From 368a2ad04dcff0089d72ffdb776fce4e58bd7be6 Mon Sep 17 00:00:00 2001
From: dreid <dreid@users.noreply.github.com>
Date: Mon, 30 Nov 2020 11:33:19 -0800
Subject: [PATCH 1/3] Denylist ecdsa 0.15 in setup.py to allow for 0.16 to be
 installed.

The previous pull request #192 only changed the pin in requirements.txt and not in setup.py, so the ecdsa<0.15 restriction would actually be used by pip.
---
 setup.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/setup.py b/setup.py
index 7e7afbaf..5d82817e 100644
--- a/setup.py
+++ b/setup.py
@@ -38,7 +38,7 @@ def _cryptography_version():
     'pycrypto': ['pycrypto >=2.6.0, <2.7.0'] + pyasn1,
     'pycryptodome': ['pycryptodome >=3.3.1, <4.0.0'] + pyasn1,
 }
-legacy_backend_requires = ['ecdsa <0.15', 'rsa'] + pyasn1
+legacy_backend_requires = ['ecdsa != 0.15', 'rsa'] + pyasn1
 install_requires = ['six <2.0']
 
 # TODO: work this into the extras selection instead.
@@ -78,7 +78,7 @@ def _cryptography_version():
     ],
     tests_require=[
         'six',
-        'ecdsa<0.15',
+        'ecdsa != 0.15',
         'pytest',
         'pytest-cov',
         'pytest-runner',

From 39262fa183219946da97190c7f27353314c19ba3 Mon Sep 17 00:00:00 2001
From: dreid <dreid@pilot.com>
Date: Mon, 7 Dec 2020 11:18:13 -0800
Subject: [PATCH 2/3] Pass allow_truncate=False to ecdsa sign/verify

---
 jose/backends/ecdsa_backend.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/jose/backends/ecdsa_backend.py b/jose/backends/ecdsa_backend.py
index 73b3eab0..1ef53cbf 100644
--- a/jose/backends/ecdsa_backend.py
+++ b/jose/backends/ecdsa_backend.py
@@ -91,11 +91,11 @@ def _process_jwk(self, jwk_dict):
             return ecdsa.keys.VerifyingKey.from_public_point(point, self.curve)
 
     def sign(self, msg):
-        return self.prepared_key.sign(msg, hashfunc=self.hash_alg, sigencode=ecdsa.util.sigencode_string)
+        return self.prepared_key.sign(msg, hashfunc=self.hash_alg, sigencode=ecdsa.util.sigencode_string, allow_truncate=False)
 
     def verify(self, msg, sig):
         try:
-            return self.prepared_key.verify(sig, msg, hashfunc=self.hash_alg, sigdecode=ecdsa.util.sigdecode_string)
+            return self.prepared_key.verify(sig, msg, hashfunc=self.hash_alg, sigdecode=ecdsa.util.sigdecode_string, allow_truncate=False)
         except Exception:
             return False
 

From d59ad6dd388266e602556f130e610f6e551dd573 Mon Sep 17 00:00:00 2001
From: dreid <dreid@pilot.com>
Date: Mon, 7 Dec 2020 13:47:23 -0800
Subject: [PATCH 3/3] Flake8

---
 jose/backends/ecdsa_backend.py | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/jose/backends/ecdsa_backend.py b/jose/backends/ecdsa_backend.py
index 1ef53cbf..af0d9750 100644
--- a/jose/backends/ecdsa_backend.py
+++ b/jose/backends/ecdsa_backend.py
@@ -91,11 +91,22 @@ def _process_jwk(self, jwk_dict):
             return ecdsa.keys.VerifyingKey.from_public_point(point, self.curve)
 
     def sign(self, msg):
-        return self.prepared_key.sign(msg, hashfunc=self.hash_alg, sigencode=ecdsa.util.sigencode_string, allow_truncate=False)
+        return self.prepared_key.sign(
+            msg,
+            hashfunc=self.hash_alg,
+            sigencode=ecdsa.util.sigencode_string,
+            allow_truncate=False
+        )
 
     def verify(self, msg, sig):
         try:
-            return self.prepared_key.verify(sig, msg, hashfunc=self.hash_alg, sigdecode=ecdsa.util.sigdecode_string, allow_truncate=False)
+            return self.prepared_key.verify(
+                sig,
+                msg,
+                hashfunc=self.hash_alg,
+                sigdecode=ecdsa.util.sigdecode_string,
+                allow_truncate=False
+            )
         except Exception:
             return False