def __init__(self,jsonObject):
"""
Validate the signature of an already parsed JSON object
The current implementation is limited to RSA and EC
signatures and usage of the IETF JOSE algorithms
An invalid signature raises an exception
"""
if not isinstance(jsonObject, OrderedDict):
raise TypeError('JCS requires JSON to be parsed into a "OrderedDict"')
signatureObject = jsonObject['signature']
clonedSignatureObject = OrderedDict(signatureObject)
signatureValue = base64UrlDecode(signatureObject.pop('value'))
algorithmEntry = getAlgorithmEntry(signatureObject['algorithm'])
hashObject = algorithmEntry[1].new(serializeJson(jsonObject).encode("utf-8"))
jsonObject['signature'] = clonedSignatureObject
self.publicKey = signatureObject['publicKey']
keyType = self.publicKey['type']
if algorithmEntry[0]:
if keyType != 'RSA':
raise TypeError('"RSA" expected')
self.nativePublicKey = RSA.construct([cryptoBigNumDecode(self.publicKey['n']),
cryptoBigNumDecode(self.publicKey['e'])])
if not PKCS1_v1_5.new(self.nativePublicKey).verify(hashObject,signatureValue):
raise ValueError('Invalid Signature!')
else:
if keyType != 'EC':
raise TypeError('"EC" expected')
self.nativePublicKey = EC.from_string(base64UrlDecode(self.publicKey['x']) +
base64UrlDecode(self.publicKey['y']),
curve=getEcCurve(self.publicKey['curve']))
self.nativePublicKey.verify_digest(signatureValue,hashObject.digest())
def getPublicKey(self, format='JWK'):
"""
Return public key as a PEM or JWK string or as a JCS in an JSONObjectWriter
"""
if exportFormatCheck(format) == 'PEM':
return exportPublicKeyAsPem(self.nativePublicKey)
if format == 'JWK':
return serializeJson(self.publicKey)
return JSONObjectWriter(self.publicKey)
def getPublicKey(self, format='JWK'):
"""
Return public key as a PEM or JWK string or as a JCS in an JSONObjectWriter
"""
if exportFormatCheck(format) == 'PEM':
return exportPublicKeyAsPem(self.nativePublicKey)
if format == 'JWK':
jwk = OrderedDict()
for item in self.publicKey:
key = item
if key == 'type':
key = 'kty'
elif key == 'curve':
key = 'crv'
jwk[key] = self.publicKey[item]
return serializeJson(jwk)
return JSONObjectWriter(self.publicKey)
def getPublicKey(self,format='JWK'):
"""
Return public key as a PEM or JWK string or as a JCS in an JSONObjectWriter
"""
if exportFormatCheck(format) == 'PEM':
return exportPublicKeyAsPem(self.nativePublicKey)
if format == 'JWK':
jwk = OrderedDict()
for item in self.publicKey:
key = item
if key == 'type':
key = 'kty'
elif key == 'curve':
key = 'crv'
jwk[key] = self.publicKey[item]
return serializeJson(jwk)
return JSONObjectWriter(self.publicKey)
def __init__(self, jsonObject):
"""
Validate the signature of an already parsed JSON object
The current implementation is limited to RSA and EC
signatures and usage of the IETF JOSE algorithms
An invalid signature raises an exception
"""
if not isinstance(jsonObject, OrderedDict):
raise TypeError(
'JCS requires JSON to be parsed into a "OrderedDict"')
signatureObject = jsonObject['signature']
clonedSignatureObject = OrderedDict(signatureObject)
signatureValue = base64UrlDecode(signatureObject.pop('value'))
algorithmEntry = getAlgorithmEntry(signatureObject['algorithm'])
hashObject = algorithmEntry[1].new(
serializeJson(jsonObject).encode("utf-8"))
jsonObject['signature'] = clonedSignatureObject
self.publicKey = signatureObject['publicKey']
keyType = self.publicKey['type']
if algorithmEntry[0]:
if keyType != 'RSA':
raise TypeError('"RSA" expected')
self.nativePublicKey = RSA.construct([
cryptoBigNumDecode(self.publicKey['n']),
cryptoBigNumDecode(self.publicKey['e'])
])
if not PKCS1_v1_5.new(self.nativePublicKey).verify(
hashObject, signatureValue):
raise ValueError('Invalid Signature!')
else:
if keyType != 'EC':
raise TypeError('"EC" expected')
self.nativePublicKey = EC.from_string(
base64UrlDecode(self.publicKey['x']) +
base64UrlDecode(self.publicKey['y']),
curve=getEcCurve(self.publicKey['curve']))
self.nativePublicKey.verify_digest(signatureValue,
hashObject.digest())
def serialize(self):
return serializeJson(self.root)
def serialize(self):
return serializeJson(self.array)
