[Pkg-freeipa-devel] python-jwcrypto: Changes to 'master'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Fri Oct 2 10:09:01 UTC 2015
New branch 'master' available with the following commits:
commit 922f7a0145a2100fd6d5b75721b792c3b91537a1
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Oct 2 13:08:48 2015 +0300
initial packaging
commit 8352a0578065950994e0edbeccf6b687f511498a
Author: Simo Sorce <simo at redhat.com>
Date: Sat Aug 1 14:53:04 2015 -0400
Raise version to 0.2.1
Signed-off-by: Simo Sorce <simo at redhat.com>
commit aa326a62e6baac1c8b8dff020b7cd8672dc87a81
Author: Christian Heimes <cheimes at redhat.com>
Date: Mon Jul 13 12:13:52 2015 +0200
Add Travis CI support
The .travis.yml configures Travis CI. We only need Python 2.7 as the
rest is handled by different tox environments. In order to enable
Travis CI, please read http://docs.travis-ci.com/user/getting-started/ and
do step 1) and step 2).
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-by: Simo Sorce <simo at redhat.com>
Closes #11
commit 367e97c6c9869c3377ca98ed76186f5bc7268c96
Author: Simo Sorce <simo at redhat.com>
Date: Mon Jul 27 05:23:25 2015 -0400
Fix bug in generating EC curves
The EC curves use 'crv' to store the curve name, not curve.
Support both and make sure params['crv'] is set once generation is done or
the generated key will be non-functional as get_curve() will fail.
Signed-off-by: Simo Sorce <simo at redhat.com>
Closes #12
commit ca203fcd91575b57070dd479799b293b00d200be
Author: Christian Heimes <cheimes at redhat.com>
Date: Fri Jul 10 18:58:02 2015 +0200
Add automated testing with tox
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-by: Simo Sorce <simo at redhat.com>
Closes #10
commit bd27b6225b0c6d2c2db6de51f4715d4d62b68368
Author: Christian Heimes <cheimes at redhat.com>
Date: Fri Jul 10 18:55:52 2015 +0200
Correct sphinx issues
reStructured text wants four space indentions for parameter
continuation. The empty .gitignore ensures that the static_html
directory exists in fresh checkout.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-by: Simo Sorce <simo at redhat.com>
commit 9e4bcbfaebfa3df0a2955b7128f915ebde90d306
Author: Simo Sorce <simo at redhat.com>
Date: Wed Jul 8 15:02:26 2015 -0400
Fix tests on py34
Need to decode encrypted payloads as they are returned (correctly)
as binary arrays.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 392fe501ae4bcd4448d30665f2e260f74ab768b9
Author: Simo Sorce <simo at redhat.com>
Date: Wed Jul 1 06:42:44 2015 -0400
Fix generation of symmetric keys
Symmetric keys are stored base64 encoded. The generation code was storing
them as raw bytes instead.
Thanks to Frank Siebelinst for reporting the issue and suggesting a fix.
Closes #9
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 9d52a18adc42e88373b8502709ec2f313478023f
Author: Simo Sorce <simo at redhat.com>
Date: Tue Jun 30 14:02:19 2015 -0400
Fix export_public to return also all public params
Signed-off-by: Simo Sorce <simo at redhat.com>
commit dbeabb874b5fcf1e39774ee7c0717798273f1d17
Author: Simo Sorce <simo at redhat.com>
Date: Tue Jun 30 13:37:23 2015 -0400
Document 2 JWK properties
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 1d4a95ef8fab7d622d5a1f34afc5a79ce8b82147
Author: Simo Sorce <simo at redhat.com>
Date: Tue Jun 16 09:50:51 2015 -0400
Raise version to 0.2.0
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 451427907f256864a4f87a05528713cb1fb5c694
Author: Patrick Uiterwijk <puiterwijk at redhat.com>
Date: Tue Jun 16 15:41:40 2015 +0200
Switch to setuptools
Closes #6
Closes #7
Signed-off-by: Patrick Uiterwijk <puiterwijk at redhat.com>
Reviewed-by: Simo Sorce <simo at redhat.com>
commit a47af83ce1626533ae1f4d5402293c0ca671e811
Author: Simo Sorce <simo at redhat.com>
Date: Mon May 25 13:08:15 2015 -0400
The JOSE stanards have been approved
Replace all pointers to the drafts with pointers to the assigned RFC numbers.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 0ac5f17e4921f07fd78f4c40649466b4b500c00e
Author: Simo Sorce <simo at redhat.com>
Date: Fri May 8 14:33:34 2015 -0400
Add method to export only the public part of a key
Signed-off-by: Simo Sorce <simo at redhat.com>
commit ff0c94d8e891d90dbeff13b7bd20137aadab54ce
Author: Simo Sorce <simo at redhat.com>
Date: Wed Apr 29 12:07:03 2015 -0400
Fix typo in JWS docs
Signed-off-by: Simo Sorce <simo at redhat.com>
commit f026fbacf44c0d5c335d9524590bc71f57f3c655
Author: Simo Sorce <simo at redhat.com>
Date: Mon May 25 13:12:24 2015 -0400
Remove pylint star-args exceptions
Newer pylint version completely removed the star-args warning, including
recognizing the exception in the source code.
