pollutri
/
res_levis_API
1
0
Derivar 0
Código Questões 0 Pedidos de integração 0 Lançamentos 0 Wiki Trabalho
Não pode escolher mais do que 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
5 Cometimentos
1 Ramo
203 MiB
 
 
 
 
Árvore: 1141c5ca64
Ramos Etiquetas
${ item.name }
Criar ramo ${ searchTerm }
de '1141c5ca64'
${ noResults }
res_levis_API/lib/python3.6/site-packages/jwt/jwa.py

132 linhas
3.9 KiB
Em bruto Responsabilidade Histórico 

  1. # -*- coding: utf-8 -*-

  2. #

  3. # Copyright 2017 Gehirn Inc.

  4. #

  5. # Licensed under the Apache License, Version 2.0 (the "License");

  6. # you may not use this file except in compliance with the License.

  7. # You may obtain a copy of the License at

  8. #

  9. #     http://www.apache.org/licenses/LICENSE-2.0

  10. #

  11. # Unless required by applicable law or agreed to in writing, software

  12. # distributed under the License is distributed on an "AS IS" BASIS,

  13. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  14. # See the License for the specific language governing permissions and

  15. # limitations under the License.

  16. 

  17. import hashlib

  18. import hmac

  19. from typing import Callable

  20. 

  21. from cryptography.hazmat.primitives.hashes import (

  22.     SHA256,

  23.     SHA384,

  24.     SHA512,

  25. )

  26. 

  27. from .exceptions import InvalidKeyTypeError

  28. from .jwk import AbstractJWKBase

  29. 

  30. 

  31. def std_hash_by_alg(alg: str) -> Callable[[bytes], object]:

  32.     if alg.endswith('S256'):

  33.         return hashlib.sha256

  34.     if alg.endswith('S384'):

  35.         return hashlib.sha384

  36.     if alg.endswith('S512'):

  37.         return hashlib.SHA512

  38.     raise ValueError('{} is not supported'.format(alg))

  39. 

  40. 

  41. class AbstractSigningAlgorithm:

  42. 

  43.     def sign(self, message: bytes, key: AbstractJWKBase) -> bytes:

  44.         raise NotImplementedError()  # pragma: no cover

  45. 

  46.     def verify(self, message: bytes, key: AbstractJWKBase,

  47.                signature: bytes) -> bool:

  48.         raise NotImplementedError()  # pragma: no cover

  49. 

  50. 

  51. class NoneAlgorithm(AbstractSigningAlgorithm):

  52. 

  53.     def sign(self, message: bytes, key: AbstractJWKBase) -> bytes:

  54.         return b''

  55. 

  56.     def verify(self, message: bytes, key: AbstractJWKBase,

  57.                signature: bytes) -> bool:

  58.         return hmac.compare_digest(signature, b'')

  59. 

  60. 

  61. none = NoneAlgorithm()

  62. 

  63. 

  64. class HMACAlgorithm(AbstractSigningAlgorithm):

  65. 

  66.     def __init__(self, hash_fun: Callable) -> None:

  67.         self.hash_fun = hash_fun

  68. 

  69.     def _check_key(self, key: AbstractJWKBase) -> None:

  70.         if key.get_kty() != 'oct':

  71.             raise InvalidKeyTypeError((

  72.                 'an octet key is required, but passed is {}'

  73.             ).format(key.get_kty()))

  74. 

  75.     def _sign(self, message: bytes, key: bytes) -> bytes:

  76.         return hmac.new(key, message, self.hash_fun).digest()

  77. 

  78.     def sign(self, message: bytes, key: AbstractJWKBase) -> bytes:

  79.         self._check_key(key)

  80.         return key.sign(message, signer=self._sign)

  81. 

  82.     def verify(self, message: bytes, key: AbstractJWKBase,

  83.                signature: bytes) -> bool:

  84.         self._check_key(key)

  85.         return key.verify(message, signature, signer=self._sign)

  86. 

  87. 

  88. HS256 = HMACAlgorithm(hashlib.sha256)

  89. HS384 = HMACAlgorithm(hashlib.sha384)

  90. HS512 = HMACAlgorithm(hashlib.sha512)

  91. 

  92. 

  93. class RSAAlgorithm(AbstractSigningAlgorithm):

  94. 

  95.     def __init__(self, hash_fun: object) -> None:

  96.         self.hash_fun = hash_fun

  97. 

  98.     def _check_key(self, key: AbstractJWKBase, must_sign_key=False) -> None:

  99.         if key.get_kty() != 'RSA':

  100.             raise InvalidKeyTypeError((

  101.                 'a RSA key is required, but passed is {}'

  102.             ).format(key.get_kty()))

  103.         if must_sign_key and not key.is_sign_key():

  104.             raise InvalidKeyTypeError(

  105.                 'a RSA private key is required, but passed is RSA public key')

  106. 

  107.     def sign(self, message: bytes, key: AbstractJWKBase) -> bytes:

  108.         self._check_key(key, must_sign_key=True)

  109.         return key.sign(message, hash_fun=self.hash_fun)

  110. 

  111.     def verify(self, message: bytes, key: AbstractJWKBase,

  112.                signature: bytes) -> bool:

  113.         self._check_key(key)

  114.         return key.verify(message, signature, hash_fun=self.hash_fun)

  115. 

  116. 

  117. RS256 = RSAAlgorithm(SHA256)

  118. RS384 = RSAAlgorithm(SHA384)

  119. RS512 = RSAAlgorithm(SHA512)

  120. 

  121. 

  122. def supported_signing_algorithms():

  123.     # NOTE(yosida95): exclude vulnerable 'none' algorithm by default.

  124.     return {

  125.         'HS256': HS256,

  126.         'HS384': HS384,

  127.         'HS512': HS512,

  128.         'RS256': RS256,

  129.         'RS384': RS384,

  130.         'RS512': RS512,

  131.        }