1JOSEPY(1)                           josepy                           JOSEPY(1)
2
3
4

NAME

6       josepy - josepy Documentation
7
8       Javascript Object Signing and Encryption (JOSE).
9
10       This  package  is a Python implementation of the standards developed by
11       IETF Javascript Object Signing and Encryption (Active WG), in  particu‐
12       lar the following RFCs:
13
14JSON Web Algorithms (JWA)
15
16JSON Web Key (JWK)
17
18JSON Web Signature (JWS)
19
20       Originally developed as part of the ACME protocol implementation.
21

JOSE BASE64

23       JOSE Base64 is defined as:
24
25          • URL-safe Base64
26
27          • padding stripped
28
29       josepy.b64.b64encode(data)
30              JOSE Base64 encode.
31
32              Parameters
33                     data (bytes) -- Data to be encoded.
34
35              Returns
36                     JOSE Base64 string.
37
38              Return type
39                     bytes
40
41              Raises TypeError -- if data is of incorrect type
42
43       josepy.b64.b64decode(data)
44              JOSE Base64 decode.
45
46              Parameters
47                     data  (bytes  or unicode) -- Base64 string to be decoded.
48                     If it's unicode, then only ASCII characters are allowed.
49
50              Returns
51                     Decoded data.
52
53              Return type
54                     bytes
55
56              Raises
57
58TypeError -- if input is of incorrect type
59
60ValueError -- if input is unicode with non-ASCII  char‐
61                       acters
62

ERRORS

64       JOSE errors.
65
66       exception josepy.errors.Error
67              Generic JOSE Error.
68
69       exception josepy.errors.DeserializationError
70              JSON deserialization error.
71
72       exception josepy.errors.SerializationError
73              JSON serialization error.
74
75       exception josepy.errors.UnrecognizedTypeError(typ, jobj)
76              Unrecognized type error.
77
78              Variables
79
80typ (str) -- The unrecognized type of the JSON object.
81
82jobj -- Full JSON object.
83

INTERFACES

85       JOSE interfaces.
86
87       class josepy.interfaces.JSONDeSerializable
88              Interface for (de)serializable JSON objects.
89
90              Please recall, that standard Python library implements json.JSO‐
91              NEncoder and json.JSONDecoder that perform translations based on
92              respective  conversion tables that look pretty much like the one
93              below (for complete tables see relevant Python documentation):
94
95                                     ┌───────┬────────┐
96                                     │JSON   │ Python │
97                                     ├───────┼────────┤
98                                     │object │ dict   │
99                                     ├───────┼────────┤
100                                     │...    │ ...    │
101                                     └───────┴────────┘
102
103              While the above conversion table is about  translation  of  JSON
104              documents    to/from    the    basic    Python    types    only,
105              JSONDeSerializable introduces the following two concepts:
106
107                 serialization
108                        Turning an arbitrary Python object into Python  object
109                        that can be encoded into a JSON document. Full serial‐
110                        ization produces a Python object composed of only  ba‐
111                        sic types as required by the conversion table. Partial
112                        serialization (accomplished by to_partial_json()) pro‐
113                        duces  a  Python  object that might also be built from
114                        other JSONDeSerializable objects.
115
116                 deserialization
117                        Turning a decoded Python object  (necessarily  one  of
118                        the  basic  types as required by the conversion table)
119                        into an arbitrary Python object.
120
121              Serialization produces serialized object ("partially  serialized
122              object"  or "fully serialized object" for partial and full seri‐
123              alization respectively) and deserialization  produces  deserial‐
124              ized object, both usually denoted in the source code as jobj.
125
126              Wording  in the official Python documentation might be confusing
127              after reading the above, but in the light of those  definitions,
128              one  can view json.JSONDecoder.decode() as decoder and deserial‐
129              izer of basic types, json.JSONEncoder.default() as serializer of
130              basic  types,  json.JSONEncoder.encode()   as serializer and en‐
131              coder of basic types.
132
133              One could extend json to support arbitrary object (de)serializa‐
134              tion either by:
135
136                 • overriding   json.JSONDecoder.decode()   and   json.JSONEn‐
137                   coder.default() in subclasses
138
139                 • or passing object_hook argument (or  object_hook_pairs)  to
140                   json.load()/json.loads()    or    default    argument   for
141                   json.dump()/json.dumps().
142
143              Interestingly, default is required to perform only partial seri‐
144              alization,  as json.dumps() applies default recursively. This is
145              the idea behind making to_partial_json()  produce  only  partial
146              serialization,  while  providing  custom json_dumps() that dumps
147              with default set to json_dump_default().
148
149              To make further documentation a bit more concrete, please,  con‐
150              sider the following imaginatory implementation example:
151
152                 class Foo(JSONDeSerializable):
153                     def to_partial_json(self):
154                         return 'foo'
155
156                     @classmethod
157                     def from_json(cls, jobj):
158                         return Foo()
159
160                 class Bar(JSONDeSerializable):
161                     def to_partial_json(self):
162                         return [Foo(), Foo()]
163
164                     @classmethod
165                     def from_json(cls, jobj):
166                         return Bar()
167
168              abstract to_partial_json()
169                     Partially serialize.
170
171                     Following  the  example,  partial serialization means the
172                     following:
173
174                        assert isinstance(Bar().to_partial_json()[0], Foo)
175                        assert isinstance(Bar().to_partial_json()[1], Foo)
176
177                        # in particular...
178                        assert Bar().to_partial_json() != ['foo', 'foo']
179
180                     Raises josepy.errors.SerializationError -- in case of any
181                            serialization error.
182
183                     Returns
184                            Partially serializable object.
185
186              to_json()
187                     Fully serialize.
188
189                     Again, following the example from before, full serializa‐
190                     tion means the following:
191
192                        assert Bar().to_json() == ['foo', 'foo']
193
194                     Raises josepy.errors.SerializationError -- in case of any
195                            serialization error.
196
197                     Returns
198                            Fully serialized object.
199
200              abstract classmethod from_json(jobj)
201                     Deserialize a decoded JSON document.
202
203                     Parameters
204                            jobj  -- Python object, composed of only other ba‐
205                            sic data types, as decoded from JSON document. Not
206                            necessarily  dict  (as  decoded from "JSON object"
207                            document).
208
209                     Raises josepy.errors.DeserializationError -- if  decoding
210                            was unsuccessful, e.g. in case of unparseable X509
211                            certificate, or wrong padding in JOSE  base64  en‐
212                            coded string, etc.
213
214              classmethod json_loads(json_string)
215                     Deserialize from JSON document string.
216
217              json_dumps(**kwargs)
218                     Dump to JSON string using proper serializer.
219
220                     Returns
221                            JSON document string.
222
223                     Return type
224                            str
225
226              json_dumps_pretty()
227                     Dump the object to pretty JSON document string.
228
229                     Return type
230                            str
231
232              classmethod json_dump_default(python_object)
233                     Serialize Python object.
234
235                     This  function  is  meant  to  be  passed  as  default to
236                     json.dump() or json.dumps(). They call default(python_ob‐
237                     ject)  only  for non-basic Python types, so this function
238                     necessarily raises TypeError if python_object is  not  an
239                     instance of IJSONSerializable.
240
241                     Please read the class docstring for more information.
242

JSON UTILITIES

244       JSON (de)serialization framework.
245
246       The  framework  presented here is somewhat based on Go's "json" package
247       (especially the omitempty functionality).
248
249       class josepy.json_util.Field(json_name, default=None,  omitempty=False,
250       decoder=None, encoder=None)
251              JSON object field.
252
253              Field is meant to be used together with JSONObjectWithFields.
254
255              encoder (decoder) is a callable that accepts a single parameter,
256              i.e. a value to be encoded (decoded), and returns the serialized
257              (deserialized)  value. In case of errors it should raise Serial‐
258              izationError (DeserializationError).
259
260              Note, that decoder should perform partial serialization only.
261
262              Variables
263
264json_name (str) -- Name of the field  when  encoded  to
265                       JSON.
266
267default -- Default value (used when not present in JSON
268                       object).
269
270omitempty (bool) -- If True  and  the  field  value  is
271                       empty,  then  it will not be included in the serialized
272                       JSON object, and default will be used for  deserializa‐
273                       tion.  Otherwise,  if False, field is considered as re‐
274                       quired, value will always be included in the serialized
275                       JSON objected, and it must also be present when deseri‐
276                       alizing.
277
278              omit(value)
279                     Omit the value in output?
280
281              decoder(fdec)
282                     Descriptor to change the decoder on JSON object field.
283
284              encoder(fenc)
285                     Descriptor to change the encoder on JSON object field.
286
287              decode(value)
288                     Decode a value, optionally with context JSON object.
289
290              encode(value)
291                     Encode a value, optionally with context JSON object.
292
293              classmethod default_decoder(value)
294                     Default decoder.
295
296                     Recursively   deserialize   into   immutable   types    (
297                     josepy.util.frozendict instead of dict(), tuple() instead
298                     of list()).
299
300              classmethod default_encoder(value)
301                     Default (passthrough) encoder.
302
303       class josepy.json_util.JSONObjectWithFieldsMeta(name, bases, dikt)
304              Metaclass for JSONObjectWithFields and its subclasses.
305
306              It makes sure that, for any class cls with __metaclass__ set  to
307              JSONObjectWithFieldsMeta:
308
309              1. All fields (attributes of type Field) in the class definition
310                 are moved to the cls._fields dictionary, where keys are field
311                 attribute names and values are fields themselves.
312
313              2. cls.__slots__  is extended by all field attribute names (i.e.
314                 not Field.json_name). Original cls.__slots__  are  stored  in
315                 cls._orig_slots.
316
317              In  a  consequence,  for  a  field  attribute  name  some_field,
318              cls.some_field will be a slot descriptor and not an instance  of
319              Field. For example:
320
321                 some_field = Field('someField', default=())
322
323                 class Foo(object):
324                     __metaclass__ = JSONObjectWithFieldsMeta
325                     __slots__ = ('baz',)
326                     some_field = some_field
327
328                 assert Foo.__slots__ == ('some_field', 'baz')
329                 assert Foo._orig_slots == ()
330                 assert Foo.some_field is not Field
331
332                 assert Foo._fields.keys() == ['some_field']
333                 assert Foo._fields['some_field'] is some_field
334
335              As   an   implementation  note,  this  metaclass  inherits  from
336              abc.ABCMeta (and not the usual type) to mitigate  the  metaclass
337              conflict   (ImmutableMap   and  JSONDeSerializable,  parents  of
338              JSONObjectWithFields, use abc.ABCMeta as its metaclass).
339
340       class josepy.json_util.JSONObjectWithFields(**kwargs)
341              JSON object with fields.
342
343              Example:
344
345                 class Foo(JSONObjectWithFields):
346                     bar = Field('Bar')
347                     empty = Field('Empty', omitempty=True)
348
349                     @bar.encoder
350                     def bar(value):
351                         return value + 'bar'
352
353                     @bar.decoder
354                     def bar(value):
355                         if not value.endswith('bar'):
356                             raise errors.DeserializationError('No bar suffix!')
357                         return value[:-3]
358
359                 assert Foo(bar='baz').to_partial_json() == {'Bar': 'bazbar'}
360                 assert Foo.from_json({'Bar': 'bazbar'}) == Foo(bar='baz')
361                 assert (Foo.from_json({'Bar': 'bazbar', 'Empty': '!'})
362                         == Foo(bar='baz', empty='!'))
363                 assert Foo(bar='baz').bar == 'baz'
364
365              encode(name)
366                     Encode a single field.
367
368                     Parameters
369                            name (str) -- Name of the field to be encoded.
370
371                     Raises
372
373errors.SerializationError -- if field cannot  be
374                              serialized
375
376errors.Error -- if field could not be found
377
378              fields_to_partial_json()
379                     Serialize fields to JSON.
380
381              to_partial_json()
382                     Partially serialize.
383
384                     Following  the  example,  partial serialization means the
385                     following:
386
387                        assert isinstance(Bar().to_partial_json()[0], Foo)
388                        assert isinstance(Bar().to_partial_json()[1], Foo)
389
390                        # in particular...
391                        assert Bar().to_partial_json() != ['foo', 'foo']
392
393                     Raises josepy.errors.SerializationError -- in case of any
394                            serialization error.
395
396                     Returns
397                            Partially serializable object.
398
399              classmethod fields_from_json(jobj)
400                     Deserialize fields from JSON.
401
402              classmethod from_json(jobj)
403                     Deserialize a decoded JSON document.
404
405                     Parameters
406                            jobj  -- Python object, composed of only other ba‐
407                            sic data types, as decoded from JSON document. Not
408                            necessarily  dict  (as  decoded from "JSON object"
409                            document).
410
411                     Raises josepy.errors.DeserializationError -- if  decoding
412                            was unsuccessful, e.g. in case of unparseable X509
413                            certificate, or wrong padding in JOSE  base64  en‐
414                            coded string, etc.
415
416       josepy.json_util.encode_b64jose(data)
417              Encode JOSE Base-64 field.
418
419              Parameters
420                     data (bytes) --
421
422              Return type
423                     unicode
424
425       josepy.json_util.decode_b64jose(data, size=None, minimum=False)
426              Decode JOSE Base-64 field.
427
428              Parameters
429
430data (unicode) --
431
432size (int) -- Required length (after decoding).
433
434minimum (bool) -- If True, then size will be treated as
435                       minimum required length, as opposed to exact equality.
436
437              Return type
438                     bytes
439
440       josepy.json_util.encode_hex16(value)
441              Hexlify.
442
443              Parameters
444                     value (bytes) --
445
446              Return type
447                     unicode
448
449       josepy.json_util.decode_hex16(value, size=None, minimum=False)
450              Decode hexlified field.
451
452              Parameters
453
454value (unicode) --
455
456size (int) -- Required length (after decoding).
457
458minimum (bool) -- If True, then size will be treated as
459                       minimum required length, as opposed to exact equality.
460
461              Return type
462                     bytes
463
464       josepy.json_util.encode_cert(cert)
465              Encode certificate as JOSE Base-64 DER.
466
467              Return type
468                     unicode
469
470       josepy.json_util.decode_cert(b64der)
471              Decode JOSE Base-64 DER-encoded certificate.
472
473              Parameters
474                     b64der (unicode) --
475
476              Return type
477                     OpenSSL.crypto.X509 wrapped in ComparableX509
478
479       josepy.json_util.encode_csr(csr)
480              Encode CSR as JOSE Base-64 DER.
481
482              Return type
483                     unicode
484
485       josepy.json_util.decode_csr(b64der)
486              Decode JOSE Base-64 DER-encoded CSR.
487
488              Parameters
489                     b64der (unicode) --
490
491              Return type
492                     OpenSSL.crypto.X509Req wrapped in ComparableX509
493
494       class josepy.json_util.TypedJSONObjectWithFields(**kwargs)
495              JSON object with type.
496
497              typ = NotImplemented
498                     Type of the object. Subclasses must override.
499
500              type_field_name = 'type'
501                     Field name used to distinguish different object types.
502
503                     Subclasses will probably have to override this.
504
505              TYPES = NotImplemented
506                     Types registered for JSON deserialization
507
508              classmethod register(type_cls, typ=None)
509                     Register class for JSON deserialization.
510
511              classmethod get_type_cls(jobj)
512                     Get the registered class for jobj.
513
514              to_partial_json()
515                     Get JSON serializable object.
516
517                     Returns
518                            Serializable  JSON  object representing ACME typed
519                            object.   validate()  will  almost  certainly  not
520                            work,  due  to  reasons explained in josepy.inter‐
521                            faces.IJSONSerializable.
522
523                     Return type
524                            dict
525
526              classmethod from_json(jobj)
527                     Deserialize ACME object from valid JSON object.
528
529                     Raises josepy.errors.UnrecognizedTypeError -- if type  of
530                            the ACME object has not been registered.
531

JSON WEB ALGORITHMS

533       JSON Web Algorithms.
534
535       https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40
536
537       class josepy.jwa.JWA
538              JSON Web Algorithm.
539
540       class josepy.jwa.JWASignature(name)
541              Base class for JSON Web Signature Algorithms.
542
543              classmethod register(signature_cls)
544                     Register class for JSON deserialization.
545
546              to_partial_json()
547                     Partially serialize.
548
549                     Following  the  example,  partial serialization means the
550                     following:
551
552                        assert isinstance(Bar().to_partial_json()[0], Foo)
553                        assert isinstance(Bar().to_partial_json()[1], Foo)
554
555                        # in particular...
556                        assert Bar().to_partial_json() != ['foo', 'foo']
557
558                     Raises josepy.errors.SerializationError -- in case of any
559                            serialization error.
560
561                     Returns
562                            Partially serializable object.
563
564              classmethod from_json(jobj)
565                     Deserialize a decoded JSON document.
566
567                     Parameters
568                            jobj  -- Python object, composed of only other ba‐
569                            sic data types, as decoded from JSON document. Not
570                            necessarily  dict  (as  decoded from "JSON object"
571                            document).
572
573                     Raises josepy.errors.DeserializationError -- if  decoding
574                            was unsuccessful, e.g. in case of unparseable X509
575                            certificate, or wrong padding in JOSE  base64  en‐
576                            coded string, etc.
577
578              abstract sign(key, msg)
579                     Sign the msg using key.
580
581              abstract verify(key, msg, sig)
582                     Verify the msg and sig using key.
583
584       josepy.jwa.HS256 = HS256
585              HMAC using SHA-256
586
587       josepy.jwa.HS384 = HS384
588              HMAC using SHA-384
589
590       josepy.jwa.HS512 = HS512
591              HMAC using SHA-512
592
593       josepy.jwa.RS256 = RS256
594              RSASSA-PKCS-v1_5 using SHA-256
595
596       josepy.jwa.RS384 = RS384
597              RSASSA-PKCS-v1_5 using SHA-384
598
599       josepy.jwa.RS512 = RS512
600              RSASSA-PKCS-v1_5 using SHA-512
601
602       josepy.jwa.PS256 = PS256
603              RSASSA-PSS using SHA-256 and MGF1 with SHA-256
604
605       josepy.jwa.PS384 = PS384
606              RSASSA-PSS using SHA-384 and MGF1 with SHA-384
607
608       josepy.jwa.PS512 = PS512
609              RSASSA-PSS using SHA-512 and MGF1 with SHA-512
610
611       josepy.jwa.ES256 = ES256
612              ECDSA using P-256 and SHA-256
613
614       josepy.jwa.ES384 = ES384
615              ECDSA using P-384 and SHA-384
616
617       josepy.jwa.ES512 = ES512
618              ECDSA using P-521 and SHA-512
619

JSON WEB KEY

621       JSON Web Key.
622
623       class josepy.jwk.JWK(**kwargs)
624              JSON Web Key.
625
626              cryptography_key_types: tuple = ()
627                     Subclasses should override.
628
629              required = NotImplemented
630                     Required  members  of  public key's representation as de‐
631                     fined by JWK/JWA.
632
633              thumbprint(hash_function=<class      'cryptography.hazmat.primi‐
634              tives.hashes.SHA256'>)
635                     Compute JWK Thumbprint.
636
637                     https://tools.ietf.org/html/rfc7638
638
639                     Returns
640                            bytes
641
642              abstract public_key()
643                     Generate JWK with public key.
644
645                     For symmetric cryptosystems, this would return self.
646
647              classmethod load(data, password=None, backend=None)
648                     Load serialized key as JWK.
649
650                     Parameters
651
652data  (str)  -- Public or private key serialized
653                              as PEM or DER.
654
655password (str) -- Optional password.
656
657backend -- A PEMSerializationBackend and  DERSe‐
658                              rializationBackend provider.
659
660                     Raises errors.Error  --  if unable to deserialize, or un‐
661                            supported JWK algorithm
662
663                     Returns
664                            JWK of an appropriate type.
665
666                     Return type
667                            JWK
668
669       class josepy.jwk.JWKOct(**kwargs)
670              Symmetric JWK.
671
672              fields_to_partial_json()
673                     Serialize fields to JSON.
674
675              classmethod fields_from_json(jobj)
676                     Deserialize fields from JSON.
677
678              public_key()
679                     Generate JWK with public key.
680
681                     For symmetric cryptosystems, this would return self.
682
683       class josepy.jwk.JWKRSA(*args, **kwargs)
684              RSA JWK.
685
686              Variables
687                     key -- RSAPrivateKey or RSAPublicKey wrapped in  Compara‐
688                     bleRSAKey
689
690              public_key()
691                     Generate JWK with public key.
692
693                     For symmetric cryptosystems, this would return self.
694
695              classmethod fields_from_json(jobj)
696                     Deserialize fields from JSON.
697
698              fields_to_partial_json()
699                     Serialize fields to JSON.
700
701       class josepy.jwk.JWKEC(*args, **kwargs)
702              EC JWK.
703
704              Variables
705                     key  -- EllipticCurvePrivateKey or EllipticCurvePublicKey
706                     wrapped in ComparableRSAKey
707
708              fields_to_partial_json()
709                     Serialize fields to JSON.
710
711              classmethod fields_from_json(jobj)
712                     Deserialize fields from JSON.
713
714              public_key()
715                     Generate JWK with public key.
716
717                     For symmetric cryptosystems, this would return self.
718

