diff options
author | Simo Sorce <simo@redhat.com> | 2015-10-27 14:47:35 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-11-06 20:55:12 -0500 |
commit | 3b7eed15c3f9da7381d240a762b0e557dd18ce96 (patch) | |
tree | b67710d589c55657f7757ab1b6bb489068b2ecae /custodia/message/kem.py | |
parent | 2780854f1e206563b7451087984f729d0b748d35 (diff) | |
download | custodia-3b7eed15c3f9da7381d240a762b0e557dd18ce96.tar.gz custodia-3b7eed15c3f9da7381d240a762b0e557dd18ce96.tar.xz custodia-3b7eed15c3f9da7381d240a762b0e557dd18ce96.zip |
Add support in the client for the kem message type
This allows to easily use end-to-end encrypted requests and replies
to fetch secrets.
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'custodia/message/kem.py')
-rw-r--r-- | custodia/message/kem.py | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/custodia/message/kem.py b/custodia/message/kem.py index 48b756b..add1c72 100644 --- a/custodia/message/kem.py +++ b/custodia/message/kem.py @@ -215,11 +215,9 @@ class KEMClient(object): self.server_keys[KEY_USAGE_ENC], encalg) def parse_reply(self, name, message): - jwe = JWT(jwt=message, - key=self.client_keys[KEY_USAGE_ENC]) - jws = JWT(jwt=jwe.claims, - key=self.server_keys[KEY_USAGE_SIG]) - claims = json_decode(jws.claims) + claims = decode_enc_kem(message, + self.client_keys[KEY_USAGE_ENC], + self.server_keys[KEY_USAGE_SIG]) check_kem_claims(claims, name) return claims['value'] @@ -242,6 +240,12 @@ def make_enc_kem(name, value, sig_key, alg, enc_key, enc): return jwe.serialize(compact=True) +def decode_enc_kem(message, enc_key, sig_key): + jwe = JWT(jwt=message, key=enc_key) + jws = JWT(jwt=jwe.claims, key=sig_key) + return json_decode(jws.claims) + + # unit tests test_keys = ({ "kty": "RSA", |