From 3a09f617213f3efc1ed23080e13d5141d44173ec Mon Sep 17 00:00:00 2001 From: patrick brisbin Date: Wed, 26 Jul 2023 09:08:35 -0400 Subject: [PATCH 1/3] Migrate project to fourmolu --- .restyled.yaml | 3 + .stylish-haskell.yaml | 25 --- aws-sns-verify.cabal | 6 +- brittany.yaml | 70 ------- fourmolu.yaml | 15 ++ library/Amazon/SNS/Verify.hs | 6 +- library/Amazon/SNS/Verify/Payload.hs | 12 +- library/Amazon/SNS/Verify/Prelude.hs | 2 +- library/Amazon/SNS/Verify/ValidURI.hs | 16 +- library/Amazon/SNS/Verify/Validate.hs | 112 +++++++----- tests/Amazon/SNS/Verify/TestPrelude.hs | 11 +- tests/Amazon/SNS/Verify/ValidateSpec.hs | 231 +++++++++++++----------- tests/Amazon/SNS/VerifySpec.hs | 14 +- 13 files changed, 241 insertions(+), 282 deletions(-) create mode 100644 .restyled.yaml delete mode 100644 .stylish-haskell.yaml delete mode 100644 brittany.yaml create mode 100644 fourmolu.yaml diff --git a/.restyled.yaml b/.restyled.yaml new file mode 100644 index 0000000..17f7012 --- /dev/null +++ b/.restyled.yaml @@ -0,0 +1,3 @@ +restylers: + - "!stylish-haskell" + - fourmolu diff --git a/.stylish-haskell.yaml b/.stylish-haskell.yaml deleted file mode 100644 index 627f80a..0000000 --- a/.stylish-haskell.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -steps: - - simple_align: - cases: false - top_level_patterns: false - records: false - - imports: - align: none - list_align: after_alias - pad_module_names: false - long_list_align: new_line_multiline - empty_list_align: right_after - list_padding: 2 - separate_lists: false - space_surround: false - - language_pragmas: - style: vertical - align: false - remove_redundant: false - - trailing_whitespace: {} -columns: 80 -newline: native -# For multi-package repositories this default-extensions must be set manually. -# For single package repos it can be inferred from the cabal file. -cabal: true diff --git a/aws-sns-verify.cabal b/aws-sns-verify.cabal index 1f0596b..32fbd19 100644 --- a/aws-sns-verify.cabal +++ b/aws-sns-verify.cabal @@ -1,6 +1,6 @@ cabal-version: 1.18 --- This file has been generated from package.yaml by hpack version 0.34.4. +-- This file has been generated from package.yaml by hpack version 0.35.2. -- -- see: https://github.com/sol/hpack @@ -82,13 +82,13 @@ library , text , x509 , x509-validation + default-language: Haskell2010 if impl(ghc >= 8.10) ghc-options: -Wno-missing-safe-haskell-mode -Wno-prepositive-qualified-module if impl(ghc >= 9.2.2) ghc-options: -Wno-missing-kind-signatures if flag(development) cpp-options: -DDEVELOPMENT - default-language: Haskell2010 test-suite aws-sns-verify-test type: exitcode-stdio-1.0 @@ -139,8 +139,8 @@ test-suite aws-sns-verify-test , wai , warp , x509-validation + default-language: Haskell2010 if impl(ghc >= 8.10) ghc-options: -Wno-missing-safe-haskell-mode -Wno-prepositive-qualified-module if impl(ghc >= 9.2.2) ghc-options: -Wno-missing-kind-signatures - default-language: Haskell2010 diff --git a/brittany.yaml b/brittany.yaml deleted file mode 100644 index 086c336..0000000 --- a/brittany.yaml +++ /dev/null @@ -1,70 +0,0 @@ ---- -conf_debug: - dconf_roundtrip_exactprint_only: false - dconf_dump_bridoc_simpl_par: false - dconf_dump_ast_unknown: false - dconf_dump_bridoc_simpl_floating: false - dconf_dump_config: false - dconf_dump_bridoc_raw: false - dconf_dump_bridoc_final: false - dconf_dump_bridoc_simpl_alt: false - dconf_dump_bridoc_simpl_indent: false - dconf_dump_annotations: false - dconf_dump_bridoc_simpl_columns: false - dconf_dump_ast_full: false -conf_forward: - options_ghc: - - -XBangPatterns - - -XDataKinds - - -XDeriveAnyClass - - -XDeriveFoldable - - -XDeriveFunctor - - -XDeriveGeneric - - -XDeriveLift - - -XDeriveTraversable - - -XDerivingStrategies - - -XFlexibleContexts - - -XFlexibleInstances - - -XGADTs - - -XGeneralizedNewtypeDeriving - - -XLambdaCase - - -XMultiParamTypeClasses - - -XNoImplicitPrelude - - -XNoMonomorphismRestriction - - -XOverloadedStrings - - -XRankNTypes - - -XRecordWildCards - - -XScopedTypeVariables - - -XStandaloneDeriving - - -XTypeApplications - - -XTypeFamilies -conf_errorHandling: - econf_ExactPrintFallback: ExactPrintFallbackModeInline - econf_Werror: false - econf_omit_output_valid_check: false - econf_produceOutputOnErrors: false -conf_preprocessor: - ppconf_CPPMode: CPPModeAbort - ppconf_hackAroundIncludes: false -conf_obfuscate: false -conf_roundtrip_exactprint_only: false -conf_version: 1 -conf_layout: - lconfig_reformatModulePreamble: true - lconfig_altChooser: - tag: AltChooserBoundedSearch - contents: 3 - lconfig_allowSingleLineExportList: false - lconfig_importColumn: 60 - lconfig_hangingTypeSignature: false - lconfig_importAsColumn: 50 - lconfig_alignmentLimit: 1 - lconfig_indentListSpecial: true - lconfig_indentAmount: 2 - lconfig_alignmentBreakOnMultiline: true - lconfig_cols: 80 - lconfig_indentPolicy: IndentPolicyLeft - lconfig_indentWhereSpecial: true - lconfig_columnAlignMode: - tag: ColumnAlignModeDisabled - contents: 0.7 diff --git a/fourmolu.yaml b/fourmolu.yaml new file mode 100644 index 0000000..ef571e8 --- /dev/null +++ b/fourmolu.yaml @@ -0,0 +1,15 @@ +indentation: 2 +column-limit: 80 # ignored until v12 / ghc-9.6 +function-arrows: leading +comma-style: leading # default +import-export-style: leading +indent-wheres: false # default +record-brace-space: true +newlines-between-decls: 1 # default +haddock-style: single-line +let-style: mixed +in-style: left-align +single-constraint-parens: never # ignored until v12 / ghc-9.6 +unicode: never # default +respectful: true # default +fixities: [] # default diff --git a/library/Amazon/SNS/Verify.hs b/library/Amazon/SNS/Verify.hs index 66aa376..ab51bec 100644 --- a/library/Amazon/SNS/Verify.hs +++ b/library/Amazon/SNS/Verify.hs @@ -3,7 +3,7 @@ module Amazon.SNS.Verify , verifySNSMessageEither , verifySNSMessageJSON , verifySNSMessageJSONEither - , SNSNotificationValidationError(..) + , SNSNotificationValidationError (..) ) where import Amazon.SNS.Verify.Prelude @@ -12,7 +12,7 @@ import Amazon.SNS.Verify.Payload import Amazon.SNS.Verify.Validate import Control.Error (hoistEither, runExceptT) import Data.Aeson (FromJSON, Value, eitherDecode) -import Data.Aeson.Types (Result(Error, Success), fromJSON) +import Data.Aeson.Types (Result (Error, Success), fromJSON) import Data.Bifunctor (first) import Data.ByteString.Lazy (fromStrict) import Data.Text.Encoding (encodeUtf8) @@ -20,7 +20,6 @@ import Data.Text.Encoding (encodeUtf8) -- | Decode and verify an SNS message as JSON -- -- The same as 'verifySNSMessage', but decodes the message as `JSON`. --- verifySNSMessageJSON :: (FromJSON a, MonadIO m) => Value -> m a verifySNSMessageJSON = unTryIO id <=< verifySNSMessageJSONEither @@ -45,7 +44,6 @@ verifySNSMessageJSONEither value = -- or `UnsubscribeConfirmation`. -- 2. Verified against its signature. -- 3. And in the case of subscription events responded to. --- verifySNSMessage :: MonadIO m => Value -> m Text verifySNSMessage = unTryIO id <=< verifySNSMessageEither diff --git a/library/Amazon/SNS/Verify/Payload.hs b/library/Amazon/SNS/Verify/Payload.hs index 7d160ba..47fae40 100644 --- a/library/Amazon/SNS/Verify/Payload.hs +++ b/library/Amazon/SNS/Verify/Payload.hs @@ -1,8 +1,8 @@ module Amazon.SNS.Verify.Payload - ( SNSPayload(..) - , SNSType(..) - , SNSNotification(..) - , SNSSubscription(..) + ( SNSPayload (..) + , SNSType (..) + , SNSNotification (..) + , SNSSubscription (..) ) where import Amazon.SNS.Verify.Prelude @@ -69,7 +69,7 @@ newtype SNSNotification = SNSNotification deriving stock (Show, Eq, Generic) instance FromJSON SNSNotification where - parseJSON = genericParseJSON $ defaultOptions { fieldLabelModifier = drop 3 } + parseJSON = genericParseJSON $ defaultOptions {fieldLabelModifier = drop 3} data SNSSubscription = SNSSubscription { snsToken :: Text @@ -78,4 +78,4 @@ data SNSSubscription = SNSSubscription deriving stock (Show, Eq, Generic) instance FromJSON SNSSubscription where - parseJSON = genericParseJSON $ defaultOptions { fieldLabelModifier = drop 3 } + parseJSON = genericParseJSON $ defaultOptions {fieldLabelModifier = drop 3} diff --git a/library/Amazon/SNS/Verify/Prelude.hs b/library/Amazon/SNS/Verify/Prelude.hs index 84d1a90..29ee8b0 100644 --- a/library/Amazon/SNS/Verify/Prelude.hs +++ b/library/Amazon/SNS/Verify/Prelude.hs @@ -20,7 +20,7 @@ throwIO = liftIO . Control.Exception.throwIO unTryIO :: (MonadIO m, Exception e) => (a -> e) -> Either a b -> m b unTryIO e = either (throwIO . e) pure -unTryE :: (Monad m) => (a -> e) -> Either a b -> ExceptT e m b +unTryE :: Monad m => (a -> e) -> Either a b -> ExceptT e m b unTryE e = either (throwE . e) pure fromMaybeM :: Monad m => m a -> Maybe a -> m a diff --git a/library/Amazon/SNS/Verify/ValidURI.hs b/library/Amazon/SNS/Verify/ValidURI.hs index 50f0695..50bc4f0 100644 --- a/library/Amazon/SNS/Verify/ValidURI.hs +++ b/library/Amazon/SNS/Verify/ValidURI.hs @@ -9,6 +9,14 @@ module Amazon.SNS.Verify.ValidURI import Amazon.SNS.Verify.Prelude +_devScheme :: String +_devScheme = "http:" + +_prodScheme :: String +_prodScheme = "https:" + +{- FOURMOLU_DISABLE -} + validScheme :: String validScheme = #ifdef DEVELOPMENT @@ -17,12 +25,6 @@ validScheme = _prodScheme #endif -_devScheme :: String -_devScheme = "http:" - -_prodScheme :: String -_prodScheme = "https:" - validRegPattern :: String validRegPattern = #ifdef DEVELOPMENT @@ -31,6 +33,8 @@ validRegPattern = prodRegPattern #endif +{- FOURMOLU_ENABLE -} + devRegPattern :: String devRegPattern = "^localhost$" diff --git a/library/Amazon/SNS/Verify/Validate.hs b/library/Amazon/SNS/Verify/Validate.hs index 03c74f0..2b50eb8 100644 --- a/library/Amazon/SNS/Verify/Validate.hs +++ b/library/Amazon/SNS/Verify/Validate.hs @@ -1,8 +1,8 @@ module Amazon.SNS.Verify.Validate ( validateSnsMessage , handleSubscription - , SNSNotificationValidationError(..) - , ValidSNSMessage(..) + , SNSNotificationValidationError (..) + , ValidSNSMessage (..) ) where import Amazon.SNS.Verify.Prelude @@ -11,23 +11,30 @@ import Amazon.SNS.Verify.Payload import Amazon.SNS.Verify.ValidURI (validRegPattern, validScheme) import Control.Error (ExceptT, catMaybes, headMay, runExceptT, throwE) import Control.Monad (when) -import Data.ByteArray.Encoding (Base(Base64), convertFromBase) +import Data.ByteArray.Encoding (Base (Base64), convertFromBase) import Data.PEM (pemContent, pemParseLBS) import qualified Data.Text as T import Data.Text.Encoding (encodeUtf8) import Data.X509 - ( HashALG(..) - , PubKeyALG(..) - , SignatureALG(..) + ( HashALG (..) + , PubKeyALG (..) + , SignatureALG (..) , SignedCertificate , certPubKey , decodeSignedCertificate , getCertificate ) import Data.X509.Validation - (SignatureFailure, SignatureVerification(..), verifySignature) + ( SignatureFailure + , SignatureVerification (..) + , verifySignature + ) import Network.HTTP.Simple - (getResponseBody, getResponseStatusCode, httpLbs, parseRequest_) + ( getResponseBody + , getResponseStatusCode + , httpLbs + , parseRequest_ + ) import Network.URI (parseURI, uriAuthority, uriRegName, uriScheme) import Text.Regex.TDFA ((=~)) @@ -43,24 +50,26 @@ data ValidSNSMessage -- in the documentation below. -- -- --- validateSnsMessage :: MonadIO m => SNSPayload -> m (Either SNSNotificationValidationError ValidSNSMessage) validateSnsMessage payload@SNSPayload {..