Made algorithm class dependence on hash functions more direct.

- Algorithms now have SHA256, SHA384, and SHA512 static properties that
  refer to the callable that instantiates their hash class
- All algorithms now expect a class (callable) as their hash_alg now.
  This behavior was inconsistent before.

Author: mark-adams

jwt/algorithms.py

@@ -23,18 +23,18 @@ def _register_default_algorithms():
     Registers the algorithms that are implemented by the library.
     """
     register_algorithm('none', NoneAlgorithm())
-    register_algorithm('HS256', HMACAlgorithm(hashlib.sha256))
-    register_algorithm('HS384', HMACAlgorithm(hashlib.sha384))
-    register_algorithm('HS512', HMACAlgorithm(hashlib.sha512))
+    register_algorithm('HS256', HMACAlgorithm(HMACAlgorithm.SHA256))
+    register_algorithm('HS384', HMACAlgorithm(HMACAlgorithm.SHA384))
+    register_algorithm('HS512', HMACAlgorithm(HMACAlgorithm.SHA512))
 
     if has_crypto:
-        register_algorithm('RS256', RSAAlgorithm(hashes.SHA256()))
-        register_algorithm('RS384', RSAAlgorithm(hashes.SHA384()))
-        register_algorithm('RS512', RSAAlgorithm(hashes.SHA512()))
+        register_algorithm('RS256', RSAAlgorithm(RSAAlgorithm.SHA256))
+        register_algorithm('RS384', RSAAlgorithm(RSAAlgorithm.SHA384))
+        register_algorithm('RS512', RSAAlgorithm(RSAAlgorithm.SHA512))
 
-        register_algorithm('ES256', ECAlgorithm(hashes.SHA256()))
-        register_algorithm('ES384', ECAlgorithm(hashes.SHA384()))
-        register_algorithm('ES512', ECAlgorithm(hashes.SHA512()))
+        register_algorithm('ES256', ECAlgorithm(ECAlgorithm.SHA256))
+        register_algorithm('ES384', ECAlgorithm(ECAlgorithm.SHA384))
+        register_algorithm('ES512', ECAlgorithm(ECAlgorithm.SHA512))
 
 
 class Algorithm(object):
@@ -86,6 +86,8 @@ class HMACAlgorithm(Algorithm):
     def __init__(self, hash_alg):
         self.hash_alg = hash_alg
 
+    SHA256, SHA384, SHA512 = hashlib.sha256, hashlib.sha384, hashlib.sha512
+
     def prepare_key(self, key):
         if not isinstance(key, string_types) and not isinstance(key, bytes):
             raise TypeError('Expecting a string- or bytes-formatted key.')
@@ -110,7 +112,9 @@ class RSAAlgorithm(Algorithm):
         """
 
         def __init__(self, hash_alg):
-            self.hash_alg = hash_alg
+            self.hash_alg = hash_alg()
+
+        SHA256, SHA384, SHA512 = hashes.SHA256, hashes.SHA384, hashes.SHA512
 
         def prepare_key(self, key):
             if isinstance(key, interfaces.RSAPrivateKey) or \
@@ -163,7 +167,9 @@ class ECAlgorithm(Algorithm):
         ECDSA and the specified hash function
         """
         def __init__(self, hash_alg):
-            self.hash_alg = hash_alg
+            self.hash_alg = hash_alg()
+
+        SHA256, SHA384, SHA512 = hashes.SHA256, hashes.SHA384, hashes.SHA512
 
         def prepare_key(self, key):
             if isinstance(key, interfaces.EllipticCurvePrivateKey) or \

tests/test_algorithms.py

@@ -1,13 +1,11 @@
 import base64
-import hashlib
 
 from jwt.algorithms import Algorithm, HMACAlgorithm
 
 from .compat import unittest
 from .utils import ensure_bytes, ensure_unicode
 
 try:
-    from cryptography.hazmat.primitives import hashes
     from jwt.algorithms import RSAAlgorithm, ECAlgorithm
 
     has_crypto = True
@@ -38,7 +36,7 @@ def test_algorithm_should_throw_exception_if_verify_not_impl(self):
             algo.verify('message', 'key', 'signature')
 
     def test_hmac_should_reject_nonstring_key(self):
-        algo = HMACAlgorithm(hashlib.sha256())
+        algo = HMACAlgorithm(HMACAlgorithm.SHA256)
 
         with self.assertRaises(TypeError) as context:
             algo.prepare_key(object())
@@ -47,34 +45,34 @@ def test_hmac_should_reject_nonstring_key(self):
         self.assertEqual(str(exception), 'Expecting a string- or bytes-formatted key.')
 
     def test_hmac_should_accept_unicode_key(self):
-        algo = HMACAlgorithm(hashlib.sha256())
+        algo = HMACAlgorithm(HMACAlgorithm.SHA256)
 
         algo.prepare_key(ensure_unicode('awesome'))
 
     @unittest.skipIf(not has_crypto, 'Not supported without cryptography library')
     def test_rsa_should_parse_pem_public_key(self):
-        algo = RSAAlgorithm(hashes.SHA256())
+        algo = RSAAlgorithm(RSAAlgorithm.SHA256)
 
         with open('tests/keys/testkey2_rsa.pub.pem', 'r') as pem_key:
             algo.prepare_key(pem_key.read())
 
     @unittest.skipIf(not has_crypto, 'Not supported without cryptography library')
     def test_rsa_should_accept_unicode_key(self):
-        algo = RSAAlgorithm(hashes.SHA256())
+        algo = RSAAlgorithm(RSAAlgorithm.SHA256)
 
         with open('tests/keys/testkey_rsa', 'r') as rsa_key:
             algo.prepare_key(ensure_unicode(rsa_key.read()))
 
     @unittest.skipIf(not has_crypto, 'Not supported without cryptography library')
     def test_rsa_should_reject_non_string_key(self):
-        algo = RSAAlgorithm(hashes.SHA256())
+        algo = RSAAlgorithm(RSAAlgorithm.SHA256)
 
         with self.assertRaises(TypeError):
             algo.prepare_key(None)
 
     @unittest.skipIf(not has_crypto, 'Not supported without cryptography library')
     def test_rsa_verify_should_return_false_if_signature_invalid(self):
-        algo = RSAAlgorithm(hashes.SHA256())
+        algo = RSAAlgorithm(RSAAlgorithm.SHA256)
 
         jwt_message = ensure_bytes('Hello World!')
 
@@ -96,7 +94,7 @@ def test_rsa_verify_should_return_false_if_signature_invalid(self):
 
     @unittest.skipIf(not has_crypto, 'Not supported without cryptography library')
     def test_rsa_verify_should_return_true_if_signature_valid(self):
-        algo = RSAAlgorithm(hashes.SHA256())
+        algo = RSAAlgorithm(RSAAlgorithm.SHA256)
 
         jwt_message = ensure_bytes('Hello World!')
 
@@ -116,21 +114,21 @@ def test_rsa_verify_should_return_true_if_signature_valid(self):
 
     @unittest.skipIf(not has_crypto, 'Not supported without cryptography library')
     def test_ec_should_reject_non_string_key(self):
-        algo = ECAlgorithm(hashes.SHA256())
+        algo = ECAlgorithm(ECAlgorithm.SHA256)
 
         with self.assertRaises(TypeError):
             algo.prepare_key(None)
 
     @unittest.skipIf(not has_crypto, 'Not supported without cryptography library')
     def test_ec_should_accept_unicode_key(self):
-        algo = ECAlgorithm(hashes.SHA256())
+        algo = ECAlgorithm(ECAlgorithm.SHA256)
 
         with open('tests/keys/testkey_ec', 'r') as ec_key:
             algo.prepare_key(ensure_unicode(ec_key.read()))
 
     @unittest.skipIf(not has_crypto, 'Not supported without cryptography library')
     def test_ec_verify_should_return_false_if_signature_invalid(self):
-        algo = ECAlgorithm(hashes.SHA256())
+        algo = ECAlgorithm(ECAlgorithm.SHA256)
 
         jwt_message = ensure_bytes('Hello World!')
 
@@ -150,7 +148,7 @@ def test_ec_verify_should_return_false_if_signature_invalid(self):
 
     @unittest.skipIf(not has_crypto, 'Not supported without cryptography library')
     def test_ec_verify_should_return_true_if_signature_valid(self):
-        algo = ECAlgorithm(hashes.SHA256())
+        algo = ECAlgorithm(ECAlgorithm.SHA256)
 
         jwt_message = ensure_bytes('Hello World!')