Remove it from all source code to avoid annoyinf pylint errors about
unrecognized exceptions, and add a general exception in the pylint makefile
invocation, as apparently it is ok there. This will avoid warnings if older
versions of pylint are used.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 0060099b16405b55636f9f660590f90cb909ed90
Author: Simo Sorce <simo at redhat.com>
Date: Mon Apr 27 18:28:00 2015 -0400
Add facility to generate new keys
And tests to test keys creation
Signed-off-by: Simo Sorce <simo at redhat.com>
commit db4c6bc44e13bf22ea01b0c450f2ef12b39cd2ce
Author: Simo Sorce <simo at redhat.com>
Date: Wed Apr 15 23:54:34 2015 -0400
JWT: Add support for allowed algorithms
Allow to pass in a list of allowed algorithms. If provided this list
will be enforced on token verification/decryption.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit b1f923d8291b77880e6d425905d7c95f0790f91c
Author: Simo Sorce <simo at redhat.com>
Date: Wed Apr 15 23:54:34 2015 -0400
JWE: Add property to change the allowed algorithms
Add the same property just added for the JWS object to the JWE.
Also adds a module level variable with the default allowed algs.
This list regulates both Key Management Algorithms as well as
content encryption algorithms in a single list. There is no name
conflict so combining in one list simplifies use and cause no
issues.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 6cf24a1d0961456d44a4d140a1df445b70b350e0
Author: Simo Sorce <simo at redhat.com>
Date: Wed Apr 15 23:54:34 2015 -0400
Add property to change the allowed algorithms
Also adds a module level variable with the default allowed algs.
This list explicitly excludes 'none' as the spec suggests that
the 'none' alg should be used only if the application explicitly
allows it.
Tests adjusted accordingly.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 74070abd080d1198de2f537e7e7958fde8e61890
Author: Simo Sorce <simo at redhat.com>
Date: Wed Apr 15 17:29:41 2015 -0400
Fix Direct Encryption compact serialization
When using Direct encryption no Encrypted Key is generated.
When generating the compact serialization we need to set an empty
key if no encrypted_key is available.
Check we do not regres by adding a compact serialization step in
the Direct Encryption cookbook test.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 04b328366764d32924d9f7c624007ac79e44b5b7
Author: Simo Sorce <simo at redhat.com>
Date: Wed Apr 15 12:39:26 2015 -0400
Add docs URL
Signed-off-by: Simo Sorce <simo at redhat.com>
commit f123866b7eb0ffa4a06255c144464c61f2adf32e
Author: Simo Sorce <simo at redhat.com>
Date: Wed Apr 15 12:24:29 2015 -0400
Update README file
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 74fb5ce91a863973316eac080b7be82e2b6153aa
Author: Simo Sorce <simo at redhat.com>
Date: Wed Apr 15 12:10:22 2015 -0400
Update setup.py
Signed-off-by: Simo Sorce <simo at redhat.com>
commit fb613efca1d64611e02615f3adca94d68bdbd69f
Author: Simo Sorce <simo at redhat.com>
Date: Wed Apr 15 12:09:11 2015 -0400
Add docs for JWT
Signed-off-by: Simo Sorce <simo at redhat.com>
commit c5a83c3d22fbb8fd419bff15c5ed59074934f87c
Author: Simo Sorce <simo at redhat.com>
Date: Wed Apr 15 11:52:09 2015 -0400
Add docs for JWE
