Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-signedjson for openSUSE:Factory checked in at 2022-06-09 14:10:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-signedjson (Old) and /work/SRC/openSUSE:Factory/.python-signedjson.new.1548 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-signedjson" Thu Jun 9 14:10:28 2022 rev:6 rq:981337 version:1.1.4 Changes: -------- --- /work/SRC/openSUSE:Factory/python-signedjson/python-signedjson.changes 2020-08-17 14:40:21.106581559 +0200 +++ /work/SRC/openSUSE:Factory/.python-signedjson.new.1548/python-signedjson.changes 2022-06-09 14:10:34.692430337 +0200 @@ -1,0 +2,23 @@ +Wed Jun 8 11:08:12 UTC 2022 - Marcus Rueckert <mrueck...@suse.de> + +- reenable testsuite + +------------------------------------------------------------------- +Tue Jun 7 16:15:18 UTC 2022 - Marcus Rueckert <mrueck...@suse.de> + +- Update to version 1.1.4 + - Bugfixes + - Fix a bug introduced in signedjson 1.1.3 where signedjson + could not be imported due to an MRO resolution error. (#22) + - Do not require importlib_metadata on Python 3.8 and above. By + @MeggyCal. (#9) + - Internal Changes + - Configure @matrix-org/synapse-core to be the code owner for + the repository. (#11) + - Use assertEqual for Python 3.11. By @hugovk. (#17) + - Run linters (flake8, mypy, black, isort). (#20) + - Mark the package as containing type hints. (#20) +- drop no-importlib-on-py38.patch: + included in update + +------------------------------------------------------------------- Old: ---- no-importlib-on-py38.patch signedjson-1.1.1.tar.gz New: ---- signedjson-1.1.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-signedjson.spec ++++++ --- /var/tmp/diff_new_pack.97wjfU/_old 2022-06-09 14:10:36.008432102 +0200 +++ /var/tmp/diff_new_pack.97wjfU/_new 2022-06-09 14:10:36.012432107 +0200 @@ -1,7 +1,7 @@ # -# spec file for package python-signedjson +# spec file # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,14 +20,13 @@ %global modname signedjson %bcond_without python2 Name: python-%{modname} -Version: 1.1.1 +Version: 1.1.4 Release: 0 Summary: Python module to sign JSON with Ed25519 signatures License: Apache-2.0 Group: Development/Languages/Python URL: https://github.com/matrix-org/%{name} Source0: https://files.pythonhosted.org/packages/source/s/signedjson/%{modname}-%{version}.tar.gz -Patch0: no-importlib-on-py38.patch BuildRequires: %{python_module setuptools_scm} BuildRequires: fdupes BuildRequires: python-rpm-macros @@ -64,7 +63,6 @@ %prep %setup -q -n %{modname}-%{version} -%patch0 -p1 %build %python_build ++++++ signedjson-1.1.1.tar.gz -> signedjson-1.1.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signedjson-1.1.1/.flake8 new/signedjson-1.1.4/.flake8 --- old/signedjson-1.1.1/.flake8 1970-01-01 01:00:00.000000000 +0100 +++ new/signedjson-1.1.4/.flake8 2022-03-08 19:01:34.000000000 +0100 @@ -0,0 +1,14 @@ +# Ideally this would be in pyproject.toml, but that's not possible right now. See +# https://github.com/PyCQA/flake8/issues/234 +# https://github.com/johnthagen/python-blueprint/issues/29#issuecomment-1003437646 +[flake8] +# see https://pycodestyle.readthedocs.io/en/latest/intro.html#error-codes +# and https://flake8.pycqa.org/en/latest/user/error-codes.html +# for error codes. The ones we ignore are: +# W503: line break before binary operator +# W504: line break after binary operator +# E203: whitespace before ':' (which is contrary to pep8?) +# E731: do not assign a lambda expression, use a def +# E501: Line too long (black enforces this for us) +ignore=W503,W504,E203,E731,E501 +exclude=dist,.venv diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signedjson-1.1.1/.github/CODEOWNERS new/signedjson-1.1.4/.github/CODEOWNERS --- old/signedjson-1.1.1/.github/CODEOWNERS 1970-01-01 01:00:00.000000000 +0100 +++ new/signedjson-1.1.4/.github/CODEOWNERS 2022-01-24 15:10:18.000000000 +0100 @@ -0,0 +1,2 @@ +# Automatically request reviews from the synapse-core team when a pull request comes in. +* @matrix-org/synapse-core diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signedjson-1.1.1/CHANGELOG.md new/signedjson-1.1.4/CHANGELOG.md --- old/signedjson-1.1.1/CHANGELOG.md 2020-03-27 20:43:57.000000000 +0100 +++ new/signedjson-1.1.4/CHANGELOG.md 2022-03-29 18:28:42.000000000 +0200 @@ -1,3 +1,40 @@ +Signedjson 1.1.4 (2022-03-29) +============================= + +Bugfixes +-------- + +- Fix a bug introduced in signedjson 1.1.3 where `signedjson` could not be imported due to an MRO resolution error. ([\#22](https://github.com/matrix-org/python-signedjson/issues/22)) + + +Signedjson 1.1.3 (2022-03-29) +============================= + + +Internal Changes +---------------- + +- Mark the `SigningKey` and `VerifyKey` types as `SupportsBytes`. ([\#21](https://github.com/matrix-org/python-signedjson/issues/21)) + + +Signedjson 1.1.2 (2022-03-29) +============================= + +Bugfixes +-------- + +- Do not require `importlib_metadata` on Python 3.8 and above. By @MeggyCal. ([\#9](https://github.com/matrix-org/python-signedjson/issues/9)) + + +Internal Changes +---------------- + +- Configure @matrix-org/synapse-core to be the code owner for the repository. ([\#11](https://github.com/matrix-org/python-signedjson/issues/11)) +- Use `assertEqual` for Python 3.11. By @hugovk. ([\#17](https://github.com/matrix-org/python-signedjson/pull/17)) +- Run linters (flake8, mypy, black, isort). ([\#20](https://github.com/matrix-org/python-signedjson/pull/20)) +- Mark the package as containing type hints. ([\#20](https://github.com/matrix-org/python-signedjson/pull/20)) + + Signedjson 1.1.1 (2020-03-27) ============================= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signedjson-1.1.1/PKG-INFO new/signedjson-1.1.4/PKG-INFO --- old/signedjson-1.1.1/PKG-INFO 2020-03-27 20:48:21.000000000 +0100 +++ new/signedjson-1.1.4/PKG-INFO 2022-03-29 18:29:42.332502100 +0200 @@ -1,82 +1,83 @@ -Metadata-Version: 1.0 +Metadata-Version: 2.1 Name: signedjson -Version: 1.1.1 +Version: 1.1.4 Summary: Sign JSON with Ed25519 signatures -Home-page: UNKNOWN -Author: UNKNOWN -Author-email: UNKNOWN License: UNKNOWN -Description: Signed JSON - =========== - - .. image:: https://img.shields.io/pypi/v/signedjson.svg - :target: https://pypi.python.org/pypi/signedjson/ - :alt: Latest Version - - .. image:: https://img.shields.io/travis/matrix-org/python-signedjson.svg - :target: https://travis-ci.org/matrix-org/python-signedjson - - - Signs JSON objects with ED25519 signatures. - - - Features - -------- - - * More than one entity can sign the same object. - * Each entity can sign the object with more than one key making it easier to - rotate keys - * ED25519 can be replaced with a different algorithm. - * Unprotected data can be added to the object under the ``"unsigned"`` key. - - - Installing - ---------- - - .. code:: bash - - pip install signedjson - - Using - ----- - - .. code:: python - - from signedjson.key import generate_signing_key, get_verify_key - from signedjson.sign import ( - sign_json, verify_signed_json, SignatureVerifyException - ) - - signing_key = generate_signing_key('zxcvb') - signed_json = sign_json({'my_key': 'my_data'}, 'Alice', signing_key) - - verify_key = get_verify_key(signing_key) - - try: - verify_signed_json(signed_json, 'Alice', verify_key) - print 'Signature is valid' - except SignatureVerifyException: - print 'Signature is invalid' - - Format - ------ - - .. code:: json - - { - "<protected_name>": "<protected_value>", - "signatures": { - "<entity_name>": { - "ed25519:<key_id>": "<unpadded_base64_signature>" - } - }, - "unsigned": { - "<unprotected_name>": "<unprotected_value>", - } - } - - - - Keywords: json Platform: UNKNOWN +Provides-Extra: dev +License-File: LICENSE + +Signed JSON +=========== + +.. image:: https://img.shields.io/pypi/v/signedjson.svg + :target: https://pypi.python.org/pypi/signedjson/ + :alt: Latest Version + +.. image:: https://img.shields.io/travis/matrix-org/python-signedjson.svg + :target: https://travis-ci.org/matrix-org/python-signedjson + + +Signs JSON objects with ED25519 signatures. + + +Features +-------- + +* More than one entity can sign the same object. +* Each entity can sign the object with more than one key making it easier to + rotate keys +* ED25519 can be replaced with a different algorithm. +* Unprotected data can be added to the object under the ``"unsigned"`` key. + + +Installing +---------- + +.. code:: bash + + pip install signedjson + +Using +----- + +.. code:: python + + from signedjson.key import generate_signing_key, get_verify_key + from signedjson.sign import ( + sign_json, verify_signed_json, SignatureVerifyException + ) + + signing_key = generate_signing_key('zxcvb') + signed_json = sign_json({'my_key': 'my_data'}, 'Alice', signing_key) + + verify_key = get_verify_key(signing_key) + + try: + verify_signed_json(signed_json, 'Alice', verify_key) + print 'Signature is valid' + except SignatureVerifyException: + print 'Signature is invalid' + +Format +------ + +.. code:: json + + { + "<protected_name>": "<protected_value>", + "signatures": { + "<entity_name>": { + "ed25519:<key_id>": "<unpadded_base64_signature>" + } + }, + "unsigned": { + "<unprotected_name>": "<unprotected_value>", + } + } + + + + + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signedjson-1.1.1/RELEASING.md new/signedjson-1.1.4/RELEASING.md --- old/signedjson-1.1.1/RELEASING.md 1970-01-01 01:00:00.000000000 +0100 +++ new/signedjson-1.1.4/RELEASING.md 2022-03-29 15:10:56.000000000 +0200 @@ -0,0 +1,34 @@ +1. Set a variable to the version number for convenience: + ```sh + ver=x.y.z + ``` +1. Update the changelog: + ```sh + towncrier --version=$ver + # On newer towncriers: towncrier build --version=$ver + ``` +1. Push your changes: + ```sh + git add -u && git commit -m $ver && git push + ``` +1. Sanity-check the + [changelog](https://github.com/matrix-org/python-signedjson/blob/master/CHANGELOG.md) + and update if need be. +1. Create a signed tag for the relese: + ```sh + git tag -s v$ver + ``` + Base the tag message on the changelog. +1. Push the tag: + ```sh + git push origin tag v$ver + ``` +1. Build and upload to PyPI: + ```sh + python setup.py sdist + twine upload dist/python-signedjson-$ver.tar.gz + ``` +1. Create release on GH project page: + ```sh + xdg-open https://github.com/matrix-org/python-signedjson/releases/edit/v$ver + ``` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signedjson-1.1.1/pyproject.toml new/signedjson-1.1.4/pyproject.toml --- old/signedjson-1.1.1/pyproject.toml 2020-03-27 20:42:41.000000000 +0100 +++ new/signedjson-1.1.4/pyproject.toml 2022-03-08 19:01:34.000000000 +0100 @@ -33,3 +33,21 @@ directory = "misc" name = "Internal Changes" showcontent = true + +[tool.isort] +line_length = 88 +multi_line_output = 3 +include_trailing_comma = true +combine_as_imports = true +known_first_party = ["signedjson", "tests"] + +[tool.black] +# Placeholder for now. + +[tool.mypy] +files = ["signedjson", "tests"] +show_error_codes = true + +[[tool.mypy.overrides]] +module = ["canonicaljson"] +ignore_missing_imports = true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signedjson-1.1.1/setup.py new/signedjson-1.1.4/setup.py --- old/signedjson-1.1.1/setup.py 2020-03-27 20:41:34.000000000 +0100 +++ new/signedjson-1.1.4/setup.py 2022-03-08 19:01:34.000000000 +0100 @@ -14,9 +14,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -from setuptools import setup -from codecs import open import os +from codecs import open + +from setuptools import setup here = os.path.abspath(os.path.dirname(__file__)) @@ -39,10 +40,16 @@ "canonicaljson>=1.0.0", "unpaddedbase64>=1.0.1", "pynacl>=0.3.0", - "typing_extensions>=3.5", + 'typing_extensions>=3.5;python_version<"3.8"', 'typing>=3.5;python_version<"3.5"', - "importlib_metadata", + 'importlib_metadata;python_version<"3.8"', ], + extras_require={ + "dev": ["typing_extensions>=3.5"], + }, long_description=read_file(("README.rst",)), keywords="json", + package_data={ + "signedjson": ["py.typed"] + } ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signedjson-1.1.1/signedjson/__init__.py new/signedjson-1.1.4/signedjson/__init__.py --- old/signedjson-1.1.1/signedjson/__init__.py 2020-03-27 20:41:34.000000000 +0100 +++ new/signedjson-1.1.4/signedjson/__init__.py 2022-03-29 16:07:33.000000000 +0200 @@ -12,7 +12,13 @@ # See the License for the specific language governing permissions and # limitations under the License. -from importlib_metadata import version, PackageNotFoundError +try: + from importlib.metadata import PackageNotFoundError, version +except ImportError: # pragma: nocover + from importlib_metadata import ( # type: ignore[import, no-redef] + PackageNotFoundError, + version, + ) try: __version__ = version(__name__) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signedjson-1.1.1/signedjson/key.py new/signedjson-1.1.4/signedjson/key.py --- old/signedjson-1.1.1/signedjson/key.py 2020-03-27 17:13:12.000000000 +0100 +++ new/signedjson-1.1.4/signedjson/key.py 2022-03-08 19:01:34.000000000 +0100 @@ -20,7 +20,7 @@ import nacl.signing from unpaddedbase64 import decode_base64, encode_base64 -from signedjson.types import SigningKey, VerifyKey +from signedjson.types import SigningKey, VerifyKey, VerifyKeyWithExpiry NACL_ED25519 = "ed25519" SUPPORTED_ALGORITHMS = [NACL_ED25519] @@ -34,7 +34,7 @@ Returns: A SigningKey object. """ - key = nacl.signing.SigningKey.generate() + key: SigningKey = nacl.signing.SigningKey.generate() # type: ignore[assignment] key.version = version key.alg = NACL_ED25519 return key @@ -43,7 +43,7 @@ def get_verify_key(signing_key): # type: (SigningKey) -> VerifyKey """Get a verify key from a signing key""" - verify_key = signing_key.verify_key + verify_key: VerifyKey = signing_key.verify_key # type: ignore[assignment] verify_key.version = signing_key.version verify_key.alg = signing_key.alg return verify_key @@ -61,7 +61,7 @@ """ if algorithm == NACL_ED25519: key_bytes = decode_base64(key_base64) - key = nacl.signing.SigningKey(key_bytes) + key: SigningKey = nacl.signing.SigningKey(key_bytes) # type: ignore[assignment] key.version = version key.alg = NACL_ED25519 return key @@ -125,8 +125,8 @@ A VerifyKey object. """ if key_id.startswith(NACL_ED25519 + ":"): - version = key_id[len(NACL_ED25519) + 1:] - key = nacl.signing.VerifyKey(key_bytes) + version = key_id[len(NACL_ED25519) + 1 :] + key: VerifyKey = nacl.signing.VerifyKey(key_bytes) # type: ignore[assignment] key.version = version key.alg = NACL_ED25519 return key @@ -151,7 +151,7 @@ def read_old_signing_keys(stream): - # type: (Iterable[str]) -> List[VerifyKey] + # type: (Iterable[str]) -> List[VerifyKeyWithExpiry] """Reads a list of old keys from a stream Args: stream : A stream to iterate for keys. @@ -161,7 +161,9 @@ keys = [] for line in stream: algorithm, version, expired, key_base64 = line.split() - key = decode_verify_key_base64(algorithm, version, key_base64) + key: VerifyKeyWithExpiry = decode_verify_key_base64( + algorithm, version, key_base64 + ) # type: ignore[assignment] key.expired = int(expired) keys.append(key) return keys @@ -176,4 +178,11 @@ """ for key in keys: key_base64 = encode_signing_key_base64(key) - stream.write("%s %s %s\n" % (key.alg, key.version, key_base64,)) + stream.write( + "%s %s %s\n" + % ( + key.alg, + key.version, + key_base64, + ) + ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signedjson-1.1.1/signedjson/sign.py new/signedjson-1.1.4/signedjson/sign.py --- old/signedjson-1.1.1/signedjson/sign.py 2020-01-29 18:17:34.000000000 +0100 +++ new/signedjson-1.1.4/signedjson/sign.py 2022-03-08 19:01:34.000000000 +0100 @@ -61,8 +61,9 @@ return json_object -def signature_ids(json_object, signature_name, - supported_algorithms=SUPPORTED_ALGORITHMS): +def signature_ids( + json_object, signature_name, supported_algorithms=SUPPORTED_ALGORITHMS +): # type: (JsonDict, str, Iterable[str]) -> List[str] """Does the JSON object have a signature for the given name? Args: @@ -75,13 +76,13 @@ """ key_ids = json_object.get("signatures", {}).get(signature_name, {}).keys() return list( - key_id for key_id in key_ids - if key_id.split(":")[0] in supported_algorithms + key_id for key_id in key_ids if key_id.split(":")[0] in supported_algorithms ) class SignatureVerifyException(Exception): """A signature could not be verified""" + pass @@ -131,7 +132,10 @@ verify_key.verify(message, signature) except Exception as e: raise SignatureVerifyException( - "Unable to verify signature for %s: %s %s" % ( - signature_name, type(e), e, + "Unable to verify signature for %s: %s %s" + % ( + signature_name, + type(e), + e, ) ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signedjson-1.1.1/signedjson/types.py new/signedjson-1.1.4/signedjson/types.py --- old/signedjson-1.1.1/signedjson/types.py 2020-01-29 18:17:34.000000000 +0100 +++ new/signedjson-1.1.4/signedjson/types.py 2022-03-29 18:25:47.000000000 +0200 @@ -13,34 +13,53 @@ # See the License for the specific language governing permissions and # limitations under the License. +import sys +from typing import TYPE_CHECKING + import nacl.signing -from typing_extensions import Protocol + +if TYPE_CHECKING or sys.version_info < (3, 8, 0): + from typing_extensions import Protocol +else: + from typing import Protocol class BaseKey(Protocol): """Common base type for VerifyKey and SigningKey""" + version = "" # type: str alg = "" # type: str + def __bytes__(self) -> bytes: + pass + def encode(self): # type: () -> bytes - pass # pragma: nocover + pass # pragma: nocover class VerifyKey(BaseKey): """The public part of a key pair, for use with verify_signed_json""" + def verify(self, message, signature): # type: (bytes, bytes) -> bytes - pass # pragma: nocover + pass # pragma: nocover + + +class VerifyKeyWithExpiry(VerifyKey): + expired: int class SigningKey(BaseKey): """The private part of a key pair, for use with sign_json""" + def sign(self, message): # type: (bytes) -> nacl.signing.SignedMessage - pass # pragma: nocover + pass # pragma: nocover @property def verify_key(self): + # Note: use `signedjson.key.get_verify_key` to get a + # `signedjson.types.VerifyKey`. # type: () -> nacl.signing.VerifyKey - pass # pragma: nocover + pass # pragma: nocover diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signedjson-1.1.1/signedjson.egg-info/PKG-INFO new/signedjson-1.1.4/signedjson.egg-info/PKG-INFO --- old/signedjson-1.1.1/signedjson.egg-info/PKG-INFO 2020-03-27 20:48:21.000000000 +0100 +++ new/signedjson-1.1.4/signedjson.egg-info/PKG-INFO 2022-03-29 18:29:41.000000000 +0200 @@ -1,82 +1,83 @@ -Metadata-Version: 1.0 +Metadata-Version: 2.1 Name: signedjson -Version: 1.1.1 +Version: 1.1.4 Summary: Sign JSON with Ed25519 signatures -Home-page: UNKNOWN -Author: UNKNOWN -Author-email: UNKNOWN License: UNKNOWN -Description: Signed JSON - =========== - - .. image:: https://img.shields.io/pypi/v/signedjson.svg - :target: https://pypi.python.org/pypi/signedjson/ - :alt: Latest Version - - .. image:: https://img.shields.io/travis/matrix-org/python-signedjson.svg - :target: https://travis-ci.org/matrix-org/python-signedjson - - - Signs JSON objects with ED25519 signatures. - - - Features - -------- - - * More than one entity can sign the same object. - * Each entity can sign the object with more than one key making it easier to - rotate keys - * ED25519 can be replaced with a different algorithm. - * Unprotected data can be added to the object under the ``"unsigned"`` key. - - - Installing - ---------- - - .. code:: bash - - pip install signedjson - - Using - ----- - - .. code:: python - - from signedjson.key import generate_signing_key, get_verify_key - from signedjson.sign import ( - sign_json, verify_signed_json, SignatureVerifyException - ) - - signing_key = generate_signing_key('zxcvb') - signed_json = sign_json({'my_key': 'my_data'}, 'Alice', signing_key) - - verify_key = get_verify_key(signing_key) - - try: - verify_signed_json(signed_json, 'Alice', verify_key) - print 'Signature is valid' - except SignatureVerifyException: - print 'Signature is invalid' - - Format - ------ - - .. code:: json - - { - "<protected_name>": "<protected_value>", - "signatures": { - "<entity_name>": { - "ed25519:<key_id>": "<unpadded_base64_signature>" - } - }, - "unsigned": { - "<unprotected_name>": "<unprotected_value>", - } - } - - - - Keywords: json Platform: UNKNOWN +Provides-Extra: dev +License-File: LICENSE + +Signed JSON +=========== + +.. image:: https://img.shields.io/pypi/v/signedjson.svg + :target: https://pypi.python.org/pypi/signedjson/ + :alt: Latest Version + +.. image:: https://img.shields.io/travis/matrix-org/python-signedjson.svg + :target: https://travis-ci.org/matrix-org/python-signedjson + + +Signs JSON objects with ED25519 signatures. + + +Features +-------- + +* More than one entity can sign the same object. +* Each entity can sign the object with more than one key making it easier to + rotate keys +* ED25519 can be replaced with a different algorithm. +* Unprotected data can be added to the object under the ``"unsigned"`` key. + + +Installing +---------- + +.. code:: bash + + pip install signedjson + +Using +----- + +.. code:: python + + from signedjson.key import generate_signing_key, get_verify_key + from signedjson.sign import ( + sign_json, verify_signed_json, SignatureVerifyException + ) + + signing_key = generate_signing_key('zxcvb') + signed_json = sign_json({'my_key': 'my_data'}, 'Alice', signing_key) + + verify_key = get_verify_key(signing_key) + + try: + verify_signed_json(signed_json, 'Alice', verify_key) + print 'Signature is valid' + except SignatureVerifyException: + print 'Signature is invalid' + +Format +------ + +.. code:: json + + { + "<protected_name>": "<protected_value>", + "signatures": { + "<entity_name>": { + "ed25519:<key_id>": "<unpadded_base64_signature>" + } + }, + "unsigned": { + "<unprotected_name>": "<unprotected_value>", + } + } + + + + + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signedjson-1.1.1/signedjson.egg-info/SOURCES.txt new/signedjson-1.1.4/signedjson.egg-info/SOURCES.txt --- old/signedjson-1.1.1/signedjson.egg-info/SOURCES.txt 2020-03-27 20:48:21.000000000 +0100 +++ new/signedjson-1.1.4/signedjson.egg-info/SOURCES.txt 2022-03-29 18:29:42.000000000 +0200 @@ -1,15 +1,19 @@ +.flake8 .gitignore .travis.yml CHANGELOG.md LICENSE MANIFEST.in README.rst +RELEASING.md pyproject.toml setup.py tox.ini +.github/CODEOWNERS changelog.d/.gitignore signedjson/__init__.py signedjson/key.py +signedjson/py.typed signedjson/sign.py signedjson/types.py signedjson.egg-info/PKG-INFO diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signedjson-1.1.1/signedjson.egg-info/requires.txt new/signedjson-1.1.4/signedjson.egg-info/requires.txt --- old/signedjson-1.1.1/signedjson.egg-info/requires.txt 2020-03-27 20:48:21.000000000 +0100 +++ new/signedjson-1.1.4/signedjson.egg-info/requires.txt 2022-03-29 18:29:42.000000000 +0200 @@ -1,8 +1,13 @@ canonicaljson>=1.0.0 -importlib_metadata -pynacl>=0.3.0 -typing_extensions>=3.5 unpaddedbase64>=1.0.1 +pynacl>=0.3.0 [:python_version < "3.5"] typing>=3.5 + +[:python_version < "3.8"] +typing_extensions>=3.5 +importlib_metadata + +[dev] +typing_extensions>=3.5 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signedjson-1.1.1/tests/test_key.py new/signedjson-1.1.4/tests/test_key.py --- old/signedjson-1.1.1/tests/test_key.py 2020-03-27 17:13:12.000000000 +0100 +++ new/signedjson-1.1.4/tests/test_key.py 2022-03-08 19:01:34.000000000 +0100 @@ -19,8 +19,8 @@ def test_generate_key(self): my_version = "my_version" my_key = generate_signing_key(my_version) - self.assertEquals(my_key.alg, "ed25519") - self.assertEquals(my_key.version, my_version) + self.assertEqual(my_key.alg, "ed25519") + self.assertEqual(my_key.version, my_version) class DecodeTestCase(unittest.TestCase): @@ -35,8 +35,8 @@ decoded_key = decode_signing_key_base64( "ed25519", self.version, self.key_base64 ) - self.assertEquals(decoded_key.alg, "ed25519") - self.assertEquals(decoded_key.version, self.version) + self.assertEqual(decoded_key.alg, "ed25519") + self.assertEqual(decoded_key.version, self.version) def test_decode_invalid_base64(self): with self.assertRaises(Exception): @@ -54,8 +54,8 @@ decoded_key = decode_verify_key_base64( "ed25519", self.version, self.verify_key_base64 ) - self.assertEquals(decoded_key.alg, "ed25519") - self.assertEquals(decoded_key.version, self.version) + self.assertEqual(decoded_key.alg, "ed25519") + self.assertEqual(decoded_key.version, self.version) def test_decode_verify_key_invalid_base64(self): with self.assertRaises(Exception): @@ -72,12 +72,12 @@ def test_read_keys(self): stream = ["ed25519 %s %s" % (self.version, self.key_base64)] keys = read_signing_keys(stream) - self.assertEquals(len(keys), 1) + self.assertEqual(len(keys), 1) def test_read_old_keys(self): stream = ["ed25519 %s 0 %s" % (self.version, self.verify_key_base64)] keys = read_old_signing_keys(stream) - self.assertEquals(len(keys), 1) + self.assertEqual(len(keys), 1) def test_decode_verify_invalid_algorithm(self): with self.assertRaises(Exception): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signedjson-1.1.1/tests/test_known_key.py new/signedjson-1.1.4/tests/test_known_key.py --- old/signedjson-1.1.1/tests/test_known_key.py 2020-01-03 11:01:04.000000000 +0100 +++ new/signedjson-1.1.4/tests/test_known_key.py 2022-03-08 19:01:34.000000000 +0100 @@ -16,15 +16,12 @@ import unittest -from unpaddedbase64 import decode_base64 - import nacl.signing +from unpaddedbase64 import decode_base64 from signedjson.sign import sign_json -SIGNING_KEY_SEED = decode_base64( - "YJDBA9Xnr2sVqXD9Vj7XVUnmFZcZrlw8Md7kMW+3XA1" -) +SIGNING_KEY_SEED = decode_base64("YJDBA9Xnr2sVqXD9Vj7XVUnmFZcZrlw8Md7kMW+3XA1") KEY_ALG = "ed25519" KEY_VER = 1 @@ -32,8 +29,8 @@ class KnownKeyTestCase(unittest.TestCase): - """ An entirely deterministic test using a given signing key seed, so that - other implementations can compare that they get the same result. """ + """An entirely deterministic test using a given signing key seed, so that + other implementations can compare that they get the same result.""" def setUp(self): self.signing_key = nacl.signing.SigningKey(SIGNING_KEY_SEED) @@ -41,29 +38,29 @@ self.signing_key.version = KEY_VER def test_sign_minimal(self): - self.assertEquals( + self.assertEqual( sign_json({}, "domain", self.signing_key), { - 