feat: Use cryptography based JWT parser for increased speed

[jrconlin]

Switches to using python cryptography library instead of jose/jwt
(which relied on python ecdsa library). Also discovered lots of fun
discrepencies between how ecdsa and libssl sign things.

closes #785

[codecov-io]

Codecov Report

Merging #854 into master will not change coverage.
The diff coverage is 100%.

@@          Coverage Diff          @@
##           master   #854   +/-   ##
=====================================
  Coverage     100%   100%           
=====================================
  Files          48     49    +1     
  Lines        9529   9537    +8     
=====================================
+ Hits         9529   9537    +8

Impacted Files	Coverage Δ
autopush/tests/test_endpoint.py	100% <100%> (ø)	⬆️
autopush/jwt.py	100% <100%> (ø)
autopush/tests/test_web_validation.py	100% <100%> (ø)	⬆️
autopush/web/webpush.py	100% <100%> (ø)	⬆️
autopush/utils.py	100% <100%> (ø)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 76f772e...fe9b776. Read the comment docs.

[bbangert]

I don't really understand the crypto enough to comment on that, added some Python style comments.

[bbangert]

nit: Module docs go above the imports

[bbangert]

Wasn't there another padding altering function somewhere?

[jrconlin]

It's in utils, which includes jwt.py, leading to a dependency loop.

[alex]

Work around that by moving the function here and changing that file to import it?

[bbangert]

Should inherit from (object) still (in Py3 that's implicit).

[bbangert]

Why is an empty init needed?

[bbangert]

Why not @staticmethod? Since these don't seem to use cls.

[bbangert]

staticmethod?

[alex]

👋 new mozillian here, also one of the pyca/cryptography devs. @bbangert asked me to take a look.

[alex]

cryptography has a function for taking r and s and generating the DER encoded body: cryptography.hazmat.primitives.asymmetric.utils.encode_dss_signature (path from memory, hopefully correct!)

[alex]

(In addition to being less code for you, it uses a different python asn.1 lib which is faster, so that'll be helpful if perf is a concern)

[jrconlin]

absolutely! Thanks!

[alex]

Recent cryptography's have a helper pkey.verify() method, which will save you this comment and a few lines of code :-) https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec/#cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.verify

[alex]

You can probably factor out the base64.urlsafe_b64decode(repad(signature.encode())) above into a message var, to safe teh re-decoding.

[alex]

Since the caller immediately calls split() on this, is there a reason not to return a tuple?

This saves you the splitting, and removes the need to to base64-encode (and then decode) the signature.

[alex]

Usage of the cryptography API here LGTM. I don't know anything else about the autopush codebase to say further :-)

[bbangert]

This will show up as the module's title in the API docs.... oh, maybe we should add a .rst so that there'll be docs generated for this module?

[bbangert]

nit: line-break between module imports from std lib to 3rd party.

[pjenvey]

w/ JOSEError gone you can also move the jose and ecdsa dep from requirements to test-requirements

also there's now at least a couple related bogus mocks in the tests: test_post_bad_jwt in test_endpoint, test_invalid_encryption_jwt in test_web_validation

[pjenvey]

I assume you're keeping this as a class to flesh out more later (like the map of algs to signing algorithms, similar to jose's classes)? otherwise these are already nice and isolated and could live as module level functions

[jrconlin]

Partly. Mostly I wanted to keep the basic concept the same so I didn't have to go do a massive code rewrite.

[pjenvey]

we're not catching it yet --

I think we can overhaul the JOSEError and AssertionError except clause in webpush now for InvalidSignature (IIRC ecdsa had all those asserts we had to catch?)

This func can definitely trigger ValueErrors (from_encoded_point, maybe the rsplits?) which is ok I guess, we're already catching them in that clause.

jose attempts to catch some ValueErrors and convert them to JOSEErrors -- but maybe it wasn't perfect at it because we still had to catch them.

Looking at jose.jws._load, it's also careful about TypeErrors/binascii.Errors, might we trigger any of those too?

[pjenvey]

Could this ever raise a PyAsn1Error? (OUTDATED)

[pjenvey]

do you really want encode() w/ default encoding here and line 97? Should explicitly specify ascii then (OUDATED)

[pjenvey]

The test_endpoint test_post_bad_jwt still bogusly monkeypatches jose.jws.verify

[pjenvey]

Exception here definitely not needed

[pjenvey]

key should be required and don't need *args/**kwargs

[jrconlin]

yeah, I had those in because I was trying to make the function a drop in replacement and was being paranoid.

[pjenvey]

It'd be nice to restrict this somewhat but it's a damn chore tracking all the potential exceptions. Maybe we should log totally unexpected ones to sentry?

I'll list the ones I know about, do with it what you want =]

splits: ValueError
base64: (TypeError, binascii.Error)
encode_dss_signature (underneath is pyasn stuff): not sure put probably that PyAsn1Error or whatever it was
verify: InvalidSignature
json.loads: ValueError

[alex]

encode_dss_signature shouldn't ever throw

[alex]

(if it is, let us know, we need to either fix a bug or update teh docs: https://cryptography.io/en/latest/hazmat/primitives/asymmetric/utils/#cryptography.hazmat.primitives.asymmetric.utils.encode_dss_signature)

[jrconlin]

@alex, encode_dss_signature shouldn't throw, but hexlify absolutely will. Granted, it's caught by the parent function, but it's also still in the critical path.

[jrconlin]

@pjenvey I like your idea about having a end Exception that reports to sentry. That will let us spot errors, but still have the code behave properly.

[jrconlin]

Crap, missed pulling that test. Good catch, thanks!

[pjenvey]

you want failure("Unexpected error processing JWT"), that'll grab exc_info and send to sentry

[pjenvey]

nitpick don't need InvalidSignature here

[pjenvey]

Ah, probably don't need PyAsn1Error either according to alex

[pjenvey]

One more related thing (I notice as I'm looking at sentry):

https://sentry.prod.mozaws.net/operations/autopush-prod/issues/383686/

let's start catching TypeError/binascii.Error in extract_jwt's base64 call

[pjenvey]

Another thing: I think we can just auth.encode('utf-8') here to begin with: then the other 2 later encode calls aren't needed. jose.jws _load does similar. (then you can even utilize our utils.base64_urldecode)

[jrconlin]

yes on calling .encode('utf8') no on using utils.base64_urldecode. the latter would set up a circular dependency.