Merge pull request #4 from mpdavis/python3

Python3 support

Author: Michael Davis

.travis.yml

@@ -1,9 +1,13 @@
 language: python
-python: "2.7"
+env:
+  - TOXENV=py26
+  - TOXENV=py27
+  - TOXENV=py33
+  - TOXENV=py34
 install: 
   - pip install -r requirements-dev.txt
-  - pip install codecov
+  - pip install -U tox codecov
 script: 
-  - py.test --cov-report term-missing --cov jose
+  - tox
 after_success:
-- codecov
+- codecov

jose/jwa.py jose/jwk.pyjose/jwa.py renamed to jose/jwk.py

@@ -2,10 +2,7 @@
 import hashlib
 import hmac
 import six
-
-from jose.constants import ALGORITHMS
-from jose.exceptions import JWSError
-from jose.exceptions import JOSEError
+import struct
 
 import Crypto.Hash.SHA256
 import Crypto.Hash.SHA384
@@ -16,7 +13,10 @@
 
 import ecdsa
 
-from jose.utils import constant_time_compare
+from jose.constants import ALGORITHMS
+from jose.exceptions import JWKError
+from jose.exceptions import JWSError
+from jose.exceptions import JOSEError
 
 
 def get_algorithm_object(algorithm):
@@ -25,39 +25,41 @@ def get_algorithm_object(algorithm):
     """
 
     if algorithm == ALGORITHMS.HS256:
-        return HMACAlgorithm(HMACAlgorithm.SHA256)
+        return HMACKey(HMACKey.SHA256)
 
     if algorithm == ALGORITHMS.HS384:
-        return HMACAlgorithm(HMACAlgorithm.SHA384)
+        return HMACKey(HMACKey.SHA384)
 
     if algorithm == ALGORITHMS.HS512:
-        return HMACAlgorithm(HMACAlgorithm.SHA512)
+        return HMACKey(HMACKey.SHA512)
 
     if algorithm == ALGORITHMS.RS256:
-        return RSAAlgorithm(RSAAlgorithm.SHA256)
+        return RSAKey(RSAKey.SHA256)
 
     if algorithm == ALGORITHMS.RS384:
-        return RSAAlgorithm(RSAAlgorithm.SHA384)
+        return RSAKey(RSAKey.SHA384)
 
     if algorithm == ALGORITHMS.RS512:
-        return RSAAlgorithm(RSAAlgorithm.SHA512)
+        return RSAKey(RSAKey.SHA512)
 
     if algorithm == ALGORITHMS.ES256:
-        return ECAlgorithm(ECAlgorithm.SHA256)
+        return ECKey(ECKey.SHA256)
 
     if algorithm == ALGORITHMS.ES384:
-        return ECAlgorithm(ECAlgorithm.SHA384)
+        return ECKey(ECKey.SHA384)
 
     if algorithm == ALGORITHMS.ES512:
-        return ECAlgorithm(ECAlgorithm.SHA512)
+        return ECKey(ECKey.SHA512)
 
     raise JWSError('Algorithm not supported: %s' % algorithm)
 
 
-class Algorithm(object):
+class Key(object):
     """
-    The interface for an algorithm used to sign and verify tokens.
+    The interface for an JWK used to sign and verify tokens.
     """
+    prepared_key = None
+
     def process_sign(self, msg, key):
         """
         Processes a signature for the given algorithm.
@@ -82,6 +84,22 @@ def process_prepare_key(self, key):
         """
         raise NotImplementedError
 
+    def process_deserilialize(self):
+        """
+        Processes deserializing a key into a JWK JSON format.
+
+        This method should be overriden by the implementing Key class.
+        """
+        raise NotImplementedError
+
+    def process_jwk(self, jwk):
+        """
+        Process a JWK dict into a Key object.
+
+        This method shold be overriden by the implementing Key class.
+        """
+        raise NotImplementedError
+
     def prepare_key(self, key):
         """
         Performs necessary validation and conversions on the key and returns
@@ -93,10 +111,13 @@ def prepare_key(self, key):
             TypeError: If an invalid key is attempted to be used.
         """
         try:
-            return self.process_prepare_key(key)
-        except Exception, e:
+            key = self.process_prepare_key(key)
+        except Exception as e:
             raise JOSEError(e)
 