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 01dd6faafe30772680c8c56185cf9b4c296f701e
Author: Simo Sorce <simo at redhat.com>
Date: Tue Apr 14 15:22:30 2015 -0400
Add docs for JWS
Signed-off-by: Simo Sorce <simo at redhat.com>
commit c74b6eb8bf867376403d445e9b4e1e607e625a64
Author: Simo Sorce <simo at redhat.com>
Date: Tue Apr 14 14:54:14 2015 -0400
Add docs for JWK
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 10d8bb553dcda5229a9de626455afeb3fe578e97
Author: Simo Sorce <simo at redhat.com>
Date: Tue Apr 14 11:52:44 2015 -0400
Add skeleton, sphinx based, documentation tree
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 575b568f9e10459aa00f3f9188e4eee4973b477c
Author: Simo Sorce <simo at redhat.com>
Date: Tue Apr 14 15:57:52 2015 -0400
JWE: make internal functions private
Signed-off-by: Simo Sorce <simo at redhat.com>
commit d546bcc56ba426b2c2518b72b7f7b019cb1e01be
Author: Simo Sorce <simo at redhat.com>
Date: Tue Apr 14 15:13:54 2015 -0400
JWS: make internal functions private
Signed-off-by: Simo Sorce <simo at redhat.com>
commit fcc6f34a65d3e842285ff4f53dc89bb9604a3d25
Author: Simo Sorce <simo at redhat.com>
Date: Mon Apr 13 23:16:34 2015 -0400
Add support for JWT
JWT is the implementation of draft-ietf-oauth-json-web-token-32
Nesting is not explicitly supported for now.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit c17c9b79517a00029841c32f50a6cc1c8fd89875
Author: Simo Sorce <simo at redhat.com>
Date: Mon Apr 13 22:22:09 2015 -0400
JWE: Fix compact serialization
Compact was failing for single recipient JWEs
Signed-off-by: Simo Sorce <simo at redhat.com>
commit b69aaeee46b0475a5c63af1245865e2ca6d2d44a
Author: Simo Sorce <simo at redhat.com>
Date: Mon Apr 13 14:58:09 2015 -0400
Add way to get JOSE header(s) to both JWs and JWE
This property allows to retrieve the (merged) JOSE header(s) from a an
object regardless of whether it is a JWE or JWS token.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit b4712a01fcafc4e381379108f3310f184c2e4080
Author: Simo Sorce <simo at redhat.com>
Date: Mon Apr 13 14:31:24 2015 -0400
Add a 'payload' property to both JWS and JWE
Use the common term 'payload' and make it a property to access the
token's payload message. Allow access only if th payload has been
successfully validated or decrypted, raise otherwise
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 924661521a4e88a39f9c745499a2cd239aff5e3e
Author: Simo Sorce <simo at redhat.com>
Date: Mon Apr 13 14:06:32 2015 -0400
JWS: Add explicit, separate verify step
Instead of always assuming we can verify with a key at deserialization
time, allow a key to be None and perform verification as a separate step.
The code reads better and we can easily try multiple keys after
deserialization is performed once. this also gets rid of the paramter
to raise on error, as a None key takes the role of not raising on
verification errors (still raises on format errors, but that is fine.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 3323b32efae3f547fcf852f0a45526d34b3b280e
Author: Simo Sorce <simo at redhat.com>
Date: Sun Apr 12 17:05:56 2015 -0400
JWE: Add explicit decrypt step
It may be useful to perform the deserialization and decryption steps
separately.
The decrypt() step assumes the caller already called the deserialize()
function, and accepts only one key.
