Skip to content

Commit

Permalink
Allow to verify with private key on ECAlgorithm, as well as on Ed2551…
Browse files Browse the repository at this point in the history
…9Algorithm. (#645)

* Add private key support for ECAlgorithm verify.

* Update CHANGELOG.
  • Loading branch information
dajiaji authored Apr 16, 2021
1 parent bcd5728 commit fb86f9d
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.rst
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Fixed
- Remove padding from JWK test data. `#628 <https://github.com/jpadilla/pyjwt/pull/628>`__
- Make `kty` mandatory in JWK to be compliant with RFC7517. `#624 <https://github.com/jpadilla/pyjwt/pull/624>`__
- Allow JWK without `alg` to be compliant with RFC7517. `#624 <https://github.com/jpadilla/pyjwt/pull/624>`__
- Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. `#645 <https://github.com/jpadilla/pyjwt/pull/645>`__

Added
~~~~~
Expand Down
2 changes: 2 additions & 0 deletions jwt/algorithms.py
Original file line number Diff line number Diff line change
Expand Up @@ -427,6 +427,8 @@ def verify(self, msg, key, sig):
return False

try:
if isinstance(key, EllipticCurvePrivateKey):
key = key.public_key()
key.verify(der_sig, msg, ec.ECDSA(self.hash_alg()))
return True
except InvalidSignature:
Expand Down
7 changes: 7 additions & 0 deletions tests/test_algorithms.py
Original file line number Diff line number Diff line change
Expand Up @@ -658,6 +658,13 @@ def test_ec_verify_should_return_true_for_test_vector(self):
result = algo.verify(signing_input, key, signature)
assert result

# private key can also be used.
with open(key_path("jwk_ec_key_P-521.json")) as keyfile:
private_key = algo.from_jwk(keyfile.read())

result = algo.verify(signing_input, private_key, signature)
assert result


@crypto_required
class TestEd25519Algorithms:
Expand Down

0 comments on commit fb86f9d

Please sign in to comment.