diff options
author | Ran Benita <ran234@gmail.com> | 2017-08-05 00:43:27 +0300 |
---|---|---|
committer | Mark Adams <mark@markadams.me> | 2017-08-25 17:46:22 -0500 |
commit | 3def8d80eb3936dbcead07e86b6aee96ba07bfe9 (patch) | |
tree | 7f755ddd993ce895439341687bf74434bcc8a613 | |
parent | 5fbc48424e603bfbf70938f581271e47ea02738d (diff) | |
download | pyjwt-3def8d80eb3936dbcead07e86b6aee96ba07bfe9.tar.gz |
Require cryptography >= 1.4, replace deprecated function
The signer/verifier interfaces are deprecated in cryptography==2.0. The
alternative sign/verify interfaces were added in cryptography==1.4.
-rw-r--r-- | CHANGELOG.md | 2 | ||||
-rw-r--r-- | jwt/algorithms.py | 58 | ||||
-rwxr-xr-x | setup.py | 2 |
3 files changed, 19 insertions, 43 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 2049b29..78b2da0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,9 @@ This project adheres to [Semantic Versioning](http://semver.org/). [Unreleased][unreleased] ------------------------------------------------------------------------- ### Changed +- Increase required version of the cryptography package to >=1.4.0. ### Fixed +- Remove uses of deprecated functions from the cryptography package. ### Added [v1.5.2][1.5.2] diff --git a/jwt/algorithms.py b/jwt/algorithms.py index 47043c3..1343688 100644 --- a/jwt/algorithms.py +++ b/jwt/algorithms.py @@ -231,7 +231,7 @@ if has_crypto: 'qi': force_unicode(to_base64url_uint(numbers.iqmp)) } - elif getattr(key_obj, 'verifier', None): + elif getattr(key_obj, 'verify', None): # Public key numbers = key_obj.public_numbers() @@ -310,25 +310,11 @@ if has_crypto: raise InvalidKeyError('Not a public or private key') def sign(self, msg, key): - signer = key.signer( - padding.PKCS1v15(), - self.hash_alg() - ) - - signer.update(msg) - return signer.finalize() + return key.sign(msg, padding.PKCS1v15(), self.hash_alg()) def verify(self, msg, key, sig): - verifier = key.verifier( - sig, - padding.PKCS1v15(), - self.hash_alg() - ) - - verifier.update(msg) - try: - verifier.verify() + key.verify(sig, msg, padding.PKCS1v15(), self.hash_alg()) return True except InvalidSignature: return False @@ -370,10 +356,7 @@ if has_crypto: return key def sign(self, msg, key): - signer = key.signer(ec.ECDSA(self.hash_alg())) - - signer.update(msg) - der_sig = signer.finalize() + der_sig = key.sign(msg, ec.ECDSA(self.hash_alg())) return der_to_raw_signature(der_sig, key.curve) @@ -383,12 +366,8 @@ if has_crypto: except ValueError: return False - verifier = key.verifier(der_sig, ec.ECDSA(self.hash_alg())) - - verifier.update(msg) - try: - verifier.verify() + key.verify(der_sig, msg, ec.ECDSA(self.hash_alg())) return True except InvalidSignature: return False @@ -399,7 +378,8 @@ if has_crypto: """ def sign(self, msg, key): - signer = key.signer( + return key.sign( + msg, padding.PSS( mgf=padding.MGF1(self.hash_alg()), salt_length=self.hash_alg.digest_size @@ -407,23 +387,17 @@ if has_crypto: self.hash_alg() ) - signer.update(msg) - return signer.finalize() - def verify(self, msg, key, sig): - verifier = key.verifier( - sig, - padding.PSS( - mgf=padding.MGF1(self.hash_alg()), - salt_length=self.hash_alg.digest_size - ), - self.hash_alg() - ) - - verifier.update(msg) - try: - verifier.verify() + key.verify( + sig, + msg, + padding.PSS( + mgf=padding.MGF1(self.hash_alg()), + salt_length=self.hash_alg.digest_size + ), + self.hash_alg() + ) return True except InvalidSignature: return False @@ -70,7 +70,7 @@ setup( tests_require=tests_require, extras_require=dict( test=tests_require, - crypto=['cryptography >= 1.0'], + crypto=['cryptography >= 1.4'], flake8=[ 'flake8', 'flake8-import-order', |