fn rsa(&self) -> Option<(&str, &RsaPrivateKey)> { + match self { + Key::Rsa { key, kid } => Some((kid, key)), + _ => None, + } + } + + fn ecdsa(&self) -> Option<(&str, &k256::SecretKey)> { + match self { + Key::Ecdsa { key, kid } => Some((kid, key)), + _ => None, + } + } +} + +impl Serialize for Key { + fn serialize(&self, serializer: S) -> Result + where + S: serde::Serializer, + { + let mut map = serializer.serialize_struct("Key", 2)?; + match self { + Key::Rsa { key, kid: _ } => { + map.serialize_field("type", "rsa")?; + let pem = key.to_pkcs8_pem().map_err(serde::ser::Error::custom)?; + map.serialize_field("key", pem.as_str())?; + } + Key::Ecdsa { key, kid: _ } => { + map.serialize_field("type", "ecdsa")?; + let pem = key.to_pkcs8_pem().map_err(serde::ser::Error::custom)?; + map.serialize_field("key", pem.as_str())?; + } + } + + map.end() + } +} + +impl<'de> Deserialize<'de> for Key { + fn deserialize(deserializer: D) -> Result + where + D: serde::Deserializer<'de>, + { + #[derive(Deserialize, Debug)] + #[serde(field_identifier, rename_all = "lowercase")] + enum Field { + Type, + Key, + } + + #[derive(Deserialize)] + #[serde(rename_all = "lowercase")] + enum KeyType { + Rsa, + Ecdsa, + } + + struct KeyVisitor; + + impl<'de> Visitor<'de> for KeyVisitor { + type Value = Key; + + fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result { + formatter.write_str("struct Key") + } + + fn visit_map(self, mut map: V) -> Result + where + V: MapAccess<'de>, + { + let mut key_type = None; + let mut key_key = None; + while let Some(key) = map.next_key()? { + match key { + Field::Type => { + if key_type.is_some() { + return Err(serde::de::Error::duplicate_field("type")); + } + key_type = Some(map.next_value()?); + } + Field::Key => { + if key_key.is_some() { + return Err(serde::de::Error::duplicate_field("key")); + } + key_key = Some(map.next_value()?); + } + } + } + let key_type: KeyType = + key_type.ok_or_else(|| serde::de::Error::missing_field("type"))?; + let key_key: String = + key_key.ok_or_else(|| serde::de::Error::missing_field("key"))?; + + match key_type { + KeyType::Rsa => Key::from_rsa_pem(&key_key).map_err(serde::de::Error::custom), + KeyType::Ecdsa => { + Key::from_ecdsa_pem(&key_key).map_err(serde::de::Error::custom) + } + } + } + } + + deserializer.deserialize_struct("Key", &["type", "key"], KeyVisitor) + } +} + #[skip_serializing_none] #[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)] pub struct OAuth2ClientConfig { @@ -69,15 +317,9 @@ pub struct OAuth2Config { #[serde(default)] pub clients: Vec, -} -impl Default for OAuth2Config { - fn default() -> Self { - Self { - issuer: default_oauth2_issuer(), - clients: Vec::new(), - } - } + #[schemars(with = "Vec")] + pub keys: KeySet, } impl OAuth2Config { @@ -86,6 +328,37 @@ impl OAuth2Config { .join(".well-known/openid-configuration") .expect("could not build discovery url") } + + #[cfg(test)] + pub fn test() -> Self { + let rsa_key = Key::from_rsa_pem(indoc::indoc! {r#" + -----BEGIN PRIVATE KEY----- + MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAymS2RkeIZo7pUeEN + QUGCG4GLJru5jzxomO9jiNr5D/oRcerhpQVc9aCpBfAAg4l4a1SmYdBzWqX0X5pU + scgTtQIDAQABAkEArNIMlrxUK4bSklkCcXtXdtdKE9vuWfGyOw0GyAB69fkEUBxh + 3j65u+u3ZmW+bpMWHgp1FtdobE9nGwb2VBTWAQIhAOyU1jiUEkrwKK004+6b5QRE + vC9UI2vDWy5vioMNx5Y1AiEA2wGAJ6ETF8FF2Vd+kZlkKK7J0em9cl0gbJDsWIEw + N4ECIEyWYkMurD1WQdTQqnk0Po+DMOihdFYOiBYgRdbnPxWBAiEAmtd0xJAd7622 + tPQniMnrBtiN2NxqFXHCev/8Gpc8gAECIBcaPcF59qVeRmYrfqzKBxFm7LmTwlAl + Gh7BNzCeN+D6 + -----END PRIVATE