Use pkcs1 in Jwk::to_der_pkcs1 instead of openssl

This is split from #1738 , to remove dependency on `openssl` in `src/bin/sccache-dist/token_check.rs`. Signed-off-by: Jiahao XU <[email protected]>
mozilla · Apr 21, 2023 · 9e44a5a · 9e44a5a
1 parent 6fffb2a
commit 9e44a5a
Show file tree

Hide file tree

Showing 3 changed files with 72 additions and 17 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -87,6 +87,7 @@ rouille = { version = "3.5", optional = true, default-features = false, features
 syslog = { version = "6", optional = true }
 void = { version = "1", optional = true }
 version-compare = { version = "0.1.1", optional = true }
+pkcs1 = { version = "0.7.4", features = ["std"], optional = true }
 
 [dev-dependencies]
 assert_cmd = "2.0.10"
@@ -137,7 +138,7 @@ unstable = []
 # Enables distributed support in the sccache client
 dist-client = ["flate2", "hyper", "reqwest", "url", "sha2"]
 # Enables the sccache-dist binary
-dist-server = ["jwt", "flate2", "libmount", "nix", "openssl", "reqwest", "rouille", "syslog", "void", "version-compare"]
+dist-server = ["jwt", "flate2", "libmount", "nix", "openssl", "pkcs1", "reqwest", "rouille", "syslog", "void", "version-compare"]
 # Enables dist tests with external requirements
 dist-tests = ["dist-client", "dist-server"]
 

diff --git a/src/bin/sccache-dist/token_check.rs b/src/bin/sccache-dist/token_check.rs
@@ -22,6 +22,16 @@ pub struct Jwk {
     e: String,
 }
 
+trait Pkcs1ErrExt<T> {
+    fn context(self, context: &'static str) -> Result<T>;
+}
+
+impl<T> Pkcs1ErrExt<T> for pkcs1::Result<T> {
+    fn context(self, context: &'static str) -> Result<T> {
+        self.map_err(|err| anyhow::Error::new(err).context(context))
+    }
+}
+
 impl Jwk {
     // https://github.com/lawliet89/biscuit/issues/96#issuecomment-399149872
     pub fn to_der_pkcs1(&self) -> Result<Vec<u8>> {
@@ -36,14 +46,16 @@ impl Jwk {
         let e = BASE64_URL_SAFE_ENGINE
             .decode(&self.e)
             .context("Failed to base64 decode e")?;
-        let n_bn = openssl::bn::BigNum::from_slice(&n)
-            .context("Failed to create openssl bignum from n")?;
-        let e_bn = openssl::bn::BigNum::from_slice(&e)
-            .context("Failed to create openssl bignum from e")?;
-        let pubkey = openssl::rsa::Rsa::from_public_components(n_bn, e_bn)
-            .context("Failed to create pubkey from n and e")?;
-        let der: Vec<u8> = pubkey
-            .public_key_to_der_pkcs1()
+
+        let n_bn = pkcs1::UintRef::new(&n).context("Failed to create pkcs1 bignum from n")?;
+        let e_bn = pkcs1::UintRef::new(&e).context("Failed to create pkcs1 bignum from e")?;
+
+        let pubkey = pkcs1::RsaPublicKey {
+            modulus: n_bn,
+            public_exponent: e_bn,
+        };
+
+        let der: Vec<u8> = pkcs1::der::Encode::to_der(&pubkey)
             .context("Failed to convert public key to der pkcs1")?;
         Ok(der)
     }