diff options
-rw-r--r-- | docs/conf.py | 8 | ||||
-rw-r--r-- | jwt/algorithms.py | 28 | ||||
-rw-r--r-- | jwt/contrib/algorithms/py_ed25519.py | 49 | ||||
-rw-r--r-- | pyproject.toml | 2 | ||||
-rw-r--r-- | tests/contrib/test_algorithms.py | 29 | ||||
-rw-r--r-- | tests/keys/testkey_ed25519.pub | 2 |
6 files changed, 59 insertions, 59 deletions
diff --git a/docs/conf.py b/docs/conf.py index 83f346c..39f24b8 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -239,13 +239,7 @@ latex_elements = { # (source start file, target name, title, # author, documentclass [howto, manual, or own class]). latex_documents = [ - ( - master_doc, - "PyJWT.tex", - "PyJWT Documentation", - "José Padilla", - "manual", - ) + (master_doc, "PyJWT.tex", "PyJWT Documentation", "José Padilla", "manual") ] # The name of an image file (relative to this directory) to place at the top of diff --git a/jwt/algorithms.py b/jwt/algorithms.py index 03a20ed..10ef680 100644 --- a/jwt/algorithms.py +++ b/jwt/algorithms.py @@ -46,17 +46,17 @@ except ImportError: has_ed25519 = False requires_cryptography = { - "RS256", - "RS384", - "RS512", - "ES256", - "ES384", - "ES521", - "ES512", - "PS256", - "PS384", - "PS512", - "EdDSA", + "RS256", + "RS384", + "RS512", + "ES256", + "ES384", + "ES521", + "ES512", + "PS256", + "PS384", + "PS512", + "EdDSA", } @@ -86,16 +86,14 @@ def get_default_algorithms(): "PS256": RSAPSSAlgorithm(RSAPSSAlgorithm.SHA256), "PS384": RSAPSSAlgorithm(RSAPSSAlgorithm.SHA384), "PS512": RSAPSSAlgorithm(RSAPSSAlgorithm.SHA512), - } ) # Older versions of the `cryptography` libraries may not have Ed25519 available. # Needs a minimum of version 2.6 try: from jwt.contrib.algorithms.py_ed25519 import Ed25519Algorithm - default_algorithms.update({ - "EdDSA": Ed25519Algorithm(), - }) + + default_algorithms.update({"EdDSA": Ed25519Algorithm()}) except ImportError: pass diff --git a/jwt/contrib/algorithms/py_ed25519.py b/jwt/contrib/algorithms/py_ed25519.py index 6e761d5..1a1d4da 100644 --- a/jwt/contrib/algorithms/py_ed25519.py +++ b/jwt/contrib/algorithms/py_ed25519.py @@ -4,8 +4,15 @@ Implementation of Ed25519 using ``cryptography`` (as of Version 2.6 released in import cryptography.exceptions from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey, Ed25519PublicKey -from cryptography.hazmat.primitives.serialization import load_pem_public_key, load_pem_private_key, load_ssh_public_key +from cryptography.hazmat.primitives.asymmetric.ed25519 import ( + Ed25519PrivateKey, + Ed25519PublicKey, +) +from cryptography.hazmat.primitives.serialization import ( + load_pem_private_key, + load_pem_public_key, + load_ssh_public_key, +) from jwt.algorithms import Algorithm from jwt.compat import string_types, text_type @@ -17,29 +24,31 @@ class Ed25519Algorithm(Algorithm): This class requires ``cryptography>=2.6`` to be installed. """ - + def __init__(self, **kwargs): pass - + def prepare_key(self, key): - + if isinstance(key, (Ed25519PrivateKey, Ed25519PublicKey)): return key - + if isinstance(key, string_types): if isinstance(key, text_type): key = key.encode("utf-8") - str_key = key.decode('utf-8') - - if '-----BEGIN PUBLIC' in str_key: + str_key = key.decode("utf-8") + + if "-----BEGIN PUBLIC" in str_key: return load_pem_public_key(key, backend=default_backend()) - if '-----BEGIN PRIVATE' in str_key: - return load_pem_private_key(key, password=None, backend=default_backend()) - if str_key[0:4] == 'ssh-': + if "-----BEGIN PRIVATE" in str_key: + return load_pem_private_key( + key, password=None, backend=default_backend() + ) + if str_key[0:4] == "ssh-": return load_ssh_public_key(key, backend=default_backend()) - + raise TypeError("Expecting a PEM-formatted or OpenSSH key.") - + def sign(self, msg, key): """ Sign a message ``msg`` using the Ed25519 private key ``key`` @@ -47,25 +56,25 @@ class Ed25519Algorithm(Algorithm): :param Ed25519PrivateKey key: A :class:`.Ed25519PrivateKey` instance :return bytes signature: The signature, as bytes """ - msg = bytes(msg, 'utf-8') if type(msg) is not bytes else msg + msg = bytes(msg, "utf-8") if type(msg) is not bytes else msg return key.sign(msg) - + def verify(self, msg, key, sig): """ Verify a given ``msg`` against a signature ``sig`` using the Ed25519 key ``key`` - + :param str|bytes sig: Ed25519 signature to check ``msg`` against :param str|bytes msg: Message to sign :param Ed25519PrivateKey|Ed25519PublicKey key: A private or public Ed25519 key instance :return bool verified: True if signature is valid, False if not. """ try: - msg = bytes(msg, 'utf-8') if type(msg) is not bytes else msg - sig = bytes(sig, 'utf-8') if type(sig) is not bytes else sig + msg = bytes(msg, "utf-8") if type(msg) is not bytes else msg + sig = bytes(sig, "utf-8") if type(sig) is not bytes else sig if isinstance(key, Ed25519PrivateKey): key = key.public_key() key.verify(sig, msg) - return True # If no exception was raised, the signature is valid. + return True # If no exception was raised, the signature is valid. except cryptography.exceptions.InvalidSignature: return False diff --git a/pyproject.toml b/pyproject.toml index 82c7969..4efdeb3 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -11,4 +11,4 @@ use_parentheses=true combine_as_imports=true known_first_party="jwt" -known_third_party=["Crypto", "ecdsa", "pytest", "setuptools", "sphinx_rtd_theme"] +known_third_party=["Crypto", "cryptography", "ecdsa", "pytest", "setuptools", "sphinx_rtd_theme"] diff --git a/tests/contrib/test_algorithms.py b/tests/contrib/test_algorithms.py index 96382c3..f0cf394 100644 --- a/tests/contrib/test_algorithms.py +++ b/tests/contrib/test_algorithms.py @@ -1,5 +1,4 @@ import base64 -import warnings import pytest @@ -23,9 +22,9 @@ except ImportError: try: from jwt.contrib.algorithms.py_ed25519 import Ed25519Algorithm - + has_ed25519 = True -except ImportError as e: +except ImportError: has_ed25519 = False @@ -226,20 +225,20 @@ class TestEcdsaAlgorithms: not has_ed25519, reason="Not supported without cryptography>=2.6 library" ) class TestEd25519Algorithms: - hello_world_sig = 'Qxa47mk/azzUgmY2StAOguAd4P7YBLpyCfU3JdbaiWnXM4o4WibXwmIHvNYgN3frtE2fcyd8OYEaOiD/KiwkCg==' - hello_world = force_bytes('Hello World!') - + hello_world_sig = "Qxa47mk/azzUgmY2StAOguAd4P7YBLpyCfU3JdbaiWnXM4o4WibXwmIHvNYgN3frtE2fcyd8OYEaOiD/KiwkCg==" + hello_world = force_bytes("Hello World!") + def test_ed25519_should_reject_non_string_key(self): algo = Ed25519Algorithm() - + with pytest.raises(TypeError): algo.prepare_key(None) with open(key_path("testkey_ed25519")) as keyfile: - jwt_key = algo.prepare_key(keyfile.read()) + algo.prepare_key(keyfile.read()) with open(key_path("testkey_ed25519.pub")) as keyfile: - jwt_pub_key = algo.prepare_key(keyfile.read()) + algo.prepare_key(keyfile.read()) def test_ed25519_should_accept_unicode_key(self): algo = Ed25519Algorithm() @@ -251,7 +250,7 @@ class TestEd25519Algorithms: algo = Ed25519Algorithm() jwt_message = self.hello_world - + expected_sig = base64.b64decode(force_bytes(self.hello_world_sig)) with open(key_path("testkey_ed25519")) as keyfile: @@ -259,7 +258,7 @@ class TestEd25519Algorithms: with open(key_path("testkey_ed25519.pub")) as keyfile: jwt_pub_key = algo.prepare_key(keyfile.read()) - + algo.sign(jwt_message, jwt_key) result = algo.verify(jwt_message, jwt_pub_key, expected_sig) assert result @@ -269,12 +268,12 @@ class TestEd25519Algorithms: jwt_message = self.hello_world jwt_sig = base64.b64decode(force_bytes(self.hello_world_sig)) - + jwt_sig += force_bytes("123") # Signature is now invalid with open(key_path("testkey_ed25519.pub")) as keyfile: jwt_pub_key = algo.prepare_key(keyfile.read()) - + result = algo.verify(jwt_message, jwt_pub_key, jwt_sig) assert not result @@ -286,7 +285,7 @@ class TestEd25519Algorithms: with open(key_path("testkey_ed25519.pub")) as keyfile: jwt_pub_key = algo.prepare_key(keyfile.read()) - + result = algo.verify(jwt_message, jwt_pub_key, jwt_sig) assert result @@ -296,5 +295,5 @@ class TestEd25519Algorithms: with open(key_path("testkey_ed25519.pub")) as keyfile: jwt_pub_key_first = algo.prepare_key(keyfile.read()) jwt_pub_key_second = algo.prepare_key(jwt_pub_key_first) - + assert jwt_pub_key_first == jwt_pub_key_second diff --git a/tests/keys/testkey_ed25519.pub b/tests/keys/testkey_ed25519.pub index 13c80c7..2cb7d0e 100644 --- a/tests/keys/testkey_ed25519.pub +++ b/tests/keys/testkey_ed25519.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4pK2dePGgctIAsh0H/tmUrLzx2Vc4Ltc8TN9nfuChG
\ No newline at end of file +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4pK2dePGgctIAsh0H/tmUrLzx2Vc4Ltc8TN9nfuChG |