Fixing signature R and S value encoding, add tests for it

Author: sullivanmatt

jwt/__init__.py

@@ -107,15 +107,15 @@ def prepare_RS_key(key):
     from Crypto.Hash import SHA512
 
     signing_methods.update({
-        'ES256': lambda msg, key: key.sign(msg, hashfunc=hashlib.sha256),
-        'ES384': lambda msg, key: key.sign(msg, hashfunc=hashlib.sha384),
-        'ES512': lambda msg, key: key.sign(msg, hashfunc=hashlib.sha512),
+        'ES256': lambda msg, key: key.sign(msg, hashfunc=hashlib.sha256, sigencode=ecdsa.util.sigencode_der),
+        'ES384': lambda msg, key: key.sign(msg, hashfunc=hashlib.sha384, sigencode=ecdsa.util.sigencode_der),
+        'ES512': lambda msg, key: key.sign(msg, hashfunc=hashlib.sha512, sigencode=ecdsa.util.sigencode_der),
     })
 
     verify_methods.update({
-        'ES256': lambda msg, key, sig: key.verify(sig, msg, hashfunc=hashlib.sha256),
-        'ES384': lambda msg, key, sig: key.verify(sig, msg, hashfunc=hashlib.sha384),
-        'ES512': lambda msg, key, sig: key.verify(sig, msg, hashfunc=hashlib.sha512),
+        'ES256': lambda msg, key, sig: key.verify(sig, msg, hashfunc=hashlib.sha256, sigdecode=ecdsa.util.sigdecode_der),
+        'ES384': lambda msg, key, sig: key.verify(sig, msg, hashfunc=hashlib.sha384, sigdecode=ecdsa.util.sigdecode_der),
+        'ES512': lambda msg, key, sig: key.verify(sig, msg, hashfunc=hashlib.sha512, sigdecode=ecdsa.util.sigdecode_der),
     })
 
     def prepare_ES_key(key):

tests/test_jwt.py

@@ -18,7 +18,7 @@ def utc_timestamp():
 class TestJWT(unittest.TestCase):
 
     def setUp(self):
-        self.payload = {"iss": "jeff", "exp": utc_timestamp() + 10,
+        self.payload = {"iss": "jeff", "exp": utc_timestamp() + 15,
                         "claim": "insanity"}
 
     def test_encode_decode(self):
@@ -76,6 +76,46 @@ def test_decodes_valid_jwt(self):
 
         self.assertEqual(decoded_payload, example_payload)
 
+    # 'Control' Elliptic Curve JWT created by another library.
+    # Used to test for regressions that could affect both
+    # encoding / decoding operations equally (causing tests
+    # to still pass).
+    def test_decodes_valid_es384_jwt(self):
+        example_payload = {"hello": "world"}
+        example_pubkey = open('tests/testkey_ec.pub', 'r').read()
+        example_jwt = (
+            b"eyJhbGciOiJFUzM4NCIsInR5cCI6IkpXVCJ9"
+            b".eyJoZWxsbyI6IndvcmxkIn0"
+            b".MIGHAkEdh2kR7IRu5w0tGuY6Xz3Vqa7PHHY2DgXWeee"
+            b"LXotEqpn9udp2NfVL-XFG0TDoCakzXbIGAWg42S69GFl"
+            b"KZzxhXAJCAPLPuJoKyAixFnXPBkvkti-UzSIj4s6DePe"
+            b"uTu7102G_QIXiijY5bx6mdmZa3xUuKeu-zobOIOqR8Zw"
+            b"FqGjBLZum")
+        decoded_payload = jwt.decode(example_jwt, example_pubkey)
+        self.assertEqual(decoded_payload, example_payload)
+
+    # 'Control' RSA JWT created by another library.
+    # Used to test for regressions that could affect both
+    # encoding / decoding operations equally (causing tests
+    # to still pass).
+    def test_decodes_valid_rs384_jwt(self):
+        example_payload = {"hello": "world"}
+        example_pubkey = open('tests/testkey_rsa.pub', 'r').read()
+        example_jwt = (
+            b"eyJhbGciOiJSUzM4NCIsInR5cCI6IkpXVCJ9"
+            b".eyJoZWxsbyI6IndvcmxkIn0"
+            b".yNQ3nI9vEDs7lEh-Cp81McPuiQ4ZRv6FL4evTYYAh1X"
+            b"lRTTR3Cz8pPA9Stgso8Ra9xGB4X3rlra1c8Jz10nTUju"
+            b"O06OMm7oXdrnxp1KIiAJDerWHkQ7l3dlizIk1bmMA457"
+            b"W2fNzNfHViuED5ISM081dgf_a71qBwJ_yShMMrSOfxDx"
+            b"mX9c4DjRogRJG8SM5PvpLqI_Cm9iQPGMvmYK7gzcq2cJ"
+            b"urHRJDJHTqIdpLWXkY7zVikeen6FhuGyn060Dz9gYq9t"
+            b"uwmrtSWCBUjiN8sqJ00CDgycxKqHfUndZbEAOjcCAhBr"
+            b"qWW3mSVivUfubsYbwUdUG3fSRPjaUPcpe8A")
+        decoded_payload = jwt.decode(example_jwt, example_pubkey)
+
+        self.assertEqual(decoded_payload, example_payload)
+
     def test_load_verify_valid_jwt(self):
         example_payload = {"hello": "world"}
         example_secret = "secret"