From aabf999a5795d529520eb138652de9ae1f8a97b5 Mon Sep 17 00:00:00 2001
From: Benjamin A. Beasley <code@musicinmybrain.net>
Date: Mar 05 2021 14:23:50 +0000
Subject: Backport unreleased ecdsa 0.16 support from upstream. Fixes TestECAlgorithm.test_key_too_short test.


---

diff --git a/python-jose-3.2.0-pr-199.patch b/python-jose-3.2.0-pr-199.patch
new file mode 100644
index 0000000..8f5c7ff
--- /dev/null
+++ b/python-jose-3.2.0-pr-199.patch
@@ -0,0 +1,59 @@
+diff -Naur python-jose-3.2.0-original/jose/backends/ecdsa_backend.py python-jose-3.2.0/jose/backends/ecdsa_backend.py
+--- python-jose-3.2.0-original/jose/backends/ecdsa_backend.py	2020-07-29 18:44:40.000000000 -0400
++++ python-jose-3.2.0/jose/backends/ecdsa_backend.py	2021-03-05 08:44:34.128359807 -0500
+@@ -91,11 +91,22 @@
+             return ecdsa.keys.VerifyingKey.from_public_point(point, self.curve)
+ 
+     def sign(self, msg):
+-        return self.prepared_key.sign(msg, hashfunc=self.hash_alg, sigencode=ecdsa.util.sigencode_string)
++        return self.prepared_key.sign(
++            msg,
++            hashfunc=self.hash_alg,
++            sigencode=ecdsa.util.sigencode_string,
++            allow_truncate=False
++        )
+ 
+     def verify(self, msg, sig):
+         try:
+-            return self.prepared_key.verify(sig, msg, hashfunc=self.hash_alg, sigdecode=ecdsa.util.sigdecode_string)
++            return self.prepared_key.verify(
++                sig,
++                msg,
++                hashfunc=self.hash_alg,
++                sigdecode=ecdsa.util.sigdecode_string,
++                allow_truncate=False
++            )
+         except Exception:
+             return False
+ 
+diff -Naur python-jose-3.2.0-original/requirements.txt python-jose-3.2.0/requirements.txt
+--- python-jose-3.2.0-original/requirements.txt	2020-07-29 18:44:45.000000000 -0400
++++ python-jose-3.2.0/requirements.txt	2021-03-05 08:51:54.636194256 -0500
+@@ -1,5 +1,5 @@
+ pycryptodome
+ six
+ rsa
+-ecdsa<0.15
++ecdsa != 0.15
+ pyasn1
+diff -Naur python-jose-3.2.0-original/setup.py python-jose-3.2.0/setup.py
+--- python-jose-3.2.0-original/setup.py	2020-07-29 18:46:23.000000000 -0400
++++ python-jose-3.2.0/setup.py	2021-03-05 08:48:18.808805515 -0500
+@@ -38,7 +38,7 @@
+     'pycrypto': ['pycrypto >=2.6.0, <2.7.0'] + pyasn1,
+     'pycryptodome': ['pycryptodome >=3.3.1, <4.0.0'] + pyasn1,
+ }
+-legacy_backend_requires = ['ecdsa <0.15', 'rsa'] + pyasn1
++legacy_backend_requires = ['ecdsa != 0.15', 'rsa'] + pyasn1
+ install_requires = ['six <2.0']
+ 
+ # TODO: work this into the extras selection instead.
+@@ -76,7 +76,7 @@
+     ],
+     tests_require=[
+         'six',
+-        'ecdsa',
++        'ecdsa != 0.15',
+         'pytest',
+         'pytest-cov',
+         'pytest-runner',
diff --git a/python-jose.spec b/python-jose.spec
index 1682c77..dbac321 100644
--- a/python-jose.spec
+++ b/python-jose.spec
@@ -3,7 +3,7 @@
 
 Name:           python-%{srcname}
 Version:        3.2.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        A JOSE implementation in Python
 
 License:        MIT
@@ -11,6 +11,10 @@ URL:            https://github.com/mpdavis/%{name}
 Source0:        %{pypi_source %{name}}
 BuildArch:      noarch
 
+# Upstream support for ecdsa >= 0.16
+# https://github.com/mpdavis/python-jose/pull/199
+Patch0:         %{name}-3.2.0-pr-199.patch
+
 BuildRequires:  python3-devel
 BuildRequires:  pyproject-rpm-macros
 # From setup.py, setup_requires:
@@ -179,17 +183,10 @@ It contains no code, just makes sure the dependencies are installed.
 
 
 %prep
-%autosetup
+%autosetup -p1
 
 rm -rvf *.egg-info *.dist-info
 
-# Upstream pinned ecdsa to an old version, 0.15.0, and considered it a “fix” to
-# https://github.com/mpdavis/python-jose/issues/176, but of course we must work
-# with whatever is in the repositories, even if things do not work perfectly.
-# Unpin it.
-sed -r -i 's/(ecdsa)[[:blank:]]*<[[:blank:]]*[[:alnum:].]+/\1/' \
-    setup.py requirements.txt
-
 # Patch out pycryptodome backend extra and tests where required; see note near
 # the BR’s
 sed -r -i '/^[[:blank:]]*pycryptodome/d' tox.ini requirements.txt
@@ -211,10 +208,6 @@ rm -vf docs/_build/html/.buildinfo
 
 
 %check
-# See https://github.com/mpdavis/python-jose/issues/176; the problem occurs
-# even on ecdsa 0.16.1, so we must skip the test unconditionally.
-k='not (TestECAlgorithm and test_key_too_short)'
-
 echo '>>> Backend: native-python <<<' 1>&2
 m='not (cryptography or pycryptodome or pycrypto or backend_compatibility)'
 %{pytest} -k "${k}" -m "${m}" tests
@@ -242,6 +235,10 @@ echo '>>> Cross-backend compatibility and coexistence <<<' 1>&2
 
 
 %changelog
+* Fri Mar 05 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 3.2.0-4
+- Backport unreleased ecdsa 0.16 support from upstream. Fixes
+  TestECAlgorithm.test_key_too_short test.
+
 * Sat Feb 27 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 3.2.0-3
 - Change “test_key_too_short” skip from patch to pytest option
 - Simplify use of name macros