Revert #3035 for busting content signatures in JSON responses

requirements/base.in

@@ -1,7 +1,6 @@
 aiohttp
 arrow
 auth0-python
-canonicaljson
 connexion<3
 deepmerge
 ecdsa

requirements/base.txt

@@ -1,4 +1,4 @@
-# SHA1:d8d01e1e74eb36df6eb89f0f209b27e3f195c07c
+# SHA1:ef18935427a28f552caa0a5d204b56df45dd5a59
 #
 # This file is autogenerated by pip-compile-multi
 # To update, run:
@@ -209,10 +209,6 @@ cachetools==5.3.2 \
     --hash=sha256:086ee420196f7b2ab9ca2db2520aca326318b68fe5ba8bc4d49cca91add450f2 \
     --hash=sha256:861f35a13a451f94e301ce2bec7cac63e881232ccce7ed67fab9b5df4d3beaa1
     # via google-auth
-canonicaljson==2.0.0 \
-    --hash=sha256:c38a315de3b5a0532f1ec1f9153cd3d716abfc565a558d00a4835428a34fca5b \
-    --hash=sha256:e2fdaef1d7fadc5d9cb59bd3d0d41b064ddda697809ac4325dced721d12f113f
-    # via -r requirements/base.in
 certifi==2023.11.17 \
     --hash=sha256:9b469f3a900bf28dc19b8cfbf8019bf47f7fdd1a65a1d4ffb98fc14166beb4d1 \
     --hash=sha256:e036ab49d5b79556f99cfc2d9320b34cfbe5be05c5871b51de9329f0603b0474
@@ -408,7 +404,6 @@ cryptography==41.0.5 \
     --hash=sha256:ec3b055ff8f1dce8e6ef28f626e0972981475173d7973d63f271b29c8a2897da \
     --hash=sha256:fba1e91467c65fe64a82c689dc6cf58151158993b13eb7a7f3f4b7f395636723
     # via
-    #   auth0-python
     #   gcloud-aio-auth
     #   pyjwt
 decorator==5.1.1 \

src/auslib/web/public/json.py

@@ -1,4 +1,5 @@
-import canonicaljson
+import json
+
 from flask import Response
 from flask import current_app as app
 
@@ -16,7 +17,7 @@ def get_update(transaction, **parameters):
 
     headers = get_aus_metadata_headers(eval_metadata)
 
-    response = canonicaljson.encode_canonical_json(release.getResponse(parameters, app.config["ALLOWLISTED_DOMAINS"]))
+    response = json.dumps(release.getResponse(parameters, app.config["ALLOWLISTED_DOMAINS"]))
 
     headers.update(get_content_signature_headers(response, ""))
 

tests/web/test_json.py

@@ -233,48 +233,6 @@ def testGuardianResponse(client, version, buildTarget, channel, code, response):
         assert "Rule-Data-Version" in ret.headers
 
 
-@pytest.mark.usefixtures("appconfig", "guardian_db", "disable_errorhandler", "mock_autograph")
-@pytest.mark.parametrize(
-    "version,buildTarget,channel,code,jsonString",
-    [
-        (
-            "0.4.0.0",
-            "WINNT_x86_64",
-            "release",
-            200,
-            '{"hashFunction":"sha512","hashValue":"abcdef","required":true,"url":"https://good.com/0.5.0.0.msi","version":"0.5.0.0"}',
-        ),
-        (
-            "0.6.0.0",
-            "WINNT_x86_64",
-            "release",
-            200,
-            '{"hashFunction":"sha512","hashValue":"mnopqr","required":true,"url":"https://good.com/1.0.0.0.msi","version":"1.0.0.0"}',
-        ),
-        (
-            "0.99.99.99",
-            "WINNT_x86_64",
-            "release",
-            200,
-            '{"hashFunction":"sha512","hashValue":"mnopqr","required":true,"url":"https://good.com/1.0.0.0.msi","version":"1.0.0.0"}',
-        ),
-        ("1.0.0.0", "WINNT_x86_64", "release", 404, "{}"),
-        ("0.6.0.0", "Linux_x86_64", "release", 404, "{}"),
-        ("0.6.0.0", "WINNT_x86_64", "beta", 404, "{}"),
-        # This shouldn't match because the rule on the alpha channel contains fields not used by this type of update query.
-        ("0.6.0.0", "WINNT_x86_64", "alpha", 404, "{}"),
-        ("0.6.0.0", "Darwin_x86_64", "evilrelease", 200, "{}"),
-    ],
-)
-def testGuardianResponseWithCanonicalJson(client, version, buildTarget, channel, code, jsonString):
-    ret = client.get(f"/json/1/Guardian/{version}/{buildTarget}/{channel}/update.json")
-    assert ret.status_code == code
-    if code == 200:
-        assert ret.mimetype == "application/json"
-        assert ret.text == jsonString
-        assert ret.headers["Content-Signature"] == "x5u=https://this.is/a.x5u; p384ecdsa=abcdef"
-
-
 @pytest.mark.usefixtures("appconfig", "guardian_db", "disable_errorhandler")
 @pytest.mark.parametrize(
     "version,buildTarget,channel,code,response",