diff options
author | Åsmund Ødegård <mandus@gmail.com> | 2013-10-10 23:38:25 +0200 |
---|---|---|
committer | Åsmund Ødegård <mandus@gmail.com> | 2013-10-10 23:38:25 +0200 |
commit | 8ec3e0e1c69451f1e1371e6b7586c1a705c2b161 (patch) | |
tree | 894d2af882f8e660d86d1f00fdf944535d0fe194 | |
parent | 2b5dd54dabe599676f3fa5b4f4c90b59856e908f (diff) | |
download | pyjwt-8ec3e0e1c69451f1e1371e6b7586c1a705c2b161.tar.gz |
First attempt on adding rsa support
-rw-r--r-- | jwt/__init__.py | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/jwt/__init__.py b/jwt/__init__.py index 88aa56c..7f010db 100644 --- a/jwt/__init__.py +++ b/jwt/__init__.py @@ -11,6 +11,9 @@ from datetime import datetime from calendar import timegm from collections import Mapping +from Crypto.Signature import PKCS1_v1_5 +from Crypto.Hash import SHA256 + try: import json except ImportError: @@ -31,7 +34,15 @@ signing_methods = { 'HS256': lambda msg, key: hmac.new(key, msg, hashlib.sha256).digest(), 'HS384': lambda msg, key: hmac.new(key, msg, hashlib.sha384).digest(), 'HS512': lambda msg, key: hmac.new(key, msg, hashlib.sha512).digest(), -} + 'RS256': lambda msg, key: PKCS1_v1_5.new(key).sign(SHA256.new(msg)), + } + +verify_methods = { + 'HS256': lambda msg, key: hmac.new(key, msg, hashlib.sha256).digest(), + 'HS384': lambda msg, key: hmac.new(key, msg, hashlib.sha384).digest(), + 'HS512': lambda msg, key: hmac.new(key, msg, hashlib.sha512).digest(), + 'RS256': lambda msg, key: PKCS1_v1_5.new(key).verify(SHA256.new(msg)), + } def constant_time_compare(val1, val2): @@ -126,7 +137,7 @@ def decode(jwt, key='', verify=True, verify_expiration=True, leeway=0): try: if isinstance(key, unicode): key = key.encode('utf-8') - expected = signing_methods[header['alg']](signing_input, key) + expected = verify_methods[header['alg']](signing_input, key) if not constant_time_compare(signature, expected): raise DecodeError("Signature verification failed") except KeyError: |