} = runExceptT $ do - signature <- unTryE BadSignature $ convertFromBase Base64 $ encodeUtf8 - snsSignature + signature <- + unTryE BadSignature + $ convertFromBase Base64 + $ encodeUtf8 + snsSignature signedCert <- retrieveCertificate payload - let - valid = verifySignature - (SignatureALG HashSHA1 PubKeyALG_RSA) - (certPubKey $ getCertificate signedCert) - (unsignedSignature payload) - signature + let valid = + verifySignature + (SignatureALG HashSHA1 PubKeyALG_RSA) + (certPubKey $ getCertificate signedCert) + (unsignedSignature payload) + signature case valid of SignaturePass -> pure $ case snsTypePayload of - Notification{} -> SNSMessage snsMessage + Notification {} -> SNSMessage snsMessage SubscriptionConfirmation x -> SNSSubscribe x UnsubscribeConfirmation x -> SNSUnsubscribe x SignatureFailed e -> throwE $ InvalidPayload e @@ -81,33 +90,37 @@ validateCertUrl :: Text -> Either SNSNotificationValidationError String validateCertUrl certUrl = do uri <- fromMaybeM (Left $ BadUri certUrlStr) $ parseURI certUrlStr if uriScheme uri - == validScheme - && maybe "" uriRegName (uriAuthority uri) - =~ validRegPattern + == validScheme + && maybe "" uriRegName (uriAuthority uri) + =~ validRegPattern then Right certUrlStr else Left $ BadUri certUrlStr - where certUrlStr = T.unpack certUrl + where + certUrlStr = T.unpack certUrl unsignedSignature :: SNSPayload -> ByteString unsignedSignature SNSPayload {..} = - encodeUtf8 $ mconcat $ (<> "\n") <$> catMaybes - [ Just "Message" - , Just snsMessage - , Just "MessageId" - , Just snsMessageId - , "SubscribeURL" <$ mSubscribeUrl - , mSubscribeUrl - , "Subject" <$ mSubject - , mSubject - , Just "Timestamp" - , Just snsTimestamp - , "Token" <$ mToken - , mToken - , Just "TopicArn" - , Just snsTopicArn - , Just "Type" - , Just snsType - ] + encodeUtf8 + $ mconcat + $ (<> "\n") + <$> catMaybes + [ Just "Message" + , Just snsMessage + , Just "MessageId" + , Just snsMessageId + , "SubscribeURL" <$ mSubscribeUrl + , mSubscribeUrl + , "Subject" <$ mSubject + , mSubject + , Just "Timestamp" + , Just snsTimestamp + , "Token" <$ mToken + , mToken + , Just "TopicArn" + , Just snsTopicArn + , Just "Type" + , Just snsType + ] where (mSubject, mToken, mSubscribeUrl) = case snsTypePayload of Notification x -> (snsSubject x, Nothing, Nothing) @@ -120,14 +133,15 @@ handleSubscription :: MonadIO m => ValidSNSMessage -> m (Either SNSNotificationValidationError Text) -handleSubscription = runExceptT . \case - SNSMessage t -> pure t - SNSSubscribe SNSSubscription {..} -> do - response <- httpLbs $ parseRequest_ $ T.unpack snsSubscribeURL - when (getResponseStatusCode response >= 300) $ do - throwE BadSubscription - throwE SubscribeMessageResponded - SNSUnsubscribe{} -> throwE UnsubscribeMessage +handleSubscription = + runExceptT . \case + SNSMessage t -> pure t + SNSSubscribe SNSSubscription {..} -> do + response <- httpLbs $ parseRequest_ $ T.unpack snsSubscribeURL + when (getResponseStatusCode response >= 300) $ do + throwE BadSubscription + throwE SubscribeMessageResponded + SNSUnsubscribe {} -> throwE UnsubscribeMessage data SNSNotificationValidationError = BadPem String @@ -141,4 +155,4 @@ data SNSNotificationValidationError | UnsubscribeMessage | SubscribeMessageResponded deriving stock (Show, Eq) - deriving anyclass Exception + deriving anyclass (Exception) diff --git a/tests/Amazon/SNS/Verify/TestPrelude.hs b/tests/Amazon/SNS/Verify/TestPrelude.hs index fe30f20..22fe8b6 100644 --- a/tests/Amazon/SNS/Verify/TestPrelude.hs +++ b/tests/Amazon/SNS/Verify/TestPrelude.hs @@ -16,11 +16,12 @@ import Test.Hspec as X useCertServer :: IO () -> IO () useCertServer action = do (setReady, whenReady) <- initReadyState - race_ (whenReady action) - $ runSettings (setBeforeMainLoop setReady . setPort 3000 $ defaultSettings) - $ \req send -> if rawPathInfo req == "/404" - then send $ responseLBS notFound404 [] "" - else send $ responseFile ok200 [] "./tests/cert.pem" Nothing + race_ (whenReady action) $ + runSettings (setBeforeMainLoop setReady . setPort 3000 $ defaultSettings) $ + \req send -> + if rawPathInfo req == "/404" + then send $ responseLBS notFound404 [] "" + else send $ responseFile ok200 [] "./tests/cert.pem" Nothing where initReadyState = do ready <- newEmptyMVar diff --git a/tests/Amazon/SNS/Verify/ValidateSpec.hs b/tests/Amazon/SNS/Verify/ValidateSpec.hs index c5f0f4b..7218c59 100644 --- a/tests/Amazon/SNS/Verify/ValidateSpec.hs +++ b/tests/Amazon/SNS/Verify/ValidateSpec.hs @@ -6,137 +6,156 @@ import Amazon.SNS.Verify.TestPrelude import Amazon.SNS.Verify.Payload import Amazon.SNS.Verify.Validate -import Data.X509.Validation (SignatureFailure(..)) +import Data.X509.Validation (SignatureFailure (..)) spec :: Spec spec = around_ useCertServer $ do describe "validateSnsMessage" $ do it "successfully validates an SNS notification" $ do let message = "Some message" - x <- validateSnsMessage $ SNSPayload - { snsMessage = message - , snsMessageId = "78d4d7a0-a3eb-5c4d-834f-8d5fa9813ab6" - , snsTimestamp = "2022-05-18T14:52:26.952Z" - , snsTopicArn = "arn:aws:sns:us-west-2:123456789012:MyTopic" - , snsType = "Notification" - , snsSignatureVersion = "1" - , snsSignature = - "Dg24trcOUiLjclt5JwyJS0JEOnEEbi6P30XS6KBxMCwzZ08a04UwjaFTW9Ae8xurhBS5YESz1fY28vTwvEmxh/20WmB3bWIDOMp9v5RI8XSZOvpMm+hdQJ43VqGhEDyAvRU6iCDLihDlZNc/sBCwl9X0H4kh/8vIElRif9gFBbYI94ZHGgqEV+Zc3gVKo9Udrl/MxNvMVadsO/+/oPVUeWibQr3xfGK95oc/ocuNAgi0MOxZmLVnibHu36KOTSvy2qSLonnRRFcbaauYZJ4js7oTq+1ujXNO72oPLaeG3pVJ2grqMc5z8tKQxFnSTE3es7wQarU/CLrbO8j0isbnWw==" - , snsSigningCertURL = cert - , snsTypePayload = Notification $ SNSNotification - { snsSubject = - Just - "SynthesisTaskNotification { TaskId: 680a1f1b-f3ae-4474-aa8f-3b6dfe52e656, Status: COMPLETED }" - } - } + x <- + validateSnsMessage + $ SNSPayload + { snsMessage = message + , snsMessageId = "78d4d7a0-a3eb-5c4d-834f-8d5fa9813ab6" + , snsTimestamp = "2022-05-18T14:52:26.952Z" + , snsTopicArn = "arn:aws:sns:us-west-2:123456789012:MyTopic" + , snsType = "Notification" + , snsSignatureVersion = "1" + , snsSignature = + "Dg24trcOUiLjclt5JwyJS0JEOnEEbi6P30XS6KBxMCwzZ08a04UwjaFTW9Ae8xurhBS5YESz1fY28vTwvEmxh/20WmB3bWIDOMp9v5RI8XSZOvpMm+hdQJ43VqGhEDyAvRU6iCDLihDlZNc/sBCwl9X0H4kh/8vIElRif9gFBbYI94ZHGgqEV+Zc3gVKo9Udrl/MxNvMVadsO/+/oPVUeWibQr3xfGK95oc/ocuNAgi0MOxZmLVnibHu36KOTSvy2qSLonnRRFcbaauYZJ4js7oTq+1ujXNO72oPLaeG3pVJ2grqMc5z8tKQxFnSTE3es7wQarU/CLrbO8j0isbnWw==" + , snsSigningCertURL = cert + , snsTypePayload = + Notification + $ SNSNotification + { snsSubject = + Just + "SynthesisTaskNotification { TaskId: 680a1f1b-f3ae-4474-aa8f-3b6dfe52e656, Status: COMPLETED }" + } + } x `shouldBe` Right (SNSMessage message) it "fails to validate a currupt SNS notification" $ do - let - go = validateSnsMessage $ SNSPayload - { snsMessage = "Some message" - , snsMessageId = "corrupt" - , snsTimestamp = "2022-05-18T14:52:26.952Z" - , snsTopicArn = "arn:aws:sns:us-west-2:123456789012:MyTopic" - , snsType = "Notification" - , snsSignatureVersion = "1" - , snsSignature = - "Dg24trcOUiLjclt5JwyJS0JEOnEEbi6P30XS6KBxMCwzZ08a04UwjaFTW9Ae8xurhBS5YESz1fY28vTwvEmxh/20WmB3bWIDOMp9v5RI8XSZOvpMm+hdQJ43VqGhEDyAvRU6iCDLihDlZNc/sBCwl9X0H4kh/8vIElRif9gFBbYI94ZHGgqEV+Zc3gVKo9Udrl/MxNvMVadsO/+/oPVUeWibQr3xfGK95oc/ocuNAgi0MOxZmLVnibHu36KOTSvy2qSLonnRRFcbaauYZJ4js7oTq+1ujXNO72oPLaeG3pVJ2grqMc5z8tKQxFnSTE3es7wQarU/CLrbO8j0isbnWw==" - , snsSigningCertURL = cert - , snsTypePayload = Notification $ SNSNotification - { snsSubject = - Just - "SynthesisTaskNotification { TaskId: 680a1f1b-f3ae-4474-aa8f-3b6dfe52e656, Status: COMPLETED }" - } - } + let go = + validateSnsMessage + $ SNSPayload + { snsMessage = "Some message" + , snsMessageId = "corrupt" + , snsTimestamp = "2022-05-18T14:52:26.952Z" + , snsTopicArn = "arn:aws:sns:us-west-2:123456789012:MyTopic" + , snsType = "Notification" + , snsSignatureVersion = "1" + , snsSignature = + "Dg24trcOUiLjclt5JwyJS0JEOnEEbi6P30XS6KBxMCwzZ08a04UwjaFTW9Ae8xurhBS5YESz1fY28vTwvEmxh/20WmB3bWIDOMp9v5RI8XSZOvpMm+hdQJ43VqGhEDyAvRU6iCDLihDlZNc/sBCwl9X0H4kh/8vIElRif9gFBbYI94ZHGgqEV+Zc3gVKo9Udrl/MxNvMVadsO/+/oPVUeWibQr3xfGK95oc/ocuNAgi0MOxZmLVnibHu36KOTSvy2qSLonnRRFcbaauYZJ4js7oTq+1ujXNO72oPLaeG3pVJ2grqMc5z8tKQxFnSTE3es7wQarU/CLrbO8j0isbnWw==" + , snsSigningCertURL = cert + , snsTypePayload = + Notification + $ SNSNotification + { snsSubject = + Just + "SynthesisTaskNotification { TaskId: 680a1f1b-f3ae-4474-aa8f-3b6dfe52e656, Status: COMPLETED }" + } + } go `shouldReturn` Left (InvalidPayload SignatureInvalid) it "fails to validate a bad PEM" $ do - let - go = validateSnsMessage $ SNSPayload - { snsMessage = "Some message" - , snsMessageId = "corrupt" - , snsTimestamp = "2022-05-18T14:52:26.952Z" - , snsTopicArn = "arn:aws:sns:us-west-2:123456789012:MyTopic" - , snsType = "Notification" - , snsSignatureVersion = "1" - , snsSignature = - "Dg24trcOUiLjclt5JwyJS0JEOnEEbi6P30XS6KBxMCwzZ08a04UwjaFTW9Ae8xurhBS5YESz1fY28vTwvEmxh/20WmB3bWIDOMp9v5RI8XSZOvpMm+hdQJ43VqGhEDyAvRU6iCDLihDlZNc/sBCwl9X0H4kh/8vIElRif9gFBbYI94ZHGgqEV+Zc3gVKo9Udrl/MxNvMVadsO/+/oPVUeWibQr3xfGK95oc/ocuNAgi0MOxZmLVnibHu36KOTSvy2qSLonnRRFcbaauYZJ4js7oTq+1ujXNO72oPLaeG3pVJ2grqMc5z8tKQxFnSTE3es7wQarU/CLrbO8j0isbnWw==" - , snsSigningCertURL = "http://localhost:3000/404" - , snsTypePayload = Notification $ SNSNotification - { snsSubject = - Just - "SynthesisTaskNotification { TaskId: 680a1f1b-f3ae-4474-aa8f-3b6dfe52e656, Status: COMPLETED }" - } - } + let go = + validateSnsMessage + $ SNSPayload + { snsMessage = "Some message" + , snsMessageId = "corrupt" + , snsTimestamp = "2022-05-18T14:52:26.952Z" + , snsTopicArn = "arn:aws:sns:us-west-2:123456789012:MyTopic" + , snsType = "Notification" + , snsSignatureVersion = "1" + , snsSignature = + "Dg24trcOUiLjclt5JwyJS0JEOnEEbi6P30XS6KBxMCwzZ08a04UwjaFTW9Ae8xurhBS5YESz1fY28vTwvEmxh/20WmB3bWIDOMp9v5RI8XSZOvpMm+hdQJ43VqGhEDyAvRU6iCDLihDlZNc/sBCwl9X0H4kh/8vIElRif9gFBbYI94ZHGgqEV+Zc3gVKo9Udrl/MxNvMVadsO/+/oPVUeWibQr3xfGK95oc/ocuNAgi0MOxZmLVnibHu36KOTSvy2qSLonnRRFcbaauYZJ4js7oTq+1ujXNO72oPLaeG3pVJ2grqMc5z8tKQxFnSTE3es7wQarU/CLrbO8j0isbnWw==" + , snsSigningCertURL = "http://localhost:3000/404" + , snsTypePayload = + Notification + $ SNSNotification + { snsSubject = + Just + "SynthesisTaskNotification { TaskId: 680a1f1b-f3ae-4474-aa8f-3b6dfe52e656, Status: COMPLETED }" + } + } go `shouldReturn` Left (BadPem "Empty List") it "fails to validate an unexpected url" $ do - let - go = validateSnsMessage $ SNSPayload - { snsMessage = "Some message" - , snsMessageId = "corrupt" - , snsTimestamp = "2022-05-18T14:52:26.952Z" - , snsTopicArn = "arn:aws:sns:us-west-2:123456789012:MyTopic" - , snsType = "Notification" - , snsSignatureVersion = "1" - , snsSignature = - "Dg24trcOUiLjclt5JwyJS0JEOnEEbi6P30XS6KBxMCwzZ08a04UwjaFTW9Ae8xurhBS5YESz1fY28vTwvEmxh/20WmB3bWIDOMp9v5RI8XSZOvpMm+hdQJ43VqGhEDyAvRU6iCDLihDlZNc/sBCwl9X0H4kh/8vIElRif9gFBbYI94ZHGgqEV+Zc3gVKo9Udrl/MxNvMVadsO/+/oPVUeWibQr3xfGK95oc/ocuNAgi0MOxZmLVnibHu36KOTSvy2qSLonnRRFcbaauYZJ4js7oTq+1ujXNO72oPLaeG3pVJ2grqMc5z8tKQxFnSTE3es7wQarU/CLrbO8j0isbnWw==" - , snsSigningCertURL = "http://attacker.com/evil.pem" - , snsTypePayload = Notification $ SNSNotification - { snsSubject = - Just - "SynthesisTaskNotification { TaskId: 680a1f1b-f3ae-4474-aa8f-3b6dfe52e656, Status: COMPLETED }" - } - } + let go = + validateSnsMessage + $ SNSPayload + { snsMessage = "Some message" + , snsMessageId = "corrupt" + , snsTimestamp = "2022-05-18T14:52:26.952Z" + , snsTopicArn = "arn:aws:sns:us-west-2:123456789012:MyTopic" + , snsType = "Notification" + , snsSignatureVersion = "1" + , snsSignature = + "Dg24trcOUiLjclt5JwyJS0JEOnEEbi6P30XS6KBxMCwzZ08a04UwjaFTW9Ae8xurhBS5YESz1fY28vTwvEmxh/20WmB3bWIDOMp9v5RI8XSZOvpMm+hdQJ43VqGhEDyAvRU6iCDLihDlZNc/sBCwl9X0H4kh/8vIElRif9gFBbYI94ZHGgqEV+Zc3gVKo9Udrl/MxNvMVadsO/+/oPVUeWibQr3xfGK95oc/ocuNAgi0MOxZmLVnibHu36KOTSvy2qSLonnRRFcbaauYZJ4js7oTq+1ujXNO72oPLaeG3pVJ2grqMc5z8tKQxFnSTE3es7wQarU/CLrbO8j0isbnWw==" + , snsSigningCertURL = "http://attacker.com/evil.pem" + , snsTypePayload = + Notification + $ SNSNotification + { snsSubject = + Just + "SynthesisTaskNotification { TaskId: 680a1f1b-f3ae-4474-aa8f-3b6dfe52e656, Status: COMPLETED }" + } + } go `shouldReturn` Left (BadUri "http://attacker.com/evil.pem") it "successfully validates an SNS subscription" $ do -- pendingWith "need valid subscription payload" let - message - = "You have chosen to subscribe to the topic arn:aws:sns:us-west-2:123456789012:MyTopic.