Skip to content

Commit 6a842d5

Browse files
mandusmandus
committed
master Adding argument for RS256, and splitting handling of HS and RS in verifying.
1 parent 189220f commit 6a842d5

File tree

2 files changed

+11
-4
lines changed

2 files changed

+11
-4
lines changed

AUTHORS

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,3 +7,6 @@ Patches and Suggestions
77
-----------------------
88

99
- FELD Boris <boris.feld@novapost.fr> <lothiraldan@gmail.com>
10+
11+
- Åsmund Ødegård <asmund@xal.no> <ao@mcash.no>
12+
Adding support for RSA-SHA256 privat/public signature.

jwt/__init__.py

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ class ExpiredSignature(Exception):
4141
'HS256': lambda msg, key: hmac.new(key, msg, hashlib.sha256).digest(),
4242
'HS384': lambda msg, key: hmac.new(key, msg, hashlib.sha384).digest(),
4343
'HS512': lambda msg, key: hmac.new(key, msg, hashlib.sha512).digest(),
44-
'RS256': lambda msg, key: PKCS1_v1_5.new(key).verify(SHA256.new(msg)),
44+
'RS256': lambda msg, key, sig: PKCS1_v1_5.new(key).verify(SHA256.new(msg), sig),
4545
}
4646

4747

@@ -137,9 +137,13 @@ def decode(jwt, key='', verify=True, verify_expiration=True, leeway=0):
137137
try:
138138
if isinstance(key, unicode):
139139
key = key.encode('utf-8')
140-
expected = verify_methods[header['alg']](signing_input, key)
141-
if not constant_time_compare(signature, expected):
142-
raise DecodeError("Signature verification failed")
140+
if header['alg'].startswith('HS'):
141+
expected = verify_methods[header['alg']](signing_input, key)
142+
if not constant_time_compare(signature, expected):
143+
raise DecodeError("Signature verification failed")
144+
else:
145+
if not verify_methods[header['alg']](signing_input, key, signature):
146+
raise DecodeError("Signature verification failed")
143147
except KeyError:
144148
raise DecodeError("Algorithm not supported")
145149

0 commit comments

Comments
 (0)