| Age | Commit message (Collapse) | Author |
|---|
|
PiperOrigin-RevId: 549602714
|
|
Supporting two public key formats in this example is not necessary. It is better to only use JWK sets, which is probably the most common use case.
This change make the example more similar with the Java example.
PiperOrigin-RevId: 549281076
|
|
Register should always work, when it fails it's a bug, so it's better to not catch that exception.
PiperOrigin-RevId: 549090205
|
|
These currently fail with
```
ImportError: /opt/python/cp310-cp310/lib/python3.10/site-packages/grpc/_cython/cygrpc.cpython-310-aarch64-linux-gnu.so: undefined symbol: _ZTVNSt7__cxx1119basic_ostringstreamIcSt11char_traitsIcESaIcEEE
```
See https://github.com/grpc/grpc/issues/33734.
PiperOrigin-RevId: 548699295
|
|
PiperOrigin-RevId: 548690159
|
|
PiperOrigin-RevId: 548089740
|
|
Also use a more recent Manylinux image for x84_64.
PiperOrigin-RevId: 547801596
|
|
Register should always work, when it fails it's a bug, so it's better to not catch that exception.
PiperOrigin-RevId: 547728738
|
|
Avoid registering the GcpKmsClient and directly create aead.KmsEnvelopeAead.
PiperOrigin-RevId: 547496577
|
|
PiperOrigin-RevId: 547437927
|
|
* Use Bazelisk instead of Bazel. Bazelisk takes care of using the correct version of Bazel using .bazelversion
* Install protoc 21.12
* Verify SHA256 when installing protoc and Bazelisk
* Remove unneeded call to `bazel clean --expunge`, since this is done as a first step by setup.py
PiperOrigin-RevId: 546261721
|
|
Without it, when used, bazelisk will download and use the latest Bazel available.
PiperOrigin-RevId: 546243630
|
|
compatible with the Aead generated using create_kms_envelope_aead_key_template.
At the same time, clean-up some of the other tests.
PiperOrigin-RevId: 545411901
|
|
PiperOrigin-RevId: 543684366
|
|
PiperOrigin-RevId: 543424290
|
|
PiperOrigin-RevId: 543405912
|
|
KMS Envelope AEAD is a simple way to encrypt data. So using custom
implementations of AEAD is not needed for this.
This also prevents the user from using the envelope encryption key type as DEK by accident.
This change will help us simplify our implementation of KMS Envelope AEAD,
because we will be able to remove the dependency on Tink's Registry.
PiperOrigin-RevId: 542549805
|
|
PiperOrigin-RevId: 541527414
|
|
tools/build_defs/tink_python_rules.py
PiperOrigin-RevId: 540800924
|
|
- Test all supported Tink AEAD key types as DEK.
- Test invalid associated data.
- Replace unused variables with _.
- Update comment in the test that checks the wire format is correct.
PiperOrigin-RevId: 540266669
|
|
This is needed to later give the caller the option of building the binary wheel without overriding the WORKSPACE file.
PiperOrigin-RevId: 539928659
|
|
PiperOrigin-RevId: 539905671
|
|
PiperOrigin-RevId: 539706681
|
|
This isn't necessary since it duplicates the server side check done when the
KeyID is included in the decryption request.
This also enables support for using key aliases.
PiperOrigin-RevId: 538511498
|
|
- Use less restrictive constraints for tink-py deps (google/tink#695) and examples
- Remove `constraints.in`
- Upgrade dependencies in `requirements.txt` and `examples/requirements.txt`
- Use `--require-hashes` when installing `examples/requirements.txt`
PiperOrigin-RevId: 538165507
|
|
--
4dc279cf4bf26160adc42bcba3bcb3717a9a5524 by dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>:
Bump requests from 2.28.1 to 2.31.0
Bumps [requests](https://github.com/psf/requests) from 2.28.1 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.28.1...v2.31.0)
---
updated-dependencies:
- dependency-name: requests
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
PiperOrigin-RevId: 538105391
|
|
PiperOrigin-RevId: 534929793
|
|
- add tests in C++, Go and Python that these languages already do this.
- overload the addNumberClaim so that this also works in Java.
PiperOrigin-RevId: 528083180
|
|
PiperOrigin-RevId: 528007292
|
|
PiperOrigin-RevId: 527815662
|
|
PiperOrigin-RevId: 527809046
|
|
AES SIV allows the user to import a list of associated datas, but Tink only uses a single associated data in its interface. When the user inputs an empty associated data byte sequence, Tink will handle this as a list of one empty byte sequence, and not as an empty list.
PiperOrigin-RevId: 527491521
|
|
If the KmsClient is bound to a key URI, it should reject all other key URIs.
PiperOrigin-RevId: 525378446
|
|
PiperOrigin-RevId: 524249515
|
|
longer dependencies.
PiperOrigin-RevId: 524229076
|
|
This is no longer needed because KMS extensions are now natively implemented in Python.
PiperOrigin-RevId: 524119016
|
|
There is no reason anyone would run these from other targets.
#tinkApiChange Remove public visibility of build targets -- they were never intended to be public.
PiperOrigin-RevId: 523625552
|
|
The old AwsKmsClient (based on C++ version) allowed default credentials by setting credentials_path = ''. The new version does not allow this anymore, which is a bug. This change fixes that bug.
The change also allows the parameters to be None and not just '', which is the pythonic way to pass optional parameters. And we also properly annotate them.
PiperOrigin-RevId: 522047566
|
|
PiperOrigin-RevId: 521675560
|
|
This is not needed anymore, as we are anow using Python implementations.
PiperOrigin-RevId: 521468455
|
|
PiperOrigin-RevId: 521439181
|
|
This function is not part of the public API.
By calling reset_kms_client after each test, the tests that register clients don't have side-effects, which is preferable.
Also, move the tests that register GCP KMS clients into the same file, and always call register at the beginning of each test instead of these module setup.
PiperOrigin-RevId: 521430908
|
|
This is not needed anymore, since the fake KMS client is now implemented in Python.
PiperOrigin-RevId: 521408438
|
|
integration.
This should not change the behavior of the current API, it implements the same as
cc/integration/awskms/aws_kms_client.cc
in Python.
PiperOrigin-RevId: 520254665
|
|
PiperOrigin-RevId: 520027764
|
|
does_support should always return False for other KMSs.
PiperOrigin-RevId: 519765775
|
|
Make them similar to the GCP KMS integration tests.
Also, move the test of the register function into the integration tests,
and check that register really worked.
PiperOrigin-RevId: 519666171
|
|
PiperOrigin-RevId: 518816624
|
|
Also, remove the registration test, because registration is tested in
_gcp_kms_integration_test.py.
And rewrite some other tests.
PiperOrigin-RevId: 518800724
|
|
These are integration tests that make RPC calls to the real KMS. So it is better to put the word "integration" in the file name.
PiperOrigin-RevId: 518548866
|
