Merge branch 'develop' into python39

Author: jschlyter

.travis.yml

@@ -1,24 +1,28 @@
 sudo: false
 language: python
 python:
-- 3.6
-- 3.7
-- 3.8
-- 3.9-dev
 - pypy3
+  - 3.6
+  - 3.7
+  - 3.8
+  - 3.9-dev
 addons:
   apt:
     packages:
     - 
 install:
-- pip install codecov
-- pip install tox
-- pip install tox-travis
+  - pip install codecov
+  - pip install tox
+  - pip install tox-travis
+  - pip install isort
+  - pip install black
 script:
-- codecov --version
-- tox
+  - isort --check --recursive src tests
+  - black --check src tests
+  - codecov --version
+  - tox
 after_success:
-- codecov
+  - codecov
 notifications:
   email: true
 deploy:

codecov.yml

@@ -0,0 +1,2 @@
+codecov:
+  branch: develop

setup.cfg

@@ -0,0 +1,6 @@
+[isort]
+multi_line_output = 3
+include_trailing_comma = True
+force_grid_wrap = 0
+use_parentheses = True
+line_length = 88

setup.py

@@ -26,7 +26,7 @@
     version = re.search(r'^__version__\s*=\s*[\'"]([^\'"]*)[\'"]',
                         fd.read(), re.MULTILINE).group(1)
 
-tests_requires = ['responses', 'pytest']
+tests_requires = ['responses', 'pytest', 'isort', 'black']
 
 setup(
     name="cryptojwt",

src/cryptojwt/__init__.py

@@ -21,13 +21,21 @@
 except ImportError:
     pass
 
-__version__ = '1.0.0'
+__version__ = "1.0.0"
 
 logger = logging.getLogger(__name__)
 
 JWT_TYPES = (u"JWT", u"application/jws", u"JWS", u"JWE")
 
-JWT_CLAIMS = {"iss": str, "sub": str, "aud": str, "exp": int, "nbf": int,
-              "iat": int, "jti": str, "typ": str}
+JWT_CLAIMS = {
+    "iss": str,
+    "sub": str,
+    "aud": str,
+    "exp": int,
+    "nbf": int,
+    "iat": int,
+    "jti": str,
+    "typ": str,
+}
 
 JWT_HEADERS = ["typ", "cty"]

src/cryptojwt/jwe/__init__.py

@@ -4,16 +4,32 @@
     "A256GCM": 256,
     "A128CBC-HS256": 256,
     "A192CBC-HS384": 384,
-    "A256CBC-HS512": 512
+    "A256CBC-HS512": 512,
 }
 
 KEY_LEN_BYTES = dict([(s, int(n / 8)) for s, n in KEY_LEN.items()])
 
 SUPPORTED = {
-    "alg": ["RSA1_5", "RSA-OAEP", "RSA-OAEP-256", "A128KW", "A192KW", "A256KW",
-            "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW"],
-    "enc": ["A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512",
-            "A128GCM", "A192GCM", "A256GCM"],
+    "alg": [
+        "RSA1_5",
+        "RSA-OAEP",
+        "RSA-OAEP-256",
+        "A128KW",
+        "A192KW",
+        "A256KW",
+        "ECDH-ES",
+        "ECDH-ES+A128KW",
+        "ECDH-ES+A192KW",
+        "ECDH-ES+A256KW",
+    ],
+    "enc": [
+        "A128CBC-HS256",
+        "A192CBC-HS384",
+        "A256CBC-HS512",
+        "A128GCM",
+        "A192GCM",
+        "A256GCM",
+    ],
 }
 
 

src/cryptojwt/jwe/aes.py

@@ -21,14 +21,14 @@ class AES_CBCEncrypter(Encrypter):
     """
     """
 
-    def __init__(self, key_len=32, key=None, msg_padding='PKCS7'):
+    def __init__(self, key_len=32, key=None, msg_padding="PKCS7"):
         Encrypter.__init__(self)
         if key:
             self.key = key
         else:
             self.key = os.urandom(key_len)
 
