diff --git a/kube-client/Cargo.toml b/kube-client/Cargo.toml index c19433e47..236e70519 100644 --- a/kube-client/Cargo.toml +++ b/kube-client/Cargo.toml @@ -37,7 +37,7 @@ features = ["client", "rustls-tls", "openssl-tls", "ws", "oauth", "oidc", "jsonp rustdoc-args = ["--cfg", "docsrs"] [dependencies] -base64 = { version = "0.20.0", optional = true } +base64 = { version = "0.21.4", optional = true } chrono = { version = "0.4.23", optional = true, default-features = false } home = { version = "0.5.4", optional = true } serde = { version = "1.0.130", features = ["derive"] } diff --git a/kube-client/src/client/auth/oidc.rs b/kube-client/src/client/auth/oidc.rs index 8bbf74c23..0c3d5cbd0 100644 --- a/kube-client/src/client/auth/oidc.rs +++ b/kube-client/src/client/auth/oidc.rs @@ -1,12 +1,5 @@ use std::collections::HashMap; -use base64::{ - alphabet, - engine::{ - fast_portable::{FastPortable, FastPortableConfig}, - DecodePaddingMode, - }, -}; use chrono::{Duration, TimeZone, Utc}; use form_urlencoded::Serializer; use http::{ @@ -137,12 +130,14 @@ pub mod errors { } } -const BASE64_ENGINE: FastPortable = FastPortable::from( - &alphabet::URL_SAFE, - FastPortableConfig::new() +use base64::Engine as _; +const JWT_BASE64_ENGINE: base64::engine::GeneralPurpose = base64::engine::GeneralPurpose::new( + &base64::alphabet::URL_SAFE, + base64::engine::GeneralPurposeConfig::new() .with_decode_allow_trailing_bits(true) - .with_decode_padding_mode(DecodePaddingMode::Indifferent), + .with_decode_padding_mode(base64::engine::DecodePaddingMode::Indifferent), ); +use base64::engine::general_purpose::STANDARD as STANDARD_BASE64_ENGINE; #[derive(Debug)] pub struct Oidc { @@ -164,7 +159,7 @@ impl Oidc { .split('.') .nth(1) .ok_or(errors::IdTokenError::InvalidFormat)?; - let payload = base64::decode_engine(part, &BASE64_ENGINE)?; + let payload = JWT_BASE64_ENGINE.decode(part)?; let expiry = serde_json::from_slice::(&payload)?.expiry; let timestamp = Utc .timestamp_opt(expiry, 0) @@ -370,7 +365,7 @@ impl Refresher { AUTHORIZATION, format!( "Basic {}", - base64::encode(format!( + STANDARD_BASE64_ENGINE.encode(format!( "{}:{}", self.client_id.expose_secret(), self.client_secret.expose_secret() @@ -481,7 +476,7 @@ mod tests { let invalid_claims_token = format!( "{}.{}.{}", token_valid.split_once('.').unwrap().0, - base64::encode(serde_json::to_string(&invalid_claims).unwrap()), + JWT_BASE64_ENGINE.encode(serde_json::to_string(&invalid_claims).unwrap()), token_valid.rsplit_once('.').unwrap().1, ); oidc.id_token = invalid_claims_token.into(); diff --git a/kube-client/src/client/upgrade.rs b/kube-client/src/client/upgrade.rs index 8bacb8e41..e8fe67c5c 100644 --- a/kube-client/src/client/upgrade.rs +++ b/kube-client/src/client/upgrade.rs @@ -39,7 +39,6 @@ pub enum UpgradeConnectionError { GetPendingUpgrade(#[source] hyper::Error), } - // Verify upgrade response according to RFC6455. // Based on `tungstenite` and added subprotocol verification. pub fn verify_response(res: &Response, key: &str) -> Result<(), UpgradeConnectionError> { @@ -90,6 +89,7 @@ pub fn verify_response(res: &Response, key: &str) -> Result<(), UpgradeCon /// Generate a random key for the `Sec-WebSocket-Key` header. /// This must be nonce consisting of a randomly selected 16-byte value in base64. pub fn sec_websocket_key() -> String { + use base64::Engine; let r: [u8; 16] = rand::random(); - base64::encode(r) + base64::engine::general_purpose::STANDARD.encode(r) } diff --git a/kube-client/src/config/file_config.rs b/kube-client/src/config/file_config.rs index dc98b5495..4e658145e 100644 --- a/kube-client/src/config/file_config.rs +++ b/kube-client/src/config/file_config.rs @@ -537,7 +537,10 @@ fn load_from_base64_or_file>( } fn load_from_base64(value: &str) -> Result, LoadDataError> { - base64::decode(value).map_err(LoadDataError::DecodeBase64) + use base64::Engine; + base64::engine::general_purpose::STANDARD + .decode(value) + .map_err(LoadDataError::DecodeBase64) } fn load_from_file>(file: &P) -> Result, LoadDataError> { @@ -768,7 +771,6 @@ users: client-key-data: aGVsbG8K "#; - let kubeconfig1 = Kubeconfig::from_yaml(config1)?; let kubeconfig2 = Kubeconfig::from_yaml(config2)?; let merged = kubeconfig1.merge(kubeconfig2).unwrap();