KEY----- + "#}) + .unwrap(); + let ecdsa_key = Key::from_rsa_pem(indoc::indoc! {r#" + -----BEGIN PRIVATE KEY----- + MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgqfn5mYO/5Qq/wOOiWgHA + NaiDiepgUJ2GI5eq2V8D8nahRANCAARMK9aKUd/H28qaU+0qvS6bSJItzAge1VHn + OhBAAUVci1RpmUA+KdCL5sw9nadAEiONeiGr+28RYHZmlB9qXnjC + -----END PRIVATE KEY----- + "#}) + .unwrap(); + + Self { + issuer: default_oauth2_issuer(), + clients: Vec::new(), + keys: KeySet(vec![rsa_key, ecdsa_key]), + } + } } impl ConfigurationSection<'_> for OAuth2Config { @@ -94,7 +367,14 @@ impl ConfigurationSection<'_> for OAuth2Config { } fn generate() -> Self { - Self::default() + let mut rng = rand::thread_rng(); + let rsa_key = RsaPrivateKey::new(&mut rng, 2048).unwrap(); + let ecdsa_key = k256::SecretKey::random(rng); + Self { + issuer: default_oauth2_issuer(), + clients: Vec::new(), + keys: KeySet(vec![Key::from_rsa(rsa_key), Key::from_ecdsa(ecdsa_key)]), + } } } @@ -111,6 +391,26 @@ mod tests { "config.yaml", r#" oauth2: + keys: + - type: rsa + key: | + -----BEGIN PRIVATE KEY----- + MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAymS2RkeIZo7pUeEN + QUGCG4GLJru5jzxomO9jiNr5D/oRcerhpQVc9aCpBfAAg4l4a1SmYdBzWqX0X5pU + scgTtQIDAQABAkEArNIMlrxUK4bSklkCcXtXdtdKE9vuWfGyOw0GyAB69fkEUBxh + 3j65u+u3ZmW+bpMWHgp1FtdobE9nGwb2VBTWAQIhAOyU1jiUEkrwKK004+6b5QRE + vC9UI2vDWy5vioMNx5Y1AiEA2wGAJ6ETF8FF2Vd+kZlkKK7J0em9cl0gbJDsWIEw + N4ECIEyWYkMurD1WQdTQqnk0Po+DMOihdFYOiBYgRdbnPxWBAiEAmtd0xJAd7622 + tPQniMnrBtiN2NxqFXHCev/8Gpc8gAECIBcaPcF59qVeRmYrfqzKBxFm7LmTwlAl + Gh7BNzCeN+D6 + -----END PRIVATE KEY----- + - type: ecdsa + key: | + -----BEGIN PRIVATE KEY----- + MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgqfn5mYO/5Qq/wOOiWgHA + NaiDiepgUJ2GI5eq2V8D8nahRANCAARMK9aKUd/H28qaU+0qvS6bSJItzAge1VHn + OhBAAUVci1RpmUA+KdCL5sw9nadAEiONeiGr+28RYHZmlB9qXnjC + -----END PRIVATE KEY----- issuer: https://example.com clients: - client_id: hello diff --git a/matrix-authentication-service/src/filters/client.rs b/matrix-authentication-service/src/filters/client.rs index e3cefcbb6..7ecd29443 100644 --- a/matrix-authentication-service/src/filters/client.rs +++ b/matrix-authentication-service/src/filters/client.rs @@ -149,7 +149,7 @@ mod tests { use super::*; fn oauth2_config() -> OAuth2Config { - let mut config = OAuth2Config::default(); + let mut config = OAuth2Config::test(); config.clients.push(OAuth2ClientConfig { client_id: "public".to_string(), client_secret: None, diff --git a/matrix-authentication-service/src/filters/mod.rs b/matrix-authentication-service/src/filters/mod.rs index 3aba5f968..5e0542e11 100644 --- a/matrix-authentication-service/src/filters/mod.rs +++ b/matrix-authentication-service/src/filters/mod.rs @@ -26,7 +26,10 @@ use std::convert::Infallible; use warp::Filter; pub use self::csrf::CsrfToken; -use crate::templates::Templates; +use crate::{ + config::{KeySet, OAuth2Config}, + templates::Templates, +}; pub fn with_templates( templates: &Templates, @@ -34,3 +37,10 @@ pub fn with_templates( let templates = templates.clone(); warp::any().map(move || templates.clone()) } + +pub fn with_keys( + oauth2_config: &OAuth2Config, +) -> impl Filter + Clone + Send + Sync + 'static { + let keyset = oauth2_config.keys.clone(); + warp::any().map(move || keyset.clone()) +} diff --git a/matrix-authentication-service/src/handlers/oauth2/discovery.rs b/matrix-authentication-service/src/handlers/oauth2/discovery.rs index 0733cdac4..5a4d44202 100644 --- a/matrix-authentication-service/src/handlers/oauth2/discovery.rs +++ b/matrix-authentication-service/src/handlers/oauth2/discovery.rs @@ -47,7 +47,7 @@ pub(super) fn filter( let metadata = Metadata { authorization_endpoint: base.join("oauth2/authorize").ok(), token_endpoint: base.join("oauth2/token").ok(), - jwks_uri: base.join(".well-known/jwks.json").ok(), + jwks_uri: base.join("oauth2/keys.json").ok(), introspection_endpoint: base.join("oauth2/introspect").ok(), issuer: base, registration_endpoint: None, diff --git a/matrix-authentication-service/src/handlers/oauth2/keys.rs b/matrix-authentication-service/src/handlers/oauth2/keys.rs new file mode 100644 index 000000000..06cd98678 --- /dev/null +++ b/matrix-authentication-service/src/handlers/oauth2/keys.rs @@ -0,0 +1,30 @@ +// Copyright 2021 The Matrix.org Foundation C.I.C. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +use warp::{Filter, Rejection, Reply}; + +use crate::config::OAuth2Config; + +pub(super) fn filter( + config: &OAuth2Config, +) -> impl Filter + Clone + Send + Sync + 'static { + let jwks = config.keys.to_public_jwks(); + + let cors = warp::cors().allow_any_origin(); + + warp::path!("oauth2" / "keys.json") + .and(warp::get()) + .map(move || warp::reply::json(&jwks)) + .with(cors) +} diff --git a/matrix-authentication-service/src/handlers/oauth2/mod.rs b/matrix-authentication-service/src/handlers/oauth2/mod.rs index 764d19528..ac3c7dbea 100644 --- a/matrix-authentication-service/src/handlers/oauth2/mod.rs +++ b/matrix-authentication-service/src/handlers/oauth2/mod.rs @@ -23,11 +23,12 @@ use crate::{ mod authorization; mod discovery; mod introspection; +mod keys; mod token; use self::{ authorization::filter as authorization, discovery::filter as discovery, - introspection::filter as introspection, token::filter as token, + introspection::filter as introspection, keys::filter as keys, token::filter as token, }; pub fn filter( @@ -37,6 +38,7 @@ pub fn filter( cookies_config: &CookiesConfig, ) -> impl Filter + Clone + Send + Sync + 'static { discovery(oauth2_config) + .or(keys(oauth2_config)) .or(authorization( pool, templates, diff --git a/matrix-authentication-service/src/handlers/oauth2/token.rs b/matrix-authentication-service/src/handlers/oauth2/token.rs index 44fbec641..a7f55ea76 100644 --- a/matrix-authentication-service/src/handlers/oauth2/token.rs +++ b/matrix-authentication-service/src/handlers/oauth2/token.rs @@ -12,7 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. +use anyhow::Context; use chrono::Duration; +use jwt_compact::{Claims, Header, TimeOptions}; use oauth2_types::{ errors::{InvalidGrant, OAuth2Error}, requests::{ @@ -20,15 +22,18 @@ use oauth2_types::{ }, }; use rand::thread_rng; +use serde::Serialize; use sqlx::{pool::PoolConnection, Acquire, PgPool, Postgres}; +use url::Url; use warp::{Filter, Rejection, Reply}; use crate::{ - config::{OAuth2ClientConfig, OAuth2Config}, + config::{KeySet, OAuth2ClientConfig, OAuth2Config}, errors::WrapError, filters::{ client::{with_client_auth, ClientAuthentication}, database::with_connection, + with_keys, }, storage::oauth2::{ access_token::{add_access_token, revoke_access_token}, @@ -38,13 +43,26 @@ use crate::{ tokens, }; +#[derive(Serialize)] +struct CustomClaims { + #[serde(rename = "iss")] + issuer: Url, + #[serde(rename = "sub")] + subject: String, + #[serde(rename = "aud")] + audiences: Vec, +} + pub fn filter( pool: &PgPool, oauth2_config: &OAuth2Config, ) -> impl Filter + Clone + Send + Sync + 'static { + let issuer = oauth2_config.issuer.clone(); warp::path!