def __init__(self,jsonObject):
"""
Validate the signature of an already parsed JSON object
The current implementation is limited to RSA and EC
signatures and usage of the IETF JOSE algorithms
An invalid signature raises an exception
"""
if not isinstance(jsonObject, OrderedDict):
raise TypeError('JCS requires JSON to be parsed into a "OrderedDict"')
signatureObject = jsonObject['signature']
clonedSignatureObject = OrderedDict(signatureObject)
signatureValue = base64UrlDecode(signatureObject.pop('value'))
algorithmEntry = getAlgorithmEntry(signatureObject['algorithm'])
hashObject = algorithmEntry[1].new(serializeJson(jsonObject).encode("utf-8"))
jsonObject['signature'] = clonedSignatureObject
self.publicKey = signatureObject['publicKey']
keyType = self.publicKey['type']
if algorithmEntry[0]:
if keyType != 'RSA':
raise TypeError('"RSA" expected')
self.nativePublicKey = RSA.construct([cryptoBigNumDecode(self.publicKey['n']),
cryptoBigNumDecode(self.publicKey['e'])])
if not PKCS1_v1_5.new(self.nativePublicKey).verify(hashObject,signatureValue):
raise ValueError('Invalid Signature!')
else:
if keyType != 'EC':
raise TypeError('"EC" expected')
self.nativePublicKey = EC.from_string(base64UrlDecode(self.publicKey['x']) +
base64UrlDecode(self.publicKey['y']),
curve=getEcCurve(self.publicKey['curve']))
self.nativePublicKey.verify_digest(signatureValue,hashObject.digest())
def setAlgorithm(self, algorithm):
"""
Override the default algorithm setting
"""
if getAlgorithmEntry(algorithm)[0] != self.isRSA():
raise TypeError('Algorithm is not compatible with key type')
self.algorithm = algorithm
return self
def signData(self, data):
"""
Well, use the private key + hash method and return a signature blob
"""
algorithmEntry = getAlgorithmEntry(self.algorithm)
hashObject = algorithmEntry[1].new(data)
if algorithmEntry[0]:
return PKCS1_v1_5.new(self.nativePrivateKey).sign(hashObject)
return self.nativePrivateKey.sign_digest(hashObject.digest())
def __init__(self, jsonObject):
"""
Validate the signature of an already parsed JSON object
The current implementation is limited to RSA and EC
signatures and usage of the IETF JOSE algorithms
An invalid signature raises an exception
"""
if not isinstance(jsonObject, OrderedDict):
raise TypeError(
'JCS requires JSON to be parsed into a "OrderedDict"')
signatureObject = jsonObject['signature']
clonedSignatureObject = OrderedDict(signatureObject)
signatureValue = base64UrlDecode(signatureObject.pop('value'))
algorithmEntry = getAlgorithmEntry(signatureObject['algorithm'])
hashObject = algorithmEntry[1].new(
serializeJson(jsonObject).encode("utf-8"))
jsonObject['signature'] = clonedSignatureObject
self.publicKey = signatureObject['publicKey']
keyType = self.publicKey['type']
if algorithmEntry[0]:
if keyType != 'RSA':
raise TypeError('"RSA" expected')
self.nativePublicKey = RSA.construct([
cryptoBigNumDecode(self.publicKey['n']),
cryptoBigNumDecode(self.publicKey['e'])
])
if not PKCS1_v1_5.new(self.nativePublicKey).verify(
hashObject, signatureValue):
raise ValueError('Invalid Signature!')
else:
if keyType != 'EC':
raise TypeError('"EC" expected')
self.nativePublicKey = EC.from_string(
base64UrlDecode(self.publicKey['x']) +
base64UrlDecode(self.publicKey['y']),
curve=getEcCurve(self.publicKey['curve']))
self.nativePublicKey.verify_digest(signatureValue,
hashObject.digest())