diff options
author | Åsmund Ødegård <mandus@gmail.com> | 2013-10-11 00:01:10 +0200 |
---|---|---|
committer | Åsmund Ødegård <mandus@gmail.com> | 2013-10-11 00:01:10 +0200 |
commit | 6a842d5dca137aab0555b0bec0eaacb0e17c0bf8 (patch) | |
tree | b131505f672a90563f7e25d0f4dc6d80799f0685 | |
parent | 189220f50db1e045ea87c1e1072d986edc279b8b (diff) | |
download | pyjwt-6a842d5dca137aab0555b0bec0eaacb0e17c0bf8.tar.gz |
master Adding argument for RS256, and splitting handling of HS and RS in verifying.
-rw-r--r-- | AUTHORS | 3 | ||||
-rw-r--r-- | jwt/__init__.py | 12 |
2 files changed, 11 insertions, 4 deletions
@@ -7,3 +7,6 @@ Patches and Suggestions ----------------------- - FELD Boris <boris.feld@novapost.fr> <lothiraldan@gmail.com> + + - Åsmund Ødegård <asmund@xal.no> <ao@mcash.no> + Adding support for RSA-SHA256 privat/public signature. diff --git a/jwt/__init__.py b/jwt/__init__.py index 7f010db..407ac8c 100644 --- a/jwt/__init__.py +++ b/jwt/__init__.py @@ -41,7 +41,7 @@ verify_methods = { 'HS256': lambda msg, key: hmac.new(key, msg, hashlib.sha256).digest(), 'HS384': lambda msg, key: hmac.new(key, msg, hashlib.sha384).digest(), 'HS512': lambda msg, key: hmac.new(key, msg, hashlib.sha512).digest(), - 'RS256': lambda msg, key: PKCS1_v1_5.new(key).verify(SHA256.new(msg)), + 'RS256': lambda msg, key, sig: PKCS1_v1_5.new(key).verify(SHA256.new(msg), sig), } @@ -137,9 +137,13 @@ def decode(jwt, key='', verify=True, verify_expiration=True, leeway=0): try: if isinstance(key, unicode): key = key.encode('utf-8') - expected = verify_methods[header['alg']](signing_input, key) - if not constant_time_compare(signature, expected): - raise DecodeError("Signature verification failed") + if header['alg'].startswith('HS'): + expected = verify_methods[header['alg']](signing_input, key) + if not constant_time_compare(signature, expected): + raise DecodeError("Signature verification failed") + else: + if not verify_methods[header['alg']](signing_input, key, signature): + raise DecodeError("Signature verification failed") except KeyError: raise DecodeError("Algorithm not supported") |