From 6a842d5dca137aab0555b0bec0eaacb0e17c0bf8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=85smund=20=C3=98deg=C3=A5rd?= Date: Fri, 11 Oct 2013 00:01:10 +0200 Subject: master Adding argument for RS256, and splitting handling of HS and RS in verifying. --- AUTHORS | 3 +++ jwt/__init__.py | 12 ++++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/AUTHORS b/AUTHORS index d069086..69077c2 100644 --- a/AUTHORS +++ b/AUTHORS @@ -7,3 +7,6 @@ Patches and Suggestions ----------------------- - FELD Boris + + - Åsmund Ødegård + Adding support for RSA-SHA256 privat/public signature. diff --git a/jwt/__init__.py b/jwt/__init__.py index 7f010db..407ac8c 100644 --- a/jwt/__init__.py +++ b/jwt/__init__.py @@ -41,7 +41,7 @@ verify_methods = { 'HS256': lambda msg, key: hmac.new(key, msg, hashlib.sha256).digest(), 'HS384': lambda msg, key: hmac.new(key, msg, hashlib.sha384).digest(), 'HS512': lambda msg, key: hmac.new(key, msg, hashlib.sha512).digest(), - 'RS256': lambda msg, key: PKCS1_v1_5.new(key).verify(SHA256.new(msg)), + 'RS256': lambda msg, key, sig: PKCS1_v1_5.new(key).verify(SHA256.new(msg), sig), } @@ -137,9 +137,13 @@ def decode(jwt, key='', verify=True, verify_expiration=True, leeway=0): try: if isinstance(key, unicode): key = key.encode('utf-8') - expected = verify_methods[header['alg']](signing_input, key) - if not constant_time_compare(signature, expected): - raise DecodeError("Signature verification failed") + if header['alg'].startswith('HS'): + expected = verify_methods[header['alg']](signing_input, key) + if not constant_time_compare(signature, expected): + raise DecodeError("Signature verification failed") + else: + if not verify_methods[header['alg']](signing_input, key, signature): + raise DecodeError("Signature verification failed") except KeyError: raise DecodeError("Algorithm not supported") -- cgit v1.2.1