architect · ryanblock · Aug 2, 2023 · Aug 2, 2023
diff --git a/Pipfile b/Pipfile
@@ -12,5 +12,5 @@ build = "*"
 black = "*"
 
 [packages]
-jwcrypto = "*"
+python-jose = "*"
 simplejson = "*"
diff --git a/arc/http/session/ddb.py b/arc/http/session/ddb.py
@@ -1,9 +1,10 @@
+import hmac
+import hashlib
 import os
 import simplejson as _json
 from datetime import datetime, timedelta
 from base64 import b64encode, urlsafe_b64encode
 from typing import Any, Dict, Tuple, Optional
-from cryptography.hazmat.primitives import hashes, hmac
 from arc.tables import table
 
 
@@ -12,9 +13,10 @@ def _get_secret() -> str:
 
 
 def _sign(value: str, secret: str) -> str:
-    h = hmac.HMAC(secret.encode("utf-8"), hashes.SHA256())
-    h.update(value.encode("utf-8"))
-    digest = b64encode(h.finalize()).decode("utf-8").rstrip("=")
+    key = str.encode(secret)
+    msg = str.encode(value)
+    h = hmac.new(key, msg=msg, digestmod=hashlib.sha256)
+    digest = b64encode(h.digest()).decode("utf-8").rstrip("=")
     return value + "." + digest
 
 

diff --git a/arc/http/session/jwe.py b/arc/http/session/jwe.py
@@ -1,10 +1,10 @@
+import json
 import math
 import os
 import time
 from typing import Any, Dict
 
-from jwcrypto import jwe, jwk
-from jwcrypto.common import base64url_encode, json_decode, json_encode
+from jose import jwe
 
 _algos = {
     # 256 bit (32 octet) key size
@@ -34,23 +34,18 @@ def _setup_crypto():
     if len(secret) > len(_algos[_enc]):
         secret = secret[0 : len(_algos[_enc])]
 
-    _key = jwk.JWK(k=base64url_encode(secret), kty="oct")
+    _key = secret
 
 
 def jwe_read(cookie: str) -> Dict[Any, Any]:
     _setup_crypto()
-    jwetoken = jwe.JWE()
-    jwetoken.deserialize(cookie, key=_key)
-    return json_decode(jwetoken.payload)
+    result = jwe.decrypt(cookie, _key)
+    return json.loads(result)
 
 
 def jwe_write(payload: Dict[Any, Any]) -> str:
     _setup_crypto()
     payload = dict(payload)
     payload["iat"] = math.floor(time.time())
-    jwetoken = jwe.JWE(
-        json_encode(payload),
-        json_encode({"alg": "dir", "enc": _enc}),
-        recipient=_key,
-    )
-    return jwetoken.serialize(compact=True)
+    jwetoken = jwe.encrypt(json.dumps(payload), _key, algorithm="dir", encryption=_enc)
+    return jwetoken.decode("utf-8")
diff --git a/pyproject.toml b/pyproject.toml
@@ -4,6 +4,10 @@ dynamic = ["version"]
 description = "Runtime utility library for Functional Web Apps (FWAs) built with Architect (https://arc.codes)"
 readme = "readme.md"
 requires-python = ">=3.7"
+dependencies = [
+    "python-jose",
+    "simplejson",
+]
 classifiers = [
     "Intended Audience :: Developers",
     "License :: OSI Approved :: Apache Software License",

diff --git a/setup.cfg b/setup.cfg
@@ -1,11 +1,5 @@
-[metadata]
-name = architect-functions
-
 [options]
 packages = find:
-install_requires =
-    jwcrypto
-    simplejson
 
 [options.packages.find]
 include=arc*

diff --git a/tests/test_http_sessions.py b/tests/test_http_sessions.py
@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-import jwcrypto
+import jose
 import pytest
 import arc
 from arc.http.session.jwe import jwe_write, jwe_read
@@ -43,13 +43,13 @@ def test_long_key(monkeypatch):
 def test_short_key(monkeypatch):
     monkeypatch.setenv("ARC_APP_SECRET", "123456")
     with pytest.raises(
-        jwcrypto.common.InvalidCEKeyLength,
-        match=r"Expected key of length 256 bits, got 48",
+        jose.exceptions.JWKError,
+        match=r"Key must be 256 bit for alg A256GCM",
     ):
         test_jwe_session(monkeypatch)
     with pytest.raises(
-        jwcrypto.common.InvalidCEKeyLength,
-        match=r"Expected key of length 256 bits, got 48",
+        jose.exceptions.JWKError,
+        match=r"Key must be 256 bit for alg A256GCM",
     ):
         test_jwe_read_write()