Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. (jpadilla#645)

dajiaji · web-flow · commit fb86f9dffb37 · 2021-04-16T13:00:06.000-04:00
* Add private key support for ECAlgorithm verify.

* Update CHANGELOG.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -18,6 +18,7 @@ Fixed
 - Remove padding from JWK test data. `#628 <https://github.com/jpadilla/pyjwt/pull/628>`__
 - Make `kty` mandatory in JWK to be compliant with RFC7517. `#624 <https://github.com/jpadilla/pyjwt/pull/624>`__
 - Allow JWK without `alg` to be compliant with RFC7517. `#624 <https://github.com/jpadilla/pyjwt/pull/624>`__
+- Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. `#645 <https://github.com/jpadilla/pyjwt/pull/645>`__
 
 Added
 ~~~~~
diff --git a/jwt/algorithms.py b/jwt/algorithms.py
@@ -427,6 +427,8 @@ def verify(self, msg, key, sig):
                 return False
 
             try:
+                if isinstance(key, EllipticCurvePrivateKey):
+                    key = key.public_key()
                 key.verify(der_sig, msg, ec.ECDSA(self.hash_alg()))
                 return True
             except InvalidSignature:
diff --git a/tests/test_algorithms.py b/tests/test_algorithms.py
@@ -658,6 +658,13 @@ def test_ec_verify_should_return_true_for_test_vector(self):
         result = algo.verify(signing_input, key, signature)
         assert result
 
+        # private key can also be used.
+        with open(key_path("jwk_ec_key_P-521.json")) as keyfile:
+            private_key = algo.from_jwk(keyfile.read())
+
+        result = algo.verify(signing_input, private_key, signature)
+        assert result
+
 
 @crypto_required
 class TestEd25519Algorithms:
