diff --git a/jwt/algorithms.py b/jwt/algorithms.py index 36b84b3a..59666c9f 100644 --- a/jwt/algorithms.py +++ b/jwt/algorithms.py @@ -69,10 +69,27 @@ # in Py >= 3.10, we can replace this with the Union types below ALLOWED_RSA_KEY_TYPES = (RSAPrivateKey, RSAPublicKey) ALLOWED_EC_KEY_TYPES = (EllipticCurvePrivateKey, EllipticCurvePublicKey) - ALLOWED_OKP_KEY_TYPES = (Ed25519PrivateKey, Ed25519PublicKey, Ed448PrivateKey, Ed448PublicKey) - ALLOWED_KEY_TYPES = ALLOWED_RSA_KEY_TYPES + ALLOWED_EC_KEY_TYPES + ALLOWED_OKP_KEY_TYPES - ALLOWED_PRIVATE_KEY_TYPES = (RSAPrivateKey, EllipticCurvePrivateKey, Ed25519PrivateKey, Ed448PrivateKey) - ALLOWED_PUBLIC_KEY_TYPES = (RSAPublicKey, EllipticCurvePublicKey, Ed25519PublicKey, Ed448PublicKey) + ALLOWED_OKP_KEY_TYPES = ( + Ed25519PrivateKey, + Ed25519PublicKey, + Ed448PrivateKey, + Ed448PublicKey, + ) + ALLOWED_KEY_TYPES = ( + ALLOWED_RSA_KEY_TYPES + ALLOWED_EC_KEY_TYPES + ALLOWED_OKP_KEY_TYPES + ) + ALLOWED_PRIVATE_KEY_TYPES = ( + RSAPrivateKey, + EllipticCurvePrivateKey, + Ed25519PrivateKey, + Ed448PrivateKey, + ) + ALLOWED_PUBLIC_KEY_TYPES = ( + RSAPublicKey, + EllipticCurvePublicKey, + Ed25519PublicKey, + Ed448PublicKey, + ) has_crypto = True except ModuleNotFoundError: @@ -81,6 +98,7 @@ if TYPE_CHECKING: from typing import TypeAlias + # Type aliases for convenience in algorithms method signatures AllowedRSAKeys: TypeAlias = RSAPrivateKey | RSAPublicKey AllowedECKeys: TypeAlias = EllipticCurvePrivateKey | EllipticCurvePublicKey @@ -194,7 +212,9 @@ def check_crypto_key_type(self, key: Any): valid_classes = (cls.__name__ for cls in self._crypto_key_types) actual_class = key.__class__.__name__ self_class = self.__class__.__name__ - raise InvalidKeyError(f"Expected one of {valid_classes}, got: {actual_class}. Invalid Key type for {self_class}") + raise InvalidKeyError( + f"Expected one of {valid_classes}, got: {actual_class}. Invalid Key type for {self_class}" + ) @abstractmethod def prepare_key(self, key: Any) -> Any: