def _process_jwk(self, jwk_dict): if not jwk_dict.get("kty") == "RSA": raise JWKError( "Incorrect key type. Expected: 'RSA', Received: %s" % jwk_dict.get("kty")) e = base64_to_long(jwk_dict.get("e")) n = base64_to_long(jwk_dict.get("n")) if "d" not in jwk_dict: return pyrsa.PublicKey(e=e, n=n) else: d = base64_to_long(jwk_dict.get("d")) extra_params = ["p", "q", "dp", "dq", "qi"] if any(k in jwk_dict for k in extra_params): # Precomputed private key parameters are available. if not all(k in jwk_dict for k in extra_params): # These values must be present when 'p' is according to # Section 6.3.2 of RFC7518, so if they are not we raise # an error. raise JWKError( "Precomputed private key parameters are incomplete.") p = base64_to_long(jwk_dict["p"]) q = base64_to_long(jwk_dict["q"]) return pyrsa.PrivateKey(e=e, n=n, d=d, p=p, q=q) else: p, q = _rsa_recover_prime_factors(n, e, d) return pyrsa.PrivateKey(n=n, e=e, d=d, p=p, q=q)
def _process_jwk(self, jwk_dict): if not jwk_dict.get('kty') == 'RSA': raise JWKError("Incorrect key type. Expected: 'RSA', Received: %s" % jwk_dict.get('kty')) e = base64_to_long(jwk_dict.get('e')) n = base64_to_long(jwk_dict.get('n')) if 'd' not in jwk_dict: return pyrsa.PublicKey(e=e, n=n) else: d = base64_to_long(jwk_dict.get('d')) extra_params = ['p', 'q', 'dp', 'dq', 'qi'] if any(k in jwk_dict for k in extra_params): # Precomputed private key parameters are available. if not all(k in jwk_dict for k in extra_params): # These values must be present when 'p' is according to # Section 6.3.2 of RFC7518, so if they are not we raise # an error. raise JWKError('Precomputed private key parameters are incomplete.') p = base64_to_long(jwk_dict['p']) q = base64_to_long(jwk_dict['q']) return pyrsa.PrivateKey(e=e, n=n, d=d, p=p, q=q) else: p, q = _rsa_recover_prime_factors(n, e, d) return pyrsa.PrivateKey(n=n, e=e, d=d, p=p, q=q)
def _process_jwk(self, jwk_dict): if not jwk_dict.get('kty') == 'EC': raise JWKError( "Incorrect key type. Expected: 'EC', Received: %s" % jwk_dict.get('kty')) if not all(k in jwk_dict for k in ['x', 'y', 'crv']): raise JWKError('Mandatory parameters are missing') x = base64_to_long(jwk_dict.get('x')) y = base64_to_long(jwk_dict.get('y')) curve = { 'P-256': ec.SECP256R1, 'P-384': ec.SECP384R1, 'P-521': ec.SECP521R1, }[jwk_dict['crv']] public = ec.EllipticCurvePublicNumbers(x, y, curve()) if 'd' in jwk_dict: d = base64_to_long(jwk_dict.get('d')) private = ec.EllipticCurvePrivateNumbers(d, public) return private.private_key(self.cryptography_backend()) else: return public.public_key(self.cryptography_backend())
def _process_jwk(self, jwk_dict): if not jwk_dict.get('kty') == 'RSA': raise JWKError("Incorrect key type. Expected: 'RSA', Recieved: %s" % jwk_dict.get('kty')) e = base64_to_long(jwk_dict.get('e')) n = base64_to_long(jwk_dict.get('n')) if 'd' not in jwk_dict: return pyrsa.PublicKey(e=e, n=n) else: d = base64_to_long(jwk_dict.get('d')) extra_params = ['p', 'q', 'dp', 'dq', 'qi'] if any(k in jwk_dict for k in extra_params): # Precomputed private key parameters are available. if not all(k in jwk_dict for k in extra_params): # These values must be present when 'p' is according to # Section 6.3.2 of RFC7518, so if they are not we raise # an error. raise JWKError('Precomputed private key parameters are incomplete.') p = base64_to_long(jwk_dict['p']) q = base64_to_long(jwk_dict['q']) return pyrsa.PrivateKey(e=e, n=n, d=d, p=p, q=q) else: p, q = _rsa_recover_prime_factors(n, e, d) return pyrsa.PrivateKey(n=n, e=e, d=d, p=p, q=q)
def _process_jwk(self, jwk_dict): if not jwk_dict.get('kty') == 'RSA': raise JWKError("Incorrect key type. Expected: 'RSA', Recieved: %s" % jwk_dict.get('kty')) e = base64_to_long(jwk_dict.get('e', 256)) n = base64_to_long(jwk_dict.get('n')) verifying_key = rsa.RSAPublicNumbers(e, n).public_key(self.cryptography_backend()) return verifying_key
def _process_jwk(self, jwk_dict): if not jwk_dict.get('kty') == 'RSA': raise JWKError( "Incorrect key type. Expected: 'RSA', Recieved: %s" % jwk_dict.get('kty')) e = base64_to_long(jwk_dict.get('e', 256)) n = base64_to_long(jwk_dict.get('n')) self.prepared_key = RSA.construct((n, e)) return self.prepared_key
def _process_jwk(self, jwk_dict): if not jwk_dict.get('kty') == 'EC': raise JWKError("Incorrect key type. Expected: 'EC', Recieved: %s" % jwk_dict.get('kty')) x = base64_to_long(jwk_dict.get('x')) y = base64_to_long(jwk_dict.get('y')) curve = { 'P-256': ec.SECP256R1, 'P-384': ec.SECP384R1, 'P-521': ec.SECP521R1, }[jwk_dict['crv']] ec_pn = ec.EllipticCurvePublicNumbers(x, y, curve()) verifying_key = ec_pn.public_key(self.cryptography_backend()) return verifying_key
def _process_jwk(self, jwk_dict): if not jwk_dict.get('kty') == 'EC': raise JWKError( "Incorrect key type. Expected: 'EC', Recieved: %s" % jwk_dict.get('kty')) x = base64_to_long(jwk_dict.get('x')) y = base64_to_long(jwk_dict.get('y')) if not ecdsa.ecdsa.point_is_valid(self.curve.generator, x, y): raise JWKError("Point: %s, %s is not a valid point" % (x, y)) point = ecdsa.ellipticcurve.Point(self.curve.curve, x, y, self.curve.order) verifying_key = ecdsa.keys.VerifyingKey.from_public_point( point, self.curve) return verifying_key
def _process_jwk(self, jwk_dict): if not jwk_dict.get('kty') == 'EC': raise JWKError("Incorrect key type. Expected: 'EC', Received: %s" % jwk_dict.get('kty')) if not all(k in jwk_dict for k in ['x', 'y', 'crv']): raise JWKError('Mandatory parameters are missing') if 'd' in jwk_dict: # We are dealing with a private key; the secret exponent is enough # to create an ecdsa key. d = base64_to_long(jwk_dict.get('d')) return ecdsa.keys.SigningKey.from_secret_exponent(d, self.curve) else: x = base64_to_long(jwk_dict.get('x')) y = base64_to_long(jwk_dict.get('y')) if not ecdsa.ecdsa.point_is_valid(self.curve.generator, x, y): raise JWKError(f"Point: {x}, {y} is not a valid point") point = ecdsa.ellipticcurve.Point(self.curve.curve, x, y, self.curve.order) return ecdsa.keys.VerifyingKey.from_public_point(point, self.curve)
def _process_jwk(self, jwk_dict): if not jwk_dict.get('kty') == 'EC': raise JWKError("Incorrect key type. Expected: 'EC', Recieved: %s" % jwk_dict.get('kty')) if not all(k in jwk_dict for k in ['x', 'y', 'crv']): raise JWKError('Mandatory parameters are missing') if 'd' in jwk_dict: # We are dealing with a private key; the secret exponent is enough # to create an ecdsa key. d = base64_to_long(jwk_dict.get('d')) return ecdsa.keys.SigningKey.from_secret_exponent(d, self.curve) else: x = base64_to_long(jwk_dict.get('x')) y = base64_to_long(jwk_dict.get('y')) if not ecdsa.ecdsa.point_is_valid(self.curve.generator, x, y): raise JWKError("Point: %s, %s is not a valid point" % (x, y)) point = ecdsa.ellipticcurve.Point(self.curve.curve, x, y, self.curve.order) return ecdsa.keys.VerifyingKey.from_public_point(point, self.curve)
def _process_jwk(self, jwk_dict): if not jwk_dict.get('kty') == 'EC': raise JWKError("Incorrect key type. Expected: 'EC', Received: %s" % jwk_dict.get('kty')) if not all(k in jwk_dict for k in ['x', 'y', 'crv']): raise JWKError('Mandatory parameters are missing') x = base64_to_long(jwk_dict.get('x')) y = base64_to_long(jwk_dict.get('y')) curve = { 'P-256': ec.SECP256R1, 'P-384': ec.SECP384R1, 'P-521': ec.SECP521R1, }[jwk_dict['crv']] public = ec.EllipticCurvePublicNumbers(x, y, curve()) if 'd' in jwk_dict: d = base64_to_long(jwk_dict.get('d')) private = ec.EllipticCurvePrivateNumbers(d, public) return private.private_key(self.cryptography_backend()) else: return public.public_key(self.cryptography_backend())
def _process_jwk(self, jwk_dict): if not jwk_dict.get('kty') == 'RSA': raise JWKError( "Incorrect key type. Expected: 'RSA', Received: %s" % jwk_dict.get('kty')) e = base64_to_long(jwk_dict.get('e', 256)) n = base64_to_long(jwk_dict.get('n')) public = rsa.RSAPublicNumbers(e, n) if 'd' not in jwk_dict: return public.public_key(self.cryptography_backend()) else: # This is a private key. d = base64_to_long(jwk_dict.get('d')) extra_params = ['p', 'q', 'dp', 'dq', 'qi'] if any(k in jwk_dict for k in extra_params): # Precomputed private key parameters are available. if not all(k in jwk_dict for k in extra_params): # These values must be present when 'p' is according to # Section 6.3.2 of RFC7518, so if they are not we raise # an error. raise JWKError( 'Precomputed private key parameters are incomplete.') p = base64_to_long(jwk_dict['p']) q = base64_to_long(jwk_dict['q']) dp = base64_to_long(jwk_dict['dp']) dq = base64_to_long(jwk_dict['dq']) qi = base64_to_long(jwk_dict['qi']) else: # The precomputed private key parameters are not available, # so we use cryptography's API to fill them in. p, q = rsa.rsa_recover_prime_factors(n, e, d) dp = rsa.rsa_crt_dmp1(d, p) dq = rsa.rsa_crt_dmq1(d, q) qi = rsa.rsa_crt_iqmp(p, q) private = rsa.RSAPrivateNumbers(p, q, d, dp, dq, qi, public) return private.private_key(self.cryptography_backend())
def _process_jwk(self, jwk_dict): if not jwk_dict.get('kty') == 'RSA': raise JWKError("Incorrect key type. Expected: 'RSA', Received: %s" % jwk_dict.get('kty')) e = base64_to_long(jwk_dict.get('e', 256)) n = base64_to_long(jwk_dict.get('n')) public = rsa.RSAPublicNumbers(e, n) if 'd' not in jwk_dict: return public.public_key(self.cryptography_backend()) else: # This is a private key. d = base64_to_long(jwk_dict.get('d')) extra_params = ['p', 'q', 'dp', 'dq', 'qi'] if any(k in jwk_dict for k in extra_params): # Precomputed private key parameters are available. if not all(k in jwk_dict for k in extra_params): # These values must be present when 'p' is according to # Section 6.3.2 of RFC7518, so if they are not we raise # an error. raise JWKError('Precomputed private key parameters are incomplete.') p = base64_to_long(jwk_dict['p']) q = base64_to_long(jwk_dict['q']) dp = base64_to_long(jwk_dict['dp']) dq = base64_to_long(jwk_dict['dq']) qi = base64_to_long(jwk_dict['qi']) else: # The precomputed private key parameters are not available, # so we use cryptography's API to fill them in. p, q = rsa.rsa_recover_prime_factors(n, e, d) dp = rsa.rsa_crt_dmp1(d, p) dq = rsa.rsa_crt_dmq1(d, q) qi = rsa.rsa_crt_iqmp(p, q) private = rsa.RSAPrivateNumbers(p, q, d, dp, dq, qi, public) return private.private_key(self.cryptography_backend())
def _process_jwk(self, jwk_dict): if not jwk_dict.get('kty') == 'RSA': raise JWKError( "Incorrect key type. Expected: 'RSA', Recieved: %s" % jwk_dict.get('kty')) e = base64_to_long(jwk_dict.get('e', 256)) n = base64_to_long(jwk_dict.get('n')) params = (n, e) if 'd' in jwk_dict: params += (base64_to_long(jwk_dict.get('d')), ) extra_params = ['p', 'q', 'dp', 'dq', 'qi'] if any(k in jwk_dict for k in extra_params): # Precomputed private key parameters are available. if not all(k in jwk_dict for k in extra_params): # These values must be present when 'p' is according to # Section 6.3.2 of RFC7518, so if they are not we raise # an error. raise JWKError( 'Precomputed private key parameters are incomplete.') p = base64_to_long(jwk_dict.get('p')) q = base64_to_long(jwk_dict.get('q')) qi = base64_to_long(jwk_dict.get('qi')) # PyCrypto does not take the dp and dq as arguments, so we do # not pass them. Furthermore, the parameter qi specified in # the JWK is the inverse of q modulo p, whereas PyCrypto # takes the inverse of p modulo q. We therefore switch the # parameters to make the third parameter the inverse of the # second parameter modulo the first parameter. params += (q, p, qi) self.prepared_key = RSA.construct(params) return self.prepared_key
def _process_jwk(self, jwk_dict): if not jwk_dict.get('kty') == 'RSA': raise JWKError("Incorrect key type. Expected: 'RSA', Recieved: %s" % jwk_dict.get('kty')) e = base64_to_long(jwk_dict.get('e', 256)) n = base64_to_long(jwk_dict.get('n')) params = (n, e) if 'd' in jwk_dict: params += (base64_to_long(jwk_dict.get('d')),) extra_params = ['p', 'q', 'dp', 'dq', 'qi'] if any(k in jwk_dict for k in extra_params): # Precomputed private key parameters are available. if not all(k in jwk_dict for k in extra_params): # These values must be present when 'p' is according to # Section 6.3.2 of RFC7518, so if they are not we raise # an error. raise JWKError('Precomputed private key parameters are incomplete.') p = base64_to_long(jwk_dict.get('p')) q = base64_to_long(jwk_dict.get('q')) qi = base64_to_long(jwk_dict.get('qi')) # PyCrypto does not take the dp and dq as arguments, so we do # not pass them. Furthermore, the parameter qi specified in # the JWK is the inverse of q modulo p, whereas PyCrypto # takes the inverse of p modulo q. We therefore switch the # parameters to make the third parameter the inverse of the # second parameter modulo the first parameter. params += (q, p, qi) self.prepared_key = RSA.construct(params) return self.prepared_key