First attempt on adding rsa support

1 files changed, 13 insertions, 2 deletions

diff --git a/jwt/__init__.py b/jwt/__init__.py
index 88aa56c..7f010db 100644
--- a/jwt/__init__.py
+++ b/jwt/__init__.py
@@ -11,6 +11,9 @@ from datetime import datetime
 from calendar import timegm
 from collections import Mapping
 
+from Crypto.Signature import PKCS1_v1_5
+from Crypto.Hash import SHA256
+
 try:
     import json
 except ImportError:
@@ -31,7 +34,15 @@ signing_methods = {
     'HS256': lambda msg, key: hmac.new(key, msg, hashlib.sha256).digest(),
     'HS384': lambda msg, key: hmac.new(key, msg, hashlib.sha384).digest(),
     'HS512': lambda msg, key: hmac.new(key, msg, hashlib.sha512).digest(),
-}
+    'RS256': lambda msg, key: PKCS1_v1_5.new(key).sign(SHA256.new(msg)),
+    }
+
+verify_methods = {
+    'HS256': lambda msg, key: hmac.new(key, msg, hashlib.sha256).digest(),
+    'HS384': lambda msg, key: hmac.new(key, msg, hashlib.sha384).digest(),
+    'HS512': lambda msg, key: hmac.new(key, msg, hashlib.sha512).digest(),
+    'RS256': lambda msg, key: PKCS1_v1_5.new(key).verify(SHA256.new(msg)),
+    }
 
 
 def constant_time_compare(val1, val2):
@@ -126,7 +137,7 @@ def decode(jwt, key='', verify=True, verify_expiration=True, leeway=0):
         try:
             if isinstance(key, unicode):
                 key = key.encode('utf-8')
-            expected = signing_methods[header['alg']](signing_input, key)
+            expected = verify_methods[header['alg']](signing_input, key)
             if not constant_time_compare(signature, expected):
                 raise DecodeError("Signature verification failed")
         except KeyError: