def __init__(self,jsonObject):
"""
Validate the signature of an already parsed JSON object
The current implementation is limited to RSA and EC
signatures and usage of the IETF JOSE algorithms
An invalid signature raises an exception
"""
if not isinstance(jsonObject, OrderedDict):
raise TypeError('JCS requires JSON to be parsed into a "OrderedDict"')
signatureObject = jsonObject['signature']
clonedSignatureObject = OrderedDict(signatureObject)
signatureValue = base64UrlDecode(signatureObject.pop('value'))
algorithmEntry = getAlgorithmEntry(signatureObject['algorithm'])
hashObject = algorithmEntry[1].new(serializeJson(jsonObject).encode("utf-8"))
jsonObject['signature'] = clonedSignatureObject
self.publicKey = signatureObject['publicKey']
keyType = self.publicKey['type']
if algorithmEntry[0]:
if keyType != 'RSA':
raise TypeError('"RSA" expected')
self.nativePublicKey = RSA.construct([cryptoBigNumDecode(self.publicKey['n']),
cryptoBigNumDecode(self.publicKey['e'])])
if not PKCS1_v1_5.new(self.nativePublicKey).verify(hashObject,signatureValue):
raise ValueError('Invalid Signature!')
else:
if keyType != 'EC':
raise TypeError('"EC" expected')
self.nativePublicKey = EC.from_string(base64UrlDecode(self.publicKey['x']) +
base64UrlDecode(self.publicKey['y']),
curve=getEcCurve(self.publicKey['curve']))
self.nativePublicKey.verify_digest(signatureValue,hashObject.digest())
def __init__(self, privateKeyString):
"""
Initialize object with an RSA or EC private key in JWK or PEM format
Signature algorithms are assumed to be given in the IETF JOSE format
This class is essentially a wrapper over the currently disparate Python
EC and RSA libraries, not limited to JSON or JCS
"""
if '"kty"' in privateKeyString:
jwk = parseJson(privateKeyString)
keyType = jwk['kty']
if keyType == 'RSA':
self.nativePrivateKey = RSA.construct([
cryptoBigNumDecode(jwk['n']),
cryptoBigNumDecode(jwk['e']),
cryptoBigNumDecode(jwk['d']),
cryptoBigNumDecode(jwk['p']),
cryptoBigNumDecode(jwk['q'])
])
""" JWK syntax checking... """
cryptoBigNumDecode(jwk['dp'])
cryptoBigNumDecode(jwk['dq'])
cryptoBigNumDecode(jwk['qi'])
elif keyType == 'EC':
self.nativePrivateKey = EC.from_string(
base64UrlDecode(jwk['d']), getEcCurve(jwk['crv']))
else:
raise ValueError('Unsupported key type: "' + keyType + '"')
else:
if ' RSA ' in privateKeyString:
self.nativePrivateKey = RSA.importKey(privateKeyString)
else:
self.nativePrivateKey = EC.from_pem(privateKeyString)
"""
Set default signature algorithm
"""
if self.isRSA():
self.algorithm = 'RS256'
else:
self.algorithm = 'ES256'
def __init__(self, jsonObject):
"""
Validate the signature of an already parsed JSON object
The current implementation is limited to RSA and EC
signatures and usage of the IETF JOSE algorithms
An invalid signature raises an exception
"""
if not isinstance(jsonObject, OrderedDict):
raise TypeError(
'JCS requires JSON to be parsed into a "OrderedDict"')
signatureObject = jsonObject['signature']
clonedSignatureObject = OrderedDict(signatureObject)
signatureValue = base64UrlDecode(signatureObject.pop('value'))
algorithmEntry = getAlgorithmEntry(signatureObject['algorithm'])
hashObject = algorithmEntry[1].new(
serializeJson(jsonObject).encode("utf-8"))
jsonObject['signature'] = clonedSignatureObject
self.publicKey = signatureObject['publicKey']
keyType = self.publicKey['type']
if algorithmEntry[0]:
if keyType != 'RSA':
raise TypeError('"RSA" expected')
self.nativePublicKey = RSA.construct([
cryptoBigNumDecode(self.publicKey['n']),
cryptoBigNumDecode(self.publicKey['e'])
])
if not PKCS1_v1_5.new(self.nativePublicKey).verify(
hashObject, signatureValue):
raise ValueError('Invalid Signature!')
else:
if keyType != 'EC':
raise TypeError('"EC" expected')
self.nativePublicKey = EC.from_string(
base64UrlDecode(self.publicKey['x']) +
base64UrlDecode(self.publicKey['y']),
curve=getEcCurve(self.publicKey['curve']))
self.nativePublicKey.verify_digest(signatureValue,
hashObject.digest())