Hello community, here is the log from the commit of package ghc-jose-jwt for openSUSE:Factory checked in at 2017-06-04 01:54:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghc-jose-jwt (Old) and /work/SRC/openSUSE:Factory/.ghc-jose-jwt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-jose-jwt" Sun Jun 4 01:54:15 2017 rev:4 rq:494168 version:0.7.6 Changes: -------- --- /work/SRC/openSUSE:Factory/ghc-jose-jwt/ghc-jose-jwt.changes 2017-03-18 20:50:08.509352596 +0100 +++ /work/SRC/openSUSE:Factory/.ghc-jose-jwt.new/ghc-jose-jwt.changes 2017-06-04 01:54:18.143047631 +0200 @@ -1,0 +2,5 @@ +Mon Apr 24 12:33:16 UTC 2017 - [email protected] + +- Update to version 0.7.6 with cabal2obs. + +------------------------------------------------------------------- Old: ---- jose-jwt-0.7.5.tar.gz New: ---- jose-jwt-0.7.6.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghc-jose-jwt.spec ++++++ --- /var/tmp/diff_new_pack.Rf9bvj/_old 2017-06-04 01:54:19.846806921 +0200 +++ /var/tmp/diff_new_pack.Rf9bvj/_new 2017-06-04 01:54:19.846806921 +0200 @@ -19,7 +19,7 @@ %global pkg_name jose-jwt %bcond_with tests Name: ghc-%{pkg_name} -Version: 0.7.5 +Version: 0.7.6 Release: 0 Summary: JSON Object Signing and Encryption Library License: BSD-3-Clause ++++++ jose-jwt-0.7.5.tar.gz -> jose-jwt-0.7.6.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jose-jwt-0.7.5/CHANGELOG.md new/jose-jwt-0.7.6/CHANGELOG.md --- old/jose-jwt-0.7.5/CHANGELOG.md 2017-02-18 20:35:55.000000000 +0100 +++ new/jose-jwt-0.7.6/CHANGELOG.md 2017-04-16 23:40:12.000000000 +0200 @@ -1,7 +1,13 @@ +0.7.6 +----- + +* Fixed exception when JWT contained invalid Base64 (issue #15). +* Add generateSymmetricKey utility function to Jwk module. + 0.7.5 ----- -* A JWT parser is now used to separate parsing and decoding into separaate stages (internal change). +* A JWT parser is now used to separate parsing and decoding into separate stages (internal change). 0.7.4 ----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jose-jwt-0.7.5/Jose/Internal/Parser.hs new/jose-jwt-0.7.6/Jose/Internal/Parser.hs --- old/jose-jwt-0.7.5/Jose/Internal/Parser.hs 2017-02-18 20:00:10.000000000 +0100 +++ new/jose-jwt-0.7.6/Jose/Internal/Parser.hs 2017-04-16 23:30:17.000000000 +0200 @@ -139,4 +139,4 @@ b64Decode :: ByteString -> P.Parser ByteString -b64Decode bs = either (fail "Invalid Base64") return $ convertFromBase Base64URLUnpadded bs +b64Decode bs = either (const (fail "Invalid Base64")) return $ convertFromBase Base64URLUnpadded bs diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jose-jwt-0.7.5/Jose/Jwe.hs new/jose-jwt-0.7.6/Jose/Jwe.hs --- old/jose-jwt-0.7.5/Jose/Jwe.hs 2017-02-17 02:46:40.000000000 +0100 +++ new/jose-jwt-0.7.6/Jose/Jwe.hs 2017-04-16 22:56:14.000000000 +0200 @@ -1,16 +1,37 @@ {-# LANGUAGE OverloadedStrings #-} --- | JWE RSA encrypted token support. +-- | JWE encrypted token support. -- --- Example usage: +-- To create a JWE, you need to select two algorithms. One is an AES algorithm +-- used to encrypt the content of your token (for example, @A128GCM@), for which +-- a single-use key is generated internally. The second is used to encrypt +-- this content-encryption key and can be either an RSA or AES-keywrap algorithm. +-- You need to generate a suitable key to use with this, or load one from storage. +-- +-- AES is much faster and creates shorter tokens, but both the encoder and decoder +-- of the token need to have a copy of the key, which they must keep secret. With +-- RSA anyone can send you a JWE if they have a copy of your public key. +-- +-- In the example below, we show encoding and decoding using a 512 byte RSA key pair +-- (in practice you would use a larger key-size, for example 2048 bytes): -- -- >>> import Jose.Jwe -- >>> import Jose.Jwa --- >>> import Crypto.PubKey.RSA --- >>> (kPub, kPr) <- generate 