diff options
author | Ajitomi, Daisuke <ajitomi@gmail.com> | 2021-04-17 02:00:06 +0900 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-16 13:00:06 -0400 |
commit | fb86f9dffb371ee2adbc573edc35ded129ea3b36 (patch) | |
tree | 19455dc0b58583c0e3e8f952021f2e049ffef648 | |
parent | bcd572806c121c2f85d104b3e13a196e5bb46a79 (diff) | |
download | pyjwt-fb86f9dffb371ee2adbc573edc35ded129ea3b36.tar.gz |
Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. (#645)
* Add private key support for ECAlgorithm verify.
* Update CHANGELOG.
-rw-r--r-- | CHANGELOG.rst | 1 | ||||
-rw-r--r-- | jwt/algorithms.py | 2 | ||||
-rw-r--r-- | tests/test_algorithms.py | 7 |
3 files changed, 10 insertions, 0 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index e67381f..9fb832f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -18,6 +18,7 @@ Fixed - Remove padding from JWK test data. `#628 <https://github.com/jpadilla/pyjwt/pull/628>`__ - Make `kty` mandatory in JWK to be compliant with RFC7517. `#624 <https://github.com/jpadilla/pyjwt/pull/624>`__ - Allow JWK without `alg` to be compliant with RFC7517. `#624 <https://github.com/jpadilla/pyjwt/pull/624>`__ +- Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. `#645 <https://github.com/jpadilla/pyjwt/pull/645>`__ Added ~~~~~ diff --git a/jwt/algorithms.py b/jwt/algorithms.py index 50719be..bed4033 100644 --- a/jwt/algorithms.py +++ b/jwt/algorithms.py @@ -427,6 +427,8 @@ if has_crypto: return False try: + if isinstance(key, EllipticCurvePrivateKey): + key = key.public_key() key.verify(der_sig, msg, ec.ECDSA(self.hash_alg())) return True except InvalidSignature: diff --git a/tests/test_algorithms.py b/tests/test_algorithms.py index 2144d48..982a145 100644 --- a/tests/test_algorithms.py +++ b/tests/test_algorithms.py @@ -658,6 +658,13 @@ class TestAlgorithmsRFC7520: result = algo.verify(signing_input, key, signature) assert result + # private key can also be used. + with open(key_path("jwk_ec_key_P-521.json")) as keyfile: + private_key = algo.from_jwk(keyfile.read()) + + result = algo.verify(signing_input, private_key, signature) + assert result + @crypto_required class TestEd25519Algorithms: |