diff --git a/integration/default.nix b/integration/default.nix index 15ef55849c..c21551bcd6 100644 --- a/integration/default.nix +++ b/integration/default.nix @@ -17,7 +17,7 @@ , containers , cql , cql-io -, cryptonite +, crypton , data-default , data-timeout , deriving-aeson @@ -90,7 +90,7 @@ mkDerivation { containers cql cql-io - cryptonite + crypton data-default data-timeout deriving-aeson diff --git a/integration/integration.cabal b/integration/integration.cabal index f28655943e..e31f550f90 100644 --- a/integration/integration.cabal +++ b/integration/integration.cabal @@ -155,7 +155,7 @@ library , containers , cql , cql-io - , cryptonite + , crypton , data-default , data-timeout , deriving-aeson diff --git a/libs/bilge/bilge.cabal b/libs/bilge/bilge.cabal index acbad6b592..4b88843ece 100644 --- a/libs/bilge/bilge.cabal +++ b/libs/bilge/bilge.cabal @@ -84,7 +84,7 @@ library , cookie , errors >=1.4 , exceptions >=0.6 - , http-client >=0.5 + , http-client >=0.7 , http-types >=0.8 , imports , lens diff --git a/libs/bilge/src/Bilge/IO.hs b/libs/bilge/src/Bilge/IO.hs index 0098190a93..655cc04f85 100644 --- a/libs/bilge/src/Bilge/IO.hs +++ b/libs/bilge/src/Bilge/IO.hs @@ -145,7 +145,7 @@ instance MonadIO m => MonadHttp (SessionT m) where wResponse :: WaiTest.SResponse <- liftSession $ WaiTest.srequest (WaiTest.SRequest wRequest reqBody) bodyReader <- liftIO $ trivialBodyReader $ LBS.toStrict $ WaiTest.simpleBody wResponse let bilgeResponse :: Response BodyReader - bilgeResponse = toBilgeResponse bodyReader wResponse + bilgeResponse = toBilgeResponse bodyReader wResponse req liftIO $ cont bilgeResponse where @@ -162,14 +162,15 @@ instance MonadIO m => MonadHttp (SessionT m) where Wai.requestHeaderReferer = lookupHeader "REFERER" req, Wai.requestHeaderUserAgent = lookupHeader "USER-AGENT" req } - toBilgeResponse :: BodyReader -> WaiTest.SResponse -> Response BodyReader - toBilgeResponse bodyReader WaiTest.SResponse {WaiTest.simpleStatus, WaiTest.simpleHeaders} = + toBilgeResponse :: BodyReader -> WaiTest.SResponse -> Client.Request -> Response BodyReader + toBilgeResponse bodyReader WaiTest.SResponse {WaiTest.simpleStatus, WaiTest.simpleHeaders} originalReq = Client.Response { responseStatus = simpleStatus, -- I just picked an arbitrary version; shouldn't matter. responseVersion = http11, responseHeaders = simpleHeaders, responseBody = bodyReader, + responseOriginalRequest = originalReq, Client.responseCookieJar = mempty, Client.responseClose' = Client.ResponseClose $ pure () } diff --git a/libs/galley-types/default.nix b/libs/galley-types/default.nix index 5b51cac80f..9fb082913e 100644 --- a/libs/galley-types/default.nix +++ b/libs/galley-types/default.nix @@ -8,7 +8,7 @@ , bytestring , bytestring-conversion , containers -, cryptonite +, crypton , errors , gitignoreSource , imports @@ -35,7 +35,7 @@ mkDerivation { bytestring bytestring-conversion containers - cryptonite + crypton errors imports lens diff --git a/libs/galley-types/galley-types.cabal b/libs/galley-types/galley-types.cabal index 28899adfa0..1183362794 100644 --- a/libs/galley-types/galley-types.cabal +++ b/libs/galley-types/galley-types.cabal @@ -76,7 +76,7 @@ library , bytestring , bytestring-conversion , containers >=0.5 - , cryptonite + , crypton , errors , imports , lens >=4.12 diff --git a/libs/ropes/ropes.cabal b/libs/ropes/ropes.cabal index 3a5bef6e1a..2daebfbccf 100644 --- a/libs/ropes/ropes.cabal +++ b/libs/ropes/ropes.cabal @@ -69,7 +69,7 @@ library , base >=4 && <5 , bytestring >=0.9 , errors >=2.0 - , http-client >=0.5 + , http-client >=0.7 , http-types >=0.7 , imports , iso3166-country-codes >=0.20140203.7 diff --git a/libs/ssl-util/ssl-util.cabal b/libs/ssl-util/ssl-util.cabal index c563e3186d..b011750f93 100644 --- a/libs/ssl-util/ssl-util.cabal +++ b/libs/ssl-util/ssl-util.cabal @@ -67,7 +67,7 @@ library , byteable >=0.1 , bytestring >=0.10 , HsOpenSSL >=0.11 - , http-client >=0.4 + , http-client >=0.7 , imports , time >=1.5 diff --git a/libs/tasty-cannon/tasty-cannon.cabal b/libs/tasty-cannon/tasty-cannon.cabal index a355ec137e..e3e732e929 100644 --- a/libs/tasty-cannon/tasty-cannon.cabal +++ b/libs/tasty-cannon/tasty-cannon.cabal @@ -70,7 +70,7 @@ library , bytestring-conversion , data-timeout , exceptions - , http-client >=0.5 + , http-client >=0.7 , http-types , imports , random diff --git a/libs/types-common/default.nix b/libs/types-common/default.nix index a5c57f5f05..b5dca28e57 100644 --- a/libs/types-common/default.nix +++ b/libs/types-common/default.nix @@ -17,7 +17,7 @@ , containers , cryptohash-md5 , cryptohash-sha1 -, cryptonite +, crypton , currency-codes , data-default , generic-random @@ -73,7 +73,7 @@ mkDerivation { containers cryptohash-md5 cryptohash-sha1 - cryptonite + crypton currency-codes data-default generic-random diff --git a/libs/types-common/src/Data/Misc.hs b/libs/types-common/src/Data/Misc.hs index 915a606dd7..e061b9c445 100644 --- a/libs/types-common/src/Data/Misc.hs +++ b/libs/types-common/src/Data/Misc.hs @@ -62,6 +62,8 @@ module Data.Misc -- * Typesafe FUTUREWORKS FutureWork (..), + from64, + readT, ) where @@ -397,3 +399,17 @@ instance (KnownNat (n :: Nat), Within Text n 1024) => Arbitrary (PlainTextPasswo -- >>> let (FutureWork @'LegalholdPlusFederationNotImplemented -> _remoteUsers, localUsers) -- >>> = partitionQualified domain qualifiedUids newtype FutureWork label payload = FutureWork payload + +------------------------------------------------------------------------------- + +-- | Same as 'read' but works on 'Text' +readT :: Read a => Text -> Maybe a +readT = readMaybe . Text.unpack +{-# INLINE readT #-} + +-- | Decodes a base64 'Text' to a regular 'ByteString' (if possible) +from64 :: Text -> Maybe ByteString +from64 = hush . B64.decode . encodeUtf8 + where + hush = either (const Nothing) Just +{-# INLINE from64 #-} diff --git a/libs/types-common/types-common.cabal b/libs/types-common/types-common.cabal index 4ce602225f..070721fdc8 100644 --- a/libs/types-common/types-common.cabal +++ b/libs/types-common/types-common.cabal @@ -103,7 +103,7 @@ library , containers >=0.5 , cryptohash-md5 >=0.11.7.2 , cryptohash-sha1 >=0.11.7.2 - , cryptonite >=0.26 + , crypton >=0.26 , currency-codes >=3.0.0.1 , data-default >=0.5 , generic-random >=1.4.0.0 diff --git a/libs/wire-api/default.nix b/libs/wire-api/default.nix index 45e9534e5b..87dc1bf9b8 100644 --- a/libs/wire-api/default.nix +++ b/libs/wire-api/default.nix @@ -25,7 +25,8 @@ , constraints , containers , cookie -, cryptonite +, crypton +, crypton-x509 , currency-codes , deriving-aeson , deriving-swagger2 @@ -74,7 +75,6 @@ , saml2-web-sso , schema-profunctor , scientific -, scrypt , servant , servant-client , servant-client-core @@ -107,7 +107,6 @@ , wai-websockets , websockets , wire-message-proto-lens -, x509 , zauth }: mkDerivation { @@ -133,7 +132,8 @@ mkDerivation { constraints containers cookie - cryptonite + crypton + crypton-x509 currency-codes deriving-aeson deriving-swagger2 @@ -176,7 +176,6 @@ mkDerivation { saml2-web-sso schema-profunctor scientific - scrypt servant servant-client servant-client-core @@ -204,7 +203,6 @@ mkDerivation { wai-websockets websockets wire-message-proto-lens - x509 zauth ]; testHaskellDepends = [ @@ -220,7 +218,7 @@ mkDerivation { bytestring-conversion cassava containers - cryptonite + crypton currency-codes either filepath diff --git a/libs/wire-api/src/Wire/API/Password.hs b/libs/wire-api/src/Wire/API/Password.hs index 0ea40695a0..2fc9e88a83 100644 --- a/libs/wire-api/src/Wire/API/Password.hs +++ b/libs/wire-api/src/Wire/API/Password.hs @@ -1,3 +1,4 @@ +{-# LANGUAGE RecordWildCards #-} -- This file is part of the Wire Server implementation. -- -- Copyright (C) 2022 Wire Swiss GmbH @@ -14,27 +15,33 @@ -- -- You should have received a copy of the GNU Affero General Public License along -- with this program. If not, see . +{-# OPTIONS_GHC -Wno-incomplete-uni-patterns #-} module Wire.API.Password ( Password, genPassword, mkSafePassword, verifyPassword, + unsafeMkPassword, ) where import Cassandra -import Crypto.Scrypt +import Crypto.KDF.Scrypt as Scrypt +import Crypto.Random +import Data.ByteArray hiding (length) import Data.ByteString.Base64 qualified as B64 +import Data.ByteString.Char8 qualified as C8 import Data.ByteString.Lazy (fromStrict, toStrict) import Data.Misc +import Data.Text qualified as Text import Data.Text.Encoding qualified as Text import Imports import OpenSSL.Random (randBytes) -- | A derived, stretched password that can be safely stored. newtype Password = Password - {fromPassword :: EncryptedPass} + {fromPassword :: Text} instance Show Password where show _ = "" @@ -42,10 +49,54 @@ instance Show Password where instance Cql Password where ctype = Tagged BlobColumn - fromCql (CqlBlob lbs) = pure . Password . EncryptedPass $ toStrict lbs + fromCql (CqlBlob lbs) = pure . Password . Text.decodeUtf8 . toStrict $ lbs fromCql _ = Left "password: expected blob" - toCql = CqlBlob . fromStrict . getEncryptedPass . fromPassword + toCql = CqlBlob . fromStrict . Text.encodeUtf8 . fromPassword + +unsafeMkPassword :: Text -> Password +unsafeMkPassword = Password + +------------------------------------------------------------------------------- + +data ScryptParameters = ScryptParameters + { -- | Bytes to randomly generate as a unique salt, default is __32__ + saltLength :: Word32, + -- | log2(N) rounds to hash, default is __14__ (i.e. 2^14 rounds) + rounds :: Word32, + -- | Block size, default is __8__ + -- + -- Limits are min: @1@, and max: @blockSize * scryptParallelism < 2 ^ 30@ + blockSize :: Word32, + -- | Parallelism factor, default is __1__ + -- + -- Limits are min: @0@, and max: @blockSize * scryptParallelism < 2 ^ 30@ + parallelism :: Word32, + -- | Output key length in bytes, default is __64__ + outputLength :: Word32 + } + deriving (Eq, Show) + +defaultParams :: ScryptParameters +defaultParams = + ScryptParameters + { saltLength = 32, + rounds = 14, + blockSize = 8, + parallelism = 1, + outputLength = 64 + } + +fromScrypt :: ScryptParameters -> Parameters +fromScrypt scryptParams = + Parameters + { n = 2 ^ scryptParams.rounds, + r = fromIntegral scryptParams.blockSize, + p = fromIntegral scryptParams.parallelism, + outputLength = 64 + } + +------------------------------------------------------------------------------- -- | Generate a strong, random plaintext password of length 16 -- containing only alphanumeric characters, '+' and '/'. @@ -56,14 +107,72 @@ genPassword = -- | Stretch a plaintext password so that it can be safely stored. mkSafePassword :: MonadIO m => PlainTextPassword' t -> m Password -mkSafePassword = liftIO . fmap Password . encryptPassIO' . pass - where - pass = Pass . Text.encodeUtf8 . fromPlainTextPassword +mkSafePassword = fmap Password . hashPassword . Text.encodeUtf8 . fromPlainTextPassword -- | Verify a plaintext password from user input against a stretched -- password from persistent storage. verifyPassword :: PlainTextPassword' t -> Password -> Bool verifyPassword plain opaque = - let actual = Pass . Text.encodeUtf8 $ fromPlainTextPassword plain + let actual = fromPlainTextPassword plain expected = fromPassword opaque - in verifyPass' actual expected + in checkPassword actual expected + +hashPassword :: MonadIO m => ByteString -> m Text +hashPassword password = do + salt <- newSalt $ fromIntegral defaultParams.saltLength + let key = hashPasswordWithSalt password salt + pure $ + Text.intercalate + "|" + [ "14", + "8", + "1", + Text.decodeUtf8 . B64.encode $ salt, + Text.decodeUtf8 . B64.encode $ key + ] + +hashPasswordWithSalt :: ByteString -> ByteString -> ByteString +hashPasswordWithSalt password salt = hashPasswordWithParams defaultParams password salt + +hashPasswordWithParams :: + ( ByteArrayAccess password, + ByteArrayAccess salt + ) => + ScryptParameters -> + password -> + salt -> + ByteString +hashPasswordWithParams parameters password salt = convert (generate (fromScrypt parameters) password salt :: Bytes) + +checkPassword :: Text -> Text -> Bool +checkPassword actual expected = fromMaybe False $ do + (sparams, salt, hashedKey) <- parseScryptPasswordHashParams $ Text.encodeUtf8 expected + let producedKey = hashPasswordWithParams sparams (Text.encodeUtf8 actual) salt + pure $ hashedKey `constEq` producedKey + +newSalt :: MonadIO m => Int -> m ByteString +newSalt i = liftIO $ getRandomBytes i +{-# INLINE newSalt #-} + +parseScryptPasswordHashParams :: ByteString -> Maybe (ScryptParameters, ByteString, ByteString) +parseScryptPasswordHashParams passwordHash = do + let paramList = Text.split (== '|') . Text.decodeUtf8 $ passwordHash + guard $ length paramList == 5 + let [ scryptRoundsT, + scryptBlockSizeT, + scryptParallelismT, + salt64, + hashedKey64 + ] = paramList + rounds <- readT scryptRoundsT + blockSize <- readT scryptBlockSizeT + parallelism <- readT scryptParallelismT + salt <- from64 salt64 + hashedKey <- from64 hashedKey64 + let outputLength = fromIntegral $ C8.length hashedKey + saltLength = fromIntegral $ C8.length salt + pure + ( ScryptParameters {..