'signatures': { - 'domain': { + "signatures": { + "domain": { KEY_NAME: "K8280/U9SSy9IVtjBuVeLr+HpOB4BQFWbg+UZaADMt" "TdGYI7Geitb76LTrr5QV/7Xg4ahLwYGYZzuHGZKM5ZAQ" }, } - } + }, ) def test_sign_with_data(self): - self.assertEquals( - sign_json({'one': 1, 'two': "Two"}, "domain", self.signing_key), + self.assertEqual( + sign_json({"one": 1, "two": "Two"}, "domain", self.signing_key), { - 'one': 1, - 'two': "Two", - 'signatures': { - 'domain': { + "one": 1, + "two": "Two", + "signatures": { + "domain": { KEY_NAME: "KqmLSbO39/Bzb0QIYE82zqLwsA+PDzYIpIRA2sRQ4s" "L53+sN6/fpNSoqE7BP7vBZhG6kYdD13EIMJpvhJI+6Bw" }, - } - } + }, + }, ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signedjson-1.1.1/tests/test_sign.py new/signedjson-1.1.4/tests/test_sign.py --- old/signedjson-1.1.1/tests/test_sign.py 2020-01-03 11:01:04.000000000 +0100 +++ new/signedjson-1.1.4/tests/test_sign.py 2022-03-08 19:01:34.000000000 +0100 @@ -19,54 +19,54 @@ from unpaddedbase64 import encode_base64 from signedjson.sign import ( - sign_json, verify_signed_json, signature_ids, SignatureVerifyException + SignatureVerifyException, + sign_json, + signature_ids, + verify_signed_json, ) class JsonSignTestCase(unittest.TestCase): def setUp(self): - self.message = {'foo': 'bar', 'unsigned': {}} + self.message = {"foo": "bar", "unsigned": {}} self.sigkey = MockSigningKey() - self.assertEqual(self.sigkey.alg, 'mock') - self.signed = sign_json(self.message, 'Alice', self.sigkey) + self.assertEqual(self.sigkey.alg, "mock") + self.signed = sign_json(self.message, "Alice", self.sigkey) self.verkey = MockVerifyKey() def test_sign_and_verify(self): - self.assertIn('signatures', self.signed) - self.assertIn('Alice', self.signed['signatures']) - self.assertIn('mock:test', self.signed['signatures']['Alice']) + self.assertIn("signatures", self.signed) + self.assertIn("Alice", self.signed["signatures"]) + self.assertIn("mock:test", self.signed["signatures"]["Alice"]) self.assertEqual( - self.signed['signatures']['Alice']['mock:test'], - encode_base64(b'x_______') + self.signed["signatures"]["Alice"]["mock:test"], encode_base64(b"x_______") ) self.assertEqual(self.sigkey.signed_bytes, b'{"foo":"bar"}') - verify_signed_json(self.signed, 'Alice', self.verkey) + verify_signed_json(self.signed, "Alice", self.verkey) def test_signature_ids(self): - key_ids = signature_ids( - self.signed, 'Alice', supported_algorithms=['mock'] - ) - self.assertListEqual(key_ids, ['mock:test']) + key_ids = signature_ids(self.signed, "Alice", supported_algorithms=["mock"]) + self.assertListEqual(key_ids, ["mock:test"]) def test_verify_fail(self): - self.signed['signatures']['Alice']['mock:test'] = encode_base64( - b'not a signature' + self.signed["signatures"]["Alice"]["mock:test"] = encode_base64( + b"not a signature" ) with self.assertRaises(SignatureVerifyException): - verify_signed_json(self.signed, 'Alice', self.verkey) + verify_signed_json(self.signed, "Alice", self.verkey) def test_verify_fail_no_signatures(self): with self.assertRaises(SignatureVerifyException): - verify_signed_json({}, 'Alice', self.verkey) + verify_signed_json({}, "Alice", self.verkey) def test_verify_fail_no_signature_for_alice(self): with self.assertRaises(SignatureVerifyException): - verify_signed_json({'signatures': {}}, 'Alice', self.verkey) + verify_signed_json({"signatures": {}}, "Alice", self.verkey) def test_verify_fail_not_base64(self): - invalid = {'signatures': {'Alice': {'mock:test': 'not base64'}}} + invalid = {"signatures": {"Alice": {"mock:test": "not base64"}}} with self.assertRaises(SignatureVerifyException): - verify_signed_json(invalid, 'Alice', self.verkey) + verify_signed_json(invalid, "Alice", self.verkey) class MockSigningKey(object):