-        if msg_padding == 'PKCS7':
+        if msg_padding == "PKCS7":
             self.padder = PKCS7(128).padder()
             self.unpadder = PKCS7(128).unpadder()
         else:
@@ -46,18 +46,18 @@ def _mac(self, hash_key, hash_func, auth_data, iv, enc_msg, key_len):
         m = h.finalize()
         return m[:key_len]
 
-    def encrypt(self, msg, iv='', auth_data=b''):
+    def encrypt(self, msg, iv="", auth_data=b""):
         if not iv:
             iv = os.urandom(16)
             self.iv = iv
         else:
             self.iv = iv
 
-        hash_key, enc_key, key_len, hash_func = get_keys_seclen_dgst(self.key,
-                                                                     iv)
+        hash_key, enc_key, key_len, hash_func = get_keys_seclen_dgst(self.key, iv)
 
-        cipher = Cipher(algorithms.AES(enc_key), modes.CBC(iv),
-                        backend=default_backend())
+        cipher = Cipher(
+            algorithms.AES(enc_key), modes.CBC(iv), backend=default_backend()
+        )
         encryptor = cipher.encryptor()
 
         pmsg = self.padder.update(msg)
@@ -67,21 +67,22 @@ def encrypt(self, msg, iv='', auth_data=b''):
         tag = self._mac(hash_key, hash_func, auth_data, iv, ct, key_len)
         return ct, tag
 
-    def decrypt(self, msg, iv='', auth_data=b'', tag=b'', key=None):
+    def decrypt(self, msg, iv="", auth_data=b"", tag=b"", key=None):
         if key is None:
             if self.key:
                 key = self.key
             else:
-                raise MissingKey('No available key')
+                raise MissingKey("No available key")
 
         hash_key, enc_key, key_len, hash_func = get_keys_seclen_dgst(key, iv)
 
         comp_tag = self._mac(hash_key, hash_func, auth_data, iv, msg, key_len)
         if comp_tag != tag:
-            raise VerificationError('AES-CBC HMAC')
+            raise VerificationError("AES-CBC HMAC")
 
-        cipher = Cipher(algorithms.AES(enc_key), modes.CBC(iv),
-                        backend=default_backend())
+        cipher = Cipher(
+            algorithms.AES(enc_key), modes.CBC(iv), backend=default_backend()
+        )
         decryptor = cipher.decryptor()
 
         ctext = decryptor.update(msg)
@@ -102,9 +103,9 @@ def __init__(self, bit_length=0, key=None):
 
             self.key = AESGCM(AESGCM.generate_key(bit_length=bit_length))
         else:
-            raise ValueError('Need key or key bit length')
+            raise ValueError("Need key or key bit length")
 
-    def encrypt(self, msg, iv='', auth_data=None):
+    def encrypt(self, msg, iv="", auth_data=None):
         """
         Encrypts and authenticates the data provided as well as authenticating
         the associated_data.
@@ -115,11 +116,11 @@ def encrypt(self, msg, iv='', auth_data=None):
         :return: The cipher text bytes with the 16 byte tag appended.
         """
         if not iv:
-            raise ValueError('Missing Nonce')
+            raise ValueError("Missing Nonce")
 
         return self.key.encrypt(iv, msg, auth_data)
 
-    def decrypt(self, cipher_text, iv='', auth_data=None, tag=b''):
+    def decrypt(self, cipher_text, iv="", auth_data=None, tag=b""):
         """
         Decrypts the data and authenticates the associated_data (if provided).
 
@@ -130,6 +131,6 @@ def decrypt(self, cipher_text, iv='', auth_data=None, tag=b''):
         :return: The original plaintext
         """
         if not iv:
-            raise ValueError('Missing Nonce')
+            raise ValueError("Missing Nonce")
 
-        return self.key.decrypt(iv, cipher_text+tag, auth_data)
+        return self.key.decrypt(iv, cipher_text + tag, auth_data)

src/cryptojwt/jwe/jwe.py

@@ -20,15 +20,29 @@
 
 logger = logging.getLogger(__name__)
 
-__author__ = 'Roland Hedberg'
+__author__ = "Roland Hedberg"
 
 
 KEY_ERR = "Could not find any suitable encryption key for alg='{}'"
 
 
 class JWE(JWx):
-    args = ["alg", "enc", "epk", "zip", "jku", "jwk", "x5u", "x5t",
-            "x5c", "kid", "typ", "cty", "apu", "crit"]
+    args = [
+        "alg",
+        "enc",
+        "epk",
+        "zip",
+        "jku",
+        "jwk",
+        "x5u",
+        "x5t",
+        "x5c",
+        "kid",
+        "typ",
+        "cty",
+        "apu",
+        "crit",
+    ]
 
     """
     :param msg: The message
@@ -91,7 +105,8 @@ def encrypt(self, keys=None, cek="", iv="", **kwargs):
         else:  # _alg.startswith("ECDH-ES"):
             encrypter = JWE_EC(**self._dict)
             cek, encrypted_key, iv, params, eprivk = encrypter.enc_setup(
-                self.msg, key=keys[0], **self._dict)
+                self.msg, key=keys[0], **self._dict
+            )
             kwargs["encrypted_key"] = encrypted_key
             kwargs["params"] = params
 
@@ -114,12 +129,11 @@ def encrypt(self, keys=None, cek="", iv="", **kwargs):
 
             try:
                 token = encrypter.encrypt(key=_key, **kwargs)
-                self["cek"] = encrypter.cek if 'cek' in encrypter else None
+                self["cek"] = encrypter.cek if "cek" in encrypter else None
             except TypeError as err:
                 raise err
             else:
-                logger.debug(
-                    "Encrypted message using key with kid={}".format(key.kid))
+                logger.debug("Encrypted message using key with kid={}".format(key.kid))
                 return token
 
         # logger.error("Could not find any suitable encryption key")
@@ -133,7 +147,7 @@ def decrypt(self, token=None, keys=None, alg=None, cek=None):
         elif self.jwt:
             _jwe = self.jwt
         else:
-            raise ValueError('Nothing to decrypt')
+            raise ValueError("Nothing to decrypt")
 
         _alg = _jwe.headers["alg"]
         if alg and alg != _alg:
@@ -146,7 +160,7 @@ def decrypt(self, token=None, keys=None, alg=None, cek=None):
             keys = self.pick_keys(self._get_keys(), use="enc", alg=_alg)
 
         try:
-            keys.append(key_from_jwk_dict(_jwe.headers['jwk']))
+            keys.append(key_from_jwk_dict(_jwe.headers["jwk"]))
         except KeyError:
             pass
 
@@ -172,7 +186,7 @@ def decrypt(self, token=None, keys=None, alg=None, cek=None):
         if cek:
             try:
                 msg = decrypter.decrypt(_jwe, cek=cek)
-                self["cek"] = decrypter.cek if 'cek' in decrypter else None
+                self["cek"] = decrypter.cek if "cek" in decrypter else None
             except (KeyError, DecryptionFailed):
                 pass
             else:
@@ -187,22 +201,20 @@ def decrypt(self, token=None, keys=None, alg=None, cek=None):
 
             try:
                 msg = decrypter.decrypt(_jwe, _key)
-                self["cek"] = decrypter.cek if 'cek' in decrypter else None
+                self["cek"] = decrypter.cek if "cek" in decrypter else None
             except (KeyError, DecryptionFailed):
                 pass
             else:
-                logger.debug(
-                    "Decrypted message using key with kid=%s" % key.kid)
+                logger.debug("Decrypted message using key with kid=%s" % key.kid)
                 return msg
 
-        raise DecryptionFailed(
-            "No available key that could decrypt the message")
+        raise DecryptionFailed("No available key that could decrypt the message")
 
     def alg2keytype(self, alg):
         return alg2keytype(alg)
 
 
-def factory(token, alg='', enc=''):
+def factory(token, alg="", enc=""):
     try:
         _jwt = JWEnc().unpack(token, alg=alg, enc=enc)
     except KeyError: