コード例 #1
0
 def __init__(self,jsonObject):
     """
     Validate the signature of an already parsed JSON object
     
     The current implementation is limited to RSA and EC
     signatures and usage of the IETF JOSE algorithms
     
     An invalid signature raises an exception
     """
     if not isinstance(jsonObject, OrderedDict):
         raise TypeError('JCS requires JSON to be parsed into a "OrderedDict"')
     signatureObject = jsonObject['signature']
     clonedSignatureObject = OrderedDict(signatureObject)
     signatureValue = base64UrlDecode(signatureObject.pop('value'))
     algorithmEntry = getAlgorithmEntry(signatureObject['algorithm'])
     hashObject = algorithmEntry[1].new(serializeJson(jsonObject).encode("utf-8"))
     jsonObject['signature'] = clonedSignatureObject
     self.publicKey = signatureObject['publicKey']
     keyType = self.publicKey['type']
     if algorithmEntry[0]:
         if keyType != 'RSA':
             raise TypeError('"RSA" expected')
         self.nativePublicKey = RSA.construct([cryptoBigNumDecode(self.publicKey['n']),
                                               cryptoBigNumDecode(self.publicKey['e'])])
         if not PKCS1_v1_5.new(self.nativePublicKey).verify(hashObject,signatureValue):
             raise ValueError('Invalid Signature!')
     else:
         if keyType != 'EC':
             raise TypeError('"EC" expected')
         self.nativePublicKey = EC.from_string(base64UrlDecode(self.publicKey['x']) + 
                                               base64UrlDecode(self.publicKey['y']),
                                               curve=getEcCurve(self.publicKey['curve']))
         self.nativePublicKey.verify_digest(signatureValue,hashObject.digest())
コード例 #2
0
 def __init__(self, privateKeyString):
     """
     Initialize object with an RSA or EC private key in JWK or PEM format
     
     Signature algorithms are assumed to be given in the IETF JOSE format
     
     This class is essentially a wrapper over the currently disparate Python
     EC and RSA libraries, not limited to JSON or JCS
     """
     if '"kty"' in privateKeyString:
         jwk = parseJson(privateKeyString)
         keyType = jwk['kty']
         if keyType == 'RSA':
             self.nativePrivateKey = RSA.construct([
                 cryptoBigNumDecode(jwk['n']),
                 cryptoBigNumDecode(jwk['e']),
                 cryptoBigNumDecode(jwk['d']),
                 cryptoBigNumDecode(jwk['p']),
                 cryptoBigNumDecode(jwk['q'])
             ])
             """ JWK syntax checking... """
             cryptoBigNumDecode(jwk['dp'])
             cryptoBigNumDecode(jwk['dq'])
             cryptoBigNumDecode(jwk['qi'])
         elif keyType == 'EC':
             self.nativePrivateKey = EC.from_string(
                 base64UrlDecode(jwk['d']), getEcCurve(jwk['crv']))
         else:
             raise ValueError('Unsupported key type: "' + keyType + '"')
     else:
         if ' RSA ' in privateKeyString:
             self.nativePrivateKey = RSA.importKey(privateKeyString)
         else:
             self.nativePrivateKey = EC.from_pem(privateKeyString)
     """
     Set default signature algorithm
     """
     if self.isRSA():
         self.algorithm = 'RS256'
     else:
         self.algorithm = 'ES256'
コード例 #3
0
 def __init__(self, jsonObject):
     """
     Validate the signature of an already parsed JSON object
     
     The current implementation is limited to RSA and EC
     signatures and usage of the IETF JOSE algorithms
     
     An invalid signature raises an exception
     """
     if not isinstance(jsonObject, OrderedDict):
         raise TypeError(
             'JCS requires JSON to be parsed into a "OrderedDict"')
     signatureObject = jsonObject['signature']
     clonedSignatureObject = OrderedDict(signatureObject)
     signatureValue = base64UrlDecode(signatureObject.pop('value'))
     algorithmEntry = getAlgorithmEntry(signatureObject['algorithm'])
     hashObject = algorithmEntry[1].new(
         serializeJson(jsonObject).encode("utf-8"))
     jsonObject['signature'] = clonedSignatureObject
     self.publicKey = signatureObject['publicKey']
     keyType = self.publicKey['type']
     if algorithmEntry[0]:
         if keyType != 'RSA':
             raise TypeError('"RSA" expected')
         self.nativePublicKey = RSA.construct([
             cryptoBigNumDecode(self.publicKey['n']),
             cryptoBigNumDecode(self.publicKey['e'])
         ])
         if not PKCS1_v1_5.new(self.nativePublicKey).verify(
                 hashObject, signatureValue):
             raise ValueError('Invalid Signature!')
     else:
         if keyType != 'EC':
             raise TypeError('"EC" expected')
         self.nativePublicKey = EC.from_string(
             base64UrlDecode(self.publicKey['x']) +
             base64UrlDecode(self.publicKey['y']),
             curve=getEcCurve(self.publicKey['curve']))
         self.nativePublicKey.verify_digest(signatureValue,
                                            hashObject.digest())