def load_keys(save_path): fppub = open(os.path.join(save_path, "public.pem"), 'rb') fppriv = open(os.path.join(save_path, "private.pem"), 'rb') pub_key = JWK.from_pem(fppub.read()) priv_key = JWK.from_pem(fppriv.read()) fppub.close() fppriv.close() return {'public': pub_key, 'private': priv_key}
def __init__(self, host='localhost', port=7777, key=None): self.host = host self.port = port self.key = key with open('client_private.pem', mode='rb') as f: self.privkey = JWK.from_pem(f.read()) with open('server_public.pem', mode='rb') as f: self.server_pubkey = JWK.from_pem(f.read())
def get_jwk(cls, public_key): # type: (str) -> t.Mapping[str, t.Any] jwk_obj = JWK.from_pem(public_key.encode('utf-8')) public_jwk = json.loads(jwk_obj.export_public()) public_jwk['alg'] = 'RS256' public_jwk['use'] = 'sig' return public_jwk
def handle(self, *args, **options: dict): configDir: str = os.path.dirname( os.getenv('ENV_FILE', '/secrets/env.json')) self.stdout.write('Key files will be written to ' f'directory "{configDir}"...') self.keyFileBasePathName = os.path.join( configDir, options.get(self.baseNameOption)) self.stdout.write('Generating key...') key: RsaKey = RSA.generate(4096) self.stdout.write('Preparing private and public key strings...') privateKey: bytes = key.exportKey() publicKey: bytes = key.publickey().exportKey() jwk_obj: JWK = JWK.from_pem(publicKey) public_jwk: dict = { **json.loads(jwk_obj.export_public()), **{ 'alg': 'RS256', 'use': 'sig' } } self._writeKeyFile(self.KeyFileType.PRIVATE, privateKey.decode('utf-8')) self._writeKeyFile(self.KeyFileType.PUBLIC, publicKey.decode('utf-8')) self._writeKeyFile(self.KeyFileType.JWK, json.dumps(public_jwk))
def verify_certificate(jwt: JWT) -> JWK: """Get (and verify) the signing key from JWT.""" # First element in the header is our actual key try: decoding_key = JWK.from_pem( PEM_CERT_TEMPLATE.format(jwt.token.jose_header['x5c'][0]).encode()) except ValueError: raise InvalidCert('Cannot decode key.') if SETTINGS.metadata_service['disable_cert_verification']: return decoding_key if not SETTINGS.metadata_service['certificate']: raise CommandError( "Certificate verification enabled, but no certificate set. " "Please set certificate or disable validation.") # Create context and verify store = _prepare_crypto_store(jwt) decoding_cert = crypto.load_certificate( crypto.FILETYPE_PEM, PEM_CERT_TEMPLATE.format(jwt.token.jose_header['x5c'][0]).encode()) store_ctx = crypto.X509StoreContext(store, decoding_cert) try: store_ctx.verify_certificate() except crypto.X509StoreContextError: raise InvalidCert('Key could not be verified.') else: return decoding_key
def load_pem(path: str) -> JWK: """ Load a PEM-formatted key or certificate Parsing will fail if the file contains anything other than the PEM-formatted key/certificate. """ with open(path, "rb") as pem_file: return JWK.from_pem(pem_file.read())
def generate(header, payload, priv_pem): priv_pem = json_decode(priv_pem.replace('\n', '\\n')) if priv_pem.startswith("-----BEGIN"): priv_key = JWK.from_pem(to_bytes_2and3(priv_pem)) else: priv_key = JWK(kty='oct', k=base64url_encode(priv_pem)) sig = JWS(payload) sig.add_signature(priv_key, protected=header) sys.stdout.write(sig.serialize(compact=True))
def verify(sjws, pub_pem): sjws = json_decode(sjws) pub_pem = json_decode(pub_pem.replace('\n', '\\n')) if pub_pem.startswith("-----BEGIN"): pub_key = JWK.from_pem(to_bytes_2and3(pub_pem)) else: pub_key = JWK(kty='oct', k=base64url_encode(pub_pem)) sig = JWS() sig.deserialize(sjws, pub_key) sys.stdout.write(base64url_decode(json_decode(sig.serialize())['payload']))
