diff options
Diffstat (limited to 'jwcrypto/jwk.py')
-rw-r--r-- | jwcrypto/jwk.py | 49 |
1 files changed, 24 insertions, 25 deletions
diff --git a/jwcrypto/jwk.py b/jwcrypto/jwk.py index c989e06..2268728 100644 --- a/jwcrypto/jwk.py +++ b/jwcrypto/jwk.py @@ -252,19 +252,7 @@ class JWK(object): return ec.EllipticCurvePrivateNumbers(self._decode_int(k['d']), self._ec_pub(k, curve)) - def sign_key(self, arg=None): - self._check_constraints('sig', 'sign') - if self._params['kty'] == 'oct': - return self._key['k'] - elif self._params['kty'] == 'RSA': - return self._rsa_pri(self._key).private_key(default_backend()) - elif self._params['kty'] == 'EC': - return self._ec_pri(self._key, arg).private_key(default_backend()) - else: - raise NotImplementedError - - def verify_key(self, arg=None): - self._check_constraints('sig', 'verify') + def _get_public_key(self, arg=None): if self._params['kty'] == 'oct': return self._key['k'] elif self._params['kty'] == 'RSA': @@ -274,25 +262,36 @@ class JWK(object): else: raise NotImplementedError - def encrypt_key(self, arg=None): - self._check_constraints('enc', 'encrypt') + def _get_private_key(self, arg=None): if self._params['kty'] == 'oct': return self._key['k'] elif self._params['kty'] == 'RSA': - return self._rsa_pub(self._key).public_key(default_backend()) + return self._rsa_pri(self._key).private_key(default_backend()) elif self._params['kty'] == 'EC': - return self._ec_pub(self._key, arg).public_key(default_backend()) + return self._ec_pri(self._key, arg).private_key(default_backend()) else: raise NotImplementedError - def decrypt_key(self, arg=None): - self._check_constraints('enc', 'decrypt') - if self._params['kty'] == 'oct': - return self._key['k'] - elif self._params['kty'] == 'RSA': - return self._rsa_pri(self._key).private_key(default_backend()) - elif self._params['kty'] == 'EC': - return self._ec_pri(self._key, arg).private_key(default_backend()) + def get_op_key(self, operation=None, arg=None): + validops = self._params.get('key_ops', JWKOperationsRegistry.keys()) + if validops is not list: + validops = [validops] + if operation is None: + if self._params['kty'] == 'oct': + return self._key['k'] + raise InvalidJWKOperation(operation, validops) + elif operation == 'sign': + self._check_constraints('sig', operation) + return self._get_private_key(arg) + elif operation == 'verify': + self._check_constraints('sig', operation) + return self._get_public_key(arg) + elif operation == 'encrypt' or operation == 'wrapKey': + self._check_constraints('enc', operation) + return self._get_public_key(arg) + elif operation == 'decrypt' or operation == 'unwrapKey': + self._check_constraints('enc', operation) + return self._get_private_key(arg) else: raise NotImplementedError |