+        self.prepared_key = key
+        return key
+
     def sign(self, msg, key):
         """
         Returns a digital signature for the specified message
@@ -109,7 +130,7 @@ def sign(self, msg, key):
         """
         try:
             return self.process_sign(msg, key)
-        except Exception, e:
+        except Exception as e:
             raise JOSEError(e)
 
     def verify(self, msg, key, sig):
@@ -124,11 +145,11 @@ def verify(self, msg, key, sig):
         """
         try:
             return self.process_verify(msg, key, sig)
-        except Exception, e:
+        except Exception as e:
             raise JOSEError(e)
 
 
-class HMACAlgorithm(Algorithm):
+class HMACKey(Key):
     """
     Performs signing and verification operations using HMAC
     and the specified hash function.
@@ -164,10 +185,10 @@ def process_sign(self, msg, key):
         return hmac.new(key, msg, self.hash_alg).digest()
 
     def process_verify(self, msg, key, sig):
-        return constant_time_compare(sig, self.sign(msg, key))
+        return sig == self.sign(msg, key)
 
 
-class RSAAlgorithm(Algorithm):
+class RSAKey(Key):
     """
     Performs signing and verification operations using
     RSASSA-PKCS-v1_5 and the specified hash function.
@@ -183,9 +204,12 @@ def __init__(self, hash_alg):
 
     def process_prepare_key(self, key):
 
-        if isinstance(key, RSA._RSAobj):
+        if isinstance(key, (RSA._RSAobj, RSAKey)):
             return key
 
+        if isinstance(key, dict):
+            return self.process_jwk(key)
+
         if isinstance(key, six.string_types):
             if isinstance(key, six.text_type):
                 key = key.encode('utf-8')
@@ -196,14 +220,33 @@ def process_prepare_key(self, key):
 
         return key
 
+    def process_jwk(self, jwk):
+
+        def urlsafe_b64decode(encoded):
+            import base64
+            if not encoded:
+                return encoded
+            modulo = len(encoded) % 4
+            if modulo != 0:
+                encoded += ('=' * (4 - modulo))
+            return base64.b64decode(encoded)
+
+        if not jwk.get('kty') == 'RSA':
+            raise JWKError("Incorrect key type.  Expected: 'RSA', Recieved: %s" % jwk.get('kty'))
+
+        e = bytes(jwk.get('e', 256))
+        n = bytes(jwk.get('n'))
+
+        return RSA.construct((long(n), long(e)))
+
     def process_sign(self, msg, key):
         return PKCS1_v1_5.new(key).sign(self.hash_alg.new(msg))
 
     def process_verify(self, msg, key, sig):
         return PKCS1_v1_5.new(key).verify(self.hash_alg.new(msg), sig)
 
 
-class ECAlgorithm(Algorithm):
+class ECKey(Key):
     """
     Performs signing and verification operations using
     ECDSA and the specified hash function

jose/jws.py

@@ -5,7 +5,7 @@
 
 from collections import Mapping
 
-from jose.jwa import get_algorithm_object
+from jose.jwk import get_algorithm_object
 from jose.constants import ALGORITHMS
 from jose.exceptions import JWSError
 from jose.utils import base64url_encode
@@ -108,12 +108,14 @@ def _sign_header_and_claims(encoded_header, encoded_claims, algorithm, key):
         alg_obj = get_algorithm_object(algorithm)
         key = alg_obj.prepare_key(key)
         signature = alg_obj.sign(signing_input, key)
-    except Exception, e:
+    except Exception as e:
         raise JWSError(e)
 
     encoded_signature = base64url_encode(signature)
 
-    return b'.'.join([encoded_header, encoded_claims, encoded_signature])
+    encoded_string = b'.'.join([encoded_header, encoded_claims, encoded_signature])
+
+    return encoded_string.decode('utf-8')
 
 
 def _load(jwt):

jose/utils.py

@@ -1,6 +1,5 @@
+
 import base64
-import six
-import struct
 
 
 def base64url_decode(input):
@@ -36,21 +35,3 @@ def timedelta_total_seconds(delta):
         delta (timedelta): A timedelta to convert to seconds.
     """
     return delta.days * 24 * 60 * 60 + delta.seconds
-
-
-def constant_time_compare(a, b):
-    """Helper method to compare two strings in constant time.
-
-    Strings need to be compared in constant time when worried
-    about timing attacks.
-
-    Args:
-        a (str): The first string to compare.
-        b (str): The second string to compare.
-    """
-    if len(a) != len(b):
-        return False
-    result = 0
-    for x, y in zip(a, b):
-        result |= ord(x) ^ ord(y)
-    return result == 0

key.py

@@ -0,0 +1,7 @@
+key = {
+  "kty": "RSA",
+  "kid": "[email protected]",
+  "use": "sig",
+  "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw",
+  "e": "AQAB"
+}