}, + salt, + hashedKey + ) diff --git a/libs/wire-api/src/Wire/API/User/Orphans.hs b/libs/wire-api/src/Wire/API/User/Orphans.hs index 10ec177a3f..5cb2e0225d 100644 --- a/libs/wire-api/src/Wire/API/User/Orphans.hs +++ b/libs/wire-api/src/Wire/API/User/Orphans.hs @@ -58,7 +58,11 @@ instance ToSchema CountryCode -- FUTUREWORK: Ticket for these changes https://wearezeta.atlassian.net/browse/WPB-3972 -- Preserve the old prefix semantics for types that are coming from outside of this repo. samlSchemaOptions :: SchemaOptions -samlSchemaOptions = fromAesonOptions $ deriveJSONOptions {A.fieldLabelModifier = fieldMod . dropPrefix} +samlSchemaOptions = + fromAesonOptions $ + deriveJSONOptions + { A.fieldLabelModifier = fieldMod . dropPrefix + } where fieldMod = A.fieldLabelModifier deriveJSONOptions dropPrefix = dropWhile (not . isUpper) @@ -116,9 +120,6 @@ instance HasOpenApi route => HasOpenApi (SM.MultipartForm SM.Mem resp :> route) instance ToSchema SAML.IdPId where declareNamedSchema _ = declareNamedSchema (Proxy @UUID) -instance ToSchema SAML.IdPMetadata where - declareNamedSchema = genericDeclareNamedSchema samlSchemaOptions - instance ToSchema a => ToSchema (SAML.IdPConfig a) where declareNamedSchema = genericDeclareNamedSchema samlSchemaOptions @@ -134,5 +135,8 @@ instance ToParamSchema URI where instance ToSchema X509.SignedCertificate where declareNamedSchema _ = declareNamedSchema (Proxy @String) +instance ToSchema SAML.IdPMetadata where + declareNamedSchema = genericDeclareNamedSchema samlSchemaOptions + instance ToSchema Currency.Alpha where declareNamedSchema = genericDeclareNamedSchema defaultSchemaOptions diff --git a/libs/wire-api/test/unit/Test/Wire/API/Password.hs b/libs/wire-api/test/unit/Test/Wire/API/Password.hs new file mode 100644 index 0000000000..c0958bb88f --- /dev/null +++ b/libs/wire-api/test/unit/Test/Wire/API/Password.hs @@ -0,0 +1,150 @@ +-- This file is part of the Wire Server implementation. +-- +-- Copyright (C) 2022 Wire Swiss GmbH +-- +-- This program is free software: you can redistribute it and/or modify it under +-- the terms of the GNU Affero General Public License as published by the Free +-- Software Foundation, either version 3 of the License, or (at your option) any +-- later version. +-- +-- This program is distributed in the hope that it will be useful, but WITHOUT +-- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +-- FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more +-- details. +-- +-- You should have received a copy of the GNU Affero General Public License along +-- with this program. If not, see . + +module Test.Wire.API.Password where + +import Control.Concurrent.Async +import Data.Misc +import Imports +import Test.Tasty +import Test.Tasty.HUnit +import Wire.API.Password + +tests :: TestTree +tests = + testGroup "Password" $ + [ testCase "hash password" testHashPassword, + testCase "verify compat" verifyPasswordHashingRemainsCompatible + ] + +testHashPassword :: IO () +testHashPassword = do + pwd <- genPassword + hashed <- mkSafePassword pwd + let correct = verifyPassword pwd hashed + assertBool "Password could not be verified" correct + +verifyPasswordHashingRemainsCompatible :: IO () +verifyPasswordHashingRemainsCompatible = do + forConcurrently_ pwds $ \pwd -> + let orig = plainTextPassword8Unsafe (fst pwd) + expected = unsafeMkPassword (snd pwd) + in assertBool "Oops" (verifyPassword orig expected) + where + -- Password and hashes generated using the old code, but verified using the new one. + pwds = + [ ("lwhYzCTR1vT+I+pP", "14|8|1|29yZquOYjEsU69/L/pWGo5gbfVRUT7OnI3gRaUUwQK8=|GEXbL+TScJ6hvF6Xk+bEJLN2Ao0GNz92kjrCHS8WMZi4ZvALwzlLHjfRz5nIVn8v282w3hZrAQp5z1LaZSigDg=="), + ("R/ykkySgkOHt1K0J", "14|8|1|1AacEchBw5IW6k1bDgKGqHiqTgz8eAaVsm5Rc6sP+Ys=|CHuLwmIjYYtWMlRcTEp8Wrc6VKx1j0WN1T3LKsbRyMwIKLlW6Q2bPqWTQe8Koqic6ElSwnrhrvMyKP3v6CVzTw=="), + ("h/YexcYT0wTFIZ9Z", "14|8|1|0OKhg4G9Kyl1Wv+FjTpF9ZeDSR0NtUvHQBx5JyuXNqI=|ir30m+39b4fDjUkPGq/wxPZp/CbRMH1BJq8xOD7w56chh8+NuVEOHnIRy1WJzwhvOFC3CDg2pWsRUlXkVzc/Wg=="), + ("fp7Sy0I6d2eGTfE0", "14|8|1|VOlTLWsX/cHJ/U6krgtZHvhqHaBMangPrn17VmJmbiA=|Hv/DOHjdlI1O1z91RuqdbX07FB8VXPczdbdkCA89AbhDdTrmNXIuPsmRiMH4AT5xFTlVUl3iz1JJglJVC4oGsw=="), + ("449YLdcsJBHpSCRo", "14|8|1|t4tH+FEQYotXzHkvJI/eCXo2POnoW8X+QlvuPEKIPwg=|ouZUgnSmX1cKC7IWxDCce+c4eAeV5nNpOSLnVneUuXhHg7OpDh1geGx4ZuQoFh1rgrXABv8rN63tUBRZa9BwpQ=="), + ("YM54PEf5tbxvgHDA", "14|8|1|1y60wx8ZUDMvKMotpOq6/wQaNiLaXuxIZ+v0Ta0BBlc=|4nFAKRB2XO7pDFKBgyiGGCzdSrfxToOXGt/7C4Nd0DUAdwtC0xjsxIYDxz4H2a//7+jkOJEtf2ZvErL5bQnj4w=="), + ("mJ9ahzt6t7bRyUdn", "14|8|1|X/giroOjUv9rhkg8+LUim74mns8ukzzPkuSlZJ2yh6o=|HSpPoq3MArmUNa1XtlQtaE0nIRvY6NjBBeAlpFRCbYJD24mMD7x8oCruk3g6WhZaqsEJlAOc/4YsXNM2hoqDxg=="), + ("Z6xgZY2qZVpbMXiP", "14|8|1|YIndWYeHLhN9+lcfaQhDGX/59Uwp1uk3gNKo6gu8cN8=|S4OlvgGXYmdYbc0ISBeBmQziMzw43DvAQX23I4wen36prNM0+3tlneUk3R9DSpWd7cq4fNJ+86sKBRqluUY4OA=="), + ("rGW9WwUA7SF/rXKg", "14|8|1|/yMWRpHNC9W1eWvWq2pw9HZ+tNiYZxkawo8C6MUUejU=|UPQ2Qxg9MWSU+h7T8vDBHO8SS1nu0btOwCLYqUzNUJmKGzMXmqaJIZNfcHjMCcPpOJ5h2kom8OryCNmCT8E8/w=="), + ("H/NZgddnVnXnHEvl", "14|8|1|kCB5tpixot7aFdqUCDvgcx7DVJVtB0wkEbcibU4t0Ow=|VYBnPFwQ1RIu3+dl7jMNZ8FhS+cOtAYzEdousq7b7usEYMC1x2X4BpCN1p4HZdOSeUMfyLYLcPWGnDmZV8AxXQ=="), + ("+rxjCEFJUlPcTw03", "14|8|1|rh8QqsT7mVK6OFc44KAjND/mnUJ9FVZu3UUAaJg5DtQ=|Vp8yFa+/KRbn9LX6QJtojj9HUD+75+aEJcpKAgZVjgw5VTp4vBHo+o4ODz3iecZOwoqJekdeXhSrxFt1XqZH8Q=="), + ("3RhBMjbTXdxswtMM", "14|8|1|w6KBOim6WjBjwwX3BnclATljZr4L/MGs3xHD47XXqgY=|ipORYUItqpATtgIZRyr34i8a7DMIKPHTprj/Ed2E0he26dUnV0baJW/2dT8krHkOmYnxcR34173VttxfXK0nlA=="), + ("L7EdjHTHOG0syQ/6", "14|8|1|JvcFlj2dg9MidZwVpd5EPx9/QwXyeXngG8k9PpLbMq4=|2Bq0ZbhxGFzjgEb2BhBMve8DHDTSOG2wRu1MctM4Twl+HJkRLooaae1T3+iTrUUruMepJ9u+h/wcSGxmRbGy5w=="), + ("QowqJd9d8rlhbuPi", "14|8|1