OMGeeky/yup-oauth2
1
0
Fork 0
mirror of https://github.com/OMGeeky/yup-oauth2.git synced 2026-01-22 10:05:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(service_account): Fix bad PR #51: JWTs need RSA signatures.

Browse Source
This commit is contained in:
Lewin Bormann
2017-02-04 16:59:25 +01:00
parent 732d65aa98
commit 38fd851493
2 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/lib.rs
View File

@@ -75,6 +75,8 @@ extern crate base64;
extern crate chrono;
extern crate openssl;
extern crate hyper;
extern crate hyper_rustls;
#[cfg(test)]
extern crate log;
#[cfg(test)]

23
src/service_account.rs
View File

@@ -39,6 +39,16 @@ fn encode_base64<T: AsRef<[u8]>>(s: T) -> String {
base64::encode_mode(s.as_ref(), base64::Base64Mode::UrlSafe)
}
fn decode_rsa_key(pem_pkcs8: &str) -> Result<openssl::rsa::Rsa, Box<error::Error>> {
let private = pem_pkcs8.to_string().replace("\\n", "\n");
let private_key = openssl::rsa::Rsa::private_key_from_pem(&mut private.as_bytes());
match private_key {
Err(e) => Err(Box::new(e)),
Ok(key) => Ok(key),
}
}
/// JSON schema of secret service account key. You can obtain the key from
/// the Cloud Console at https://console.cloud.google.com/.
///
@@ -94,12 +104,12 @@ impl JWT {
fn sign(&self, private_key: &str) -> Result<String, Box<error::Error>> {
let mut jwt_head = self.encode_claims();
let key = openssl::pkey::PKey::hmac(private_key.as_bytes()).unwrap();
let key = try!(decode_rsa_key(private_key));
let pkey = try!(openssl::pkey::PKey::from_rsa(key));
let mut signer =
try!(openssl::sign::Signer::new(
openssl::hash::MessageDigest::sha256(), &key));
openssl::hash::MessageDigest::sha256(), &pkey));
signer.update(&jwt_head.as_bytes()).unwrap();
let signature = signer.finish().unwrap();
let signature_b64 = encode_base64(signature);
@@ -250,17 +260,20 @@ mod tests {
use super::*;
use helper::service_account_key_from_file;
use hyper;
use hyper::net::HttpsConnector;
use hyper_rustls;
use authenticator::GetToken;
// This is a valid but deactivated key.
const TEST_PRIVATE_KEY_PATH: &'static str = "examples/Sanguine-69411a0c0eea.json";
// Uncomment this test to verify that we can successfully obtain tokens.
// #[test]
//#[test]
#[allow(dead_code)]
fn test_service_account_e2e() {
let key = service_account_key_from_file(&TEST_PRIVATE_KEY_PATH.to_string()).unwrap();
let mut acc = ServiceAccountAccess::new(key, hyper::client::Client::new());
let client = hyper::Client::with_connector(HttpsConnector::new(hyper_rustls::TlsClient::new()));
let mut acc = ServiceAccountAccess::new(key, client);
println!("{:?}",
acc.token(vec![&"https://www.googleapis.com/auth/pubsub"]).unwrap());
}