test.py

@@ -0,0 +1,18 @@
+from jose import jwt
+
+claims = {
+    'test': 1
+}
+
+test = {
+   "kty": "RSA",
+   "alg": "RS256",
+   "use": "sig",
+   "kid": "e52f68a6c1d04d1451c8437c319ed1eb2425f3a2",
+   "n": "ufmhFfZJ8D9TZIGqlWfpVlA9VftAdEWop71G4xnoPC6Rk7RIOHG5P59tVqdA_uINgOzqWd4DZDiyajwZU-SoxwGUjfrijBsge-Ul_HTwVM0kwAorizSm97--rderM3b9KzkatJqizmIG7Dm7A06USMWGlSeTKs_RYDFGM7QZWncQVvtCYu_XJfuc0DCa1PyAFzwmBrEliv0tZEogWUien0HQ95Y-EJrxb-CgKt7fd3gfI0wAJtg-h7QyZWX4UH8ae3VnfeUZp6dg7SLswfNxc2W7UdTgwOaokkxzRNq5qmzIT6Cz-vMjl_Mf6VaLr7e4Y357vwUzqh9ool-DDlEjVw",
+   "e": "AQAB"
+  }
+
+token = jwt.encode(claims, test, algorithm='RS256')
+
+print token

tests/algorithms/test_EC.py

@@ -1,5 +1,5 @@
 
-from jose.jwa import ECAlgorithm
+from jose.jwk import ECKey
 from jose.exceptions import JOSEError
 
 import ecdsa
@@ -8,7 +8,7 @@
 
 @pytest.fixture
 def alg():
-    return ECAlgorithm(ECAlgorithm.SHA256)
+    return ECKey(ECKey.SHA256)
 
 private_key = """-----BEGIN EC PRIVATE KEY-----
 MHQCAQEEIIAK499svJugZZfsTsgL2tc7kH/CpzQbkr4g55CEWQyPoAcGBSuBBAAK
@@ -28,10 +28,6 @@ def test_string_secret(self, alg):
         with pytest.raises(JOSEError):
             alg.prepare_key(key)
 
-    def test_string_unicode(self, alg):
-        unicode_key = private_key.decode('utf-8')
-        alg.prepare_key(unicode_key)
-
     def test_object(self, alg):
         key = object()
         with pytest.raises(JOSEError):

tests/algorithms/test_HMAC.py

@@ -1,13 +1,13 @@
 
-from jose.jwa import HMACAlgorithm
+from jose.jwk import HMACKey
 from jose.exceptions import JOSEError
 
 import pytest
 
 
 @pytest.fixture
 def alg():
-    return HMACAlgorithm(HMACAlgorithm.SHA256)
+    return HMACKey(HMACKey.SHA256)
 
 
 class TestHMACAlgorithm:
@@ -16,11 +16,6 @@ def test_non_string_key(self, alg):
         with pytest.raises(JOSEError):
             alg.prepare_key(object())
 
-    def test_unicode_encode(self, alg):
-        key = u'secret'
-        prepared_key = alg.prepare_key(key)
-        assert key == prepared_key
-
     def test_RSA_key(self, alg):
         key = "-----BEGIN PUBLIC KEY-----"
         with pytest.raises(JOSEError):

tests/algorithms/test_RSA.py

@@ -1,5 +1,5 @@
 
-from jose.jwa import RSAAlgorithm
+from jose.jwk import RSAKey
 from jose.exceptions import JOSEError
 
 from Crypto.PublicKey import RSA
@@ -9,7 +9,7 @@
 
 @pytest.fixture
 def alg():
-    return RSAAlgorithm(RSAAlgorithm.SHA256)
+    return RSAKey(RSAKey.SHA256)
 
 
 private_key = """-----BEGIN RSA PRIVATE KEY-----
@@ -78,8 +78,6 @@ def test_cookbook_access_token(self, alg):
             "nt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxUAhb6L2aXic1U12podGU0KLUQSE_oI" \
             "-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_fcIe8u9ipH84ogoree7vjbU5y18kDquDg"
 
-
-
     def test_RSA_key(self, alg):
         key = RSA.importKey(private_key)
         alg.prepare_key(key)
@@ -89,10 +87,6 @@ def test_string_secret(self, alg):
         with pytest.raises(JOSEError):
             alg.prepare_key(key)
 
-    def test_string_unicode(self, alg):
-        unicode_key = private_key.decode('utf-8')
-        alg.prepare_key(unicode_key)
-
     def test_object(self, alg):
         key = object()
         with pytest.raises(JOSEError):