MCPcopy
hub / github.com/ticarpi/jwt_tool / verifyTokenEC

Function verifyTokenEC

jwt_tool.py:938–987  ·  view source on GitHub ↗
(headDict, paylDict, sig, pubKey)

Source from the content-addressed store, hash-verified

936 return valid
937
938def verifyTokenEC(headDict, paylDict, sig, pubKey):
939 newContents = genContents(headDict, paylDict)
940 message = newContents.encode('UTF-8')
941 if "-" in str(sig):
942 try:
943 signature = base64.urlsafe_b64decode(sig)
944 except:
945 pass
946 try:
947 signature = base64.urlsafe_b64decode(sig+"=")
948 except:
949 pass
950 try:
951 signature = base64.urlsafe_b64decode(sig+"==")
952 except:
953 pass
954 elif "+" in str(sig):
955 try:
956 signature = base64.b64decode(sig)
957 except:
958 pass
959 try:
960 signature = base64.b64decode(sig+"=")
961 except:
962 pass
963 try:
964 signature = base64.b64decode(sig+"==")
965 except:
966 pass
967 else:
968 cprintc("Signature not Base64 encoded HEX", "red")
969 if headDict['alg'] == "ES256":
970 h = SHA256.new(message)
971 elif headDict['alg'] == "ES384":
972 h = SHA384.new(message)
973 elif headDict['alg'] == "ES512":
974 h = SHA512.new(message)
975 else:
976 cprintc("Invalid ECDSA algorithm", "red")
977 pubkey = open(pubKey, "r")
978 pub_key = ECC.import_key(pubkey.read())
979 verifier = DSS.new(pub_key, 'fips-186-3')
980 try:
981 verifier.verify(h, signature)
982 cprintc("ECC Signature is VALID", "green")
983 valid = True
984 except:
985 cprintc("ECC Signature is INVALID", "red")
986 valid = False
987 return valid
988
989def verifyTokenPSS(headDict, paylDict, sig, pubKey):
990 key = RSA.importKey(open(pubKey).read())

Callers 2

parseJWKSFunction · 0.85
runActionsFunction · 0.85

Calls 2

genContentsFunction · 0.85
cprintcFunction · 0.85

Tested by

no test coverage detected