def listAll(): repo = KeyRepository(getDb()) docList = repo.fetchAll() jwkset = JWKSet() for keyDoc in docList: jwk = JWK.from_pem(base64.b64decode(keyDoc.publicKey)) # wrong way, no idea how to make it proper :| jwk._params['kid'] = str(keyDoc.id) jwk._params['alg'] = keyDoc.algorithm jwkset.add(jwk) return jwkset.export(private_keys=False, as_dict=True)
def get_getPublicKeyJwk(request): keyId = request.args['keyId'] publicKey = keystore.getKey(keyId) if publicKey == None: return Response(responseBody=json.dumps({'error': 'Key not found'}), contentType="application/json", statusCode=404) else: pemEncoded = "-----BEGIN PUBLIC KEY-----\r\n" + utils.insert_newlines(publicKey.decode("ascii"), 64) + "\r\n-----END PUBLIC KEY-----" jwk = JWK.from_pem(pemEncoded.encode("ascii")) jwkDecoded = json.loads(jwk.export_public()) jwkDecoded['kid'] = keyId jwkDecoded['kty'] = "RSA" return Response(responseBody = json.dumps(jwkDecoded, indent=4), contentType = "application/json")
def get_getPublicKeysJwks(request): keys = keystore.getAllKeys() jwks = [] for keyId in keys.keys(): pemEncoded = "-----BEGIN PUBLIC KEY-----\r\n" + utils.insert_newlines(keys[keyId].decode("ascii"), 64) + "\r\n-----END PUBLIC KEY-----" jwk = JWK.from_pem(pemEncoded.encode("ascii")) jwkDecoded = json.loads(jwk.export_public()) jwkDecoded['kid'] = keyId jwkDecoded['kty'] = "RSA" jwkDecoded['use'] = "sig" jwks.append(jwkDecoded) return Response(responseBody = json.dumps({'keys': jwks}, indent = 4), contentType = "application/json")
def get_jwk(public_key: bytes) -> Dict[str, str]: """Gets the JSON Web Key from PKCS#8 formatted data from a PEM file. Args: public_key (bytes): PKCS#8 formmatted public key. Returns: Dict[str, str]: dictionary that represents the JWK. """ jwk_obj = JWK.from_pem(public_key) public_jwk = json.loads(jwk_obj.export_public()) public_jwk["alg"] = "RS256" public_jwk["use"] = "sig" return public_jwk
def create_apns_jwt(): with open(path.join(getcwd(), APNS_KEY), 'rb') as key: jwk = JWK.from_pem(key.read()) jwt = JWT(header={ 'typ': 'JWT', 'alg': 'ES256', 'kid': notifications['apns_key_id'] }, claims={ 'iss': notifications['apple_team_id'], 'iat': int(time()) }, algs=['ES256']) jwt.make_signed_token(jwk) return jwt.serialize()
def create_webpush_jwt(endpoint_url): with open(WEBPUSH_PRIVATE_KEY_PATH, 'rb') as key: jwk = JWK.from_pem(key.read()) jwt = JWT(header={ 'typ': 'JWT', 'alg': 'ES256' }, claims={ 'sub': f'mailto:{notifications["support_email"]}', 'exp': str(int(time() + WEBPUSH_EXPIRATION)), 'aud': f'{endpoint_url.scheme}://{endpoint_url.netloc}' }, algs=['ES256']) jwt.make_signed_token(jwk) return jwt.serialize()
def _get_app_token(self): expired = self._is_token_expired(self._current_app_token_expiry) if expired: now = self._get_now_timestamp() expiry = now + (10 * 60) self._current_app_token_expiry = expiry token = JWT( header={'alg': 'RS256'}, claims={ 'iat': now, 'exp': expiry, 'iss': self._identifier, }, algs=['RS256'], ) token.make_signed_token(JWK.from_pem(self._private_key)) self._current_app_token = token.serialize() return self._current_app_token
def get_jwk(public_key: str) -> dict: ''' Load public key as dictionary Args: public_key (str): Path to pem Returns: dict: Exported public key ''' jwk_obj = JWK.from_pem(public_key) public_jwk = json.loads(jwk_obj.export_public()) public_jwk['alg'] = 'RS256' public_jwk['use'] = 'sig' return public_jwk
def create_public_thumbprint(save_path): key = JWK.from_pem(os.path.join(save_path, "public.pem")) return key.export()
def bench_RSA(self): """ Import key """ JWK.from_pem(to_bytes_2and3(priv_pem))