\nTo confirm the subscription, visit the SubscribeURL included in this message." - subscription = SNSSubscription - { snsToken = "2336412f37..." - , snsSubscribeURL = - "https://sns.us-west-2.amazonaws.com/?Action=ConfirmSubscription&TopicArn=arn:aws:sns:us-west-2:123456789012:MyTopic&Token=2336412f37..." - } - x <- validateSnsMessage $ SNSPayload - { snsMessage = message - , snsMessageId = "165545c9-2a5c-472c-8df2-7ff2be2b3b1b" - , snsTimestamp = "2012-04-26T20:45:04.751Z" - , snsTopicArn = "arn:aws:sns:us-west-2:123456789012:MyTopic" - , snsType = "SubscriptionConfirmation" - , snsSignatureVersion = "1" - , snsSignature = - "Jec/VlsopbiA2fCckj/IwTPjDbSuFkl2hNKL898sQuZcMeKeOLthYs7YlF+xLi+Ip6rG/X08GZKtCqpoiSgKW8D9PI6eHVM2JQa76sFJO5ZdPylrDH+URwBf28gT+1l/VYk4p3VK8RZo+3Wkn87HXwxTq1YoN390o5ncT34zaBDtLx2cUA8+JOnYjItmYjVXDhrEBF6xad/vIY8V2o5xyQOfEWLm71/Tcs3radzNoSj2xlLQyJKPOzV661fG6Xz1vVKfDVC03+Q4Pn67SmU1wWRRT1nDwPPzQlcDAiAGRjB1U/C5iHfLQFF3dKo4azylkrM2ReTCMm9KMyIWqjq5eg==" - , snsSigningCertURL = cert - , snsTypePayload = SubscriptionConfirmation subscription - } + message = + "You have chosen to subscribe to the topic arn:aws:sns:us-west-2:123456789012:MyTopic.\nTo confirm the subscription, visit the SubscribeURL included in this message." + subscription = + SNSSubscription + { snsToken = "2336412f37..." + , snsSubscribeURL = + "https://sns.us-west-2.amazonaws.com/?Action=ConfirmSubscription&TopicArn=arn:aws:sns:us-west-2:123456789012:MyTopic&Token=2336412f37..." + } + x <- + validateSnsMessage + $ SNSPayload + { snsMessage = message + , snsMessageId = "165545c9-2a5c-472c-8df2-7ff2be2b3b1b" + , snsTimestamp = "2012-04-26T20:45:04.751Z" + , snsTopicArn = "arn:aws:sns:us-west-2:123456789012:MyTopic" + , snsType = "SubscriptionConfirmation" + , snsSignatureVersion = "1" + , snsSignature = + "Jec/VlsopbiA2fCckj/IwTPjDbSuFkl2hNKL898sQuZcMeKeOLthYs7YlF+xLi+Ip6rG/X08GZKtCqpoiSgKW8D9PI6eHVM2JQa76sFJO5ZdPylrDH+URwBf28gT+1l/VYk4p3VK8RZo+3Wkn87HXwxTq1YoN390o5ncT34zaBDtLx2cUA8+JOnYjItmYjVXDhrEBF6xad/vIY8V2o5xyQOfEWLm71/Tcs3radzNoSj2xlLQyJKPOzV661fG6Xz1vVKfDVC03+Q4Pn67SmU1wWRRT1nDwPPzQlcDAiAGRjB1U/C5iHfLQFF3dKo4azylkrM2ReTCMm9KMyIWqjq5eg==" + , snsSigningCertURL = cert + , snsTypePayload = SubscriptionConfirmation subscription + } x `shouldBe` Right (SNSSubscribe subscription) it "successfully validates an SNS unsubscribe" $ do -- pendingWith "need valid subscription payload" let - message - = "You have chosen to subscribe to the topic arn:aws:sns:us-west-2:123456789012:MyTopic.\nTo confirm the subscription, visit the SubscribeURL included in this message." - subscription = SNSSubscription - { snsToken = "2336412f37..." - , snsSubscribeURL = - "https://sns.us-west-2.amazonaws.com/?Action=ConfirmSubscription&TopicArn=arn:aws:sns:us-west-2:123456789012:MyTopic&Token=2336412f37..." - } - x <- validateSnsMessage $ SNSPayload - { snsMessage = message - , snsMessageId = "165545c9-2a5c-472c-8df2-7ff2be2b3b1b" - , snsTimestamp = "2012-04-26T20:45:04.751Z" - , snsTopicArn = "arn:aws:sns:us-west-2:123456789012:MyTopic" - , snsType = "UnsubscribeConfirmation" - , snsSignatureVersion = "1" - , snsSignature = - "fKtmZTE6xvGhbcCTchFPLmuhdoXI7hxWrE9qe1RjeLDecMaZGmqsn4rOrFDsteqot4ItLuJqvV7RtImGXrMa/JNnZdP71lG6FdrKTiGqZNrnxZZYbIuZMAsSQM4E8VaRwbxLXuPQY9IYFP4y9GfsdpDYx0tpbXOxGz/JFVQjTFpHY55BmV6Ec73g0X/eLSEdKfHtWg/gVf6W27ewa40jXvaa78VmcVXbPXIKwzGgSSSe9t6xxVe0kLjKXaDyJTl3rbZJZJgBLInbychWNq1vGHGZQhtCyxjKRfKIWNWDbHdM/fUBGUhuv089CblWpq8g/21HiJ9n+S3VSn0hCXB5hg==" - , snsSigningCertURL = cert - , snsTypePayload = UnsubscribeConfirmation subscription - } + message = + "You have chosen to subscribe to the topic arn:aws:sns:us-west-2:123456789012:MyTopic.\nTo confirm the subscription, visit the SubscribeURL included in this message." + subscription = + SNSSubscription + { snsToken = "2336412f37..." + , snsSubscribeURL = + "https://sns.us-west-2.amazonaws.com/?Action=ConfirmSubscription&TopicArn=arn:aws:sns:us-west-2:123456789012:MyTopic&Token=2336412f37..." + } + x <- + validateSnsMessage + $ SNSPayload + { snsMessage = message + , snsMessageId = "165545c9-2a5c-472c-8df2-7ff2be2b3b1b" + , snsTimestamp = "2012-04-26T20:45:04.751Z" + , snsTopicArn = "arn:aws:sns:us-west-2:123456789012:MyTopic" + , snsType = "UnsubscribeConfirmation" + , snsSignatureVersion = "1" + , snsSignature = + "fKtmZTE6xvGhbcCTchFPLmuhdoXI7hxWrE9qe1RjeLDecMaZGmqsn4rOrFDsteqot4ItLuJqvV7RtImGXrMa/JNnZdP71lG6FdrKTiGqZNrnxZZYbIuZMAsSQM4E8VaRwbxLXuPQY9IYFP4y9GfsdpDYx0tpbXOxGz/JFVQjTFpHY55BmV6Ec73g0X/eLSEdKfHtWg/gVf6W27ewa40jXvaa78VmcVXbPXIKwzGgSSSe9t6xxVe0kLjKXaDyJTl3rbZJZJgBLInbychWNq1vGHGZQhtCyxjKRfKIWNWDbHdM/fUBGUhuv089CblWpq8g/21HiJ9n+S3VSn0hCXB5hg==" + , snsSigningCertURL = cert + , snsTypePayload = UnsubscribeConfirmation subscription + } x `shouldBe` Right (SNSUnsubscribe subscription) cert :: Text diff --git a/tests/Amazon/SNS/VerifySpec.hs b/tests/Amazon/SNS/VerifySpec.hs index b8eefa6..1e5e595 100644 --- a/tests/Amazon/SNS/VerifySpec.hs +++ b/tests/Amazon/SNS/VerifySpec.hs @@ -13,8 +13,8 @@ spec :: Spec spec = around_ useCertServer $ do describe "verifySNSMessage" $ do it "successfully validates an SNS notification" $ do - let - payload = [aesonQQ| + let payload = + [aesonQQ| { Message: "Some message" , MessageId: "78d4d7a0-a3eb-5c4d-834f-8d5fa9813ab6" , Timestamp: "2022-05-18T14:52:26.952Z" @@ -31,8 +31,8 @@ spec = around_ useCertServer $ do x `shouldBe` "Some message" it "successfully confirms a subscription" $ do - let - payload = [aesonQQ| + let payload = + [aesonQQ| { Message: "Some message" , MessageId: "78d4d7a0-a3eb-5c4d-834f-8d5fa9813ab6" , Timestamp: "2022-05-18T14:52:26.952Z" @@ -48,7 +48,7 @@ spec = around_ useCertServer $ do |] verifySNSMessage payload - `shouldThrow` (\case - SubscribeMessageResponded -> True - _ -> False + `shouldThrow` ( \case + SubscribeMessageResponded -> True + _ -> False ) From 1ae161c5d105e95457f3345d93671518e281c96d Mon Sep 17 00:00:00 2001 From: patrick brisbin Date: Wed, 26 Jul 2023 09:23:38 -0400 Subject: [PATCH 2/3] Migrate to crypton-x509* packages Removes CI for ghc-8.6 and 8.4. --- .github/workflows/ci.yml | 19 ++++++++----------- aws-sns-verify.cabal | 6 +++--- package.yaml | 6 +++--- stack-lts-12.26.yaml | 1 - stack-lts-12.26.yaml.lock | 12 ------------ stack-lts-14.27.yaml | 1 - stack-lts-14.27.yaml.lock | 12 ------------ stack-lts-16.31.yaml | 5 +++++ stack-lts-16.31.yaml.lock | 32 +++++++++++++++++++++++++++++-- stack-lts-18.28.yaml | 5 +++++ stack-lts-18.28.yaml.lock | 32 +++++++++++++++++++++++++++++-- stack-lts-19.33.yaml | 6 ++++++ stack-lts-19.33.yaml.lock | 40 +++++++++++++++++++++++++++++++++++++++ stack-lts-20.26.yaml | 6 ++++++ stack-lts-20.26.yaml.lock | 40 +++++++++++++++++++++++++++++++++++++++ stack-nightly.yaml | 2 +- stack-nightly.yaml.lock | 8 ++++---- stack.yaml | 9 +++++---- stack.yaml.lock | 32 +++++++++++++++++++++++++------ 19 files changed, 212 insertions(+), 62 deletions(-) delete mode 100644 stack-lts-12.26.yaml delete mode 100644 stack-lts-12.26.yaml.lock delete mode 100644 stack-lts-14.27.yaml delete mode 100644 stack-lts-14.27.yaml.lock create mode 100644 stack-lts-19.33.yaml create mode 100644 stack-lts-19.33.yaml.lock create mode 100644 stack-lts-20.26.yaml create mode 100644 stack-lts-20.26.yaml.lock diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bb8dd09..ee7a875 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,20 +12,17 @@ jobs: strategy: matrix: stack-yaml: - - stack-nightly.yaml # ghc-9.2 - - stack.yaml # ghc-9.0 + - stack-nightly.yaml # ghc-9.6 + - stack.yaml # ghc-9.4 + - stack-lts-20.26.yaml # ghc-9.2 + - stack-lts-19.33.yaml # ghc-9.0 - stack-lts-18.28.yaml # ghc-8.10 - stack-lts-16.31.yaml # ghc-8.8 - - stack-lts-14.27.yaml # ghc-8.6 - - stack-lts-12.26.yaml # ghc-8.4 fail-fast: false steps: - uses: actions/checkout@v3 - - uses: freckle/stack-cache-action@v2 - with: - stack-yaml: ${{ matrix.stack-yaml }} - - uses: freckle/stack-action@v3 + - uses: freckle/stack-action@v4 with: stack-yaml: ${{ matrix.stack-yaml }} stack-arguments: --flag aws-sns-verify:development @@ -33,8 +30,8 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: rwe/actions-hlint-setup@v1 - - uses: rwe/actions-hlint-run@v2 + - uses: actions/checkout@v3 + - uses: haskell/actions/hlint-setup@v2 + - uses: haskell/actions/hlint-run@v2 with: fail-on: warning diff --git a/aws-sns-verify.cabal b/aws-sns-verify.cabal index 32fbd19..bcd7739 100644 --- a/aws-sns-verify.cabal +++ b/aws-sns-verify.cabal @@ -73,6 +73,8 @@ library aeson , base >=4.7 && <5 , bytestring + , crypton-x509 + , crypton-x509-validation , errors , http-conduit , memory @@ -80,8 +82,6 @@ library , pem , regex-tdfa , text - , x509 - , x509-validation default-language: Haskell2010 if impl(ghc >= 8.10) ghc-options: -Wno-missing-safe-haskell-mode -Wno-prepositive-qualified-module @@ -132,13 +132,13 @@ test-suite aws-sns-verify-test , async , aws-sns-verify , base >=4.7 && <5 + , crypton-x509-validation , hspec , http-types , regex-tdfa , text , wai , warp - , x509-validation default-language: Haskell2010 if impl(ghc >= 8.10) ghc-options: -Wno-missing-safe-haskell-mode -Wno-prepositive-qualified-module diff --git a/package.yaml b/package.yaml index 11b3f7c..d5d9ccb 100644 --- a/package.yaml +++ b/package.yaml @@ -85,8 +85,8 @@ library: - pem - regex-tdfa - text - - x509 - - x509-validation + - crypton-x509 + - crypton-x509-validation when: - condition: "flag(development)" cpp-options: -DDEVELOPMENT @@ -109,4 +109,4 @@ tests: - text - wai - warp - - x509-validation + - crypton-x509-validation diff --git a/stack-lts-12.26.yaml b/stack-lts-12.26.yaml deleted file mode 100644 index e09b3ae..0000000 --- a/stack-lts-12.26.yaml +++ /dev/null @@ -1 +0,0 @@ -resolver: lts-12.26 diff --git a/stack-lts-12.26.yaml.lock b/stack-lts-12.26.yaml.lock deleted file mode 100644 index 6bee1e8..0000000 --- a/stack-lts-12.26.yaml.lock +++ /dev/null @@ -1,12 +0,0 @@ -# This file was autogenerated by Stack. -# You should not edit this file by hand. -# For more information, please see the documentation at: -# https://docs.haskellstack.org/en/stable/lock_files - -packages: [] -snapshots: -- completed: - size: 509471 - url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/12/26.yaml - sha256: 95f014df58d0679b1c4a2b7bf2b652b61da8d30de5f571abb0d59015ef678646 - original: lts-12.26 diff --git a/stack-lts-14.27.yaml b/stack-lts-14.27.yaml deleted file mode 100644 index 785b146..0000000 --- a/stack-lts-14.27.yaml +++ /dev/null @@ -1 +0,0 @@ -resolver: lts-14.27 diff --git a/stack-lts-14.27.yaml.lock b/stack-lts-14.27.yaml.lock deleted file mode 100644 index e24dcac..0000000 --- a/stack-lts-14.27.yaml.lock +++ /dev/null @@ -1,12 +0,0 @@ -# This file was autogenerated by Stack. -# You should not edit this file by hand. -# For more information, please see the documentation at: -# https://docs.haskellstack.org/en/stable/lock_files - -packages: [] -snapshots: -- completed: - size: 524996 - url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/14/27.yaml - sha256: 7ea31a280c56bf36ff591a7397cc384d0dff622e7f9e4225b47d8980f019a0f0 - original: lts-14.27 diff --git a/stack-lts-16.31.yaml b/stack-lts-16.31.yaml index 53095f7..a761e11 100644 --- a/stack-lts-16.31.yaml +++ b/stack-lts-16.31.yaml @@ -1 +1,6 @@ resolver: lts-16.31 +extra-deps: + - crypton-0.33 + - crypton-x509-1.7.6 + - crypton-x509-store-1.6.9 + - crypton-x509-validation-1.6.12 diff --git a/stack-lts-16.31.yaml.lock b/stack-lts-16.31.yaml.lock index c222190..c27cb85 100644 --- a/stack-lts-16.31.yaml.lock +++ b/stack-lts-16.31.yaml.lock @@ -3,10 +3,38 @@ # For more