Added some missing ensure_bytes in a couple of the tests.

Consolidated testing variables for has_rsa and has_ecdsa into has_crypto.
Updated README and dependencies in tox.ini

Author: mark-adams

README.md

@@ -10,18 +10,11 @@ $ pip install PyJWT
 
 **A Note on Dependencies**:
 
-The RSASSA-PKCS1-v1_5 algorithms depend on PyCrypto. If you plan on
+RSA and ECDSA signatures depend on the cryptography package. If you plan on
 using any of those algorithms, you'll need to install it as well.
 
 ```
-$ pip install PyCrypto
-```
-
-The Elliptic Curve Digital Signature algorithms depend on Python-ECDSA. If
-you plan on using any of those algorithms, you'll need to install it as well.
-
-```
-$ pip install ecdsa
+$ pip install cryptography
 ```
 
 ## Usage
@@ -73,11 +66,11 @@ jwt.encode({'some': 'payload'}, 'secret', 'HS512')
 
 When using the RSASSA-PKCS1-v1_5 algorithms, the `key` argument in both
 `jwt.encode()` and `jwt.decode()` (`"secret"` in the examples) is expected to
-be an RSA public or private key as imported with `Crypto.PublicKey.RSA.importKey()`.
+be either an RSA public or private key in PEM format.
 
 When using the ECDSA algorithms, the `key` argument is expected to
-be an Elliptic Curve private key as imported with `ecdsa.SigningKey.from_pem()`,
-or a public key as imported with `ecdsa.VerifyingKey.from_pem()`.
+be an Elliptic Curve private key or an Elliptic Curve public
+key in PEM foramt.
 
 ## Tests
 

jwt/__init__.py

@@ -77,7 +77,9 @@ def prepare_HS_key(key):
 
 try:
     from cryptography.hazmat.primitives import interfaces, hashes
-    from cryptography.hazmat.primitives.serialization import load_pem_private_key, load_pem_public_key, load_ssh_public_key
+    from cryptography.hazmat.primitives.serialization import (
+        load_pem_private_key, load_pem_public_key, load_ssh_public_key
+    )
     from cryptography.hazmat.primitives.asymmetric import ec, rsa, padding
     from cryptography.hazmat.backends import default_backend
     from cryptography.exceptions import InvalidSignature

tests/test_jwt.py

@@ -19,13 +19,14 @@
     unicode = str
 
 try:
-    from cryptography.hazmat.primitives.serialization import load_pem_private_key, load_pem_public_key, load_ssh_public_key
     from cryptography.hazmat.backends import default_backend
-    has_rsa = True
-    has_ecdsa = True
+    from cryptography.hazmat.primitives.serialization import (
+        load_pem_private_key, load_pem_public_key, load_ssh_public_key
+    )
+
+    has_crypto = True
 except ImportError:
-    has_rsa = False
-    has_ecdsa = False
+    has_crypto = False
 
 
 def utc_timestamp():
@@ -104,7 +105,7 @@ def test_decodes_valid_jwt(self):
     # Used to test for regressions that could affect both
     # encoding / decoding operations equally (causing tests
     # to still pass).
-    @unittest.skipIf(not has_ecdsa, "Can't run without ecdsa")
+    @unittest.skipIf(not has_crypto, "Can't run without cryptography library")
     def test_decodes_valid_es384_jwt(self):
         example_payload = {'hello': 'world'}
         example_pubkey = open('tests/testkey_ec.pub', 'r').read()
@@ -124,7 +125,7 @@ def test_decodes_valid_es384_jwt(self):
     # Used to test for regressions that could affect both
     # encoding / decoding operations equally (causing tests
     # to still pass).
-    @unittest.skipIf(not has_rsa, "Can't run without crypto")
+    @unittest.skipIf(not has_crypto, "Can't run without cryptography library")
     def test_decodes_valid_rs384_jwt(self):
         example_payload = {'hello': 'world'}
         example_pubkey = open('tests/testkey_rsa.pub', 'r').read()
@@ -457,16 +458,18 @@ def test_encode_decode_with_algo_none(self):
 
         jwt.decode(jwt_message, verify=False)
 
-    @unittest.skipIf(not has_rsa, 'Not supported without crypto library')
+    @unittest.skipIf(not has_crypto, 'Not supported without cryptography library')
     def test_encode_decode_with_rsa_sha256(self):
         # PEM-formatted RSA key
         with open('tests/testkey_rsa', 'r') as rsa_priv_file:
-            priv_rsakey = load_pem_private_key(ensure_bytes(rsa_priv_file.read()), password=None, backend=default_backend())
+            priv_rsakey = load_pem_private_key(ensure_bytes(rsa_priv_file.read()),
+                                               password=None, backend=default_backend())
             jwt_message = jwt.encode(self.payload, priv_rsakey,
                                      algorithm='RS256')
 
         with open('tests/testkey_rsa.pub', 'r') as rsa_pub_file:
-            pub_rsakey = load_ssh_public_key(ensure_bytes(rsa_pub_file.read()), backend=default_backend())
+            pub_rsakey = load_ssh_public_key(ensure_bytes(rsa_pub_file.read()),
+                                             backend=default_backend())
             assert jwt.decode(jwt_message, pub_rsakey)
 
             load_output = jwt.load(jwt_message)
@@ -485,16 +488,18 @@ def test_encode_decode_with_rsa_sha256(self):
             load_output = jwt.load(jwt_message)
             jwt.verify_signature(key=pub_rsakey, *load_output)
 
-    @unittest.skipIf(not has_rsa, 'Not supported without crypto library')
+    @unittest.skipIf(not has_crypto, 'Not supported without cryptography library')
     def test_encode_decode_with_rsa_sha384(self):
         # PEM-formatted RSA key
         with open('tests/testkey_rsa', 'r') as rsa_priv_file:
-            priv_rsakey = load_pem_private_key(ensure_bytes(rsa_priv_file.read()), password=None, backend=default_backend())
+            priv_rsakey = load_pem_private_key(ensure_bytes(rsa_priv_file.read()),
+                                               password=None, backend=default_backend())
             jwt_message = jwt.encode(self.payload, priv_rsakey,
                                      algorithm='RS384')
 
         with open('tests/testkey_rsa.pub', 'r') as rsa_pub_file:
-            pub_rsakey = load_ssh_public_key(ensure_bytes(rsa_pub_file.read()), backend=default_backend())
+            pub_rsakey = load_ssh_public_key(ensure_bytes(rsa_pub_file.read()),
+                                             backend=default_backend())
             assert jwt.decode(jwt_message, pub_rsakey)
 
         # string-formatted key
@@ -510,16 +515,18 @@ def test_encode_decode_with_rsa_sha384(self):
             load_output = jwt.load(jwt_message)
             jwt.verify_signature(key=pub_rsakey, *load_output)
 
-    @unittest.skipIf(not has_rsa, 'Not supported without crypto library')
+    @unittest.skipIf(not has_crypto, 'Not supported without cryptography library')
     def test_encode_decode_with_rsa_sha512(self):
         # PEM-formatted RSA key
         with open('tests/testkey_rsa', 'r') as rsa_priv_file:
-            priv_rsakey = load_pem_private_key(ensure_bytes(rsa_priv_file.read()), password=None, backend=default_backend())
+            priv_rsakey = load_pem_private_key(ensure_bytes(rsa_priv_file.read()),
+                                               password=None, backend=default_backend())
             jwt_message = jwt.encode(self.payload, priv_rsakey,
                                      algorithm='RS512')
 
         with open('tests/testkey_rsa.pub', 'r') as rsa_pub_file:
-            pub_rsakey = load_ssh_public_key(ensure_bytes(rsa_pub_file.read()), backend=default_backend())
+            pub_rsakey = load_ssh_public_key(ensure_bytes(rsa_pub_file.read()),
+                                             backend=default_backend())
             assert jwt.decode(jwt_message, pub_rsakey)
 
             load_output = jwt.load(jwt_message)
@@ -539,7 +546,7 @@ def test_encode_decode_with_rsa_sha512(self):
             jwt.verify_signature(key=pub_rsakey, *load_output)
 
     def test_rsa_related_signing_methods(self):
-        if has_rsa:
+        if has_crypto:
             self.assertTrue('RS256' in jwt.signing_methods)
             self.assertTrue('RS384' in jwt.signing_methods)
             self.assertTrue('RS512' in jwt.signing_methods)
@@ -549,7 +556,7 @@ def test_rsa_related_signing_methods(self):
             self.assertFalse('RS512' in jwt.signing_methods)
 
     def test_rsa_related_verify_methods(self):
-        if has_rsa:
+        if has_crypto:
             self.assertTrue('RS256' in jwt.verify_methods)
             self.assertTrue('RS384' in jwt.verify_methods)
             self.assertTrue('RS512' in jwt.verify_methods)
@@ -559,7 +566,7 @@ def test_rsa_related_verify_methods(self):
             self.assertFalse('RS512' in jwt.verify_methods)
 
     def test_rsa_related_key_preparation_methods(self):
-        if has_rsa:
+        if has_crypto:
             self.assertTrue('RS256' in jwt.prepare_key_methods)
             self.assertTrue('RS384' in jwt.prepare_key_methods)
             self.assertTrue('RS512' in jwt.prepare_key_methods)
@@ -568,16 +575,18 @@ def test_rsa_related_key_preparation_methods(self):
             self.assertFalse('RS384' in jwt.prepare_key_methods)
             self.assertFalse('RS512' in jwt.prepare_key_methods)
 
-    @unittest.skipIf(not has_ecdsa, "Can't run without ecdsa")
+    @unittest.skipIf(not has_crypto, "Can't run without cryptography library")
     def test_encode_decode_with_ecdsa_sha256(self):
         # PEM-formatted EC key
         with open('tests/testkey_ec', 'r') as ec_priv_file:
-            priv_eckey = load_pem_private_key(ec_priv_file.read(), password=None, backend=default_backend())
+            priv_eckey = load_pem_private_key(ensure_bytes(ec_priv_file.read()),
+                                              password=None, backend=default_backend())
             jwt_message = jwt.encode(self.payload, priv_eckey,
                                      algorithm='ES256')
 
         with open('tests/testkey_ec.pub', 'r') as ec_pub_file:
-            pub_eckey = load_pem_public_key(ec_pub_file.read(), backend=default_backend())
+            pub_eckey = load_pem_public_key(ensure_bytes(ec_pub_file.read()),
+                                            backend=default_backend())
             assert jwt.decode(jwt_message, pub_eckey)
 
             load_output = jwt.load(jwt_message)
@@ -596,17 +605,19 @@ def test_encode_decode_with_ecdsa_sha256(self):
             load_output = jwt.load(jwt_message)
             jwt.verify_signature(key=pub_eckey, *load_output)
 
-    @unittest.skipIf(not has_ecdsa, "Can't run without ecdsa")
+    @unittest.skipIf(not has_crypto, "Can't run without cryptography library")
     def test_encode_decode_with_ecdsa_sha384(self):
 
         # PEM-formatted EC key
         with open('tests/testkey_ec', 'r') as ec_priv_file:
-            priv_eckey = load_pem_private_key(ec_priv_file.read(), password=None, backend=default_backend())
+            priv_eckey = load_pem_private_key(ensure_bytes(ec_priv_file.read()),
+                                              password=None, backend=default_backend())
             jwt_message = jwt.encode(self.payload, priv_eckey,
                                      algorithm='ES384')
 
         with open('tests/testkey_ec.pub', 'r') as ec_pub_file:
-            pub_eckey = load_pem_public_key(ec_pub_file.read(), backend=default_backend())
+            pub_eckey = load_pem_public_key(ensure_bytes(ec_pub_file.read()),
+                                            backend=default_backend())
             assert jwt.decode(jwt_message, pub_eckey)
 
             load_output = jwt.load(jwt_message)
@@ -625,16 +636,17 @@ def test_encode_decode_with_ecdsa_sha384(self):
             load_output = jwt.load(jwt_message)
             jwt.verify_signature(key=pub_eckey, *load_output)
 
-    @unittest.skipIf(not has_ecdsa, "Can't run without ecdsa")
+    @unittest.skipIf(not has_crypto, "Can't run without cryptography library")
     def test_encode_decode_with_ecdsa_sha512(self):
         # PEM-formatted EC key
         with open('tests/testkey_ec', 'r') as ec_priv_file:
-            priv_eckey = load_pem_private_key(ec_priv_file.read(), password=None, backend=default_backend())
+            priv_eckey = load_pem_private_key(ensure_bytes(ec_priv_file.read()),
+                                              password=None, backend=default_backend())
             jwt_message = jwt.encode(self.payload, priv_eckey,
                                      algorithm='ES512')
 
         with open('tests/testkey_ec.pub', 'r') as ec_pub_file:
-            pub_eckey = load_pem_public_key(ec_pub_file.read(), backend=default_backend())
+            pub_eckey = load_pem_public_key(ensure_bytes(ec_pub_file.read()), backend=default_backend())
             assert jwt.decode(jwt_message, pub_eckey)
 
             load_output = jwt.load(jwt_message)
@@ -654,7 +666,7 @@ def test_encode_decode_with_ecdsa_sha512(self):
             jwt.verify_signature(key=pub_eckey, *load_output)
 
     def test_ecdsa_related_signing_methods(self):
-        if has_ecdsa:
+        if has_crypto:
             self.assertTrue('ES256' in jwt.signing_methods)
             self.assertTrue('ES384' in jwt.signing_methods)
             self.assertTrue('ES512' in jwt.signing_methods)
@@ -664,7 +676,7 @@ def test_ecdsa_related_signing_methods(self):
             self.assertFalse('ES512' in jwt.signing_methods)
 
     def test_ecdsa_related_verify_methods(self):
-        if has_ecdsa:
+        if has_crypto:
             self.assertTrue('ES256' in jwt.verify_methods)
             self.assertTrue('ES384' in jwt.verify_methods)
             self.assertTrue('ES512' in jwt.verify_methods)
@@ -674,7 +686,7 @@ def test_ecdsa_related_verify_methods(self):
             self.assertFalse('ES512' in jwt.verify_methods)
 
     def test_ecdsa_related_key_preparation_methods(self):
-        if has_ecdsa:
+        if has_crypto:
             self.assertTrue('ES256' in jwt.prepare_key_methods)
             self.assertTrue('ES384' in jwt.prepare_key_methods)
             self.assertTrue('ES512' in jwt.prepare_key_methods)

tox.ini

@@ -4,6 +4,5 @@ envlist = py26, py27, py32, py33, py34
 [testenv]
 deps =
     cryptography
-    ecdsa
     unittest2
 commands = {envpython} setup.py test