Refactor JWK algorithms

Michael Davis · Michael Davis · commit ca8efcf38be4 · 2016-06-22T23:44:19.000-05:00
diff --git a/jose/jwk.py b/jose/jwk.py
@@ -58,32 +58,31 @@ def construct(key_data, algorithm=None):
     if not algorithm:
         raise JWKError('Unable to find a algorithm for key: %s' % key_data)
 
-    if algorithm == ALGORITHMS.HS256:
-        return HMACKey(key_data, HMACKey.SHA256)
+    if algorithm in ALGORITHMS.HMAC:
+        return HMACKey(key_data, algorithm)
 
-    if algorithm == ALGORITHMS.HS384:
-        return HMACKey(key_data, HMACKey.SHA384)
+    if algorithm in ALGORITHMS.RSA:
+        return RSAKey(key_data, algorithm)
 
-    if algorithm == ALGORITHMS.HS512:
-        return HMACKey(key_data, HMACKey.SHA512)
+    if algorithm in ALGORITHMS.EC:
+        return ECKey(key_data, algorithm)
 
-    if algorithm == ALGORITHMS.RS256:
-        return RSAKey(key_data, RSAKey.SHA256)
 
-    if algorithm == ALGORITHMS.RS384:
-        return RSAKey(key_data, RSAKey.SHA384)
+def get_algorithm_object(algorithm):
 
-    if algorithm == ALGORITHMS.RS512:
-        return RSAKey(key_data, RSAKey.SHA512)
-
-    if algorithm == ALGORITHMS.ES256:
-        return ECKey(key_data, ECKey.SHA256)
-
-    if algorithm == ALGORITHMS.ES384:
-        return ECKey(key_data, ECKey.SHA384)
+    algorithms = {
+        ALGORITHMS.HS256: HMACKey.SHA256,
+        ALGORITHMS.HS384: HMACKey.SHA384,
+        ALGORITHMS.HS512: HMACKey.SHA512,
+        ALGORITHMS.RS256: RSAKey.SHA256,
+        ALGORITHMS.RS384: RSAKey.SHA384,
+        ALGORITHMS.RS512: RSAKey.SHA512,
+        ALGORITHMS.ES256: ECKey.SHA256,
+        ALGORITHMS.ES384: ECKey.SHA384,
+        ALGORITHMS.ES512: ECKey.SHA512,
+    }
 
-    if algorithm == ALGORITHMS.ES512:
-        return ECKey(key_data, ECKey.SHA512)
+    return algorithms.get(algorithm, None)
 
 
 class Key(object):
@@ -111,15 +110,15 @@ class HMACKey(Key):
     SHA256 = hashlib.sha256
     SHA384 = hashlib.sha384
     SHA512 = hashlib.sha512
-    valid_hash_algs = (SHA256, SHA384, SHA512)
+    valid_hash_algs = ALGORITHMS.HMAC
 
     prepared_key = None
     hash_alg = None
 
-    def __init__(self, key, hash_alg):
-        if hash_alg not in self.valid_hash_algs:
-            raise JWKError('hash_alg: %s is not a valid hash algorithm' % hash_alg)
-        self.hash_alg = hash_alg
+    def __init__(self, key, algorithm):
+        if algorithm not in self.valid_hash_algs:
+            raise JWKError('hash_alg: %s is not a valid hash algorithm' % algorithm)
+        self.hash_alg = get_algorithm_object(algorithm)
 
         if isinstance(key, dict):
             self.prepared_key = self._process_jwk(key)
@@ -173,16 +172,16 @@ class RSAKey(Key):
     SHA256 = Crypto.Hash.SHA256
     SHA384 = Crypto.Hash.SHA384
     SHA512 = Crypto.Hash.SHA512
-    valid_hash_algs = (SHA256, SHA384, SHA512)
+    valid_hash_algs = ALGORITHMS.RSA
 
     prepared_key = None
     hash_alg = None
 
-    def __init__(self, key, hash_alg):
+    def __init__(self, key, algorithm):
 
-        if hash_alg not in self.valid_hash_algs:
-            raise JWKError('hash_alg: %s is not a valid hash algorithm' % hash_alg)
-        self.hash_alg = hash_alg
+        if algorithm not in self.valid_hash_algs:
+            raise JWKError('hash_alg: %s is not a valid hash algorithm' % algorithm)
+        self.hash_alg = get_algorithm_object(algorithm)
 
         if isinstance(key, _RSAKey):
             self.prepared_key = key
@@ -240,7 +239,7 @@ class ECKey(Key):
     SHA256 = hashlib.sha256
     SHA384 = hashlib.sha384
     SHA512 = hashlib.sha512
-    valid_hash_algs = (SHA256, SHA384, SHA512)
+    valid_hash_algs = ALGORITHMS.EC
 
     curve_map = {
         SHA256: ecdsa.curves.NIST256p,
@@ -252,10 +251,10 @@ class ECKey(Key):
     hash_alg = None
     curve = None
 
-    def __init__(self, key, hash_alg):
-        if hash_alg not in self.valid_hash_algs:
-            raise JWKError('hash_alg: %s is not a valid hash algorithm' % hash_alg)
-        self.hash_alg = hash_alg
+    def __init__(self, key, algorithm):
+        if algorithm not in self.valid_hash_algs:
+            raise JWKError('hash_alg: %s is not a valid hash algorithm' % algorithm)
+        self.hash_alg = get_algorithm_object(algorithm)
 
         self.curve = self.curve_map.get(self.hash_alg)
 
diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -11,4 +11,4 @@ ecdsa==0.13
 wsgiref==0.1.2
 
 -r requirements.txt
--r requirements-rtd.txt
+-r requirements-rtd.txt
diff --git a/tests/algorithms/test_EC.py b/tests/algorithms/test_EC.py
@@ -1,6 +1,7 @@
 
-from jose.jwk import ECKey
+from jose.constants import ALGORITHMS
 from jose.exceptions import JOSEError
+from jose.jwk import ECKey
 
 import ecdsa
 import pytest
@@ -16,14 +17,14 @@ class TestECAlgorithm:
 
     def test_EC_key(self):
         key = ecdsa.SigningKey.from_pem(private_key)
-        ECKey(key, ECKey.SHA256)
+        ECKey(key, ALGORITHMS.ES256)
 
     def test_string_secret(self):
         key = 'secret'
         with pytest.raises(JOSEError):
-            ECKey(key, ECKey.SHA256)
+            ECKey(key, ALGORITHMS.ES256)
 
     def test_object(self):
         key = object()
         with pytest.raises(JOSEError):
-            ECKey(key, ECKey.SHA256)
+            ECKey(key, ALGORITHMS.ES256)
diff --git a/tests/algorithms/test_HMAC.py b/tests/algorithms/test_HMAC.py
@@ -1,6 +1,7 @@
 
-from jose.jwk import HMACKey
+from jose.constants import ALGORITHMS
 from jose.exceptions import JOSEError
+from jose.jwk import HMACKey
 
 import pytest
 
@@ -9,17 +10,17 @@ class TestHMACAlgorithm:
 
     def test_non_string_key(self):
         with pytest.raises(JOSEError):
-            HMACKey(object(), HMACKey.SHA256)
+            HMACKey(object(), ALGORITHMS.HS256)
 
     def test_RSA_key(self):
         key = "-----BEGIN PUBLIC KEY-----"
         with pytest.raises(JOSEError):
-            HMACKey(key, HMACKey.SHA256)
+            HMACKey(key, ALGORITHMS.HS256)
 
         key = "-----BEGIN CERTIFICATE-----"
         with pytest.raises(JOSEError):
-            HMACKey(key, HMACKey.SHA256)
+            HMACKey(key, ALGORITHMS.HS256)
 
         key = "ssh-rsa"
         with pytest.raises(JOSEError):
-            HMACKey(key, HMACKey.SHA256)
+            HMACKey(key, ALGORITHMS.HS256)
diff --git a/tests/algorithms/test_RSA.py b/tests/algorithms/test_RSA.py
@@ -1,11 +1,19 @@
 
+import sys
+
 from jose.jwk import RSAKey
+from jose.constants import ALGORITHMS
 from jose.exceptions import JOSEError
 
 from Crypto.PublicKey import RSA
 
 import pytest
 
+# Deal with integer compatibilities between Python 2 and 3.
+# Using `from builtins import int` is not supported on AppEngine.
+if sys.version_info > (3,):
+    long = int
+
 private_key = """-----BEGIN RSA PRIVATE KEY-----
 MIIJKwIBAAKCAgEAtSKfSeI0fukRIX38AHlKB1YPpX8PUYN2JdvfM+XjNmLfU1M7
 4N0VmdzIX95sneQGO9kC2xMIE+AIlt52Yf/KgBZggAlS9Y0Vx8DsSL2HvOjguAdX
@@ -62,14 +70,18 @@
 class TestRSAAlgorithm:
 
     def test_RSA_key(self):
-        RSAKey(private_key, RSAKey.SHA256)
+        RSAKey(private_key, ALGORITHMS.RS256)
+
+    def test_RSA_key_instance(self):
+        key = RSA.construct((long(26057131595212989515105618545799160306093557851986992545257129318694524535510983041068168825614868056510242030438003863929818932202262132630250203397069801217463517914103389095129323580576852108653940669240896817348477800490303630912852266209307160550655497615975529276169196271699168537716821419779900117025818140018436554173242441334827711966499484119233207097432165756707507563413323850255548329534279691658369466534587631102538061857114141268972476680597988266772849780811214198186940677291891818952682545840788356616771009013059992237747149380197028452160324144544057074406611859615973035412993832273216732343819), long(65537)))
+        RSAKey(key, ALGORITHMS.RS256)
 
     def test_string_secret(self):
         key = 'secret'
         with pytest.raises(JOSEError):
-            RSAKey(key, RSAKey.SHA256)
+            RSAKey(key, ALGORITHMS.RS256)
 
     def test_object(self):
         key = object()
         with pytest.raises(JOSEError):
-            RSAKey(key, RSAKey.SHA256)
+            RSAKey(key, ALGORITHMS.RS256)
diff --git a/tests/test_jwk.py b/tests/test_jwk.py
@@ -4,6 +4,7 @@
 
 import pytest
 
+
 hmac_key = {
     "kty": "oct",
     "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037",
@@ -58,13 +59,13 @@ def test_invalid_hash_alg(self):
     def test_invalid_jwk(self):
 
         with pytest.raises(JWKError):
-            key = jwk.HMACKey(rsa_key, 'HS512')
+            key = jwk.HMACKey(rsa_key, 'HS256')
 
         with pytest.raises(JWKError):
-            key = jwk.HMACKey(hmac_key, 'RS512')
+            key = jwk.RSAKey(hmac_key, 'RS256')
 
         with pytest.raises(JWKError):
-            key = jwk.HMACKey(rsa_key, 'EC512')
+            key = jwk.ECKey(rsa_key, 'ES256')
 
     def test_RSAKey_errors(self):
 
@@ -90,8 +91,6 @@ def test_RSAKey_errors(self):
         with pytest.raises(JWKError):
             key = jwk.RSAKey(rsa_key, 'RS256')
 
-
-
     def test_construct_from_jwk(self):
 
         hmac_key = {