information, please see the documentation at: # https://docs.haskellstack.org/en/stable/lock_files -packages: [] +packages: +- completed: + hackage: crypton-0.33@sha256:5e92f29b9b7104d91fcdda1dec9400c9ad1f1791c231cc41ceebd783fb517dee,18202 + pantry-tree: + sha256: 38809499d7f9775ef45cd29ab5c3dc9b283a813f34c1cdc56681b24f8cf8bb4f + size: 23148 + original: + hackage: crypton-0.33 +- completed: + hackage: crypton-x509-1.7.6@sha256:c567657a705b6d6521f9dd2de999bf530d618ec00f3b939df76a41fb0fe94281,2339 + pantry-tree: + sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb + size: 1080 + original: + hackage: crypton-x509-1.7.6 +- completed: + hackage: crypton-x509-store-1.6.9@sha256:422b9b9f87a7382c66385d047615b16fc86a68c08ea22b1e0117c143a2d44050,1750 + pantry-tree: + sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3 + size: 406 + original: + hackage: crypton-x509-store-1.6.9 +- completed: + hackage: crypton-x509-validation-1.6.12@sha256:85989721b64be4b90de9f66ef641c26f57575cffed1a50d707065fb60176f386,2227 + pantry-tree: + sha256: d4a0135f11218614fcd912cffaf54de8f749caca8696380e2589cbcfd64cc681 + size: 639 + original: + hackage: crypton-x509-validation-1.6.12 snapshots: - completed: + sha256: 637fb77049b25560622a224845b7acfe81a09fdb6a96a3c75997a10b651667f6 size: 534126 url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/16/31.yaml - sha256: 637fb77049b25560622a224845b7acfe81a09fdb6a96a3c75997a10b651667f6 original: lts-16.31 diff --git a/stack-lts-18.28.yaml b/stack-lts-18.28.yaml index 773d5c9..8512d54 100644 --- a/stack-lts-18.28.yaml +++ b/stack-lts-18.28.yaml @@ -1 +1,6 @@ resolver: lts-18.28 +extra-deps: + - crypton-0.33 + - crypton-x509-1.7.6 + - crypton-x509-store-1.6.9 + - crypton-x509-validation-1.6.12 diff --git a/stack-lts-18.28.yaml.lock b/stack-lts-18.28.yaml.lock index 7af0442..810905b 100644 --- a/stack-lts-18.28.yaml.lock +++ b/stack-lts-18.28.yaml.lock @@ -3,10 +3,38 @@ # For more information, please see the documentation at: # https://docs.haskellstack.org/en/stable/lock_files -packages: [] +packages: +- completed: + hackage: crypton-0.33@sha256:5e92f29b9b7104d91fcdda1dec9400c9ad1f1791c231cc41ceebd783fb517dee,18202 + pantry-tree: + sha256: 38809499d7f9775ef45cd29ab5c3dc9b283a813f34c1cdc56681b24f8cf8bb4f + size: 23148 + original: + hackage: crypton-0.33 +- completed: + hackage: crypton-x509-1.7.6@sha256:c567657a705b6d6521f9dd2de999bf530d618ec00f3b939df76a41fb0fe94281,2339 + pantry-tree: + sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb + size: 1080 + original: + hackage: crypton-x509-1.7.6 +- completed: + hackage: crypton-x509-store-1.6.9@sha256:422b9b9f87a7382c66385d047615b16fc86a68c08ea22b1e0117c143a2d44050,1750 + pantry-tree: + sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3 + size: 406 + original: + hackage: crypton-x509-store-1.6.9 +- completed: + hackage: crypton-x509-validation-1.6.12@sha256:85989721b64be4b90de9f66ef641c26f57575cffed1a50d707065fb60176f386,2227 + pantry-tree: + sha256: d4a0135f11218614fcd912cffaf54de8f749caca8696380e2589cbcfd64cc681 + size: 639 + original: + hackage: crypton-x509-validation-1.6.12 snapshots: - completed: + sha256: 428ec8d5ce932190d3cbe266b9eb3c175cd81e984babf876b64019e2cbe4ea68 size: 590100 url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/18/28.yaml - sha256: 428ec8d5ce932190d3cbe266b9eb3c175cd81e984babf876b64019e2cbe4ea68 original: lts-18.28 diff --git a/stack-lts-19.33.yaml b/stack-lts-19.33.yaml new file mode 100644 index 0000000..9cf68b5 --- /dev/null +++ b/stack-lts-19.33.yaml @@ -0,0 +1,6 @@ +resolver: lts-19.33 +extra-deps: + - crypton-0.33 + - crypton-x509-1.7.6 + - crypton-x509-store-1.6.9 + - crypton-x509-validation-1.6.12 diff --git a/stack-lts-19.33.yaml.lock b/stack-lts-19.33.yaml.lock new file mode 100644 index 0000000..8c7a414 --- /dev/null +++ b/stack-lts-19.33.yaml.lock @@ -0,0 +1,40 @@ +# This file was autogenerated by Stack. +# You should not edit this file by hand. +# For more information, please see the documentation at: +# https://docs.haskellstack.org/en/stable/lock_files + +packages: +- completed: + hackage: crypton-0.33@sha256:5e92f29b9b7104d91fcdda1dec9400c9ad1f1791c231cc41ceebd783fb517dee,18202 + pantry-tree: + sha256: 38809499d7f9775ef45cd29ab5c3dc9b283a813f34c1cdc56681b24f8cf8bb4f + size: 23148 + original: + hackage: crypton-0.33 +- completed: + hackage: crypton-x509-1.7.6@sha256:c567657a705b6d6521f9dd2de999bf530d618ec00f3b939df76a41fb0fe94281,2339 + pantry-tree: + sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb + size: 1080 + original: + hackage: crypton-x509-1.7.6 +- completed: + hackage: crypton-x509-store-1.6.9@sha256:422b9b9f87a7382c66385d047615b16fc86a68c08ea22b1e0117c143a2d44050,1750 + pantry-tree: + sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3 + size: 406 + original: + hackage: crypton-x509-store-1.6.9 +- completed: + hackage: crypton-x509-validation-1.6.12@sha256:85989721b64be4b90de9f66ef641c26f57575cffed1a50d707065fb60176f386,2227 + pantry-tree: + sha256: d4a0135f11218614fcd912cffaf54de8f749caca8696380e2589cbcfd64cc681 + size: 639 + original: + hackage: crypton-x509-validation-1.6.12 +snapshots: +- completed: + sha256: 6d1532d40621957a25bad5195bfca7938e8a06d923c91bc52aa0f3c41181f2d4 + size: 619204 + url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/19/33.yaml + original: lts-19.33 diff --git a/stack-lts-20.26.yaml b/stack-lts-20.26.yaml new file mode 100644 index 0000000..9647ea2 --- /dev/null +++ b/stack-lts-20.26.yaml @@ -0,0 +1,6 @@ +resolver: lts-20.26 +extra-deps: + - crypton-0.33 + - crypton-x509-1.7.6 + - crypton-x509-store-1.6.9 + - crypton-x509-validation-1.6.12 diff --git a/stack-lts-20.26.yaml.lock b/stack-lts-20.26.yaml.lock new file mode 100644 index 0000000..3824812 --- /dev/null +++ b/stack-lts-20.26.yaml.lock @@ -0,0 +1,40 @@ +# This file was autogenerated by Stack. +# You should not edit this file by