Hello community, here is the log from the commit of package ghc-google-oauth2-jwt for openSUSE:Factory checked in at 2017-08-31 20:55:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghc-google-oauth2-jwt (Old) and /work/SRC/openSUSE:Factory/.ghc-google-oauth2-jwt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ghc-google-oauth2-jwt" Thu Aug 31 20:55:33 2017 rev:2 rq:513358 version:0.2.2 Changes: -------- --- /work/SRC/openSUSE:Factory/ghc-google-oauth2-jwt/ghc-google-oauth2-jwt.changes 2017-04-14 13:39:36.535382670 +0200 +++ /work/SRC/openSUSE:Factory/.ghc-google-oauth2-jwt.new/ghc-google-oauth2-jwt.changes 2017-08-31 20:55:34.402920373 +0200 @@ -1,0 +2,5 @@ +Thu Jul 27 14:04:14 UTC 2017 - psimons@suse.com + +- Update to version 0.2.2. + +------------------------------------------------------------------- Old: ---- google-oauth2-jwt-0.1.3.tar.gz New: ---- google-oauth2-jwt-0.2.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghc-google-oauth2-jwt.spec ++++++ --- /var/tmp/diff_new_pack.snE8o3/_old 2017-08-31 20:55:35.982698409 +0200 +++ /var/tmp/diff_new_pack.snE8o3/_new 2017-08-31 20:55:35.986697847 +0200 @@ -18,7 +18,7 @@ %global pkg_name google-oauth2-jwt Name: ghc-%{pkg_name} -Version: 0.1.3 +Version: 0.2.2 Release: 0 Summary: Get a signed JWT for Google Service Accounts License: BSD-3-Clause @@ -36,7 +36,8 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build %description -Get a signed JWT for Google Service Accounts. +This library implements the creation of the signed JWT for Google Service +Accounts. %package devel Summary: Haskell %{pkg_name} library development files ++++++ google-oauth2-jwt-0.1.3.tar.gz -> google-oauth2-jwt-0.2.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-oauth2-jwt-0.1.3/LICENSE new/google-oauth2-jwt-0.2.2/LICENSE --- old/google-oauth2-jwt-0.1.3/LICENSE 2016-09-02 16:34:48.000000000 +0200 +++ new/google-oauth2-jwt-0.2.2/LICENSE 2017-05-30 14:20:50.000000000 +0200 @@ -1,4 +1,4 @@ -google-oauth2-jwt - Copyright Michel Boucey (c) 2016 +google-oauth2-jwt - Copyright Michel Boucey (c) 2016-2017 All rights reserved. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-oauth2-jwt-0.1.3/google-oauth2-jwt.cabal new/google-oauth2-jwt-0.2.2/google-oauth2-jwt.cabal --- old/google-oauth2-jwt-0.1.3/google-oauth2-jwt.cabal 2016-12-26 16:34:25.000000000 +0100 +++ new/google-oauth2-jwt-0.2.2/google-oauth2-jwt.cabal 2017-06-09 19:46:44.000000000 +0200 @@ -1,13 +1,14 @@ name: google-oauth2-jwt -version: 0.1.3 +version: 0.2.2 synopsis: Get a signed JWT for Google Service Accounts -description: Please see README.md +description: This library implements the creation of the + signed JWT for Google Service Accounts. homepage: https://github.com/MichelBoucey/google-oauth2-jwt license: BSD3 license-file: LICENSE author: Michel Boucey maintainer: michel.boucey@cybervisible.fr -copyright: (c) 2016 - Michel Boucey +copyright: (c) 2016-2017 - Michel Boucey category: Google build-type: Simple extra-source-files: README.md @@ -16,13 +17,13 @@ library hs-source-dirs: src exposed-modules: Network.Google.OAuth2.JWT - build-depends: base >= 4.7 && < 5 - , base64-bytestring >= 1.0.0 && < 1.1 - , bytestring >= 0.10.6 && < 0.11 + build-depends: base >= 4.7 && < 5 + , base64-bytestring >= 1.0.0 && < 1.1 + , bytestring >= 0.10.6 && < 0.11 , HsOpenSSL >= 0.11.1.1 && < 0.12 - , RSA >= 2.1.0.3 && < 2.3 - , text >= 1.2.2 && < 1.3 - , unix-time >= 0.3.6 && < 0.4 + , RSA >= 2.1.0.3 && < 2.4 + , text >= 1.2.2 && < 1.3 + , unix-time >= 0.3.6 && < 0.4 default-language: Haskell2010 GHC-options: -Wall diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-oauth2-jwt-0.1.3/src/Network/Google/OAuth2/JWT.hs new/google-oauth2-jwt-0.2.2/src/Network/Google/OAuth2/JWT.hs --- old/google-oauth2-jwt-0.1.3/src/Network/Google/OAuth2/JWT.hs 2016-12-17 09:48:30.000000000 +0100 +++ new/google-oauth2-jwt-0.2.2/src/Network/Google/OAuth2/JWT.hs 2017-05-30 14:58:58.000000000 +0200 @@ -8,7 +8,8 @@ module Network.Google.OAuth2.JWT ( - Email + SignedJWT + , Email , Scope , getSignedJWT @@ -19,13 +20,14 @@ ) where import Codec.Crypto.RSA.Pure +import Control.Monad (unless) import qualified Data.ByteString as B import Data.ByteString.Base64.URL (encode) import Data.ByteString.Lazy (fromStrict, toStrict) import Data.Maybe (fromMaybe, fromJust) import Data.Monoid ((<>)) import qualified Data.Text as T -import Data.Text.Encoding +import Data.Text.Encoding (encodeUtf8) import Data.UnixTime (getUnixTime, utSeconds) import Foreign.C.Types import OpenSSL.EVP.PKey (toKeyPair) @@ -33,19 +35,23 @@ readPrivateKey) import OpenSSL.RSA -type Scope = T.Text +data SignedJWT = + SignedJWT !B.ByteString + deriving (Eq, Show) type Email = T.Text +type Scope = T.Text + -- | Get the private key obtained from the --- the Google API Console from a PEM file. +-- Google API Console from a PEM file. fromPEMFile :: FilePath -> IO PrivateKey fromPEMFile f = readFile f >>= fromPEMString -- | Get the private key obtained from the -- Google API Console from a PEM 'String'. -- --- >fromPEMString "-----BEGIN PRIVATE KEY-----\nB9e ... bMdF\n-----END PRIVATE KEY-----\n" +-- >fromPEMString "-----BEGIN PRIVATE KEY-----\nB9e [...] bMdF\n-----END PRIVATE KEY-----\n" -- > fromPEMString :: String -> IO PrivateKey fromPEMString s = @@ -53,10 +59,11 @@ \k -> return PrivateKey { private_pub = - PublicKey { public_size = rsaSize k - , public_n = rsaN k - , public_e = rsaE k - } + PublicKey + { public_size = rsaSize k + , public_n = rsaN k + , public_e = rsaE k + } , private_d = rsaD k , private_p = rsaP k , private_q = rsaQ k @@ -70,41 +77,38 @@ -- -- >grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion= -- -getSignedJWT :: Email - -- ^ The email address of the service account. - -> Maybe Email - -- ^ The email address of the user for which the - -- application is requesting delegated access. - -> [Scope] - -- ^ The list of the permissions that the application requests. - -> Maybe Int - -- ^ Expiration time (maximun and default value is an hour, 3600). - -> PrivateKey - -- ^ The private key gotten from the PEM string obtained from the - -- Google API Console. - -> IO (Either String B.ByteString) - -- ^ Either an error message or a signed JWT. +getSignedJWT + :: Email + -- ^ The email address of the service account. + -> Maybe Email + -- ^ The email address of the user for which the + -- application is requesting delegated access. + -> [Scope] + -- ^ The list of the permissions that the application requests. + -> Maybe Int + -- ^ Expiration time (maximun and default value is an hour, 3600). + -> PrivateKey + -- ^ The private key gotten from the PEM string obtained from the + -- Google API Console. + -> IO (Either String SignedJWT) + -- ^ Either an error message or a signed JWT. getSignedJWT iss msub scs mxt pk = do let xt = fromIntegral (fromMaybe 3600 mxt) - if xt >= 1 && xt <= 3600 - then do - cs <- do - let s = maybe T.empty (\e -> "\"sub\":\"" <> e <> "\",") msub - (t',xt') <- getUnixTime >>= - \t -> return (toText (utSeconds t),toText (utSeconds t + CTime xt)) - return $ - toJWT $ - "{\"iss\":\"" <> iss <> "\"," <> s <> "\"scope\":\"" <> - T.intercalate " " scs <> "\",\"aud\":\"https://www.goo\ - \gleapis.com/oauth2/v4/token\",\"exp\":" <> xt' <> ",\"\ - \iat\":" <> t' <> "}" - let i = toJWT "{\"alg\":\"RS256\",\"typ\":\"JWT\"}" <> "." <> cs - return $ - case rsassa_pkcs1_v1_5_sign hashSHA256 pk (fromStrict i) of - Right s -> Right (i <> "." <> encode (toStrict s)) - Left _ -> Left "RSAError" - else fail "Bad expiration time" + unless (xt >= 1 && xt <= 3600) (fail "Bad expiration time") + t <- getUnixTime + let i = header <> "." <> toB64 ("{\"iss\":\"" <> iss <> "\"," + <> maybe T.empty (\e -> "\"sub\":\"" <> e <> "\",") msub + <> "\"scope\":\"" <> T.intercalate " " scs <> "\",\"aud\ + \\":\"https://www.googleapis.com/oauth2/v4/token\",\"ex\ + \p\":" <> toT (utSeconds t + CTime xt) <> ",\"iat\":" + <> toT (utSeconds t) <> "}") + return $ + either + (fail "RSAError") + (\s -> return $ SignedJWT $ i <> "." <> encode (toStrict s)) + (rsassa_pkcs1_v1_5_sign hashSHA256 pk $ fromStrict i) where - toText = T.pack . show - toJWT = encode . encodeUtf8 + toT = T.pack . show + toB64 = encode . encodeUtf8 + header = toB64 "{\"alg\":\"RS256\",\"typ\":\"JWT\"}"