v0.8.0

* BREAKING CHANGE: rename all `jwk` parameters to `key`, since they can accept any `cryptography` key instance
* add `Jwt.sign_arbitrary()`
* updated deps
* move SymmetricJwk specific code from `Jwk.generate()` to `SymmetricJwk.generate()`
* JwsCompact.from_parts() doesn't accept a str as signature anymore

Author: guillp

.github/workflows/dev.yml

@@ -35,7 +35,7 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install poetry "tox<4" tox-gh-actions tox-poetry
+          pip install poetry tox tox-gh-actions
 
       - name: test with tox
         run:
@@ -62,7 +62,7 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install poetry "tox<4" tox-gh-actions tox-poetry
+          pip install poetry tox tox-gh-actions
 
       - name: test with tox
         run:

.github/workflows/release.yml

@@ -18,7 +18,7 @@ jobs:
   # This workflow contains a single job called "build"
   release:
     name: Create Release
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     strategy:
       matrix:

.pre-commit-config.yaml

@@ -23,15 +23,15 @@ repos:
     - id: python-use-type-annotations
     - id: text-unicode-replacement-char
 - repo: https://github.com/myint/docformatter
-  rev: v1.6.5
+  rev: v1.7.2
   hooks:
     - id: docformatter
       args:
       - --in-place
       - --wrap-summaries=100
       - --wrap-descriptions=100
 -   repo: https://github.com/hadialqattan/pycln
-    rev: v2.1.3
+    rev: v2.1.5
     hooks:
     -   id: pycln
         args: [--config=pyproject.toml]
@@ -50,7 +50,7 @@ repos:
         additional_dependencies:
             - flake8-typing-imports==1.14.0
 -   repo: https://github.com/asottile/blacken-docs
-    rev: 1.13.0
+    rev: 1.14.0
     hooks:
         - id: blacken-docs
 -   repo: https://github.com/pycqa/pydocstyle
@@ -62,10 +62,15 @@ repos:
         args:
             - --add-ignore=D107
 -   repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v1.3.0
+    rev: v1.4.0
     hooks:
     -   id: mypy
-        args: [--strict]
+        args:
+        - --strict
+        - --implicit-reexport
+        - --show-error-codes
+        - --show-error-context
+        - --show-column-numbers
         additional_dependencies:
             - types-cryptography==3.3.23.2
             - pytest-mypy==0.10.3

HISTORY.md

@@ -1,4 +1,10 @@
 # History
+## 0.8.0 (2023-06-21)
+- BREAKING CHANGE: all method parameters `jwk`, `sig_jwk`, `enc_jwk`, or `jwk_or_password`, accepting a `Jwk` instance
+have been renamed to `key` or `sig_key`,`enc_key` or `key_or_password` respectively.
+They now accept either a `Jwk` instance, or a dict containing a JWK, or a `cryptography` key instance directly.
+- Added `Jwt.sign_arbitrary()` to sign JWT with arbitrary headers, for testing purposes only!
+- Updated dev dependencies
 
 ## 0.1.0 (2021-11-15)
 

jwskate/enums.py

@@ -1,6 +1,7 @@
 """This module contains enums for the various identifiers used in JWA and JWK.
 
 See [IANA JOSE](https://www.iana.org/assignments/jose/jose.xhtml).
+
 """
 
 

jwskate/jwa/__init__.py

@@ -5,6 +5,7 @@
 `cryptography`.
 
 [RFC7518]: https://www.rfc-editor.org/rfc/rfc7518
+
 """
 
 from .base import (

jwskate/jwa/base.py

@@ -25,6 +25,7 @@ class BaseAlg:
     An algorithm has a `name` and a `description`, whose reference is found in [IANA JOSE registry][IANA].
 
