bump: jsonwebtoken to 9

Close #289 Signed-off-by: Xynnn007 <[email protected]>
confidential-containers · Feb 19, 2024 · 33ae7ca · 33ae7ca
1 parent 84432a2
commit 33ae7ca
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 14 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -29,6 +29,7 @@ clap = { version = "4", features = ["derive"] }
 env_logger = "0.10.0"
 hex = "0.4.3"
 kbs-types = "0.5.3"
+jsonwebtoken = "9"
 log = "0.4.17"
 prost = "0.11.0"
 rstest = "0.18.1"

diff --git a/attestation-service/verifier/Cargo.toml b/attestation-service/verifier/Cargo.toml
@@ -12,7 +12,7 @@ az-snp-vtpm-verifier = [ "az-snp-vtpm", "sev", "snp-verifier" ]
 az-tdx-vtpm-verifier = [ "az-tdx-vtpm", "openssl", "tdx-verifier" ]
 snp-verifier = [ "asn1-rs", "openssl", "sev", "x509-parser" ]
 csv-verifier = [ "openssl", "csv-rs", "codicon" ]
-cca-verifier = [ "ear", "veraison-apiclient" ]
+cca-verifier = [ "ear", "jsonwebtoken", "veraison-apiclient" ]
 
 [dependencies]
 anyhow.workspace = true
@@ -29,7 +29,7 @@ codicon = { version = "3.0", optional = true }
 csv-rs = { git = "https://github.com/openanolis/csv-rs", rev = "b74aa8c", optional = true }
 eventlog-rs = { version = "0.1.3", optional = true }
 hex.workspace = true
-jsonwebtoken = "8"
+jsonwebtoken = { workspace = true, default-features = false, optional = true }
 kbs-types.workspace = true
 log.workspace = true
 openssl = { version = "0.10.55", optional = true }
@@ -40,7 +40,7 @@ sev = { version = "1.2.0", features = ["openssl", "snp"], optional = true }
 sgx-dcap-quoteverify-rs = { git = "https://github.com/intel/SGXDataCenterAttestationPrimitives", tag = "DCAP_1.16", optional = true }
 strum.workspace = true
 veraison-apiclient = { git = "https://github.com/chendave/rust-apiclient", branch = "token", optional = true }
-ear = { git = "https://github.com/veraison/rust-ear", rev = "cc6ea53", optional = true }
+ear = { git = "https://github.com/veraison/rust-ear", rev = "43f7f480d09ea2ebc03137af8fbcd70fe3df3468", optional = true }
 x509-parser = { version = "0.14.0", optional = true }
 
 [build-dependencies]

diff --git a/kbs/src/api/Cargo.toml b/kbs/src/api/Cargo.toml
@@ -32,7 +32,7 @@ cfg-if.workspace = true
 clap = { version = "4.3.21", features = ["derive", "env"] }
 config = "0.13.3"
 env_logger.workspace = true
-jsonwebtoken = { version = "8", default-features = false, optional = true }
+jsonwebtoken = { workspace = true, default-features = false, optional = true }
 jwt-simple = "0.11.6"
 kbs-types.workspace = true
 lazy_static = "1.4.0"

diff --git a/kbs/src/api/src/attestation/intel_trust_authority/mod.rs b/kbs/src/api/src/attestation/intel_trust_authority/mod.rs
@@ -5,12 +5,13 @@
 use super::Attest;
 use anyhow::*;
 use async_trait::async_trait;
-use jsonwebtoken::{decode, decode_header, jwk, DecodingKey, Validation};
+use jsonwebtoken::{decode, decode_header, jwk, Algorithm, DecodingKey, Validation};
 use kbs_types::{Attestation, Tee};
 use reqwest::header::{ACCEPT, CONTENT_TYPE};
 use serde::{Deserialize, Serialize};
 use std::fs::File;
 use std::io::BufReader;
+use std::str::FromStr;
 
 #[derive(Deserialize, Debug)]
 struct IntelTrustAuthorityTeeEvidence {
@@ -101,8 +102,13 @@ impl Attest for IntelTrustAuthority {
 
         // find jwk
         let key = self.certs.find(&kid).ok_or(anyhow!("Find jwk failed"))?;
-        let alg = key.common.algorithm.ok_or(anyhow!("Get jwk alg failed"))?;
+        let alg = key
+            .common
+            .key_algorithm
+            .ok_or(anyhow!("Get jwk alg failed"))?
+            .to_string();
 
+        let alg = Algorithm::from_str(alg.as_str())?;
         // verify and decode token
         let dkey = DecodingKey::from_jwk(&key)?;
         let token = decode::<Claims>(&resp_data.token, &dkey, &Validation::new(alg))