1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
# Copyright (C) 2018 Lars Wirzenius
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import Crypto.PublicKey.RSA
import jwt
import muck
class TokenChecker:
def __init__(self, signing_key_pub):
pubkey = Crypto.PublicKey.RSA.importKey(signing_key_pub)
self._key = pubkey.exportKey('OpenSSH')
def parse_header(self, value):
token = self._get_token_text(value)
options = {
'verify_aud': False,
}
try:
return jwt.decode(
token, key=self._key, audience=None, options=options)
except jwt.DecodeError as e:
raise muck.Error(str(e))
def _get_token_text(self, value):
if not isinstance(value, str):
raise muck.Error('Header does not have a string value')
if not value:
raise muck.Error('Header does not have a non-empty string value')
words = value.split()
if len(words) != 2:
raise muck.Error('Header does not consist of two words')
if words[0].lower() != 'bearer':
raise muck.Error('Header does not start with "Bearer"')
return words[1]
def create_token(claims, key_text):
key = Crypto.PublicKey.RSA.importKey(key_text)
token = jwt.encode(claims, key.exportKey('PEM'), algorithm='RS512')
return token.decode('ascii')
|