def _sign(self, pdata, sks, dump_json_data): if not isinstance(sks, list): sks = [sks] jheader = '{"alg": "ES256"}' jheader_b64 = base64url_encode(jheader) jpayload = json.dumps(pdata) if dump_json_data else pdata jpayload_b64 = base64url_encode(jpayload) pdata_sig = {'payload': jpayload_b64, 'signatures': []} for sk in sks: sig_string_b64 = jws.sign(jheader, jpayload, sk, is_json=True) order = sk.curve.order sig_string = base64url_decode(sig_string_b64) r, s = sigdecode_string(sig_string, order) sig_der = sigencode_der(r, s, order) sig_der_b64 = base64url_encode(sig_der) pdata_sig['signatures'].append({'protected': jheader_b64, 'signature': sig_der_b64}) return pdata_sig
def _create_auth_token(self, sk, profile): jheader = '{"alg": "ES256"}' jheader_b64 = base64url_encode(jheader) body = {'id': profile.profile_id, 'timestamp': int(time.time())} jbody = json.dumps(body) jbody_b64 = base64url_encode(jbody) sig_string_b64 = jws.sign(jheader, jbody, sk, is_json=True) order = sk.curve.order sig_string = base64url_decode(sig_string_b64) r, s = sigdecode_string(sig_string, order) sig_der = sigencode_der(r, s, order) sig_der_b64 = base64url_encode(sig_der) return '{0}.{1}.{2}'.format(jheader_b64, jbody_b64, sig_der_b64)
def is_jose_sig_valid(b64_jpayload, jose_sig, vk_pem): jpayload = b64url_dec(b64_jpayload, MalformedSignatureError) b64_jheader = dget(jose_sig, 'protected', MalformedSignatureError) jheader = b64url_dec(b64_jheader, MalformedSignatureError) b64_sig = dget(jose_sig, 'signature', MalformedSignatureError) sig_der = b64url_dec(b64_sig, MalformedSignatureError) vk = VerifyingKey.from_pem(vk_pem) vk_order = vk.curve.order b64_sig_string = base64url_encode(sig_der_to_string(sig_der, vk_order)) try: jws.verify(jheader, jpayload, b64_sig_string, vk, is_json=True) return True except jws.SignatureError: return False
def is_jws_sig_valid(b64_jws_sig, vk_pem): parts = b64_jws_sig.split('.') if len(parts) != 3: raise MalformedSignatureError # Extract parts to verify signature jheader_b64, jbody_b64, sig_der_b64 = parts jheader = b64url_dec(jheader_b64) jbody = b64url_dec(jbody_b64) sig_der = b64url_dec(sig_der_b64) vk = VerifyingKey.from_pem(vk_pem) vk_order = vk.curve.order sig_string_b64 = base64url_encode(sig_der_to_string(sig_der, vk_order)) try: jws.verify(jheader, jbody, sig_string_b64, vk, is_json=True) return True except jws.SignatureError: return False