     [IANA]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
+
     """
 
     use: str
@@ -53,6 +54,7 @@ class BaseSymmetricAlg(BaseAlg):
 
     Args:
         key: the key to use for cryptographic operations
+
     """
 
     def __init__(self, key: bytes):
@@ -71,6 +73,7 @@ def check_key(cls, key: bytes) -> None:
 
         Returns:
           Returns `None`. Raises an exception if the key is not suitable
+
         """
         pass
 
@@ -105,6 +108,7 @@ class BaseAsymmetricAlg(Generic[Kpriv, Kpub], BaseAlg):
 
     Args:
         key: the key to use.
+
     """
 
     private_key_class: Union[Type[Kpriv], Tuple[Type[Kpriv], ...]]
@@ -128,6 +132,7 @@ def check_key(cls, key: Union[Kpriv, Kpub]) -> None:
 
         Raises:
             Exception: if the key is not suitable for use with this alg class
+
         """
 
     @contextmanager
@@ -139,6 +144,7 @@ def private_key_required(self) -> Iterator[Kpriv]:
 
         Raises:
             PrivateKeyRequired: if the configured key is not private
+
         """
         if not isinstance(self.key, self.private_key_class):
             raise PrivateKeyRequired()
@@ -153,6 +159,7 @@ def public_key_required(self) -> Iterator[Kpub]:
 
         Raises:
             PublicKeyRequired: if the configured key is private
+
         """
         if not isinstance(self.key, self.public_key_class):
             raise PublicKeyRequired()
@@ -184,6 +191,7 @@ def sign(self, data: Union[bytes, SupportsBytes]) -> BinaPy:
 
         Returns:
           the raw signature
+
         """
         raise NotImplementedError
 
@@ -198,6 +206,7 @@ def verify(
 
         Returns:
           `True` if the signature matches, `False` otherwise.
+
         """
         raise NotImplementedError
 
@@ -220,6 +229,7 @@ def check_key(cls, key: bytes) -> None:
 
         Raises:
             ValueError: if the key is not suitable
+
         """
         if len(key) * 8 != cls.key_size:
             raise ValueError(
@@ -232,6 +242,7 @@ def generate_key(cls) -> BinaPy:
 
         Returns:
             a random AES key
+
         """
         return BinaPy.random_bits(cls.key_size)
 
@@ -241,6 +252,7 @@ def generate_iv(cls) -> BinaPy:
 
         Returns:
             a random IV
+
         """
         return BinaPy.random_bits(cls.iv_size)
 
@@ -268,6 +280,7 @@ def encrypt(
 
         Returns:
           a tuple of ciphered data and authentication tag
+
         """
         raise NotImplementedError
 
@@ -294,6 +307,7 @@ def decrypt(
 
         Returns:
           the deciphered data
+
         """
         raise NotImplementedError
 
@@ -304,6 +318,7 @@ def with_random_key(cls) -> Self:
 
         Returns:
             a subclass of `BaseAESEncryptionAlg` initialized with a randomly generated key
+
         """
         return cls(cls.generate_key())
 

jwskate/jwa/ec.py

@@ -16,6 +16,7 @@ class EllipticCurve:
     """A descriptive class for Elliptic Curves.
 
     Elliptic Curves have a name, a `cryptography.ec.EllipticCurve`, and a coordinate size.
+
     """
 
     name: str
@@ -43,6 +44,7 @@ def generate(self) -> Tuple[int, int, int]:
 
         Returns:
              a tuple of 4 `int`s: `x` and `y` coordinates (public key) and `d` (private key)
+
         """
         key = ec.generate_private_key(self.cryptography_curve)
         pn = key.private_numbers()  # type: ignore[attr-defined]

jwskate/jwa/encryption/aescbchmac.py

@@ -29,6 +29,7 @@ def __init__(self, key: bytes) -> None:
 
         Args:
             key: the key to use for encryption and decryption.
+
         """
         super().__init__(key)
         self.mac_key = self.key[: self.mac_key_size // 8]
@@ -129,6 +130,7 @@ def decrypt(
 
         Returns:
           the decrypted data
+
         """
         if not isinstance(ciphertext, bytes):
             ciphertext = bytes(ciphertext)

jwskate/jwa/encryption/aesgcm.py

@@ -34,6 +34,7 @@ def encrypt(
 
         Raises:
             ValueError: if the IV size is not appropriate
+
         """
         if not isinstance(iv, bytes):
             iv = bytes(iv)
@@ -70,6 +71,7 @@ def decrypt(
 
         Raises:
             ValueError: if the IV size is not appropriate
+
         """
         if not isinstance(ciphertext, bytes):
             ciphertext = bytes(ciphertext)