("oauth2" / "token") .and(warp::post()) .and(with_client_auth(oauth2_config)) + .and(with_keys(oauth2_config)) + .and(warp::any().map(move || issuer.clone())) .and(with_connection(pool)) .and_then(token) } @@ -53,11 +71,13 @@ async fn token( _auth: ClientAuthentication, client: OAuth2ClientConfig, req: AccessTokenRequest, + keys: KeySet, + issuer: Url, mut conn: PoolConnection, ) -> Result { let reply = match req { AccessTokenRequest::AuthorizationCode(grant) => { - let reply = authorization_code_grant(&grant, &client, &mut conn).await?; + let reply = authorization_code_grant(&grant, &client, &keys, issuer, &mut conn).await?; warp::reply::json(&reply) } AccessTokenRequest::RefreshToken(grant) => { @@ -76,6 +96,8 @@ async fn token( async fn authorization_code_grant( grant: &AuthorizationCodeGrant, client: &OAuth2ClientConfig, + keys: &KeySet, + issuer: Url, conn: &mut PoolConnection, ) -> Result { let mut txn = conn.begin().await.wrap_error()?; @@ -108,11 +130,26 @@ async fn authorization_code_grant( .await .wrap_error()?; - // TODO: generate id_token if the "openid" scope was asked + // TODO: generate id_token only if the "openid" scope was asked + let header = Header::default(); + let options = TimeOptions::default(); + let claims = Claims::new(CustomClaims { + issuer, + // TODO: get that from the session + subject: "random-subject".to_string(), + audiences: vec![client.client_id.clone()], + }) + .set_duration_and_issuance(&options, Duration::minutes(30)); + let id_token = keys + .token(crate::config::Algorithm::Rs256, header, &claims) + .context("could not sign ID token") + .wrap_error()?; + // TODO: have the scopes back here let params = AccessTokenResponse::new(access_token.token) .with_expires_in(ttl) - .with_refresh_token(refresh_token.token); + .with_refresh_token(refresh_token.token) + .with_id_token(id_token); txn.commit().await.wrap_error()?; diff --git a/oauth2-types/Cargo.toml b/oauth2-types/Cargo.toml index 016dd5496..3bb0dff83 100644 --- a/oauth2-types/Cargo.toml +++ b/oauth2-types/Cargo.toml @@ -7,14 +7,14 @@ license = "Apache-2.0" [dependencies] http = "0.2.4" -serde = "1.0.127" -serde_json = "1.0.66" +serde = "1.0.130" +serde_json = "1.0.67" language-tags = { version = "0.3.2", features = ["serde"] } url = { version = "2.2.2", features = ["serde"] } parse-display = "0.5.1" indoc = "1.0.3" -serde_with = { version = "1.9.4", features = ["chrono"] } -sqlx = { version = "0.5.5", default-features = false, optional = true } +serde_with = { version = "1.10.0", features = ["chrono"] } +sqlx = { version = "0.5.7", default-features = false, optional = true } chrono = "0.4.19" [features] diff --git a/oauth2-types/src/requests.rs b/oauth2-types/src/requests.rs index ceaccac4c..a08ed3b96 100644 --- a/oauth2-types/src/requests.rs +++ b/oauth2-types/src/requests.rs @@ -237,10 +237,13 @@ pub enum AccessTokenRequest { } #[serde_as] +#[skip_serializing_none] #[derive(Serialize, Deserialize, Debug, PartialEq)] pub struct AccessTokenResponse { access_token: String, refresh_token: Option, + // TODO: this should be somewhere else + id_token: Option, token_type: TokenType, @@ -257,6 +260,7 @@ impl AccessTokenResponse { AccessTokenResponse { access_token, refresh_token: None, + id_token: None, token_type: TokenType::Bearer, expires_in: None, scope: None, @@ -269,6 +273,12 @@ impl AccessTokenResponse { self } + #[must_use] + pub fn with_id_token(mut self, id_token: String) -> Self { + self.id_token = Some(id_token); + self + } + #[must_use] pub fn with_scopes(mut self, scope: HashSet) -> Self { self.scope = Some(scope);