使用私钥格式化字符串来扭曲 json 回复

问题描述 投票:0回答:1

我在 Web 应用程序中使用 warp 回复 json 格式为 oAuth 流程创建公钥/私钥对。私钥在 warp 端点中以 json 形式返回给 api 中的用户,如下所示,

实际产量

{
    "token_uri": "http://example.com/token",
    "kid": "keyid",
    "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC/Z0MgEolvLiwM\nNWpRR+xN6+sXNZh9HU7ignGMgieHz147D/ti7kD1cb14F9Sfp2CewfjwapdMjkhF\n/7sytl54ylNV5ID9EIBDlbbJ78IdEu4CzvbdhBP32k5IEQCACI4wMQmqLRj01Wbg\nl0ihNPkNFkuVxfmSC5ozJuiVXsR/rCg7GP9w880tkJI50ZoUNwClaLOXWph151Es\njc0HDgrYaDISzLB8qLxEBQCTBLz9OWz38rV0bfLGnBRYZjFx4gzkuZbjJfE2w3XQ\nuAl08A0THdNztffoWQLED98jxBj3Y5PRsiC9oqccKb51crohYe426GnfiaAGiPQy\njGI+2ZBRAgMBAAECggEAS+VjbZ1MF+UEHFc18EMHxaIt10cuTzZG6HR3GBMoH6cv\no1XkBceZxHm0eqFgc2pIWstprdNmaTnmGLOeBC7iaR05TE7Ogwp/Ac2k7JAAtcyi\nykRNCWttC5PqBJORUjOSRjO7tForkjHomFgEub+qnfDgSeR14N5u56efBFPOsRzf\nIjAMO6lkYcGHa9hFSpzCNp319gH4yIXL+jXUs+3oyOruHVWHtRVTriGZ7eFgs6lU\ngSt6+1V59gKjQtYHWWVEsE3f9YIB2zmFaQWHsK1qK3CAf5lNhsfDMXFNrNWSu+SB\nMPWcNdxY7tdbfjPC4srJSs/YIfhEhuqLK6cR6Z8gwQKBgQD4dNluCVPIllWiPi95\npeztrYDVmVYVDU0XKZ01EDqydDWJyUWYuMG77g/vPokrYHRB+rCYTDbpsO3d7qB9\ntJoTOhJ1juPqmgbUwZEKokb64KKg+JMGH0elAD0mlIcxrkkvppapA/WGTXV84Nf8\n4tTCWKoyUiyi8jZfby8rIpzAiQKBgQDFNvZraXsTcdikQQcAGclK6zdAVf0J1OE6\nb1zZFQhlao38hWz/NdbvwHvtqhNgx7r9eO3Jg250atFHm8YD+OTQPz2xBecbTBeY\n/F3tiD6NiL2TClBlaB7aR9KchaFypOmtR02UFPh4o0cX03s8D8qmr30MOBkjqgxm\nspNU35qPiQKBgQCdVnHyqtlx5zHngnXSFW9KvFsf6PCIeFnfVy0E03g4VjspPFpk\ncmvNNN7GZNW8sGIu/jAi4fDMYIzhxCHCOUJw9o+F/qz6ffvhc4sELuvAJ80VHxUM\nBXb7WIFhEyHiJjqWgGpcMfOjzx2drU1aCdMuF7QAFeXKcpRYLzKxoEOf8QKBgQCx\nw14Q6a4vk8HkJF0sARJI/oX57sg70XAG3RSC9AtyZr5/LMFXtW79ArJyQohfBwmM\nqjEkH90zAImNk2LEd9e/whFYfGqZV1g55NjBX7qKlwPSA0z+awDMXksAHQ+up+md\n8BSEcvaYvww49L4zIETZRHthxTsbw46UD0jwCvFliQKBgHfJRPg9u2OCZF+jOtK2\nswI2r+4/q7Ki7mBuHlnceRDfgb+1lvv2QmM0M/p6ijf7/SequksdJSr2jLmCp/K3\nHwSFaGgoHSt/nkcCCi7LR9fhM2MeLrEIV4E937Ii2wkt5/JXGwwYPbadELPb84On\nq0oUrqcHheFb4aCv1N5io6ok\n-----END PRIVATE KEY-----\n"
}

其中私钥带有换行符( ) 在 JSON 中。是否可以将私钥格式化为json格式,如下所示?