hand. +# For more information, please see the documentation at: +# https://docs.haskellstack.org/en/stable/lock_files + +packages: +- completed: + hackage: crypton-0.33@sha256:5e92f29b9b7104d91fcdda1dec9400c9ad1f1791c231cc41ceebd783fb517dee,18202 + pantry-tree: + sha256: 38809499d7f9775ef45cd29ab5c3dc9b283a813f34c1cdc56681b24f8cf8bb4f + size: 23148 + original: + hackage: crypton-0.33 +- completed: + hackage: crypton-x509-1.7.6@sha256:c567657a705b6d6521f9dd2de999bf530d618ec00f3b939df76a41fb0fe94281,2339 + pantry-tree: + sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb + size: 1080 + original: + hackage: crypton-x509-1.7.6 +- completed: + hackage: crypton-x509-store-1.6.9@sha256:422b9b9f87a7382c66385d047615b16fc86a68c08ea22b1e0117c143a2d44050,1750 + pantry-tree: + sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3 + size: 406 + original: + hackage: crypton-x509-store-1.6.9 +- completed: + hackage: crypton-x509-validation-1.6.12@sha256:85989721b64be4b90de9f66ef641c26f57575cffed1a50d707065fb60176f386,2227 + pantry-tree: + sha256: d4a0135f11218614fcd912cffaf54de8f749caca8696380e2589cbcfd64cc681 + size: 639 + original: + hackage: crypton-x509-validation-1.6.12 +snapshots: +- completed: + sha256: 5a59b2a405b3aba3c00188453be172b85893cab8ebc352b1ef58b0eae5d248a2 + size: 650475 + url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/20/26.yaml + original: lts-20.26 diff --git a/stack-nightly.yaml b/stack-nightly.yaml index 992c48c..ba559fb 100644 --- a/stack-nightly.yaml +++ b/stack-nightly.yaml @@ -1 +1 @@ -resolver: nightly-2022-05-20 +resolver: nightly-2023-07-25 diff --git a/stack-nightly.yaml.lock b/stack-nightly.yaml.lock index eedded3..5c8a85d 100644 --- a/stack-nightly.yaml.lock +++ b/stack-nightly.yaml.lock @@ -6,7 +6,7 @@ packages: [] snapshots: - completed: - size: 588043 - url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/nightly/2022/5/20.yaml - sha256: 7800e52de866bab899c118558f3a48e455f9f57fb3b3595e0002018fbea5ee58 - original: nightly-2022-05-20 + sha256: e4162106c3c7d9a71f1034ab31582fbeee1cc5b3266a49c0d52f577a6002df8e + size: 559903 + url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/nightly/2023/7/25.yaml + original: nightly-2023-07-25 diff --git a/stack.yaml b/stack.yaml index 6931c99..8766a39 100644 --- a/stack.yaml +++ b/stack.yaml @@ -1,4 +1,5 @@ -resolver: - url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/19/9.yaml -packages: - - . +resolver: lts-21.0 +extra-deps: + - crypton-x509-1.7.6 + - crypton-x509-store-1.6.9 + - crypton-x509-validation-1.6.12 diff --git a/stack.yaml.lock b/stack.yaml.lock index 7a63f03..0b41bb0 100644 --- a/stack.yaml.lock +++ b/stack.yaml.lock @@ -3,11 +3,31 @@ # For more information, please see the documentation at: # https://docs.haskellstack.org/en/stable/lock_files -packages: [] -snapshots: +packages: +- completed: + hackage: crypton-x509-1.7.6@sha256:c567657a705b6d6521f9dd2de999bf530d618ec00f3b939df76a41fb0fe94281,2339 + pantry-tree: + sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb + size: 1080 + original: + hackage: crypton-x509-1.7.6 - completed: - size: 618507 - url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/19/9.yaml - sha256: 190a93d09d9d7bccc78a0f00d6fc0350eed76bc533611e5971202800805dd00e + hackage: crypton-x509-store-1.6.9@sha256:422b9b9f87a7382c66385d047615b16fc86a68c08ea22b1e0117c143a2d44050,1750 + pantry-tree: + sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3 + size: 406 original: - url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/19/9.yaml + hackage: crypton-x509-store-1.6.9 +- completed: + hackage: crypton-x509-validation-1.6.12@sha256:85989721b64be4b90de9f66ef641c26f57575cffed1a50d707065fb60176f386,2227 + pantry-tree: + sha256: d4a0135f11218614fcd912cffaf54de8f749caca8696380e2589cbcfd64cc681 + size: 639 + original: + hackage: crypton-x509-validation-1.6.12 +snapshots: +- completed: + sha256: 1867d84255dff8c87373f5dd03e5a5cb1c10a99587e26c8793e750c54e83ffdc + size: 639139 + url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/21/0.yaml + original: lts-21.0 From f7601696f1881cfe967d09ae63f8baddfdabce48 Mon Sep 17 00:00:00 2001 From: patrick brisbin Date: Wed, 26 Jul 2023 09:24:48 -0400 Subject: [PATCH 3/3] Version bump --- CHANGELOG.md | 11 ++++++++--- aws-sns-verify.cabal | 2 +- package.yaml | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9ca76ba..0afde46 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,15 @@ -## [_Unreleased_](https://github.com/freckle/aws-sns-verify/compare/v0.0.0.2...main) +## [_Unreleased_](https://github.com/freckle/aws-sns-verify/compare/v0.0.0.3...main) -## [v0.0.0.2](https://github.com/freckle/aws-sns-verify/compare/v0.0.0.2...v0.0.0.1) +## [v0.0.0.3](https://github.com/freckle/aws-sns-verify/compare/v0.0.0.2...v0.0.0.3) + +- Migrate to `crypton-x509*` +- Remove CI for GHC's 8.6 and 8.8 + +## [v0.0.0.2](https://github.com/freckle/aws-sns-verify/compare/v0.0.0.1...v0.0.0.2) - Validate PEM has come from AWS before checking signature. -## [v0.0.0.1](https://github.com/freckle/aws-sns-verify/compare/v0.0.0.1...v0.0.0.0) +## [v0.0.0.1](https://github.com/freckle/aws-sns-verify/compare/v0.0.0.0...v0.0.0.1) - Fix typo in subscribe signature diff --git a/aws-sns-verify.cabal b/aws-sns-verify.cabal index bcd7739..a319d2d 100644 --- a/aws-sns-verify.cabal +++ b/aws-sns-verify.cabal @@ -5,7 +5,7 @@ cabal-version: 1.18 -- see: https://github.com/sol/hpack name: aws-sns-verify -version: 0.0.0.2 +version: 0.0.0.3 synopsis: Parse and verify AWS SNS messages description: Please see the README on GitHub at category: Network, Web, AWS, Amazon, Cloud, Cryptography, Distributed-Computing diff --git a/package.yaml b/package.yaml index d5d9ccb..fab72c7 100644 --- a/package.yaml +++ b/package.yaml @@ -1,5 +1,5 @@ name: aws-sns-verify -version: 0.0.0.2 +version: 0.0.0.3 github: "freckle/aws-sns-verify" license: MIT author: "Freckle"