The decrypt step will allow a caller to try multiple keys, by simply
calling decrypt() multiple times.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 03b2c54ed07a634ac0a4bcc7d1a6df8ba0bfb323
Author: Simo Sorce <simo at redhat.com>
Date: Fri Apr 10 14:46:52 2015 -0400
Python3 compatibility: string vs bytes fixes
Signed-off-by: Simo Sorce <simo at redhat.com>
commit ec0aa182f6422d74acdd1ee87df57e35a06f9ff6
Author: Simo Sorce <simo at redhat.com>
Date: Fri Apr 10 14:47:38 2015 -0400
Python3 compatibility: bytes are bytes
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 9907ab4b87a07aaf44c7cc2f7cae6e7f580c4b22
Author: Simo Sorce <simo at redhat.com>
Date: Fri Apr 10 14:47:38 2015 -0400
Python3 compatibility: dict_keys to list
Signed-off-by: Simo Sorce <simo at redhat.com>
commit fa7b215579371f0e55019817b5b8ad7cae1c2a9e
Author: Simo Sorce <simo at redhat.com>
Date: Fri Apr 10 14:47:38 2015 -0400
Python3 compatibility: explicit integer division
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 8facc635fc84204956b9f5ca85da963bd3d95857
Author: Simo Sorce <simo at redhat.com>
Date: Fri Apr 10 14:47:38 2015 -0400
Python3 compatibility: use (un)hexlify
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 0da63c9a8d65894660dffb56141aa54012c8a36e
Author: Simo Sorce <simo at redhat.com>
Date: Fri Apr 10 13:27:31 2015 -0400
Python3 compatibility: exceptions usage
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 6a892e5d40619145fe26a56da11bca71f7ca2bda
Author: Simo Sorce <simo at redhat.com>
Date: Thu Apr 9 10:52:48 2015 -0400
Add Encryption tests from jose-cookbook-08
Signed-off-by: Simo Sorce <simo at redhat.com>
commit fac82721cc883085286ac6af0f4e0897485d7166
Author: Simo Sorce <simo at redhat.com>
Date: Fri Apr 10 11:50:23 2015 -0400
Provide JSON helpers for encoding/decoding
This way we can always use the right options (like no spaces on dumps)
and we have only one place to change should we find out something was
missed.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit acf8e2a67c5a7998d894790b5dfe08d7f40ea248
Author: Simo Sorce <simo at redhat.com>
Date: Fri Apr 10 11:39:31 2015 -0400
Improve exception reporting for JWE
Signed-off-by: Simo Sorce <simo at redhat.com>
commit e253473634437f4b9139870219d3b9903dd0d932
Author: Simo Sorce <simo at redhat.com>
Date: Thu Apr 9 18:27:01 2015 -0400
Fix direct decryption
- The compact representation should simply not set the encrypted_key
when absent, not set the empty string, like the general representation.
- When using direct, default to an empty string for the EK instead of
None, as _direct() checks for it explicitly to be the empty string.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 42a03425e145c074a39712e57571029c03e6527b
Author: Simo Sorce <simo at redhat.com>
Date: Wed Apr 8 16:28:59 2015 -0400
Add Signing tests from jose-cookbook-08
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 06d7af2c762311d1956aae424e92338e87398e0d
Author: Simo Sorce <simo at redhat.com>
Date: Wed Apr 8 18:25:22 2015 -0400
The protected header is not mandatory in JWS
Fix code and tests to allow it to be missing as long as the caller
provides it in the unprotcted header or directly to the appropriate
functions.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 2dc8c74eb93abf86c8eae5569b7b6b5839e1c8a0
Author: Simo Sorce <simo at redhat.com>
Date: Wed Apr 8 17:10:14 2015 -0400
Fix digest_size of RSASSA-PSS Signatures
JWA Requires the salt_lenght to be the same size of the output of
the message digest function used, not the maximum possible.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit f3b8fe4a10daaf482edf70cce428a4981553f744
Author: Simo Sorce <simo at redhat.com>
Date: Wed Apr 8 15:53:23 2015 -0400
Fix merging of headers
The json string was used instead of the unparsed dictionary, causing
any merge of headers to actually fail
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 21b31293702d1cc774e623feef05b08d7cb25f2b
Author: Simo Sorce <simo at redhat.com>
Date: Wed Apr 8 15:52:58 2015 -0400
Improve exception handling on verification
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 860cfbf4d2dd2fae71856554778f497abe22a30c
Author: Simo Sorce <simo at redhat.com>
Date: Wed Apr 8 15:33:09 2015 -0400
Raise by default on verification failures
If the previous behavior is wanted simply pass in raise_invalid=False
This highlighted a number of tests wren't correct
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 328b86ac94a7c054560643a915870bb5a2c50d03
Author: Simo Sorce <simo at redhat.com>
Date: Tue Mar 24 10:56:13 2015 -0400
Fix serialization issue in JWS and tests
Thanks to Jan Rusnacko for pointing out this flaw.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 1c63adc9746b05df4578f9bd4afbd18639a11825
Author: Simo Sorce <simo at redhat.com>
Date: Tue Mar 24 10:33:47 2015 -0400
Better validate that both alg and enc are present
JOSE headers must include the "alg" and "enc" options in order to be
able to actually process and encrypted token.
Return appropriate messages if either is missing.
Thanks to Jan Rusnacko for pointing out this flaw.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 237aaaf40a4a81eb6d885ad54804df062c1b41a9
Author: Simo Sorce <simo at redhat.com>
Date: Tue Mar 24 09:51:55 2015 -0400
Add comments to push user to use JWS()
People should not use JWSCore directly unless they know exactly what
they are doing. Added doc text to that regard.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 72ff386e2c6a790ed0b2b83425c86cdf758e12c2
Author: Simo Sorce <simo at redhat.com>
Date: Tue Mar 24 09:49:40 2015 -0400
Rename JWE.decrypt() to JWE._decrypt()
Make the function private as it is not supposed to be used directly,
rather deserialize() should be used.