预期产量

{
    "token_uri": "http://example.com/token",
    "kid": "keyid",
    "private_key": "-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC/Z0MgEolvLiwM
NWpRR+xN6+sXNZh9HU7ignGMgieHz147D/ti7kD1cb14F9Sfp2CewfjwapdMjkhF
/7sytl54ylNV5ID9EIBDlbbJ78IdEu4CzvbdhBP32k5IEQCACI4wMQmqLRj01Wbg
l0ihNPkNFkuVxfmSC5ozJuiVXsR/rCg7GP9w880tkJI50ZoUNwClaLOXWph151Es
jc0HDgrYaDISzLB8qLxEBQCTBLz9OWz38rV0bfLGnBRYZjFx4gzkuZbjJfE2w3XQ
uAl08A0THdNztffoWQLED98jxBj3Y5PRsiC9oqccKb51crohYe426GnfiaAGiPQy
jGI+2ZBRAgMBAAECggEAS+VjbZ1MF+UEHFc18EMHxaIt10cuTzZG6HR3GBMoH6cv
o1XkBceZxHm0eqFgc2pIWstprdNmaTnmGLOeBC7iaR05TE7Ogwp/Ac2k7JAAtcyi
ykRNCWttC5PqBJORUjOSRjO7tForkjHomFgEub+qnfDgSeR14N5u56efBFPOsRzf
IjAMO6lkYcGHa9hFSpzCNp319gH4yIXL+jXUs+3oyOruHVWHtRVTriGZ7eFgs6lU
gSt6+1V59gKjQtYHWWVEsE3f9YIB2zmFaQWHsK1qK3CAf5lNhsfDMXFNrNWSu+SB
MPWcNdxY7tdbfjPC4srJSs/YIfhEhuqLK6cR6Z8gwQKBgQD4dNluCVPIllWiPi95
peztrYDVmVYVDU0XKZ01EDqydDWJyUWYuMG77g/vPokrYHRB+rCYTDbpsO3d7qB9
tJoTOhJ1juPqmgbUwZEKokb64KKg+JMGH0elAD0mlIcxrkkvppapA/WGTXV84Nf8
4tTCWKoyUiyi8jZfby8rIpzAiQKBgQDFNvZraXsTcdikQQcAGclK6zdAVf0J1OE6
b1zZFQhlao38hWz/NdbvwHvtqhNgx7r9eO3Jg250atFHm8YD+OTQPz2xBecbTBeY
/F3tiD6NiL2TClBlaB7aR9KchaFypOmtR02UFPh4o0cX03s8D8qmr30MOBkjqgxm
spNU35qPiQKBgQCdVnHyqtlx5zHngnXSFW9KvFsf6PCIeFnfVy0E03g4VjspPFpk
cmvNNN7GZNW8sGIu/jAi4fDMYIzhxCHCOUJw9o+F/qz6ffvhc4sELuvAJ80VHxUM
BXb7WIFhEyHiJjqWgGpcMfOjzx2drU1aCdMuF7QAFeXKcpRYLzKxoEOf8QKBgQCx
w14Q6a4vk8HkJF0sARJI/oX57sg70XAG3RSC9AtyZr5/LMFXtW79ArJyQohfBwmM
qjEkH90zAImNk2LEd9e/whFYfGqZV1g55NjBX7qKlwPSA0z+awDMXksAHQ+up+md
8BSEcvaYvww49L4zIETZRHthxTsbw46UD0jwCvFliQKBgHfJRPg9u2OCZF+jOtK2
swI2r+4/q7Ki7mBuHlnceRDfgb+1lvv2QmM0M/p6ijf7/SequksdJSr2jLmCp/K3
HwSFaGgoHSt/nkcCCi7LR9fhM2MeLrEIV4E937Ii2wkt5/JXGwwYPbadELPb84On
q0oUrqcHheFb4aCv1N5io6ok
-----END PRIVATE KEY-----
}

在 Rust 代码中,我在将 Reply 实现为 Json 的函数中返回“ClientKey”结构,如下所示

结构

#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct ClientKey {
    pub token_uri: String,
    pub kid: String,
    pub private_key: String,
}

函数返回

 Ok(ClientKey {
       kid, // random id generated using rand crate
       private_key: format!("{}", pvt_key), // Generated from openssl and returned from a function in actual code
       token_uri: format!("{}", "http://example.com/token")
   })

扭曲回复功能

impl Reply for ClientKey {
    fn into_response(self) -> Response {
        warp::reply::json(&self).into_response()
    }
}
json rust openssl rust-tokio rust-warp
1个回答
0
投票

这是无效的 JSON:

{
    "token_uri": "http://example.com/token",
    "kid": "keyid",
    "private_key": "-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC/Z0MgEolvLiwM
NWpRR+xN6+sXNZh9HU7ignGMgieHz147D/ti7kD1cb14F9Sfp2CewfjwapdMjkhF
/7sytl54ylNV5ID9EIBDlbbJ78IdEu4CzvbdhBP32k5IEQCACI4wMQmqLRj01Wbg
l0ihNPkNFkuVxfmSC5ozJuiVXsR/rCg7GP9w880tkJI50ZoUNwClaLOXWph151Es
jc0HDgrYaDISzLB8qLxEBQCTBLz9OWz38rV0bfLGnBRYZjFx4gzkuZbjJfE2w3XQ
uAl08A0THdNztffoWQLED98jxBj3Y5PRsiC9oqccKb51crohYe426GnfiaAGiPQy
jGI+2ZBRAgMBAAECggEAS+VjbZ1MF+UEHFc18EMHxaIt10cuTzZG6HR3GBMoH6cv
o1XkBceZxHm0eqFgc2pIWstprdNmaTnmGLOeBC7iaR05TE7Ogwp/Ac2k7JAAtcyi
ykRNCWttC5PqBJORUjOSRjO7tForkjHomFgEub+qnfDgSeR14N5u56efBFPOsRzf
IjAMO6lkYcGHa9hFSpzCNp319gH4yIXL+jXUs+3oyOruHVWHtRVTriGZ7eFgs6lU
gSt6+1V59gKjQtYHWWVEsE3f9YIB2zmFaQWHsK1qK3CAf5lNhsfDMXFNrNWSu+SB
MPWcNdxY7tdbfjPC4srJSs/YIfhEhuqLK6cR6Z8gwQKBgQD4dNluCVPIllWiPi95
peztrYDVmVYVDU0XKZ01EDqydDWJyUWYuMG77g/vPokrYHRB+rCYTDbpsO3d7qB9
tJoTOhJ1juPqmgbUwZEKokb64KKg+JMGH0elAD0mlIcxrkkvppapA/WGTXV84Nf8
4tTCWKoyUiyi8jZfby8rIpzAiQKBgQDFNvZraXsTcdikQQcAGclK6zdAVf0J1OE6
b1zZFQhlao38hWz/NdbvwHvtqhNgx7r9eO3Jg250atFHm8YD+OTQPz2xBecbTBeY
/F3tiD6NiL2TClBlaB7aR9KchaFypOmtR02UFPh4o0cX03s8D8qmr30MOBkjqgxm
spNU35qPiQKBgQCdVnHyqtlx5zHngnXSFW9KvFsf6PCIeFnfVy0E03g4VjspPFpk
cmvNNN7GZNW8sGIu/jAi4fDMYIzhxCHCOUJw9o+F/qz6ffvhc4sELuvAJ80VHxUM
BXb7WIFhEyHiJjqWgGpcMfOjzx2drU1aCdMuF7QAFeXKcpRYLzKxoEOf8QKBgQCx
w14Q6a4vk8HkJF0sARJI/oX57sg70XAG3RSC9AtyZr5/LMFXtW79ArJyQohfBwmM
qjEkH90zAImNk2LEd9e/whFYfGqZV1g55NjBX7qKlwPSA0z+awDMXksAHQ+up+md
8BSEcvaYvww49L4zIETZRHthxTsbw46UD0jwCvFliQKBgHfJRPg9u2OCZF+jOtK2
swI2r+4/q7Ki7mBuHlnceRDfgb+1lvv2QmM0M/p6ijf7/SequksdJSr2jLmCp/K3
HwSFaGgoHSt/nkcCCi7LR9fhM2MeLrEIV4E937Ii2wkt5/JXGwwYPbadELPb84On
q0oUrqcHheFb4aCv1N5io6ok
-----END PRIVATE KEY-----"
}

我在私钥的最后一行添加了缺少的 

"
字符。这不足以使数据成为有效的 JSON。

如注释中所述,控制字符不能出现在 JSON 字符串值中,必须进行转义。根据 RFC 8259:JavaScript 对象表示法 (JSON) 数据交换格式,第 7 节:字符串(粗体我的):

字符串的表示与 C 语言中使用的约定类似 编程语言家族。字符串的开头和结尾为 引号。所有 Unicode 字符都可以放置在 引号,除了必须转义的字符: 引号、反斜线和控制字符 (U+0000 通过 U+001F).

任何字符都可以被转义。如果角色在基本模式中 多语言平面(U+0000 到 U+FFFF),那么它可能是 表示为一个六字符序列:反向斜线,后面跟着 由小写字母 u 后跟四个十六进制数字 对字符的代码点进行编码。十六进制字母 A 到 F 可以是大写或小写。因此,例如,一个字符串 可以表示仅包含单个反斜线字符 作为“\u005C”。

或者,还有两个字符序列转义 一些流行角色的代表。因此,例如,一个 仅包含单个反斜线字符的字符串可能是 更紧凑地表示为“\”。

转义基本多语言中没有的扩展字符 Plane,字符表示为12个字符的序列, 对 UTF-16 代理项对进行编码。因此,例如,一个字符串 仅包含 G 谱号字符 (U+1D11E) 可以表示为 “\uD834\uDD1E”。

 string = quotation-mark *char quotation-mark

 char = unescaped /
     escape (
         %x22 /          ; "    quotation mark  U+0022
         %x5C /          ; \    reverse solidus U+005C
         %x2F /          ; /    solidus         U+002F
         %x62 /          ; b    backspace       U+0008
         %x66 /          ; f    form feed       U+000C
         %x6E /          ; n    line feed       U+000A
         %x72 /          ; r    carriage return U+000D
         %x74 /          ; t    tab             U+0009
         %x75 4HEXDIG )  ; uXXXX                U+XXXX

请注意,“换行”是 

U+000A
- 必须转义的控制字符之一。

OT:我确实希望这不是你真正的私钥。如果它是真实的,它就不再是私人的了。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.