@@ -229,7 +229,7 @@ def _verify_dpop_signature(proof_jwt: str, jwk: dict[str, Any]) -> None:
229229 """Verify the signature of a DPoP proof JWT using the embedded JWK."""
230230 parts = proof_jwt .split ('.' )
231231 if len (parts ) != 3 :
232- raise JWTError ('Invalid DPoP proof format' )
232+ raise InvalidDPoPError ('Invalid DPoP proof format' )
233233 signing_input = f'{ parts [0 ]} .{ parts [1 ]} ' .encode ('ascii' )
234234 signature_bytes = _b64url_decode (parts [2 ])
235235
@@ -241,7 +241,7 @@ def _verify_dpop_signature(proof_jwt: str, jwk: dict[str, Any]) -> None:
241241 elif kty == 'RSA' and alg in ('RS256' , 'RS384' , 'RS512' ):
242242 _verify_dpop_rsa (signing_input , signature_bytes , jwk , alg )
243243 else :
244- raise JWTError (
244+ raise InvalidDPoPError (
245245 f'Unsupported DPoP key type / algorithm: kty={ kty } alg={ alg } '
246246 )
247247
@@ -267,7 +267,7 @@ def _verify_dpop_ec(
267267 # key_size is in bits; each component is ceil(key_size/8) bytes
268268 byte_len = (key_size + 7 ) // 8
269269 if len (signature ) != byte_len * 2 :
270- raise JWTError (
270+ raise InvalidDPoPError (
271271 f'Invalid DPoP EC signature length: { len (signature )} '
272272 f'(expected { byte_len * 2 } )'
273273 )
@@ -277,7 +277,7 @@ def _verify_dpop_ec(
277277 try :
278278 pub_key .verify (der_sig , signing_input , _crypto_ec .ECDSA (_ec_alg_to_hash (alg )))
279279 except InvalidSignature :
280- raise JWTError ('Invalid DPoP proof signature' ) from None
280+ raise InvalidDPoPError ('Invalid DPoP proof signature' ) from None
281281
282282
283283def _verify_dpop_rsa (
@@ -310,7 +310,7 @@ def _verify_dpop_rsa(
310310 Prehashed (hash_alg ),
311311 )
312312 except InvalidSignature :
313- raise JWTError ('Invalid DPoP proof signature' ) from None
313+ raise InvalidDPoPError ('Invalid DPoP proof signature' ) from None
314314
315315
316316def _encode_dpop_proof_payload (method : str , url : str , nonce : str ) -> bool :
0 commit comments