Thanks to Jan Rusnacko for pointing out this flaw.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 6352cc9d24b3ab714e210abeeb8b1d6c1b86cdad
Author: Simo Sorce <simo at redhat.com>
Date: Wed Mar 18 15:24:10 2015 -0400
Fix AES blocksize handling and check keylengths
AES blocksize is always 16 regardles of key length naturally.
Fix the code to assume the proper blocksize and IV length.
Also add tests to check proper key length and add missing
A192KW and A256KW key wrapping algorythms.
Add tests to try encrypting with all AES key-length combinations.
Thanks to Jan Rusnacko for pointing out this flaw.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 9e1786f9c2700d907c7ebb99cd8e0f34822d5af7
Author: Simo Sorce <simo at redhat.com>
Date: Wed Mar 18 14:14:00 2015 -0400
Fix typos
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 3481090ea41b4a04552da580f44d229735f5dd7e
Author: Simo Sorce <simo at redhat.com>
Date: Wed Mar 18 14:12:09 2015 -0400
Change the way operation keys are retrieved
This way we have less confusion about what the function is supposed to
do and less code duplication.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 33f36ea10c1db2aaa74818c60933a20a9abe672f
Author: Simo Sorce <simo at redhat.com>
Date: Wed Mar 18 12:45:45 2015 -0400
The protected header is optional in some cases
Allow the use of a JWE without protected headers.
Thanks to Jan Rusnacko for pointing out this flaw.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 3302e14058a7ecbe39c7f403a3b0c4aa66d1f87d
Author: Simo Sorce <simo at redhat.com>
Date: Wed Mar 18 13:30:16 2015 -0400
Catch incompatible "use" and "key_ops" usage
Thanks to Jan Rusnacko for pointing out this flaw.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 0435a3e3100b7f998bc1d24eafe6a8967da957b1
Author: Simo Sorce <simo at redhat.com>
Date: Wed Mar 18 13:06:30 2015 -0400
Allow unknown key parameters
Thanks to Jan Rusnacko for pointing out this flaw.
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 7a131df18b4cbaa78929df1a1419f25898489815
Author: Simo Sorce <simo at redhat.com>
Date: Sun Mar 8 17:26:04 2015 -0400
Add more checks, algorithms, tests
commit 167e8a3c21cbd0a38887e6c29824aa5ead6a6b10
Author: Simo Sorce <simo at redhat.com>
Date: Sun Mar 8 22:26:29 2015 -0400
Implement JWE JSON Deserialization
Also fix JWE JSON Serialization bug
commit 7cf181023c2dd69d5d2f6733df60b1c8332c85bf
Author: Alex Gaynor <alex.gaynor at gmail.com>
Date: Sun Mar 8 17:11:31 2015 -0400
Use a constant time comparison for comparing an HMAC
Fixes #2
commit 1f8bd71e9d65fd23ac1ba2df7debd217285bb702
Author: Simo Sorce <simo at redhat.com>
Date: Sat Mar 7 16:52:14 2015 -0500
Add JWE implementation
Implements:
draft-ietf-jose-json-web-encryption-40
plus Tests
commit c48d7b2e49e779f0593e98dddb9f4aa11d5beb6c
Author: Simo Sorce <simo at redhat.com>
Date: Wed Mar 4 21:22:05 2015 -0500
Add JWS implementation
Implements:
draft-ietf-jose-json-web-signature-41
plus Tests
Signed-off-by: Simo Sorce <simo at redhat.com>
commit 9a36f12f15552467ccdaa855aa036f73a7305396
Author: Simo Sorce <simo at redhat.com>
Date: Wed Mar 4 21:25:09 2015 -0500
Add JWK implementation
Implements:
draft-ietf-jose-json-web-key-41
plus Tests
Signed-off-by: Simo Sorce <simo at redhat.com>
commit eb1fb55ac331a2f7d73acd7f3034617cdcdff41e
Author: Simo Sorce <simo at redhat.com>
Date: Wed Mar 4 11:18:24 2015 -0500
Initial commit
Project for the implementation of the JOSE WG protocols
Add some commong functions.
Signed-off-by: Simo Sorce <simo at redhat.com>
More information about the Pkg-freeipa-devel
mailing list