MCPcopy
hub / github.com/authlib/authlib / _validate_json_jws

Method _validate_json_jws

authlib/jose/rfc7515/jws.py:312–340  ·  view source on GitHub ↗
(self, payload_segment, payload, header_obj, key)

Source from the content-addressed store, hash-verified

310 raise InvalidCritHeaderParameterNameError(k)
311
312 def _validate_json_jws(self, payload_segment, payload, header_obj, key):
313 protected_segment = header_obj.get("protected")
314 if not protected_segment:
315 raise DecodeError('Missing "protected" value')
316
317 signature_segment = header_obj.get("signature")
318 if not signature_segment:
319 raise DecodeError('Missing "signature" value')
320
321 protected_segment = to_bytes(protected_segment)
322 protected = _extract_header(protected_segment)
323 header = header_obj.get("header")
324 if header and not isinstance(header, dict):
325 raise DecodeError('Invalid "header" value')
326 # RFC 7515 §4.1.11: 'crit' MUST be integrity-protected. If present in
327 # the unprotected header object, reject the JWS.
328 self._reject_unprotected_crit(header)
329
330 # Enforce must-understand semantics for names listed in protected
331 # 'crit'. This will also ensure each listed name is present in the
332 # protected header.
333 self._validate_crit_headers(protected)
334 jws_header = JWSHeader(protected, header)
335 algorithm, key = self._prepare_algorithm_key(jws_header, payload, key)
336 signing_input = b".".join([protected_segment, payload_segment])
337 signature = _extract_signature(to_bytes(signature_segment))
338 if algorithm.verify(signing_input, signature, key):
339 return jws_header, True
340 return jws_header, False
341
342
343def _extract_header(header_segment):

Callers 1

deserialize_jsonMethod · 0.95

Calls 10

DecodeErrorClass · 0.90
to_bytesFunction · 0.90
_extract_headerFunction · 0.85
JWSHeaderClass · 0.85
_extract_signatureFunction · 0.85
getMethod · 0.45
verifyMethod · 0.45

Tested by

no test coverage detected