s/oidc: Replaced cryptopp with utility function

Signed-off-by: Michael Boquard <michael@redpanda.com>
redpanda-data · May 1, 2024 · eec7e5c · eec7e5c
1 parent 70c3f63
commit eec7e5c
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 25 deletions.
diff --git a/src/v/security/CMakeLists.txt b/src/v/security/CMakeLists.txt
@@ -41,7 +41,6 @@ v_cc_library(
     v::rpc
     absl::flat_hash_map
     absl::flat_hash_set
-    cryptopp
     re2
     gssapi_krb5
     krb5

diff --git a/src/v/security/jwt.h b/src/v/security/jwt.h
@@ -19,14 +19,14 @@
 #include "security/oidc_error.h"
 #include "strings/string_switch.h"
 #include "strings/utf8.h"
+#include "utils/base64.h"
 
 #include <seastar/core/sstring.hh>
 #include <seastar/util/variant_utils.hh>
 
 #include <absl/algorithm/container.h>
 #include <absl/container/flat_hash_map.h>
 #include <boost/algorithm/string/split.hpp>
-#include <cryptopp/base64.h>
 
 #include <iosfwd>
 #include <optional>
@@ -96,27 +96,14 @@ time_point(json::Value const& doc, std::string_view field) {
 }
 
 template<string_viewable StringT = bytes>
-auto base64_url_decode(bytes_view sv) {
-    // TODO: Replace this with non-CryptoPP implementation
-    // TODO: https://github.com/redpanda-data/core-internal/issues/1132
-    CryptoPP::Base64URLDecoder decoder;
-
-    decoder.Put(sv.data(), sv.size());
-    decoder.MessageEnd();
-
-    StringT decoded;
-    if (auto size = decoder.MaxRetrievable(); size != 0) {
-        decoded.resize(size);
-        decoder.Get(
-          reinterpret_cast<CryptoPP::byte*>(decoded.data()), decoded.size());
-    }
-    return decoded;
+auto base64_url_decode(std::string_view sv) {
+    return base64url_to_bytes(sv);
 };
 
 template<string_viewable StringT = bytes>
 std::optional<StringT>
 base64_url_decode(json::Value const& v, std::string_view field) {
-    auto b64 = string_view<bytes::value_type>(v, field);
+    auto b64 = string_view<>(v, field);
     if (!b64.has_value()) {
         return std::nullopt;
     }
@@ -445,9 +432,7 @@ inline result<verifier> make_rs256_verifier(json::Value const& jwk) {
         }
         auto key = crypto::key::load_rsa_public_key(n.value(), e.value());
         return verifier{rs256_verifier{std::move(key)}};
-    } catch (CryptoPP::Exception const& ex) {
-        return errc::jwk_invalid;
-    } catch (crypto::exception const&) {
+    } catch (base64_url_decoder_exception&) {
         return errc::jwk_invalid;
     }
 }
@@ -506,25 +491,26 @@ class verifier {
     // Verify the JWS signature and return the JWT
     result<jwt> verify(jws const& jws) const {
         std::string_view sv(jws._encoded);
-        std::vector<bytes_view> jose_enc;
+        std::vector<std::string_view> jose_enc;
         jose_enc.reserve(3);
         boost::algorithm::split(
           jose_enc,
-          detail::char_view_cast<bytes_view::value_type>(sv),
+          detail::char_view_cast<std::string_view::value_type>(sv),
           [](char c) { return c == '.'; });
 
         if (jose_enc.size() != 3) {
             return errc::jws_invalid_parts;
         }
 
-        constexpr auto make_dom = [](bytes_view bv) -> result<json::Document> {
+        constexpr auto make_dom =
+          [](std::string_view bv) -> result<json::Document> {
             try {
                 auto bytes = detail::base64_url_decode(bv);
                 auto str = detail::char_view_cast<char>(bytes);
                 json::Document dom;
                 dom.Parse(str.data(), str.length());
                 return dom;
-            } catch (CryptoPP::Exception const& ex) {
+            } catch (base64_url_decoder_exception&) {
                 return errc::jws_invalid_b64;
             }
         };