|HUep9F/ykGh114ydrrQssbO1EuhPTfKJ/exe0ygPqKs=|2FFjKYmeytf+mV7ASOtuCf2/cexG4mouLfv6N/xfodKCdWG9CS0CrP5YB29+G28gZuILcab7BE00rutNctwH1g=="), + ("nkLknHOIyrb2QUFJ", "14|8|1|kO5Xx9EWiGnznsVscifdwRnr8c755iTnhl9/qJMTtV0=|uWP+kUY/Xm4XAwTwW9B9lf/CpmLQqjlTdhqcwO9hrqkFnVGcxAMP2x916yqyxSkaqoZr2bVJFiIZ5ZbXrjXttw=="), + ("9B0Y7aWla9nPYUbp", "14|8|1|VZSpYCm0Lu67iHcRcEpbKexv9EYY2sal4c30ppPF0Qc=|ko6TXDjthYNCARXdAR8RSYP//Fx7FxcrEGBgRsVPw46Kt3SxKrOpwQYXraQttkvUWMBF5xc8YbFLqSo81G2vqw=="), + ("o3VBCRWV0bAbgWnv", "14|8|1|D5aDM6SHFX+FEibenKs5zUiclcz0T56lZpWohDqZJoU=|8p7bQIvx4iTQdlcTNNli0E/wplb0XN+XzDd6uEZveSHwcjeqmIWt1xX/OhHXRcOaC6xKq0eU7oAoUGGiOnt4WQ=="), + ("z/6/bTEs+wSvsIUd", "14|8|1|+dpZximHa5f8XS82y2hLbgaKkWXQmS42PQpTP7tLt7A=|lJ7EBwXozSoYQLRyLTtzwWNtHV2VOxE10cnqwTkMQqDdSB/zzFEcTIk/ElgMJZetF7bTjWf7sE1WU3VHN3501w=="), + ("vf1i8JYTbpN3V5O5", "14|8|1|CkH8gPbM/M+6fxl8Rms6jfTNGiPZmPT+/Ki4M64U77g=|eqLAEPG+9eZ2quo9TUThPP2NwD8DQ5/dd3aI38Si2PQAkN5MJTfbXRPGrDzLmp051F1GyKqbRBcYRWQgI8HFFA=="), + ("pup6bBbVPAb+edar", "14|8|1|E72fxikULVIl54GksditvLKJsPFzt8RNDNcGZbUNmTI=|hCSBoy6ZlfxNO0ChAegfUFxl5IGKF/ZIO2DJKOUG2RBr8n6KImBpgUQSEo1jsR9I/DrzRuCw7UL9fd4cKf+W7Q=="), + ("Qrg05H92ntHnN2K+", "14|8|1|d6kJMrJltSAh43q3IX9/X5fFa27D7zYWkIsom0ujUH4=|uN6rLZCwQi2jlKAwbC3Msm8pSJJvlISmij6NIz3jmfaJg7zRdOzzzqvE+5bdrf4fAB5EzIpTOmjPYANUTdCRiA=="), + ("oBk+Q+WXzocciKaW", "14|8|1|on4eGwZ6/5xSAltQpBvpkuMDEE0ToF97wW5TC8CsuhQ=|u8iakhgtB3ZQSin5+5ua/44kN/HzBigrWDfTKej/tUG1SBcVmYM7x8kNUjOVMF0Wrn8hSMhrzpKlNQTT7Q40Gg=="), + ("vSw7uJWJCbjIOcJ9", "14|8|1|p5iimRt8btc0m2hhLneJ/3xUIH1L78DJWh9RgwKsOCA=|RwVZLSgCzTpW7r1sb7Visit9HKlwf0g/F1x+fCjeJNxyEwSO1r8vYM0zVX/MiQYX7KvW9mao7HAZgEL57hg5mg=="), + ("32ujVp96TlY7/qCW", "14|8|1|rleWgMYXT72g66DV9cLEtSLwd+tDwlhynPbOxm5C6fY=|FCs8vrRbTxcfIx+MDWwuYhnjihDXghdmvnNYMKG18vGCJoX4o0AoOaabT4RxOqWl27Iku2/7DAI5xWFmTy8f9g=="), + ("eT5vTKpz4xhaH9Ca", "14|8|1|OAQqP4bBYU89MIiJJkfb2lSUYijP9s9QkJP4Uv2mBq0=|JDu+VabatvtrnvpC7sjf61tnz0ESDKEnIlk0bXx9gJXcraUSvxMzu+aXWuo0lIKL+cH32A4jMSXqBWHmnTvnxw=="), + ("99ozkfy4O0tMoWgH", "14|8|1|qRgQHFUq/+jP4+7pA9YhgtTXOCpDxJdtsanphRaVdeo=|g/aRgHW6U8EkITttA4nJBtu3Kaz6+Ka0lmkwSKvxyMXWlfDsQ6cDwwtopQN6mnlQabOrvjo5b3YBZcmx+N4Beg=="), + ("bpkCrjhCA68cz7zu", "14|8|1|KdnzSkqIMLMVgB1Ykb6CkEf7/XJ4v5JzDj5GukrrPyA=|TL5PpghTgOXkGnZR0a7TZ9AgFYhOW3BKA6sp2u4mcRBK069R0Ohnnx6lRSoNLAKkfcZVP21s/qxE6lZl7kU7Lg=="), + ("+OhUUQfp/58Ose7e", "14|8|1|4n3CN6h88DmHN9DbqNlfYGw3Xf7lCY0wwU3YCKkIEZg=|4GfY4TR/gFi7TSRfwh8fA0Ce8Wqk/wxHE5RjhfDu+HuDgklkV8uq2JR8zRco/3GeN8G3slO+hBca+PZBeDXezw=="), + ("3y8YelUEHUDTE4CQ", "14|8|1|69CI1CtHh0gEd1dWw6sV67fW4oweLY2fNGRwAEFN4ac=|VPdPMyqUYuBE2BqwC/mnnJ7KHcCVO58pn1NbuJmFxcprRoPW1hYfa4aDIZxQaqJ0J/lq/yi1EC9xrRfR5Kokew=="), + ("rBl8TRPoog8agdqS", "14|8|1|72Abdc/fug8PuPknzl3ne1R6km99xSz5V9aBSJ72Cw4=|OPBZVbDaQQdFX8rekXjkGpxfju/tXbx7hE9lfSTTH3PWnE2XDCoENy8IKFY4r1HeYj/rbxpeKDoJ9jBTA3qa0g=="), + ("5V2xcDSRkOF/2XbJ", "14|8|1|WEOM8EzH6jja6US61JkEJMCVZUvPpH8J+u2KKsvaI6U=|WvkQVH35PtwZMw/SyzpZcPcppUHBCc0e9q0rwDCw+Iwr2VdyW1S3bmdobNwf5LsaWyNP1WHJRM8EUYUhVtCBYw=="), + ("sIOSeNsLdE5VdMqv", "14|8|1|dAk6BZ97zHSBzPeC0lPe/iiJyIRC1aEAGC0V2B+SDUU=|sbOrxZjKHNyI3zs/1O7NU7/J8ggM6E0T2hFAQHlhldF0lOU5T9FOZCtWluPxlGTKXV8k7OoUODG8G2FmriKP5w=="), + ("XzgftJKaEss4Kp/R", "14|8|1|C3sZ+MlncOznuy+tsRRfJ+d5seWRfhR0lYd0tiEeANU=|3BcQEgBt6Gj2Uaxi/vkTDKkEnXREu8gpoVRid4v8C2cNZsUqudAXg/xa8vKqTGn83LZn6hyfC3e/NmtikEv3AA=="), + ("YHBi9soc2KUag7ru", "14|8|1|mxTzz87MsBpgD+JOCgGvMZaNicI6hN3mFJV7o1K6WOg=|FY+cZkQukCqGCUvlLqZn2558e7UpR7ejUMmcbY9aBI6uph64jEezADWn9STpOt29b6yRAAP3TBGxNSAI29GzQw=="), + ("Z3TcCRyn+uiuw6LO", "14|8|1|ssSmWw49rT0zo7ifSGKuM2sdLuf0WtWqMQQc9nofKGQ=|8sJ73YdVLsS+RJzBcXU7QzE1fzO1YIDy3pXZTovMpOZhTZP7YMJ6P6Tz5OlLRecZy6y3BiqcuVXAtEEBBaXsng=="), + ("heZyZHzPqxy3ieww", "14|8|1|lFj9SeEfcHxGjYKaMqLSTdzRYM6S1ZUZ5Vp19qpx+fE=|lt3tBxV5xGhD5ig2NO1BnL3prljbibx2NhVltD1/z7lfEUPuzYcQamsRhnY7QRiTv0zgT2CubttLhAeqmXPsJA=="), + ("Fdc8/5Vi2EOOFLVP", "14|8|1|q9JKhlMLkfazxhdJUJ1+32P31+B9bWrsMBnPNeVDoSk=|UnEeAGfK93Y0rWv9vLZzpVUjzPvcvFCtM+tq5s/e2fUaFCSfTI+U4RlxUn79+TqsN7Ag+8Gisy+zxJlZ4KUvrA=="), + ("W1ljK8hDWUsZSTjN", "14|8|1|XiLRnRHXL6DZ7kGTTh+jHesWYqzR9pImoIlzvQDeJvU=|mptBqgCf5Y/PGCk1NeplHZeqJdQybeQqpajcDNp+1oVC2KUY6zpbd+F3Zh4V2cWF3kQNxhE7KcxCX3qBgjxz4Q=="), + ("QBgtS3SlmNz4kJO0", "14|8|1|rURQ+UVwZuoFqM+IuCehoF3sgpA993eV5WgG8xGvF98=|hluvMh8btsoNYWnqdh7GjIRteIqJExPOF6OpVyoJyoc6up7vWike8FdYWSVpdWLKGvy5eW9O5jueXCr7jsZhUw=="), + ("P5nNlt5J6V2WzS3B", "14|8|1|GFhLIRlCUHZxJK0cdy0pr5xrxvSdBmYUJIqsZzzS80s=|itQd6fZvOOwQ5IqXIbQFNBTzmq13oCtrXADfliUqAxxdGX/norzgZUlrhD5jtJxi102jWnD3MoxBK+yq12OE2Q=="), + ("RLD++VJTTStMm3Id", "14|8|1|UkI0pcb477wFMUA/KmuEQLW1FwhlLmfZvTVinvXDy78=|io/zCQi2lhLxmFE7f/4DJcodQ1VfETg//RUnH/0TlCo5hIv7Os7ST6VIKZR+Hy1J1KBSWaMvYNtMBfqmgfFzNg=="), + ("iaGnnjne7XU80g6W", "14|8|1|8hebt5in6IA2EhFskT3z9V8HJCUxdisFxz88CnmHE/k=|QBdlXmhwQ1gQna3dBkxsqG/ymFNVCoBCMJUGpv6sxpNnPzPQGGXhYamX6MZWNXEKDpz1F4s/1OMWeNdXBgOhjw=="), + ("EheWchbJc/XyB4OT", "14|8|1|Q8KoXLkAsXj2B4B5woWZYVX++rEiBuvpUxqtB/a2cDQ=|tq7nHbnO0XuoYfvr87Wlw21goi5s3WE8TEnsMpI0nxOGvqtv6ZE1X+kONSM1yRPjY8yiO+Bcz841uiTud5j4Og=="), + ("UH1ar3Kf3zDu5o8e", "14|8|1|5xPDQU19zk3GLpIuZFp33KKdUDMKW9oZEitOpWOaRyk=|uhi1yNJzqMjAFo2nsgHM9PWAARSJuk+AcXFyMcidROnBWG4BtNUNQK6QkYgl6t5Y8oX0kRVFl+nizQyFv0kFZQ=="), + ("HRX/tRDvcbAUqeWd", "14|8|1|4BpvPBPAeqKI/LRUmS9q+8HVjpgeNVNYsajaI45Ow/Q=|N0BWXr5zaSjp0nqAZq0CYAP+fuP6Oo9kcXQXYIQluGYygIh/6Zm0ibNlY6YmMKEtBDvhS/aND6FXcrN5HAhcrQ=="), + ("zBvOb5kb/DK5x+Jj", "14|8|1|VXJ7wrp0JdFY8hZ+WKZVqkeIc2J3/ZeYF7tUgsnPVN4=|l2QK6PcNa66fJAphrYWbH0yYf3za+ICwpjaJKER1FqaAJaUEmoRaiCjhgSaYa4gSqMwmjp1MY1WYynlUvxyWGQ=="), + ("zRE+1iIYQzgWxvYO", "14|8|1|BsuIqx6NtVApX9fDXNeJ8KrHlWImyR1wc2GOUqaUoXo=|xtYFwdBgpewh+i5ogNnwQteVuf57JYIj8zwtqsxLidOHIseizLiuSvEICkcZUaw5TIPeIzyx5jCkke4yTM+lDQ=="), + ("wto8Huuhsr11cKFQ", "14|8|1|rQvL0c97dj9NJjM+gcIxD4Tohd3pIAsdhUl3QjSg2V4=|jYva5p/Umkg3xjsRhF9/RYhGYYsNaG/GD5/FRY6IdFod+P6ZGTjSAWRCueJrm59arGZbttG71Hc95cr4fG3HFw=="), + ("z6AHJrHA7NwBIa/d", "14|8|1|o6PSlMLEpKZRSVLXCkKnY3A3UaArAsCdcwmsO/99JHA=|5zcK6NltxhD9BHe1roRuYWNaI8ucg2LxCIaoOv+E68lVHqWRETsLKpR9bceKg81QPXaw0e+SYbDxIJsaNvVQGQ=="), + ("gSbzFCU8XzxgeKQH", "14|8|1|1Oo5or8PQIcN22P9+ypF3uGzy+ZUxUUIHbkjbH5NWpg=|SqG8dIDokgEMcWvrlg/tjWxqF+LfHS0Js0awdj1RzfqtWkqFs63s8XdUse1lsikE+gHTv8xtc1g1h1V+UroAVg=="), + ("D53AiX/xp0rgZ7s5", "14|8|1|tM/HHNMhbMQR4ik2MfAmy7THl9dlavxlzaooM07zcIE=|mVyJ8zT8UBhQMe4/bKOGsQRsqZDB8Cj3tZGazrswXfIuntvhXWi4r3eIvczwaKfKTqMVDqsQr6+0/1oIgkUz1w=="), + ("iQUqz/WuvPRktiQn", "14|8|1|rxQkEvDvD4SVUlB45yTi9yNnaiaeyUqigZ9n5RsBPYY=|uYA/7pmlolZCufoDsuECsBXjAMJAQ9EySwp/P+nzyZIpQGO0F0zeoE905SFDidSVkqerzehSXqRMyke7tUXhRg=="), + ("NiSWNXFJGbaxbY/p", "14|8|1|r+VQ23B6cysmEEifqFqyrGVdnj36iQY4/ozVHwTqsQs=|N7uO9+oyVULCA8g0eYD3AkpBiPVBHdUc5YTPaHcL6WRQsAoMOmcg1hoxrYG1X5t+l1uLm1AMbiEyUpp0Bk8GfA=="), + ("Wdwx9+W/nP41bb9R", "14|8|1|NgFyjyFBoZk8gYXsDWIMDEi9va8o1D7djI8IP3Bs1Zg=|Ey2E6r9VARCkagPgZIhFcOmphYZI03Hl1m5rToSxaukHj2cp62IpcxTEslPdom5OUnRF0KnVn7c3dHoXfqG4mw=="), + ("EF6DlVdCTmkmEa62", "14|8|1|mziKcxzzEguNbSITnLKLoVHtOlcXoc7wYqylWNYz0Uc=|/l5t2mAykAZQwf5+aIBS0Xr6Csrh3nbJKhlEUh6Bhb1sBlsUWlKHBIUgD0/XyTOiHcCq0sBZ6qqZ1EfcaLS2FA=="), + ("DXHoJqjkkfwp4zD6", "14|8|1|S8NC9r637iXcL22gyrmj+wjcpvGHMjrdtVQClItsSb0=|KkyUkasCSB5p0JZ4/ywVIvXT89NMbcjbEmH6TNIQa2IU6kG1q1MMoDs2k8QfSadZ/2fSGqSVG5Nu7w3/BAsmHw=="), + ("uPEbfjNwDEsHjq9K", "14|8|1|6YFqf8DZ0FFQRPezrHyRyGj3wDZ8JgLuw9P09HPi6ko=|ascbRpSCVtY3kH5Dh76L9IlJzKvr5eh6h0UaaJRC2Ed5BEAYkqcIOVr8xtwznuE2yfI/2HXEeOicEyeJlAGBpw=="), + ("4s+QDZ8Lw1oJGMzm", "14|8|1|RXTIsiCwWL2DGXq6HR1+uAhn9yq5wkBo5geO5bAnlKA=|4tmj6wlVPWAIM0RWwFK+4ApOwzHsmpFe8vl5MQL2TEVr3kdhh6rbvjfs06YPOkPzzFcpejsK1c4iXwcaFNJbaQ=="), + ("3mm44+54a5ORbbRd", "14|8|1|T4k07izGiJXfzDP/Eh6/TH7+3Wj5F7JLZlGUdVx5oaA=|kfRi9sdgs0jIeBisK/dqQacEzoSsIDt+cvYmhnXvlP+538FVk4tOXsb+dCPmP2rEaNoati6a5fOrVgYfeT5XEw=="), + ("c9j3G7S8CyixZc9N", "14|8|1|ZFGD7nmvK2l0aDaPHzBC9fE1s2HeIuouGR4B6a/g1j4=|XKyfsMYBGyFdkcaDbCJQR9Wn1pl3SRupgJaaFk4tXvkUsGYu5UAwCmjp8pU14j2JhOv3bAMHtP4uerCT5yKUSg=="), + ("3gPpfO+oL1N5K3Fu", "14|8|1|KZGoIP9UrCyFofhznMQBIh8WoLa63l1SspIY72NhUHo=|e+ejdjQXiIP7+EAteHkZomUj7C6LvRemmScYunQb8tlKRi5QMpRJb7lwSYx7ojGRzNHqU0sWOfaWTz6oEJ/ICQ=="), + ("g7ML3IeP+khs0SSy", "14|8|1|0egQ6KLU+B4GMiKrCZmxTWwevp+U6rCWBf67dhrFafg=|hmeiPHya7EwQeJLgG0f9WtWDRMQctfn8I1h/rBJnaXRYnG8GeRdhhwKrhMcF3eLwQYHnfZUilFUcMaL6rxwf0w=="), + ("je2VijxSLoDDrg75", "14|8|1|hv4Xw2n4GboFTA7qv6bplrsOiQSwJE1Yu5EVTJeIrQk=|wzr9LCVkyC7960MlOxuzsSEP6oG8D8fj8wbEiVZOYARB0N7Y31or99FfKnzOqcfD5eDWOu3dV8yYFLUVLxmGZw=="), + ("DAYD0lnopxqOYIIs", "14|8|1|tYUrKL15r2lnn4NojhW8Mvrqfulycf104gjQJJGLoz4=|9+EiwHw5GIDF4pqsffVNn4JUQNl6xFw6uYRnnrdrcXisZwrlMStXrt5cLdCA1dOoNGDmYzik4l0GT+94tS35UQ=="), + ("ilteQ2iir2/9ejBz", "14|8|1|IwTA+g2qMKIanHyTLYqwa2POCwOXBiEChRJ5WwGwVu0=|n2uEgxIIi9HmUx66Ki/yF9thA3cxtRTiLAHqi+eURqIk8kTuYqTZZYRvYZDgGlfAQJIzXOaro4zfHFj+91A2yw=="), + ("HjUtn/E0U0LBz6I/", "14|8|1|IdnjK5GMMteiOjGxg4nxokhs+6QG+AZ5SI4/8B9LJnA=|ItKRVhGxT4ebPI3aE4Hec7zJPuM/Qj9HPCy36ipD2PYl+gUIywAVOkwaUqjlb3MpdwRAmUPPnNsLibMpBNryBA=="), + ("bZs290xxS2W1d2pa", "14|8|1|z+6RLzY++RkXa9HvWqRGT7/R+u7a2/dfXDtRv4QYKm8=|W6AY1mem/dlO7/WJJgwKTkRhVJfPETvcnnJ+rYwfBctv4quAbroXWLmc4PPRQnPeoj6b16L0qNCZiuu1eYbgUw=="), + ("T/EO2Ucc9f7lh2un", "14|8|1|29/JIxy1wCuhs61WRzbJq/d1BmTGVl0DNA9lx5VpmEc=|h1Kd9OuhaS2fzJj69KDHnpwk6xNFJ6kqnawgPErFD2RsWrukNAt22j86MR/k0CDWd/6ly+r/yg/kcv5g0xIjTA=="), + ("SwfYItXPlmnuxHpO", "14|8|1|EKHH4ZPi+5SDovgY5hwziRkzkU1hb4uCqDOmRr0Y1z8=|vAtwCzjfxMBGy4EXDnzNHCOZqBudovIYCDGa1dOVEPxXMoqwSVjp0BRojhUqm8QzzMQmOwC+OsLYtSuu7VwYAg=="), + ("Fvy36QBzrhbcHu7U", "14|8|1|legIpQi0gMMNtSL6xhDKuCV4auh2ypEJ0vBMkxesRN4=|rN4hx1ONfA30o0Yu8GJmOxwhpJz2MrjEWhGX8o6RxzUQUceu1HQrL+tXoWn3DFjbag0oYpCykWng9VJH2wB9AQ=="), + ("OHgOnfWQ5HFhIg+B", "14|8|1|pUk/CoNmVxePaVeZIm3GnKf2GYLBFEllpDV5epv9mgU=|d3/dOku58zczImyOd4sRMCbtO9XUHgwON2JGWeVQlOQUXRmlsHn0RVTJ24EpXYis49j4gQ/ColHKtIiPQDXHXg=="), + ("8HRxPBJERp64oEUx", "14|8|1|22Yg5L1MXgUehccIWI99z2we/GohpVg6wYzSlmgSTwY=|MPTBZUCr7gEKmrYF4KEoHB9yU6KQ+Q9OSe3BUvbhkYs8EndSpSbHz8B/OLzd69zCUjEGWTkIIbnH3pgc6Q7z6w=="), + ("vV+gN3i0x+lver4W", "14|8|1|y1n86HVpyXBK6KdFs6R0ZfTuaejuqMmNDh0EH/pqsPs=|w+I/9XbJ4/SYCglz5RiageD1GWPmqUn2vxAORKYJSOjUJDEPSGUIctTLywl4zzmgwkl5MQSaF/Lwg25zg6K4dg=="), + ("UlASSqWmwa2J066S", "14|8|1|XN5v3THzBrgO0tHivrny4kIE4wEAH0iqRqOEru9yXCA=|G9NWsw6j7xeFlGtTqZyupjJ6EyWQsCzQIX/y0b6sbaLPUfZQeVMXEETPzqDFyKKlbAX3GXPaNE6oTrYb339aWg=="), + ("nBUA1Q3NpY+Ji8FH", "14|8|1|M1e2dPC8b0dsrBA+70CkZUeNel3wEe3GMjo4TozBKzg=|+7PqBEqbTJRewlj8ZVoSn3hyNj4BKPH3mubFHXLIX3vfrxHmBkKt+/o0JmBmXzyu9Ga3V8NyJl38relrBwaK+g=="), + ("3LqhSwxW3HCqT43R", "14|8|1|+polYGRtygEbNc+V3D0t+enszWc0jMJ7kz+6Dx0KZJc=|HgawGwpVlZLkAUINO53kDvOJS3E93AhIulRlVzDs97svu/de4mI8lP0PZkaRtKROWMF/G5yjD6oLW/xKQSA4vg=="), + ("jB7vLwgLcIaUg3tR", "14|8|1|DBEoiVw7ivQ0TOtZ7ajQh0/EeIoNiXiSEtzHcCgJ+n4=|7ojF1nIAwscviV2LldP0rv0FYo5cWARVBqtWI1kmv7l6//hEibDQBWl9ChXekLqu6MQXi4KOJ048wGGB4Spipg=="), + ("aofZYBB/A8DNKRIi", "14|8|1|+jDrvjUSVfTfYz2yi5+Qnc32uUkDDqbXBHOeN32yV48=|Tpx3ukY1lvG7UtcnTcxAtJSdyKByRcwq43cFBTbqtaU3oDQFdTZCdo9Geu6ShJMkRpQw/Vul7goII8359MPA1A=="), + ("T68Sh/OP2gYC8gg9", "14|8|1|lhdGMJ5oX/ypDpcNevSaQ6wv6cD5h8H8vxAbzzFKm4s=|ba0vGowPJ6lonjZLhHtj/NTle35dofk2iWSDADG11I3UNVp5PIqo07uyzP2wiJuh5SmGyYPyft9eq6Euin97gA=="), + ("+XhH4l+zcwpO4D7G", "14|8|1|M15glPQjLl9inOfjejFTY/MUH/RLXwh/rYWxoNddPXw=|9mzrrAbl/mbHXPzKjEz4Y9jXQw7/tCyWzLWngFTUmerMoYRGPcg1602WzyJmEQeDwysHZ9/IdNng7uQfL9glJw=="), + ("9Lug2SABE6TmcOg1", "14|8|1|BqlRgBPWP2yMURM+Hq6jRJ5rwh2Q9RUgXHNtfH4h8z8=|XMaqqoiRctrB3XvU1dA2R5+92iGluja2LT69c+QiBA7GUhwBvgRqFFpCWtTTHdjpB+sBzICqzeJ8t+N3ds23eA=="), + ("HJWwRJLNlJk4FX5c", "14|8|1|0SFk2vr1j/j5+mpmbxwdI/SF/rIdUpCVmfBWOKKzX7g=|wixyWp/rQuBJyGacuBHhfWwWt3eGzc4XQ8ksLrF2OygSV/2qNHJWknzB4Bty3c3bb3RZDi8TY+g2N8UyRRzm2A=="), + ("dZFj7VL1QDEAEE4d", "14|8|1|DWvGBwfvQHr3Wb0xK7LUvOLSYm4PPiy7hl+YGLNET/4=|pWDVtFAzNQSq8tEudwZzpqFO/VTX37CGyFwc/rF7MM92RHQ+ssPqxdvaUZmDVJyPFPVqAQDQSM/Tbl5jWnOucA=="), + ("pQND73HlucUiaKh7", "14|8|1|dir5SJQUEpHQBktYomh31mLsW8RqN1Jjt5nYCXL3Rvw=|T7+uD4Pq1Qtif1rGKzckZYrJKaculFjXzHAAPjYHzQLs+hwuVhZhsPldfvlpfzgTuAX4APYAEuDbKXW7tYpYqg=="), + ("g/yKhi7tFljT1UDs", "14|8|1|pS8X/BZT83WS8BJ0upNLtmwdl51B1VR+1q7cEhyza+8=|xiyZ4lpSxL7G/HkfHk4NyBzGm0IFbVj3FFM3HspGMJr7tLy/ksyxyXdhX1abd1GLlyGjnO4j+YBx9DhT+KoklQ=="), + ("uc+TvL7iDgYQQXme", "14|8|1|/ZTdJRWmMLLSuV6D15DMN1YkRxb1tGLGUnUKeGHzxZY=|P3BBKm6Ej3d11taWJYQ7NnkVNmuSaBKk2mGMpDmO3jGRFsZZ0fD0zyll8N1yz750N4D4Q54MAThDrbHFME+unA=="), + ("ZG3h6jqXG+zgDjnm", "14|8|1|QrLVyrnjOu+/U+9l0URDXNHsn7fzDkls1K3JIru53OM=|HXFPBXthvk1wHMBciLpySbQKbIXX3Q9E4UQ97B7QPXCGqRJUURYHnjCzU1xxal3iPRBPUOuX2Otn7NyggR4ASQ=="), + ("KkGIhMVjLDiNknyf", "14|8|1|5GDYEcH8KFr87kIxzIehzag2fs5FcaFs3+OMSemBlLE=|M4KGPlKHJeF6gRMFNzXSH6noDyykoYs2/l/YCjdvGSlZ/o6lP3+x275