512 65537 --- >>> Right (Jwt jwt) <- rsaEncode RSA_OAEP A128GCM kPub "secret claims" --- >>> rsaDecode kPr jwt --- Right (JweHeader {jweAlg = RSA_OAEP, jweEnc = A128GCM, jweTyp = Nothing, jweCty = Nothing, jweZip = Nothing, jweKid = Nothing},"secret claims") +-- >>> import Jose.Jwk (generateRsaKeyPair, generateSymmetricKey, KeyUse(Enc), KeyId) +-- >>> (kPub, kPr) <- generateRsaKeyPair 512 (KeyId "My RSA Key") Enc Nothing +-- >>> Right (Jwt jwt) <- jwkEncode RSA_OAEP A128GCM kPub (Claims "secret claims") +-- >>> Right (Jwe (hdr, claims)) <- jwkDecode kPr jwt +-- >>> claims +-- "secret claims" +-- +-- Using 128-bit AES keywrap is very similar, the main difference is that +-- we generate a 128-bit symmetric key: +-- +-- >>> aesKey <- generateSymmetricKey 16 (KeyId "My Keywrap Key") Enc Nothing +-- >>> Right (Jwt jwt) <- jwkEncode A128KW A128GCM aesKey (Claims "more secret claims") +-- >>> Right (Jwe (hdr, claims)) <- jwkDecode aesKey jwt +-- >>> claims +-- "more secret claims" module Jose.Jwe ( jwkEncode diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jose-jwt-0.7.5/Jose/Jwk.hs new/jose-jwt-0.7.6/Jose/Jwk.hs --- old/jose-jwt-0.7.5/Jose/Jwk.hs 2016-12-26 23:59:55.000000000 +0100 +++ new/jose-jwt-0.7.6/Jose/Jwk.hs 2017-04-14 00:34:13.000000000 +0200 @@ -15,12 +15,13 @@ , canEncodeJws , canEncodeJwe , generateRsaKeyPair + , generateSymmetricKey ) where import Control.Applicative (pure) import Control.Monad (unless) -import Crypto.Random (MonadRandom) +import Crypto.Random (MonadRandom, getRandomBytes) import qualified Crypto.PubKey.RSA as RSA import qualified Crypto.PubKey.ECC.ECDSA as ECDSA import qualified Crypto.PubKey.ECC.Types as ECC @@ -73,6 +74,16 @@ (kPub, kPr) <- RSA.generate nBytes 65537 return (RsaPublicJwk kPub (Just id') (Just kuse) kalg, RsaPrivateJwk kPr (Just id') (Just kuse) kalg) +generateSymmetricKey :: (MonadRandom m) + => Int + -> KeyId + -> KeyUse + -> Maybe Alg + -> m Jwk +generateSymmetricKey size id' kuse kalg = do + k <- getRandomBytes size + return $ SymmetricJwk k (Just id') (Just kuse) kalg + isPublic :: Jwk -> Bool isPublic RsaPublicJwk {} = True isPublic EcPublicJwk {} = True diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jose-jwt-0.7.5/Jose/Jwt.hs new/jose-jwt-0.7.6/Jose/Jwt.hs --- old/jose-jwt-0.7.5/Jose/Jwt.hs 2017-02-18 19:11:26.000000000 +0100 +++ new/jose-jwt-0.7.6/Jose/Jwt.hs 2017-04-13 23:54:22.000000000 +0200 @@ -3,7 +3,9 @@ -- | High-level JWT encoding and decoding. -- --- Example usage: +-- See the Jose.Jws and Jose.Jwe modules for specific JWS and JWE examples. +-- +-- Example usage with a key stored as a JWK: -- -- >>> import Jose.Jwe -- >>> import Jose.Jwa diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jose-jwt-0.7.5/jose-jwt.cabal new/jose-jwt-0.7.6/jose-jwt.cabal --- old/jose-jwt-0.7.5/jose-jwt.cabal 2017-02-18 20:39:04.000000000 +0100 +++ new/jose-jwt-0.7.6/jose-jwt.cabal 2017-04-16 23:50:23.000000000 +0200 @@ -1,5 +1,5 @@ Name: jose-jwt -Version: 0.7.5 +Version: 0.7.6 Synopsis: JSON Object Signing and Encryption Library Homepage: http://github.com/tekul/jose-jwt Bug-Reports: http://github.com/tekul/jose-jwt/issues diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jose-jwt-0.7.5/tests/Tests/JweSpec.hs new/jose-jwt-0.7.6/tests/Tests/JweSpec.hs --- old/jose-jwt-0.7.5/tests/Tests/JweSpec.hs 2017-02-17 02:46:40.000000000 +0100 +++ new/jose-jwt-0.7.6/tests/Tests/JweSpec.hs 2017-04-16 23:01:19.000000000 +0200 @@ -150,6 +150,8 @@ unpad "111\t\t\t\t\t\t\t" @?= Nothing it "Padding byte which matches padding length is OK" $ unpad "1111111\t\t\t\t\t\t\t\t\t" @?= Just "1111111" + it "Rejects invalid Base64 JWT" $ + withBlinder (Jwe.rsaDecode a2PrivKey "=.") @?= Left BadCrypto -- verboseQuickCheckWith quickCheckWith stdArgs {maxSuccess=10000} jweRoundTrip jweRoundTrip :: RNG -> JWEAlgs -> [Word8] -> Bool
