From a99b371f78df37e39f9fcb1b765e875fb4a3af7f Mon Sep 17 00:00:00 2001 From: Jakob Schlyter Date: Mon, 9 Sep 2024 09:31:40 +0200 Subject: [PATCH 1/4] more lint fixes --- .pre-commit-config.yaml | 2 +- pyproject.toml | 2 +- src/cryptojwt/jws/jws.py | 38 +++++++++++++++++++++++--------------- src/cryptojwt/utils.py | 18 ++++++++---------- 4 files changed, 33 insertions(+), 27 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 1959583..13a0d16 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -9,7 +9,7 @@ repos: - id: check-yaml - id: check-json - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.4.9 + rev: v0.6.3 hooks: - id: ruff - id: ruff-format diff --git a/pyproject.toml b/pyproject.toml index 39dfdeb..b6008be 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -54,7 +54,7 @@ responses = "^0.13.0" sphinx = "^3.5.2" sphinx-autobuild = "^2021.3.14" coverage = "^7" -ruff = "^0.4.6" +ruff = "^0.6.3" pytest-ruff = "^0.3.2" [build-system] diff --git a/src/cryptojwt/jws/jws.py b/src/cryptojwt/jws/jws.py index 686b5f8..db31078 100644 --- a/src/cryptojwt/jws/jws.py +++ b/src/cryptojwt/jws/jws.py @@ -60,10 +60,7 @@ def __len__(self): return len(self.part) def valid(self): - if len(self) != 3: - return False - - return True + return len(self) == 3 class JWS(JWx): @@ -153,7 +150,9 @@ def verify_compact(self, jws=None, keys=None, allow_none=False, sigalg=None): """ return self.verify_compact_verbose(jws, keys, allow_none, sigalg)["msg"] - def verify_compact_verbose(self, jws=None, keys=None, allow_none=False, sigalg=None): + def verify_compact_verbose( + self, jws=None, keys=None, allow_none=False, sigalg=None + ): """ Verify a JWT signature and return dict with validation results @@ -193,15 +192,21 @@ def verify_compact_verbose(self, jws=None, keys=None, allow_none=False, sigalg=N if isinstance(self["alg"], list): if _alg not in self["alg"]: raise SignerAlgError( - "Wrong signing algorithm, expected {} got {}".format(self["alg"], _alg) + "Wrong signing algorithm, expected {} got {}".format( + self["alg"], _alg + ) ) elif _alg != self["alg"]: raise SignerAlgError( - "Wrong signing algorithm, expected {} got {}".format(self["alg"], _alg) + "Wrong signing algorithm, expected {} got {}".format( + self["alg"], _alg + ) ) if sigalg and sigalg != _alg: - raise SignerAlgError("Expected {} got {}".format(sigalg, jwt.headers["alg"])) + raise SignerAlgError( + "Expected {} got {}".format(sigalg, jwt.headers["alg"]) + ) self["alg"] = _alg @@ -211,7 +216,9 @@ def verify_compact_verbose(self, jws=None, keys=None, allow_none=False, sigalg=N if "kid" in self: raise NoSuitableSigningKeys("No key with kid: {}".format(self["kid"])) elif "kid" in self.jwt.headers: - raise NoSuitableSigningKeys("No key with kid: {}".format(self.jwt.headers["kid"])) + raise NoSuitableSigningKeys( + "No key with kid: {}".format(self.jwt.headers["kid"]) + ) else: raise NoSuitableSigningKeys(f"No key for algorithm: {_alg}") @@ -335,7 +342,9 @@ def verify_json(self, jws, keys=None, allow_none=False, at_least_one=False): _tmp = self.verify_compact(token, keys, allow_none) except NoSuitableSigningKeys: if at_least_one is True: - logger.warning(f"Could not verify signature with headers: {all_headers}") + logger.warning( + f"Could not verify signature with headers: {all_headers}" + ) continue else: raise @@ -382,11 +391,10 @@ def _is_json_serialized_jws(self, json_jws): """ json_ser_keys = {"payload", "signatures"} flattened_json_ser_keys = {"payload", "signature"} - if not json_ser_keys.issubset(json_jws.keys()) and not flattened_json_ser_keys.issubset( - json_jws.keys() - ): - return False - return True + return not ( + not json_ser_keys.issubset(json_jws.keys()) + and not flattened_json_ser_keys.issubset(json_jws.keys()) + ) def _is_compact_jws(self, jws): """ diff --git a/src/cryptojwt/utils.py b/src/cryptojwt/utils.py index 47785e0..04b30c7 100644 --- a/src/cryptojwt/utils.py +++ b/src/cryptojwt/utils.py @@ -180,7 +180,9 @@ def b64encode_item(item): elif isinstance(item, int): return b64e(item) else: - return b64e(json.dumps(bytes2str_conv(item), separators=(",", ":")).encode("utf-8")) + return b64e( + json.dumps(bytes2str_conv(item), separators=(",", ":")).encode("utf-8") + ) def split_token(token): @@ -251,7 +253,9 @@ def rename_kwargs(func_name, kwargs, aliases): if alias in kwargs: if new in kwargs: raise TypeError(f"{func_name} received both {alias} and {new}") - warnings.warn(f"{alias} is deprecated; use {new}", DeprecationWarning, stacklevel=1) + warnings.warn( + f"{alias} is deprecated; use {new}", DeprecationWarning, stacklevel=1 + ) kwargs[new] = kwargs.pop(alias) @@ -294,10 +298,7 @@ def is_compact_jws(token): except Exception: return False - if "alg" not in _header: - return False - - return True + return "alg" in _header def is_jwe(token): @@ -324,10 +325,7 @@ def is_jwe(token): except Exception: return False - if "alg" not in _header or "enc" not in _header: - return False - - return True + return not ("alg" not in _header or "enc" not in _header) def is_json_jws(token): From 579380da8a0489c81203e9e6949dfefb735f3e07 Mon Sep 17 00:00:00 2001 From: Jakob Schlyter Date: Mon, 9 Sep 2024 09:37:55 +0200 Subject: [PATCH 2/4] lint --- src/cryptojwt/jwe/jwe.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/cryptojwt/jwe/jwe.py b/src/cryptojwt/jwe/jwe.py index ad11244..c06cb82 100644 --- a/src/cryptojwt/jwe/jwe.py +++ b/src/cryptojwt/jwe/jwe.py @@ -171,10 +171,11 @@ def decrypt(self, token=None, keys=None, alg=None, cek=None): elif _alg.startswith("ECDH-ES"): decrypter = JWE_EC(**self._dict) - if isinstance(keys[0], AsymmetricKey): - _key = keys[0].private_key() - else: - _key = keys[0].key + _key = ( + keys[0].private_key() + if isinstance(keys[0], AsymmetricKey) + else keys[0].key + ) cek = decrypter.dec_setup(_jwe, key=_key) else: From d1ec0abb05053f290f86d303fc3949302369c633 Mon Sep 17 00:00:00 2001 From: Jakob Schlyter Date: Mon, 9 Sep 2024 09:41:35 +0200 Subject: [PATCH 3/4] more lint and fix format (respect black/isort) --- .pre-commit-config.yaml | 2 +- pyproject.toml | 9 +++++++++ src/cryptojwt/jwe/jwe.py | 6 +----- src/cryptojwt/jwk/__init__.py | 6 +----- src/cryptojwt/jwk/asym.py | 2 +- src/cryptojwt/jwk/rsa.py | 7 ++----- src/cryptojwt/jws/jws.py | 24 ++++++------------------ src/cryptojwt/key_issuer.py | 5 +---- src/cryptojwt/key_jar.py | 5 +---- src/cryptojwt/tools/keyconv.py | 1 + src/cryptojwt/tools/keygen.py | 1 + src/cryptojwt/utils.py | 8 ++------ 12 files changed, 27 insertions(+), 49 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 13a0d16..4adc613 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -12,4 +12,4 @@ repos: rev: v0.6.3 hooks: - id: ruff - - id: ruff-format + #- id: ruff-format diff --git a/pyproject.toml b/pyproject.toml index b6008be..3e2f5e6 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -61,6 +61,9 @@ pytest-ruff = "^0.3.2" requires = ["poetry-core>=1.0.0"] build-backend = "poetry.core.masonry.api" +[tool.ruff] +line-length = 100 + [tool.ruff.lint] select = [ # pycodestyle @@ -78,3 +81,9 @@ select = [ ] ignore = ["E501", "I001", "SIM102"] exclude = ["examples/*"] + +[tool.ruff.lint.isort] +force-sort-within-sections = false +combine-as-imports = true +split-on-trailing-comma = false +known-first-party = ["cryptojwt"] diff --git a/src/cryptojwt/jwe/jwe.py b/src/cryptojwt/jwe/jwe.py index c06cb82..8d93a8a 100644 --- a/src/cryptojwt/jwe/jwe.py +++ b/src/cryptojwt/jwe/jwe.py @@ -171,11 +171,7 @@ def decrypt(self, token=None, keys=None, alg=None, cek=None): elif _alg.startswith("ECDH-ES"): decrypter = JWE_EC(**self._dict) - _key = ( - keys[0].private_key() - if isinstance(keys[0], AsymmetricKey) - else keys[0].key - ) + _key = keys[0].private_key() if isinstance(keys[0], AsymmetricKey) else keys[0].key cek = decrypter.dec_setup(_jwe, key=_key) else: diff --git a/src/cryptojwt/jwk/__init__.py b/src/cryptojwt/jwk/__init__.py index 070b56e..1925b63 100644 --- a/src/cryptojwt/jwk/__init__.py +++ b/src/cryptojwt/jwk/__init__.py @@ -236,11 +236,7 @@ def __eq__(self, other): if set(self.__dict__.keys()) != set(other.__dict__.keys()): return False - for key in self.public_members: - if getattr(other, key) != getattr(self, key): - return False - - return True + return all(getattr(other, key) == getattr(self, key) for key in self.public_members) def keys(self): return list(self.to_dict().keys()) diff --git a/src/cryptojwt/jwk/asym.py b/src/cryptojwt/jwk/asym.py index 1930248..f13de6c 100644 --- a/src/cryptojwt/jwk/asym.py +++ b/src/cryptojwt/jwk/asym.py @@ -19,7 +19,7 @@ def __init__( k="", pub_key=None, priv_key=None, - **kwargs + **kwargs, ): JWK.__init__(self, kty, alg, use, kid, x5c, x5t, x5u, **kwargs) self.k = k diff --git a/src/cryptojwt/jwk/rsa.py b/src/cryptojwt/jwk/rsa.py index 14f88c7..e118068 100644 --- a/src/cryptojwt/jwk/rsa.py +++ b/src/cryptojwt/jwk/rsa.py @@ -254,7 +254,7 @@ def __init__( dq="", di="", qi="", - **kwargs + **kwargs, ): AsymmetricKey.__init__(self, kty, alg, use, kid, x5c, x5t, x5u, **kwargs) self.n = n @@ -322,10 +322,7 @@ def deserialize(self): _cert_chain.append(der_cert(base64.b64decode(der_data))) if self.x5t: # verify the cert thumbprint - if isinstance(self.x5t, bytes): - _x5t = self.x5t - else: - _x5t = self.x5t.encode("ascii") + _x5t = self.x5t if isinstance(self.x5t, bytes) else self.x5t.encode("ascii") if _x5t != x5t_calculation(self.x5c[0]): raise DeSerializationNotPossible( "The thumbprint 'x5t' does not match the certificate." diff --git a/src/cryptojwt/jws/jws.py b/src/cryptojwt/jws/jws.py index db31078..4e10557 100644 --- a/src/cryptojwt/jws/jws.py +++ b/src/cryptojwt/jws/jws.py @@ -150,9 +150,7 @@ def verify_compact(self, jws=None, keys=None, allow_none=False, sigalg=None): """ return self.verify_compact_verbose(jws, keys, allow_none, sigalg)["msg"] - def verify_compact_verbose( - self, jws=None, keys=None, allow_none=False, sigalg=None - ): + def verify_compact_verbose(self, jws=None, keys=None, allow_none=False, sigalg=None): """ Verify a JWT signature and return dict with validation results @@ -192,21 +190,15 @@ def verify_compact_verbose( if isinstance(self["alg"], list): if _alg not in self["alg"]: raise SignerAlgError( - "Wrong signing algorithm, expected {} got {}".format( - self["alg"], _alg - ) + "Wrong signing algorithm, expected {} got {}".format(self["alg"], _alg) ) elif _alg != self["alg"]: raise SignerAlgError( - "Wrong signing algorithm, expected {} got {}".format( - self["alg"], _alg - ) + "Wrong signing algorithm, expected {} got {}".format(self["alg"], _alg) ) if sigalg and sigalg != _alg: - raise SignerAlgError( - "Expected {} got {}".format(sigalg, jwt.headers["alg"]) - ) + raise SignerAlgError("Expected {} got {}".format(sigalg, jwt.headers["alg"])) self["alg"] = _alg @@ -216,9 +208,7 @@ def verify_compact_verbose( if "kid" in self: raise NoSuitableSigningKeys("No key with kid: {}".format(self["kid"])) elif "kid" in self.jwt.headers: - raise NoSuitableSigningKeys( - "No key with kid: {}".format(self.jwt.headers["kid"]) - ) + raise NoSuitableSigningKeys("No key with kid: {}".format(self.jwt.headers["kid"])) else: raise NoSuitableSigningKeys(f"No key for algorithm: {_alg}") @@ -342,9 +332,7 @@ def verify_json(self, jws, keys=None, allow_none=False, at_least_one=False): _tmp = self.verify_compact(token, keys, allow_none) except NoSuitableSigningKeys: if at_least_one is True: - logger.warning( - f"Could not verify signature with headers: {all_headers}" - ) + logger.warning(f"Could not verify signature with headers: {all_headers}") continue else: raise diff --git a/src/cryptojwt/key_issuer.py b/src/cryptojwt/key_issuer.py index 6312940..f46f740 100755 --- a/src/cryptojwt/key_issuer.py +++ b/src/cryptojwt/key_issuer.py @@ -286,10 +286,7 @@ def get(self, key_use, key_type="", kid=None, alg="", **kwargs): if not key_type: if alg: - if use == "sig": - key_type = jws_alg2keytype(alg) - else: - key_type = jwe_alg2keytype(alg) + key_type = jws_alg2keytype(alg) if use == "sig" else jwe_alg2keytype(alg) lst = [] for bundle in self._bundles: diff --git a/src/cryptojwt/key_jar.py b/src/cryptojwt/key_jar.py index 813efc7..0b4708a 100755 --- a/src/cryptojwt/key_jar.py +++ b/src/cryptojwt/key_jar.py @@ -233,10 +233,7 @@ def keys_by_alg_and_usage(self, issuer_id, alg, usage): :param usage: What the key should be used for :return: A possibly empty list of keys """ - if usage in ["sig", "ver"]: - ktype = jws_alg2keytype(alg) - else: - ktype = jwe_alg2keytype(alg) + ktype = jws_alg2keytype(alg) if usage in ["sig", "ver"] else jwe_alg2keytype(alg) return self.get(usage, ktype, issuer_id) diff --git a/src/cryptojwt/tools/keyconv.py b/src/cryptojwt/tools/keyconv.py index 5a9234d..29f14bc 100644 --- a/src/cryptojwt/tools/keyconv.py +++ b/src/cryptojwt/tools/keyconv.py @@ -1,6 +1,7 @@ #!/usr/bin/env python3 """Convert JWK from/to PEM and other formats""" + import argparse import json from binascii import hexlify diff --git a/src/cryptojwt/tools/keygen.py b/src/cryptojwt/tools/keygen.py index 718bb62..1432552 100644 --- a/src/cryptojwt/tools/keygen.py +++ b/src/cryptojwt/tools/keygen.py @@ -1,6 +1,7 @@ #!/usr/bin/env python3 """JSON Web Key (JWK) Generator""" + import argparse import json import sys diff --git a/src/cryptojwt/utils.py b/src/cryptojwt/utils.py index 04b30c7..535c776 100644 --- a/src/cryptojwt/utils.py +++ b/src/cryptojwt/utils.py @@ -180,9 +180,7 @@ def b64encode_item(item): elif isinstance(item, int): return b64e(item) else: - return b64e( - json.dumps(bytes2str_conv(item), separators=(",", ":")).encode("utf-8") - ) + return b64e(json.dumps(bytes2str_conv(item), separators=(",", ":")).encode("utf-8")) def split_token(token): @@ -253,9 +251,7 @@ def rename_kwargs(func_name, kwargs, aliases): if alias in kwargs: if new in kwargs: raise TypeError(f"{func_name} received both {alias} and {new}") - warnings.warn( - f"{alias} is deprecated; use {new}", DeprecationWarning, stacklevel=1 - ) + warnings.warn(f"{alias} is deprecated; use {new}", DeprecationWarning, stacklevel=1) kwargs[new] = kwargs.pop(alias) From 7087aabe2e3b1ff8215185a33849d13c9577fe00 Mon Sep 17 00:00:00 2001 From: Jakob Schlyter Date: Tue, 1 Oct 2024 21:16:15 +0200 Subject: [PATCH 4/4] bump --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 4adc613..4eff98f 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -9,7 +9,7 @@ repos: - id: check-yaml - id: check-json - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.6.3 + rev: v0.6.8 hooks: - id: ruff #- id: ruff-format