n8XU3ekJgN//ULtCK3iVxPtIDdGl6ow=="), + ("e344H17yQKjTf+H5", "14|8|1|Wz7UQzDAA2seNigPEavFrXvt3LVRRmNnSROlrT5smxM=|kOd786PIbKVKO2aHDSZFxUhJAt5ZanH9ZIrwUxjplo07wbySHfJoobmkR0t/L6aEE2OxbCLm5TNTPtuGqIzgqw=="), + ("Khsf0SAun2ow0lF3", "14|8|1|5mDGxaKXNTJP1pJwlzeEhbVZUZLx/mEg51Wstl1pVYo=|1LPzkXrFY3hTxZI6Eh+FggJGudDm+KK9YhpGj63Isu8ADPSPInrZh3yKsa6Epe+KlrGrFjFYHrMBp/xn7kTIPw=="), + ("QjFdD3JGEXlzCBoi", "14|8|1|U5CH2QZGjTJ/zsveQ/w8Yf906S7c25nrQfF+Pl9hBPo=|sAnA3VbXF0HzotjHhAS3VUGcYtNBuGdX6OYpbOkbv3m1VXprDTA50Xhgwc1kPLfzyRxFKhaWkhpwNcEUfjjyzQ=="), + ("cJOB4LoGbRuUD+06", "14|8|1|/8VCetg2CNMugucetpV5fD0Hf3dpjG0s9771D8CNnRc=|mX/hjI+8KM1Tl9ucGA9c8wQ064wWlapIwb1fdjdYsq2RiSGfwtZQthzlSBPTpakcgQRwIEPw34iyBcbB+ft51w=="), + ("ZVn1dMc9mmEA7QDh", "14|8|1|YfEyVGt3gOC1D+9qcJ2RTxPVvkda3WCPocvaOohI8yY=|JI3HQfHiS07DlfNTr8ov1R2IrLgPDoxUzGK4FOyZdrNMT+lVOV5OJ5aM/RelVw9Gcv1ZTOYPp66nq0VBfVq3JA=="), + ("zICUabywOzKnnRVu", "14|8|1|KCahTd8AejuL+1apvR3cJMwL4vSNywRswaRnEX9XlTw=|Fdtr4Pp8aTeQzAEb0gfU1wSLDoqQwbvQMbuCxAa63D0vqJHi4k9PRlXW4BjuSWg0D2jWWYTTXkDza9siY5LLbA=="), + ("4wHZUm7RduuXqt/9", "14|8|1|sVFY1qWBel83fsJQS6Ih57YAj0FuJ6NcYrZmP9fwd6Y=|Y5jxQ3Ne04X6YQpsQ4OaOZlyA+yGZqAG1QWIAhDCj9n6h/K4Sfe9kvT/5Zdmr4hDpVzlwMh7cJCLc4yChAykFA=="), + ("dxngKGz+3lEz0deM", "14|8|1|FNITFtJr2zW2HDAlHxQ4JLEF4rdj9sMAuUIwBedXiY0=|8hy7GA5aIULv7BwJo0JITOc8I4YI2dmUdA7hgvqjHIlGOOI5lQfnGViZkio7Rw7NC80yi3ImePbckU63EBUuNA=="), + ("Xv/4kIhIhNXcBPDC", "14|8|1|6zofV+qcaa4BCcF4WaLqpfhP8o2O5ZI07qwVhrW58rU=|8bo30B+jLx/RWseoyJt+FbGaNx6USuUfpmaESnk5nRFl/fv9Auhna12TDYVQ4f7JCzJf3lESTAoEy9SMUFxyiw=="), + ("TDRipA0RZWennIOl", "14|8|1|kcEgdnKPplAowdy4xnzKrxxUNwie98JoQJhMKxiMk0g=|6m4itkXYsRQLEXaqRMPWxdkzQPPrR41ggoJLgDbqMTHOo+YjMEo/4ip2/8Q3Y84DAZNNM0axb1SsK2/v8YTnUQ=="), + ("DBLkKACZy8QIvJX0", "14|8|1|SQOJ9MwjApV4qn8KfZjeMz2IBMi67pDrlJsJG0z/Xe0=|cdP8fDKhNRTNaQdTNA8RxXY7dhnjTAAGACtqxWBHcfV5xCCqckfsIqWgQShwNu4cFbam9IIVxd4RatmhUU42AQ=="), + ("7yz9++7YoAQeRjFN", "14|8|1|llMgxQwexYJeSATHPw2gqkheCGgvqpZH2LQe9dSXYgw=|6u4tUqhfMn6skqKRoq/pY3JOlH4zEPky97pxTpbz8eBJsSqoJs/UJgV919G66hRu9Yc5zizueH/nFmZpvjOf/g==") + ] diff --git a/libs/wire-api/test/unit/Test/Wire/API/Run.hs b/libs/wire-api/test/unit/Test/Wire/API/Run.hs index 0a083cd4fe..5301f44cdc 100644 --- a/libs/wire-api/test/unit/Test/Wire/API/Run.hs +++ b/libs/wire-api/test/unit/Test/Wire/API/Run.hs @@ -25,6 +25,7 @@ import Test.Wire.API.Conversation qualified as Conversation import Test.Wire.API.MLS qualified as MLS import Test.Wire.API.MLS.Group qualified as Group import Test.Wire.API.OAuth qualified as OAuth +import Test.Wire.API.Password qualified as Password import Test.Wire.API.RawJson qualified as RawJson import Test.Wire.API.Roundtrip.Aeson qualified as Roundtrip.Aeson import Test.Wire.API.Roundtrip.ByteString qualified as Roundtrip.ByteString @@ -67,5 +68,6 @@ main = Routes.Version.tests, unsafePerformIO Routes.Version.Wai.tests, RawJson.tests, - OAuth.tests + OAuth.tests, + Password.tests ] diff --git a/libs/wire-api/wire-api.cabal b/libs/wire-api/wire-api.cabal index 972a2e1202..16b9c9b54e 100644 --- a/libs/wire-api/wire-api.cabal +++ b/libs/wire-api/wire-api.cabal @@ -256,7 +256,8 @@ library , constraints , containers >=0.5 , cookie - , cryptonite + , crypton + , crypton-x509 , currency-codes >=2.0 , deriving-aeson >=0.2 , deriving-swagger2 @@ -299,7 +300,6 @@ library , saml2-web-sso , schema-profunctor , scientific - , scrypt , servant , servant-client , servant-client-core @@ -327,7 +327,6 @@ library , wai-websockets , websockets , wire-message-proto-lens - , x509 , zauth default-language: GHC2021 @@ -597,6 +596,7 @@ test-suite wire-api-golden-tests , bytestring , bytestring-conversion , containers >=0.5 + , crypton , currency-codes , either , imports @@ -630,6 +630,7 @@ test-suite wire-api-tests Test.Wire.API.MLS Test.Wire.API.MLS.Group Test.Wire.API.OAuth + Test.Wire.API.Password Test.Wire.API.RawJson Test.Wire.API.Roundtrip.Aeson Test.Wire.API.Roundtrip.ByteString @@ -660,7 +661,7 @@ test-suite wire-api-tests , bytestring-conversion , cassava , containers >=0.5 - , cryptonite + , crypton , either , filepath , hex diff --git a/nix/haskell-pins.nix b/nix/haskell-pins.nix index b34adac5db..fbbcef4f6b 100644 --- a/nix/haskell-pins.nix +++ b/nix/haskell-pins.nix @@ -66,6 +66,13 @@ let sha256 = "sha256-rDIAbYpNGMBDOOE1hqLneRSVkCnj3cCQVYGKkhw8t7w="; }; }; + amqp = { + src = fetchgit { + url = "https://github.com/hreinhardt/amqp"; + rev = "b5dfe4362b14b58d51ec306d6871d347751f3d47"; + sha256 = "sha256-ov85XFztGM0mEoj01lRZN9xYJttKa/crPnp0lh4A5DA="; + }; + }; amazonka = { src = fetchgit { url = "https://github.com/brendanhay/amazonka"; @@ -99,18 +106,25 @@ let sha256 = "0dgizj1kc135yzzqdf5l7f5ax0qpvrr8mxvg7s1dbm01cf11aqzn"; }; }; + HaskellNet-SSL = { + src = fetchgit { + url = "https://github.com/MangoIV/HaskellNet-SSL"; + rev = "c2844b63a39f458ffbfe62f2ac824017f1f84453"; + sha256 = "sha256-1mu/yEAWr3POY4MHRomum0DDvs5Qty1JvP3v5GS2u64="; + }; + }; hsaml2 = { src = fetchgit { url = "https://github.com/wireapp/hsaml2"; - rev = "d43818aac56678f0be02d0101d224fe0f6cdf131"; - sha256 = "16hj3i4h5rwhr8kqrs7345wg7v10ahwjd3fdp2qx3c5z4qls6prr"; + rev = "51d1fcecebf2417e658b9a78943c84a76a0ed347"; + sha256 = "sha256-jYJBhXBQ1MTLPI8JsiF2XUtgDxK+eniavNB2B1zaSQg="; }; }; http-client = { src = fetchgit { url = "https://github.com/wireapp/http-client"; - rev = "9100baeddbd15d93dc58a826ae812dafff29d5fd"; - sha256 = "16n340bg5vdb169f6d6421hx13wyqdsb5b314r823v34r8p0b19z"; + rev = "eabf64b4a8ff4c0fe6a3b39cb0f396ba8c2fb236"; + sha256 = "sha256-8NPRVDlul9Xnj6IyUOUe6w7fDt/5WWZNjR07CaAp/Kk="; }; packages = { http-client = "http-client"; @@ -129,8 +143,8 @@ let saml2-web-sso = { src = fetchgit { url = "https://github.com/wireapp/saml2-web-sso"; - rev = "b79a45ac98b1f592ac18511fce48ed88d2e931c9"; - sha256 = "sha256-g2lbKt3+hToVFQvaHOa9dg4HqAL7YgReo8fy7wQavmY="; + rev = "ac46ea888026711860cf784b5bda206873c87333"; + sha256 = "sha256-IKovI1h2Wkm3Y7Sz6XsxLOv654SgUasaWsDX6gi9hZw="; }; }; # MR: https://gitlab.com/twittner/cql-io/-/merge_requests/20 @@ -182,12 +196,13 @@ let sha256 = "sha256-8FM3IAA3ewCuv9Mar8aWmzbyfKK9eLXIJPMHzmYb1zE="; }; }; - # This can be removed once postie 0.6.0.3 (or later) is in nixpkgs + # This can be removed once postie with TLS 1.9 is on nixpkgs. + # https://github.com/alexbiehl/postie/pull/4 