Initial commit

2025-08-14 00:25:46 +02:00 · 2024-12-23 19:27:44 +06:00
commit e81df4c87e
4952 changed files with 1705479 additions and 0 deletions
--- a/venv/Lib/site-packages/jose/backends/ecdsa_backend.py
+++ b/venv/Lib/site-packages/jose/backends/ecdsa_backend.py
@@ -0,0 +1,150 @@
+import hashlib
+
+import ecdsa
+
+from jose.backends.base import Key
+from jose.constants import ALGORITHMS
+from jose.exceptions import JWKError
+from jose.utils import base64_to_long, long_to_base64
+
+
+class ECDSAECKey(Key):
+    """
+    Performs signing and verification operations using
+    ECDSA and the specified hash function
+
+    This class requires the ecdsa package to be installed.
+
+    This is based off of the implementation in PyJWT 0.3.2
+    """
+
+    SHA256 = hashlib.sha256
+    SHA384 = hashlib.sha384
+    SHA512 = hashlib.sha512
+
+    CURVE_MAP = {
+        SHA256: ecdsa.curves.NIST256p,
+        SHA384: ecdsa.curves.NIST384p,
+        SHA512: ecdsa.curves.NIST521p,
+    }
+    CURVE_NAMES = (
+        (ecdsa.curves.NIST256p, "P-256"),
+        (ecdsa.curves.NIST384p, "P-384"),
+        (ecdsa.curves.NIST521p, "P-521"),
+    )
+
+    def __init__(self, key, algorithm):
+        if algorithm not in ALGORITHMS.EC:
+            raise JWKError("hash_alg: %s is not a valid hash algorithm" % algorithm)
+
+        self.hash_alg = {
+            ALGORITHMS.ES256: self.SHA256,
+            ALGORITHMS.ES384: self.SHA384,
+            ALGORITHMS.ES512: self.SHA512,
+        }.get(algorithm)
+        self._algorithm = algorithm
+
+        self.curve = self.CURVE_MAP.get(self.hash_alg)
+
+        if isinstance(key, (ecdsa.SigningKey, ecdsa.VerifyingKey)):
+            self.prepared_key = key
+            return
+
+        if isinstance(key, dict):
+            self.prepared_key = self._process_jwk(key)
+            return
+
+        if isinstance(key, str):
+            key = key.encode("utf-8")
+
+        if isinstance(key, bytes):
+            # Attempt to load key. We don't know if it's
+            # a Signing Key or a Verifying Key, so we try
+            # the Verifying Key first.
+            try:
+                key = ecdsa.VerifyingKey.from_pem(key)
+            except ecdsa.der.UnexpectedDER:
+                key = ecdsa.SigningKey.from_pem(key)
+            except Exception as e:
+                raise JWKError(e)
+
+            self.prepared_key = key
+            return
+
+        raise JWKError("Unable to parse an ECKey from key: %s" % key)
+
+    def _process_jwk(self, jwk_dict):
+        if not jwk_dict.get("kty") == "EC":
+            raise JWKError("Incorrect key type. Expected: 'EC', Received: %s" % jwk_dict.get("kty"))
+
+        if not all(k in jwk_dict for k in ["x", "y", "crv"]):
+            raise JWKError("Mandatory parameters are missing")
+
+        if "d" in jwk_dict:
+            # We are dealing with a private key; the secret exponent is enough
+            # to create an ecdsa key.
+            d = base64_to_long(jwk_dict.get("d"))
+            return ecdsa.keys.SigningKey.from_secret_exponent(d, self.curve)
+        else:
+            x = base64_to_long(jwk_dict.get("x"))
+            y = base64_to_long(jwk_dict.get("y"))
+
+            if not ecdsa.ecdsa.point_is_valid(self.curve.generator, x, y):
+                raise JWKError(f"Point: {x}, {y} is not a valid point")
+
+            point = ecdsa.ellipticcurve.Point(self.curve.curve, x, y, self.curve.order)
+            return ecdsa.keys.VerifyingKey.from_public_point(point, self.curve)
+
+    def sign(self, msg):
+        return self.prepared_key.sign(
+            msg, hashfunc=self.hash_alg, sigencode=ecdsa.util.sigencode_string, allow_truncate=False
+        )
+
+    def verify(self, msg, sig):
+        try:
+            return self.prepared_key.verify(
+                sig, msg, hashfunc=self.hash_alg, sigdecode=ecdsa.util.sigdecode_string, allow_truncate=False
+            )
+        except Exception:
+            return False
+
+    def is_public(self):
+        return isinstance(self.prepared_key, ecdsa.VerifyingKey)
+
+    def public_key(self):
+        if self.is_public():
+            return self
+        return self.__class__(self.prepared_key.get_verifying_key(), self._algorithm)
+
+    def to_pem(self):
+        return self.prepared_key.to_pem()
+
+    def to_dict(self):
+        if not self.is_public():
+            public_key = self.prepared_key.get_verifying_key()
+        else:
+            public_key = self.prepared_key
+        crv = None
+        for key, value in self.CURVE_NAMES:
+            if key == self.prepared_key.curve:
+                crv = value
+        if not crv:
+            raise KeyError(f"Can't match {self.prepared_key.curve}")
+
+        # Calculate the key size in bytes. Section 6.2.1.2 and 6.2.1.3 of
+        # RFC7518 prescribes that the 'x', 'y' and 'd' parameters of the curve
+        # points must be encoded as octed-strings of this length.
+        key_size = self.prepared_key.curve.baselen
+
+        data = {
+            "alg": self._algorithm,
+            "kty": "EC",
+            "crv": crv,
+            "x": long_to_base64(public_key.pubkey.point.x(), size=key_size).decode("ASCII"),
+            "y": long_to_base64(public_key.pubkey.point.y(), size=key_size).decode("ASCII"),
+        }
+
+        if not self.is_public():
+            data["d"] = long_to_base64(self.prepared_key.privkey.secret_multiplier, size=key_size).decode("ASCII")
+
+        return data