def serialize(self, flatten: bool = False) -> bytes:
"""
Serializes the JWSSet into a JSON object via https://tools.ietf.org/html/rfc7515#section-3.2.
Parameters:
flatten (bool): Whether or not to flatten the structure if there's only one signature.
Returns:
bytes: JSON encoding as bytes.
"""
json_set = {
'payload':
url_b64_encode(self.payload).decode(),
'signatures': [{
'protected': url_b64_encode(jws.header).decode(),
'header': unprotected_header,
'signature': url_b64_encode(jws.signature).decode()
} for jws, unprotected_header in self.signatures]
}
if flatten and len(json_set['signatures']) == 1:
json_set.update(json_set['signatures'][0])
del json_set['signatures']
return json.dumps(json_set, separators=(',', ':')).encode('utf-8')
def recompute_signature(self, key: object):
"""
Recomputes the signature given a `key`.
Parameters:
key (object): Signing key. Object type depending on the JWASignatureAlg.
"""
self.signature = JWA_ALG_MAP[self.alg].sign(
key,
url_b64_encode(self.header) + b'.' + url_b64_encode(self.body))
def verify(self, key: object) -> bool:
"""
Verifies the signature on the JWS.
Parameters:
key (object): Verification key with object type depending on the JWASignatureAlg.
Returns:
bool: Whether or not it passed verification.
"""
data = url_b64_encode(self.header) + b'.' + url_b64_encode(self.body)
return JWA_ALG_MAP[self.alg].verify(key, data, self.signature)
def build_pub(rsa_key: object) -> dict:
"""
Formats the public parameters of the key as a `dict`.
Parameters:
rsa_key (RSA): Key to format.
Returns:
dict: JWK dict with public parameters.
"""
jwk = {
'kty': 'RSA',
'n': url_b64_encode(Bytes(rsa_key.n)).decode(),
'e': url_b64_encode(Bytes(rsa_key.e)).decode(),
}
return jwk
def encrypt(self, kek: bytes, cek: bytes, header: dict) -> Bytes:
rij = Rijndael(kek)
gcm = GCM(rij)
ct_and_tag = gcm.encrypt(url_b64_decode(header['iv'].encode('utf-8')),
cek, b'')
header['tag'] = url_b64_encode(ct_and_tag[-16:]).decode()
return ct_and_tag[:-16]
def build_pub(ec_key: object) -> dict:
"""
Formats the public parameters of the key as a `dict`.
Parameters:
ec_key (ECDSA): Key to format.
Returns:
dict: JWK dict with public parameters.
"""
jwk = {
'kty': 'EC',
'crv': JWK_CURVE_NAME_LOOKUP[ec_key.G.curve],
'x': url_b64_encode(Bytes(int(ec_key.Q.x))).decode(),
'y': url_b64_encode(Bytes(int(ec_key.Q.y))).decode(),
}
return jwk
def serialize(self) -> Bytes:
"""
Serialize the JWS into its compact representation.
Returns:
Bytes: BASE64-URL encoded JWS.
"""
return Bytes(b'.'.join([
url_b64_encode(part)
for part in [self.header, self.body, self.signature]
]))
def encode(ec_key: object, **kwargs) -> str:
"""
Encodes the key as a JWK JSON string.
Parameters:
ec_key (ECDSA): ECDSA key to encode.
Returns:
str: JWK JSON string.
"""
jwk = JWKECPublicKey.build_pub(ec_key)
jwk['d'] = url_b64_encode(Bytes(ec_key.d)).decode()
return json.dumps(jwk).encode('utf-8')
def build_pub(eddsa_key: object) -> dict:
"""
Formats the public parameters of the key as a `dict`.
Parameters:
eddsa_key (EdDSA): Key to format.
Returns:
dict: JWK dict with public parameters.
"""
jwk = {
'kty': 'OKP',
'crv': JWK_CURVE_NAME_LOOKUP[eddsa_key.curve],
'x': url_b64_encode(eddsa_key.get_pub_bytes()).decode()
}
return jwk
def encode(rsa_key: object, **kwargs) -> str:
"""
Encodes the key as a JWK JSON string.
Parameters:
rsa_key (RSA): RSA key to encode.
Returns:
str: JWK JSON string.
"""
jwk = JWKRSAPublicKey.build_pub(rsa_key)
jwk['d'] = url_b64_encode(Bytes(rsa_key.alt_d)).decode()
jwk['p'] = url_b64_encode(Bytes(rsa_key.p)).decode()
jwk['q'] = url_b64_encode(Bytes(rsa_key.q)).decode()
jwk['dp'] = url_b64_encode(Bytes(rsa_key.dP)).decode()
jwk['dq'] = url_b64_encode(Bytes(rsa_key.dQ)).decode()
jwk['qi'] = url_b64_encode(Bytes(rsa_key.Qi)).decode()
return json.dumps(jwk).encode('utf-8')
def generate_encryption_params(self) -> dict:
return {'p2s': url_b64_encode(Bytes.random(8)).decode(), 'p2c': 1000}
def generate_encryption_params(self) -> dict:
return {'iv': url_b64_encode(Bytes.random(12)).decode()}