postie = { src = fetchgit { - url = "https://github.com/alexbiehl/postie.git"; - rev = "c92702386f760fcaa65cd052dc8114889c001e3f"; - sha256 = "sha256-yiw6hg3guRWS6CVdrUY8wyIDxoqfGjIVMrEtP+Fys0Y="; + url = "https://github.com/wireapp/postie.git"; + rev = "43b6d1d21d56e567077c194d49efb92e777e7628"; + sha256 = "sha256-DKugy4EpRsSgaGvybdh2tLa7HCtoxId+7RAAAw43llA="; }; }; # Not tested/relased yet @@ -199,6 +214,12 @@ let sha256 = "sha256-G6PX5lpU18oWLkwIityN4Hs0HuwQrq9T51kxbsdpK3M="; }; }; + tls = { + src = fetchTarball { + url = "https://hackage.haskell.org/package/tls-1.9.0/tls-1.9.0.tar.gz"; + sha256 = "sha256:1gyc6yfygswg4pjj9hxw3pashq56viivf8m321b4f0bsd2yf372s"; + }; + }; tinylog = { src = fetchgit { url = "https://gitlab.com/wireapp/forks/tinylog.git"; @@ -234,6 +255,13 @@ let hash = "sha256-DZu3XAOYLKcSpOYhjpb6IuXMvRHtGohTkL0nsCb/dT0="; }; }; + hoogle = { + src = fetchgit { + url = "https://github.com/ndmitchell/hoogle"; + rev = "0be38ee5e078e31ef7eabeaba255aed12ce7055d"; + sha256 = "sha256-xcGZ11ocdlB8ks20QAhtPZ+4ggmV4Om4CPHH/M6NjXk="; + }; + }; }; hackagePins = { # Major re-write upstream, we should get rid of this dependency rather than @@ -246,6 +274,10 @@ let version = "1.8.0.0"; sha256 = "sha256-AdxxKWXdUjZiHLDj6iswMWpycs7mFB8eKhBR4ljF6kk="; }; + hpack = { + version = "0.36.0"; + sha256 = "sha256-a8jKkzO3CWIoBg+Uaw5TtpDwmeajWCTW1zJNrlpBKPU="; + }; HsOpenSSL = { version = "0.11.7.5"; sha256 = "sha256-CfH1YJSGuF4O1aUfdJwUZKRrVzv5nSPhwoI7mf9ewEg="; @@ -254,10 +286,26 @@ let version = "4.1.0"; sha256 = "sha256-D6RWYBguoj+W1LwNeX04h4csXV69rrs0tZpeNr7ZBqE="; }; + network-conduit-tls = { + version = "1.4.0"; + sha256 = "sha256-zPT/FMxAiR94NReqNIDa/RS7dtiNWCRe3SZi8P11GDk="; + }; + warp = { + version = "3.3.30"; + sha256 = "sha256-VrK27a2wFtezh9qabcXGe2tw9EwBmI8mKwmpCtXq9rc="; + }; + warp-tls = { + version = "3.4.3"; + sha256 = "sha256-6MjlCKGC8v+7OiSuMFGwO8sgcA3gp0OfOnneI2wSpWI="; + }; optparse-generic = { version = "1.5.1"; sha256 = "sha256-TS3T6AtYfdzmPkG6SwvN/tr2Vdr4eTdGRRH2Xbd8fzM="; }; + crypton-connection = { + version = "0.3.1"; + sha256 = "sha256-TrRdD56cNIXMlDrHBO0VxQYkJ30pRXe4yVkEILsbMro="; + }; }; # Name -> Source -> Maybe Subpath -> Drv mkGitDrv = name: src: subpath: diff --git a/nix/manual-overrides.nix b/nix/manual-overrides.nix index 8e2fcb0b03..5d58c072df 100644 --- a/nix/manual-overrides.nix +++ b/nix/manual-overrides.nix @@ -48,6 +48,11 @@ hself: hsuper: { transitive-anns = hlib.dontCheck hsuper.transitive-anns; http2-manager = hlib.enableCabalFlag hsuper.http2-manager "-f-test-trailing-dot"; + crypton-connection = hlib.markUnbroken hsuper.crypton-connection; + # Patched dependency on crypton-connection + HaskellNet-SSL = hsuper.HaskellNet-SSL; + warp = hlib.dontCheck hsuper.warp; + # PR with fix: https://github.com/freckle/hspec-junit-formatter/pull/23 hspec-junit-formatter = hlib.markUnbroken (hlib.dontCheck hsuper.hspec-junit-formatter); @@ -62,6 +67,7 @@ hself: hsuper: { # Explicitly enable haddock because cabal2nix disables it for packages with # internal libraries cql-io = hlib.doHaddock (hlib.dontCheck hsuper.cql-io); + amqp = hlib.dontCheck hsuper.amqp; # Needs network access to running ES # also the test suite doesn't compile https://github.com/NixOS/nixpkgs/pull/167957 diff --git a/services/brig/brig.cabal b/services/brig/brig.cabal index 9d217d4aef..d6daec5b14 100644 --- a/services/brig/brig.cabal +++ b/services/brig/brig.cabal @@ -286,10 +286,10 @@ library , gundeck-types >=1.32.1 , hashable >=1.2 , HaskellNet >=0.3 - , HaskellNet-SSL >=0.3 + , HaskellNet-SSL , HsOpenSSL >=0.10 , html-entities >=1.1 - , http-client >=0.5 + , http-client >=0.7 , http-client-openssl >=0.2 , http-media , http-types >=0.8 @@ -468,7 +468,7 @@ executable brig-integration , HsOpenSSL , http-api-data , http-client - , http-client-tls >=0.2 + , http-client-tls >=0.3 , http-media , http-reverse-proxy , http-types @@ -488,7 +488,7 @@ executable brig-integration , pipes , polysemy , polysemy-wire-zoo - , postie >=0.6.0.3 + , postie >=0.6.1.0 , process , proto-lens , QuickCheck diff --git a/services/brig/test/integration/API/MLS.hs b/services/brig/test/integration/API/MLS.hs index 6c93560b0a..72f451e3a0 100644 --- a/services/brig/test/integration/API/MLS.hs +++ b/services/brig/test/integration/API/MLS.hs @@ -28,7 +28,6 @@ import Data.Id import Data.Qualified import Data.Set qualified as Set import Data.Timeout -import Debug.Trace (traceM) import Federation.Util import Imports import System.IO.Temp @@ -161,7 +160,6 @@ testKeyPackageSelfClaim brig = do testKeyPackageRemoteClaim :: Opts -> Brig -> Http () testKeyPackageRemoteClaim opts brig = do - traceM "sun" u <- fakeRemoteUser u' <- userQualifiedId <$> randomUser brig @@ -179,7 +177,6 @@ testKeyPackageRemoteClaim opts brig = do keyPackage = KeyPackageData . raw $ r } let mockBundle = KeyPackageBundle (Set.fromList entries) - traceM "gun" (bundle :: KeyPackageBundle, _reqs) <- liftIO . withTempMockFederator opts (Aeson.encode mockBundle) $ responseJsonError @@ -191,7 +188,6 @@ testKeyPackageRemoteClaim opts brig = do =1.2 , conduit-extra >=1.1.5 , containers - , cryptonite >=0.20 + , crypton >=0.20 , data-default >=0.5 , errors >=1.4 , exceptions >=0.6 , extended , HsOpenSSL >=0.11 - , http-client >=0.4 + , http-client >=0.7 , http-client-openssl >=0.2 , http-types >=0.8 , http2-manager @@ -274,11 +274,11 @@ executable cargohold-integration , cargohold-types , conduit , containers - , cryptonite + , crypton , federator , http-api-data - , http-client >=0.4 - , http-client-tls >=0.2 + , http-client >=0.7 + , http-client-tls >=0.3 , http-media , http-types >=0.8 , imports diff --git a/services/cargohold/default.nix b/services/cargohold/default.nix index 8b529f96f0..5dbc7d1a5b 100644 --- a/services/cargohold/default.nix +++ b/services/cargohold/default.nix @@ -18,7 +18,7 @@ , conduit , conduit-extra , containers -, cryptonite +, crypton , data-default , errors , exceptions @@ -93,7 +93,7 @@ mkDerivation { conduit conduit-extra containers - cryptonite + crypton data-default errors exceptions @@ -141,7 +141,7 @@ mkDerivation { cargohold-types conduit containers - cryptonite + crypton federator HsOpenSSL http-api-data diff --git a/services/federator/default.nix b/services/federator/default.nix index 