def export_key(filename,key): f = open(filename, "a") f.write(key) f.close() key = RSA.generate(4096) private_key = key.exportKey() print(str(private_key)) export_key('private.key', str(private_key, encoding='UTF-8')) public_key = key.publickey().exportKey() print(str(public_key)) export_key('public.key', str(public_key, encoding='UTF-8')) f = open("public.key", "r") public_pem = f.read() f.close() jwk_obj = JWK.from_pem(public_pem.encode('utf-8')) public_jwk = json.loads(jwk_obj.export_public()) public_jwk['alg'] = 'RS256' public_jwk['use'] = 'sig' public_jwk_str = json.dumps(public_jwk) export_key('public.jwk.json', public_jwk_str) print(public_jwk_str)
801xAoGADQB84MJe/X8xSUZQzpn2KP/yZ7C517qDJjComGe3mjVxTIT5XAaa1tLy\n\ T4mvpSeYDJkBD8Hxr3fB1YNDWNbgwrNPGZnUTBNhxIsNLPnV8WySiW57LqVXlggH\n\ vjFmyDdU5Hh6ma4q+BeAqbXZSJz0cfkBcBLCSe2gIJ/QJ3YJVQI= \n\ -----END RSA PRIVATE KEY-----" rsa_pub_pem = "-----BEGIN PUBLIC KEY----- \n\ MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4qiw8PWs7PpnnC2BUEoD\n\ RcwXF8pq8XT1/3Hc3cuUJwX/otNefr/Bomr3dtM0ERLN3DrepCXvuzEU5FcJVDUB\n\ 3sI+pFtjjLBXD/zJmuL3Afg91J9p79+Dm+43cR6wuKywVJx5DJIdswF6oQDDzhwu\n\ 89d2V5x02aXB9LqdXkPwiO0eR5s/xHXgASl+hqDdVL9hLod3iGa9nV7cElCbcl8U\n\ VXNPJnQAfaiKazF+hCdl/syrIh0KCZ5opggsTJibo8qFXBmG4PkT5YbhHE11wYKI\n\ LwZFSvZ9iddRPQK3CtgFiBnXbVwU5t67tn9pMizHgypgsfBoeoyBrpTuc4egSCpj\n\ sQIDAQAB \n\ -----END PUBLIC KEY-----" rsa_priv_key = JWK.from_pem(to_bytes_2and3(rsa_priv_pem)) rsa_pub_key = JWK.from_pem(to_bytes_2and3(rsa_pub_pem)) ec_p256_priv_pem = "-----BEGIN EC PRIVATE KEY----- \n\ MHcCAQEEIHUzppsG3mykCT4wm/zle/61EiRxMrqhMuIhJ9ODYSSPoAoGCCqGSM49\n\ AwEHoUQDQgAEXkWPnLkwayWN5S1m5b6+3ZMlOi4IdMYQx6tGwPdCZLUko3sqIQHp\n\ CLCxpT9Cis1hHR/kWy4Tr18Ow3tBi9YKLA== \n\ -----END EC PRIVATE KEY-----" ec_p256_pub_pem = "-----BEGIN PUBLIC KEY----- \n\ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXkWPnLkwayWN5S1m5b6+3ZMlOi4I\n\ dMYQx6tGwPdCZLUko3sqIQHpCLCxpT9Cis1hHR/kWy4Tr18Ow3tBi9YKLA== \n\ -----END PUBLIC KEY-----" ec_p256_priv_key = JWK.from_pem(to_bytes_2and3(ec_p256_priv_pem)) ec_p256_pub_key = JWK.from_pem(to_bytes_2and3(ec_p256_pub_pem))
def get_jwk(public_key): jwk_obj = JWK.from_pem(public_key) public_jwk = json.loads(jwk_obj.export_public()) public_jwk["alg"] = "RS256" public_jwk["use"] = "sig" return public_jwk
801xAoGADQB84MJe/X8xSUZQzpn2KP/yZ7C517qDJjComGe3mjVxTIT5XAaa1tLy\n\ T4mvpSeYDJkBD8Hxr3fB1YNDWNbgwrNPGZnUTBNhxIsNLPnV8WySiW57LqVXlggH\n\ vjFmyDdU5Hh6ma4q+BeAqbXZSJz0cfkBcBLCSe2gIJ/QJ3YJVQI= \n\ -----END RSA PRIVATE KEY-----" pub_pem = "-----BEGIN PUBLIC KEY----- \n\ MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4qiw8PWs7PpnnC2BUEoD\n\ RcwXF8pq8XT1/3Hc3cuUJwX/otNefr/Bomr3dtM0ERLN3DrepCXvuzEU5FcJVDUB\n\ 3sI+pFtjjLBXD/zJmuL3Afg91J9p79+Dm+43cR6wuKywVJx5DJIdswF6oQDDzhwu\n\ 89d2V5x02aXB9LqdXkPwiO0eR5s/xHXgASl+hqDdVL9hLod3iGa9nV7cElCbcl8U\n\ VXNPJnQAfaiKazF+hCdl/syrIh0KCZ5opggsTJibo8qFXBmG4PkT5YbhHE11wYKI\n\ LwZFSvZ9iddRPQK3CtgFiBnXbVwU5t67tn9pMizHgypgsfBoeoyBrpTuc4egSCpj\n\ sQIDAQAB \n\ -----END PUBLIC KEY-----" priv_key = JWK.from_pem(to_bytes_2and3(priv_pem)) pub_key = JWK.from_pem(to_bytes_2and3(pub_pem)) priv_keys = { 'HS256': {'default': JWK(kty='oct', k=base64url_encode('some random key'))}, 'HS384': {'default': JWK(kty='oct', k=base64url_encode('another one'))}, 'HS512': {'default': JWK(kty='oct', k=base64url_encode('keys keys keys!'))}, 'RS256': {'python-jwt': priv_key}, 'RS384': {'python-jwt': priv_key}, 'RS512': {'python-jwt': priv_key}, 'PS256': {'python-jwt': priv_key}, 'PS384': {'python-jwt': priv_key}, 'PS512': {'python-jwt': priv_key} } pub_keys = {
def __init__(self, port=7777): self.port = port self.data = MCData() with open('server_private.pem', mode='rb') as f: self.privkey = JWK.from_pem(f.read())
def get_key(path): # type: (str) -> JWK with open(path, 'rb') as key_file: return JWK.from_pem(key_file.read())
def get_jwk(public_key): jwk_obj = JWK.from_pem(public_key) public_jwk = json.loads(jwk_obj.export_public()) public_jwk['alg'] = 'RS256' public_jwk['use'] = 'sig' return public_jwk