venv added, updated

2024-09-13 09:46:28 +02:00
parent 577596d9f3
commit 82af8c809a
4812 changed files with 640223 additions and 2 deletions
--- a/myenv/lib/python3.12/site-packages/authlib/jose/rfc8037/init.py
+++ b/myenv/lib/python3.12/site-packages/authlib/jose/rfc8037/init.py
@@ -0,0 +1,5 @@
+from .okp_key import OKPKey
+from .jws_eddsa import register_jws_rfc8037
+
+
+__all__ = ['register_jws_rfc8037', 'OKPKey']
--- a/myenv/lib/python3.12/site-packages/authlib/jose/rfc8037/pycache/init.cpython-312.pyc
+++ b/myenv/lib/python3.12/site-packages/authlib/jose/rfc8037/pycache/init.cpython-312.pyc
--- a/myenv/lib/python3.12/site-packages/authlib/jose/rfc8037/pycache/jws_eddsa.cpython-312.pyc
+++ b/myenv/lib/python3.12/site-packages/authlib/jose/rfc8037/pycache/jws_eddsa.cpython-312.pyc
--- a/myenv/lib/python3.12/site-packages/authlib/jose/rfc8037/pycache/okp_key.cpython-312.pyc
+++ b/myenv/lib/python3.12/site-packages/authlib/jose/rfc8037/pycache/okp_key.cpython-312.pyc
--- a/myenv/lib/python3.12/site-packages/authlib/jose/rfc8037/jws_eddsa.py
+++ b/myenv/lib/python3.12/site-packages/authlib/jose/rfc8037/jws_eddsa.py
@@ -0,0 +1,27 @@
+from cryptography.exceptions import InvalidSignature
+from ..rfc7515 import JWSAlgorithm
+from .okp_key import OKPKey
+
+
+class EdDSAAlgorithm(JWSAlgorithm):
+    name = 'EdDSA'
+    description = 'Edwards-curve Digital Signature Algorithm for JWS'
+
+    def prepare_key(self, raw_data):
+        return OKPKey.import_key(raw_data)
+
+    def sign(self, msg, key):
+        op_key = key.get_op_key('sign')
+        return op_key.sign(msg)
+
+    def verify(self, msg, sig, key):
+        op_key = key.get_op_key('verify')
+        try:
+            op_key.verify(sig, msg)
+            return True
+        except InvalidSignature:
+            return False
+
+
+def register_jws_rfc8037(cls):
+    cls.register_algorithm(EdDSAAlgorithm())
--- a/myenv/lib/python3.12/site-packages/authlib/jose/rfc8037/okp_key.py
+++ b/myenv/lib/python3.12/site-packages/authlib/jose/rfc8037/okp_key.py
@@ -0,0 +1,103 @@
+from cryptography.hazmat.primitives.asymmetric.ed25519 import (
+    Ed25519PublicKey, Ed25519PrivateKey
+)
+from cryptography.hazmat.primitives.asymmetric.ed448 import (
+    Ed448PublicKey, Ed448PrivateKey
+)
+from cryptography.hazmat.primitives.asymmetric.x25519 import (
+    X25519PublicKey, X25519PrivateKey
+)
+from cryptography.hazmat.primitives.asymmetric.x448 import (
+    X448PublicKey, X448PrivateKey
+)
+from cryptography.hazmat.primitives.serialization import (
+    Encoding, PublicFormat, PrivateFormat, NoEncryption
+)
+from authlib.common.encoding import (
+    to_unicode, to_bytes,
+    urlsafe_b64decode, urlsafe_b64encode,
+)
+from ..rfc7517 import AsymmetricKey
+
+
+PUBLIC_KEYS_MAP = {
+    'Ed25519': Ed25519PublicKey,
+    'Ed448': Ed448PublicKey,
+    'X25519': X25519PublicKey,
+    'X448': X448PublicKey,
+}
+PRIVATE_KEYS_MAP = {
+    'Ed25519': Ed25519PrivateKey,
+    'Ed448': Ed448PrivateKey,
+    'X25519': X25519PrivateKey,
+    'X448': X448PrivateKey,
+}
+
+
+class OKPKey(AsymmetricKey):
+    """Key class of the ``OKP`` key type."""
+
+    kty = 'OKP'
+    REQUIRED_JSON_FIELDS = ['crv', 'x']
+    PUBLIC_KEY_FIELDS = REQUIRED_JSON_FIELDS
+    PRIVATE_KEY_FIELDS = ['crv', 'd']
+    PUBLIC_KEY_CLS = tuple(PUBLIC_KEYS_MAP.values())
+    PRIVATE_KEY_CLS = tuple(PRIVATE_KEYS_MAP.values())
+    SSH_PUBLIC_PREFIX = b'ssh-ed25519'
+
+    def exchange_shared_key(self, pubkey):
+        # used in ECDHESAlgorithm
+        private_key = self.get_private_key()
+        if private_key and isinstance(private_key, (X25519PrivateKey, X448PrivateKey)):
+            return private_key.exchange(pubkey)
+        raise ValueError('Invalid key for exchanging shared key')
+
+    @staticmethod
+    def get_key_curve(key):
+        if isinstance(key, (Ed25519PublicKey, Ed25519PrivateKey)):
+            return 'Ed25519'
+        elif isinstance(key, (Ed448PublicKey, Ed448PrivateKey)):
+            return 'Ed448'
+        elif isinstance(key, (X25519PublicKey, X25519PrivateKey)):
+            return 'X25519'
+        elif isinstance(key, (X448PublicKey, X448PrivateKey)):
+            return 'X448'
+
+    def load_private_key(self):
+        crv_key = PRIVATE_KEYS_MAP[self._dict_data['crv']]
+        d_bytes = urlsafe_b64decode(to_bytes(self._dict_data['d']))
+        return crv_key.from_private_bytes(d_bytes)
+
+    def load_public_key(self):
+        crv_key = PUBLIC_KEYS_MAP[self._dict_data['crv']]
+        x_bytes = urlsafe_b64decode(to_bytes(self._dict_data['x']))
+        return crv_key.from_public_bytes(x_bytes)
+
+    def dumps_private_key(self):
+        obj = self.dumps_public_key(self.private_key.public_key())
+        d_bytes = self.private_key.private_bytes(
+            Encoding.Raw,
+            PrivateFormat.Raw,
+            NoEncryption()
+        )
+        obj['d'] = to_unicode(urlsafe_b64encode(d_bytes))
+        return obj
+
+    def dumps_public_key(self, public_key=None):
+        if public_key is None:
+            public_key = self.public_key
+        x_bytes = public_key.public_bytes(Encoding.Raw, PublicFormat.Raw)
+        return {
+            'crv': self.get_key_curve(public_key),
+            'x': to_unicode(urlsafe_b64encode(x_bytes)),
+        }
+
+    @classmethod
+    def generate_key(cls, crv='Ed25519', options=None, is_private=False) -> 'OKPKey':
+        if crv not in PRIVATE_KEYS_MAP:
+            raise ValueError(f'Invalid crv value: "{crv}"')
+        private_key_cls = PRIVATE_KEYS_MAP[crv]
+        raw_key = private_key_cls.generate()
+        if not is_private:
+            raw_key = raw_key.public_key()
+        return cls.import_key(raw_key, options=options)