44acd863cc..8f8915e4a1 100644 --- a/services/federator/default.nix +++ b/services/federator/default.nix @@ -10,9 +10,11 @@ , binary , bytestring , bytestring-conversion -, connection , containers -, cryptonite +, crypton +, crypton-connection +, crypton-x509 +, crypton-x509-validation , data-default , dns , dns-util @@ -67,8 +69,6 @@ , warp-tls , wire-api , wire-api-federation -, x509 -, x509-validation , yaml }: mkDerivation { @@ -86,6 +86,8 @@ mkDerivation { bytestring bytestring-conversion containers + crypton-x509 + crypton-x509-validation data-default dns dns-util @@ -123,8 +125,6 @@ mkDerivation { warp wire-api wire-api-federation - x509 - x509-validation ]; executableHaskellDepends = [ aeson @@ -134,8 +134,8 @@ mkDerivation { binary bytestring bytestring-conversion - connection - cryptonite + crypton + crypton-connection dns-util exceptions HsOpenSSL @@ -168,6 +168,7 @@ mkDerivation { bytestring bytestring-conversion containers + crypton-x509-validation data-default dns-util filepath @@ -203,7 +204,6 @@ mkDerivation { warp-tls wire-api wire-api-federation - x509-validation yaml ]; description = "Federation Service"; diff --git a/services/federator/federator.cabal b/services/federator/federator.cabal index 0d52c23175..76f746e3a8 100644 --- a/services/federator/federator.cabal +++ b/services/federator/federator.cabal @@ -113,6 +113,8 @@ library , bytestring , bytestring-conversion , containers + , crypton-x509 + , crypton-x509-validation , data-default , dns , dns-util @@ -150,8 +152,6 @@ library , warp , wire-api , wire-api-federation - , x509 - , x509-validation default-language: GHC2021 @@ -282,8 +282,8 @@ executable federator-integration , binary , bytestring , bytestring-conversion - , connection - , cryptonite + , crypton + , crypton-connection , dns-util , exceptions , federator @@ -383,6 +383,7 @@ test-suite federator-tests , bytestring , bytestring-conversion , containers + , crypton-x509-validation , data-default , dns-util , federator @@ -419,7 +420,6 @@ test-suite federator-tests , warp-tls , wire-api , wire-api-federation - , x509-validation , yaml default-language: GHC2021 diff --git a/services/galley/default.nix b/services/galley/default.nix index 68e29faede..c1f30339bb 100644 --- a/services/galley/default.nix +++ b/services/galley/default.nix @@ -27,7 +27,8 @@ , conduit , containers , cookie -, cryptonite +, crypton +, crypton-x509 , currency-codes , data-default , data-timeout @@ -121,7 +122,6 @@ , warp-tls , wire-api , wire-api-federation -, x509 , yaml }: mkDerivation { @@ -150,7 +150,8 @@ mkDerivation { cereal comonad containers - cryptonite + crypton + crypton-x509 currency-codes data-default data-timeout @@ -214,7 +215,6 @@ mkDerivation { wai-utilities wire-api wire-api-federation - x509 ]; executableHaskellDepends = [ aeson diff --git a/services/galley/galley.cabal b/services/galley/galley.cabal index 233d2970b7..016ebba4fa 100644 --- a/services/galley/galley.cabal +++ b/services/galley/galley.cabal @@ -302,7 +302,8 @@ library , cereal >=0.4 , comonad , containers >=0.5 - , cryptonite + , crypton + , crypton-x509 , currency-codes >=2.0 , data-default >=0.5 , data-timeout @@ -315,7 +316,7 @@ library , galley-types >=0.65.0 , gundeck-types >=1.35.2 , HsOpenSSL >=0.11 - , http-client >=0.4 + , http-client >=0.7 , http-client-openssl >=0.2 , http-media , http-types >=0.8 @@ -349,7 +350,7 @@ library , text >=0.11 , time >=1.4 , tinylog >=0.10 - , tls >=1.3.10 + , tls >=1.7.0 , transformers , transitive-anns , types-common >=0.16 @@ -366,7 +367,6 @@ library , wai-utilities >=0.16 , wire-api , wire-api-federation - , x509 executable galley import: common-all diff --git a/services/gundeck/gundeck.cabal b/services/gundeck/gundeck.cabal index 277c81fea7..3cce19e241 100644 --- a/services/gundeck/gundeck.cabal +++ b/services/gundeck/gundeck.cabal @@ -131,8 +131,8 @@ library , extra >=1.1 , gundeck-types >=1.0 , hedis >=0.14.0 - , http-client >=0.4 - , http-client-tls >=0.2.2 + , http-client >=0.7 + , http-client-tls >=0.3 , http-types >=0.8 , imports , lens >=4.4 @@ -150,7 +150,7 @@ library , text >=1.1 , time >=1.4 , tinylog >=0.10 - , tls >=1.3.4 + , tls >=1.7.0 , types-common >=0.16 , types-common-aws , unliftio >=0.2 diff --git a/services/proxy/proxy.cabal b/services/proxy/proxy.cabal index a49f25f012..3cf6c0ec13 100644 --- a/services/proxy/proxy.cabal +++ b/services/proxy/proxy.cabal @@ -83,8 +83,8 @@ library , data-default >=0.5 , exceptions >=0.8 , extended - , http-client >=0.4 - , http-client-tls >=0.2 + , http-client >=0.7 + , http-client-tls >=0.3 , http-reverse-proxy >=0.4 , http-types >=0.9 , imports diff --git a/services/spar/default.nix b/services/spar/default.nix index ffc27016e3..afd5513a26 100644 --- a/services/spar/default.nix +++ b/services/spar/default.nix @@ -18,7 +18,8 @@ , conduit , containers , cookie -, cryptonite +, crypton +, crypton-x509 , data-default , email-validate , exceptions @@ -75,7 +76,6 @@ , wai-utilities , warp , wire-api -, x509 , xml-conduit , yaml , zauth @@ -98,7 +98,8 @@ mkDerivation { cassandra-util containers cookie - cryptonite + crypton + crypton-x509 data-default exceptions extended @@ -133,7 +134,6 @@ mkDerivation { wai-utilities warp wire-api - x509 yaml ]; executableHaskellDepends = [ @@ -152,7 +152,7 @@ mkDerivation { conduit containers cookie - cryptonite + crypton email-validate exceptions extended diff --git a/services/spar/spar.cabal b/services/spar/spar.cabal index cf40efc54d..4f4dfdaf31 100644 --- a/services/spar/spar.cabal +++ b/services/spar/spar.cabal @@ -158,7 +158,8 @@ library , cassandra-util , containers , cookie - , cryptonite + , crypton + , crypton-x509 , data-default , exceptions , extended @@ -193,7 +194,6 @@ library , wai-utilities , warp , wire-api - , x509 , yaml default-language: Haskell2010 @@ -343,7 +343,7 @@ executable spar-integration , cassandra-util , cassava , cookie - , cryptonite + , crypton , email-validate , exceptions , extended diff --git a/tools/stern/stern.cabal b/tools/stern/stern.cabal index aedd9ca588..2b293afa24 100644 --- a/tools/stern/stern.cabal +++ b/tools/stern/stern.cabal @@ -85,7 +85,7 @@ library , exceptions >=0.6 , extended , galley-types >=0.81.0 - , http-client >=0.4 + , http-client >=0.7 , http-types >=0.8 , imports , lens >=4.4