JSON WEB SIGNATURE

720       JSON Web Signature.
721
722       class josepy.jws.MediaType
723              MediaType field encoder/decoder.
724
725              PREFIX = 'application/'
726                     MIME Media Type and Content Type prefix.
727
728              classmethod decode(value)
729                     Decoder.
730
731              classmethod encode(value)
732                     Encoder.
733
734       class josepy.jws.Header(**kwargs)
735              JOSE Header.
736
737              WARNING:
738                 This class supports only Registered  Header  Parameter  Names
739                 (as defined in section 4.1 of the protocol). If you need Pub‐
740                 lic Header Parameter Names (4.2) or Private Header  Parameter
741                 Names  (4.3),  you must subclass and override from_json() and
742                 to_partial_json() appropriately.
743
744              WARNING:
745                 This class does not support any extensions through the "crit"
746                 (Critical)  Header Parameter (4.1.11) and as a conforming im‐
747                 plementation, from_json() treats its occurrence as an  error.
748                 Please subclass if you seek for a different behaviour.
749
750              Variables
751
752x5tS256 -- "x5t#S256"
753
754typ (str) -- MIME Media Type, inc. MediaType.PREFIX.
755
756cty (str) -- Content-Type, inc. MediaType.PREFIX.
757
758              not_omitted()
759                     Fields that would not be omitted in the JSON object.
760
761              find_key()
762                     Find key based on header.
763

TODO

765       Supports only "jwk" header parameter lookup.
766
767              Returns
768                     (Public) key found in the header.
769
770              Return type
771                     JWK
772
773              Raises josepy.errors.Error -- if key could not be found
774
775       class josepy.jws.Signature(**kwargs)
776              JWS Signature.
777
778              Variables
779
780combined -- Combined Header (protected and unprotected,
781                       Header).
782
783protected  (unicode)  --  JWS  protected  header  (Jose
784                       Base-64 decoded).
785
786header -- JWS Unprotected Header (Header).
787
788signature (str) -- The signature.
789
790              header_cls
791                     alias of josepy.jws.Header
792
793              verify(payload, key=None)
794                     Verify.
795
796                     Parameters
797                            key (JWK) -- Key used for verification.
798
799              classmethod   sign(payload,  key,  alg,  include_jwk=True,  pro‐
800              tect=frozenset({}), **kwargs)
801                     Sign.
802
803                     Parameters
804                            key (JWK) -- Key for signature.
805
806              fields_to_partial_json()
807                     Serialize fields to JSON.
808
809              classmethod fields_from_json(jobj)
810                     Deserialize fields from JSON.
811
812       class josepy.jws.JWS(**kwargs)
813              JSON Web Signature.
814
815              Variables
816
817payload (str) -- JWS Payload.
818
819signature (str) -- JWS Signatures.
820
821              signature_cls
822                     alias of josepy.jws.Signature
823
824              verify(key=None)
825                     Verify.
826
827              classmethod sign(payload, **kwargs)
828                     Sign.
829
830              property signature
831                     Get a singleton signature.
832
833                     Return type
834                            JWS.signature_cls
835
836              to_compact()
837                     Compact serialization.
838
839                     Return type
840                            bytes
841
842              classmethod from_compact(compact)
843                     Compact deserialization.
844
845                     Parameters
846                            compact (bytes) --
847
848              to_partial_json(flat=True)
849                     Partially serialize.
850
851                     Following the example, partial  serialization  means  the
852                     following:
853
854                        assert isinstance(Bar().to_partial_json()[0], Foo)
855                        assert isinstance(Bar().to_partial_json()[1], Foo)
856
857                        # in particular...
858                        assert Bar().to_partial_json() != ['foo', 'foo']
859
860                     Raises josepy.errors.SerializationError -- in case of any
861                            serialization error.
862
863                     Returns
864                            Partially serializable object.
865
866              classmethod from_json(jobj)
867                     Deserialize a decoded JSON document.
868
869                     Parameters
870                            jobj -- Python object, composed of only other  ba‐
871                            sic data types, as decoded from JSON document. Not
872                            necessarily dict (as decoded  from  "JSON  object"
873                            document).
874
875                     Raises josepy.errors.DeserializationError  -- if decoding
876                            was unsuccessful, e.g. in case of unparseable X509
877                            certificate,  or  wrong padding in JOSE base64 en‐
878                            coded string, etc.
879
880       class josepy.jws.CLI
881              JWS CLI.
882
883              classmethod sign(args)
884                     Sign.
885
886              classmethod verify(args)
887                     Verify.
888
889              classmethod run(args=None)
890                     Parse arguments and sign/verify.
891

