Change to emit warnings when verifying with private keys

Author: blag

jose/backends/pycrypto_backend.py

@@ -1,6 +1,7 @@
 from base64 import b64encode
 
 import six
+import warnings
 
 import Crypto.Hash.SHA256
 import Crypto.Hash.SHA384
@@ -148,7 +149,8 @@ def sign(self, msg):
 
     def verify(self, msg, sig):
         if not self.is_public():
-            return False
+            warnings.warn("Attempting to verify a message with a private key. "
+                          "This is not recommended.")
         try:
             return PKCS1_v1_5.new(self.prepared_key).verify(self.hash_alg.new(msg), sig)
         except Exception:

jose/backends/rsa_backend.py

@@ -1,6 +1,8 @@
 import binascii
 
 import six
+import warnings
+
 from pyasn1.error import PyAsn1Error
 
 import rsa as pyrsa
@@ -201,7 +203,8 @@ def sign(self, msg):
 
     def verify(self, msg, sig):
         if not self.is_public():
-            return False
+            warnings.warn("Attempting to verify a message with a private key. "
+                          "This is not recommended.")
         try:
             pyrsa.verify(msg, sig, self._prepared_key)
             return True