UTILITIES

893       JOSE utilities.
894
895       class josepy.util.abstractclassmethod(target)
896              Descriptor for an abstract classmethod.
897
898              It augments the abc framework with an abstract classmethod. This
899              is implemented as abc.abstractclassmethod in the standard Python
900              library starting with version 3.2.
901
902              This implementation is from a StackOverflow answer that was  de‐
903              rived  from  the  implementation  in the Python 3.3 abc library.
904              http://stackoverflow.com/questions/11217878/python-2-7-combine-abc-abstractmethod-and-classmethod.
905
906       class josepy.util.ComparableX509(wrapped)
907              Wrapper for OpenSSL.crypto.X509** objects that supports __eq__.
908
909              Variables
910                     wrapped -- Wrapped certificate or certificate request.
911
912       class josepy.util.ComparableKey(wrapped)
913              Comparable wrapper for cryptography keys.
914
915              See https://github.com/pyca/cryptography/issues/2122.
916
917              public_key()
918                     Get wrapped public key.
919
920       class josepy.util.ComparableRSAKey(wrapped)
921              Wrapper for cryptography RSA keys.
922
923              Wraps around:
924
925RSAPrivateKey
926
927RSAPublicKey
928
929       class josepy.util.ComparableECKey(wrapped)
930              Wrapper  for  cryptography  RSA keys.  Wraps around: - Elliptic‐
931              CurvePrivateKey - EllipticCurvePublicKey
932
933              public_key()
934                     Get wrapped public key.
935
936       class josepy.util.ImmutableMap(**kwargs)
937              Immutable key to value mapping with attribute access.
938
939              update(**kwargs)
940                     Return updated map.
941
942       class josepy.util.frozendict(*args, **kwargs)
943              Frozen dictionary.
944

CHANGELOG

946   1.8.0 (2021-03-15)
947       • Removed external mock dependency.
948
949       • Removed dependency on six.
950
951       • Deprecated the module josepy.magic_typing.
952
953       • Fix JWS/JWK generation with EC keys  when  keys  or  signatures  have
954         leading zeros.
955
956   1.7.0 (2021-02-11)
957       • Dropped support for Python 2.7.
958
959       • Added support for EC keys.
960
961   1.6.0 (2021-01-26)
962       • Deprecated support for Python 2.7.
963
964   1.5.0 (2020-11-03)
965       • Added support for Python 3.9.
966
967       • Dropped support for Python 3.5.
968
969       • Stopped  supporting  running tests with python setup.py test which is
970         deprecated in favor of python -m pytest.
971
972   1.4.0 (2020-08-17)
973       • Deprecated support for Python 3.5.
974
975   1.3.0 (2020-01-28)
976       • Deprecated support for Python 3.4.
977
978       • Officially add support for Python 3.8.
979
980   1.2.0 (2019-06-28)
981       • Support for Python 2.6 and 3.3 has been removed.
982
983       • Known incompatibilities with Python 3.8 have been resolved.
984
985   1.1.0 (2018-04-13)
986       • Deprecated support for Python 2.6 and 3.3.
987
988       • Use the sign and verify methods when they are available in cryptogra‐
989         phy instead of the deprecated methods signer and verifier.
990
991   1.0.1 (2017-10-25)
992       Stop  installing  mock  as  part of the default but only as part of the
993       testing dependencies.
994
995   1.0.0 (2017-10-13)
996       First release after moving the josepy package  into  a  standalone  li‐
997       brary.
998
999       • genindex
1000
1001       • modindex
1002
1003       • search
1004

AUTHOR

1006       Let's Encrypt Project
1007
1009       2015-2021, Let's Encrypt Project
1010
1011
1012
1013
10141.8                              Mar 16, 2021                        JOSEPY(1)
Impressum