Beispiel #1
0
 def test_verify_interop(self):
     for data in self.sample_data:
         jws = deserialize(data['compact_serialization'])
         self.assertEqual(jws.header, data['header'])
         self.assertTrue(jws.verify_with(data['verify_key']))
         t = jws.payload
         self.assertEqual(t.claims, data['claims'])
Beispiel #2
0
    def test_round_trip(self):
        for data in self.sample_data:
            initial_jwe = JWE(header=data['header'], payload=data['payload'])
            initial_jwe.encrypt_with(data['encrypt_key'])
            serialization = initial_jwe.compact_serialize()

            second_jwe = deserialize(serialization)
            second_jwe.verify_and_decrypt_with(data['decrypt_key'])
            self.assertEqual(second_jwe.payload, data['payload'])
Beispiel #3
0
    def test_round_trip(self):
        for data in self.sample_data:
            jo = data['payload_class'](data['payload'])
            initial_jwe = jo.encrypt_with(data['encrypt_key'],
                    alg=data['encrypt_alg'], enc=data['encrypt_enc'])
            serialization = initial_jwe.compact_serialize()

            second_jwe = deserialize(serialization)
            payload = second_jwe.verify_and_decrypt_with(data['decrypt_key'])
            self.assertEqual(payload, jo)
Beispiel #4
0
    def test_spec_sample(self):
        jwe = deserialize(_NESTED_SERIALIZED_JWE)
        jws = jwe.verify_and_decrypt_with(spec_keys.jwe_private_key_2)
        self.assertTrue(jws.verify_with(spec_keys.jws_public_key))

        t = jws.payload
        self.assertEqual(dict(t), {
            'exp': 1300819380,
            'iss': 'joe',
            'http://example.com/is_root': True,
        })
Beispiel #5
0
    def test_should_return_multiple_audiences(self):
        response = self._post_with_typical_params()

        data = self._get_response_data(response)
        id_token_jws = jot.deserialize(data['id_token'])

        id_token = id_token_jws.payload
        self.assertTrue(id_token.has_audience(
            self.valid_client_data[0]['client_id']))
        self.assertTrue(id_token.has_audience(
            self.valid_client_data[1]['client_id']))

        self.assertTrue(id_token.get_claim_from_namespace(NAMESPACE, 'posix'))
        self.assertTrue(id_token.get_claim_from_namespace(NAMESPACE, 'roles'))
Beispiel #6
0
    def test_encryption_round_trip(self):
        for data in self.sample_data:
            original_token = Token(claims=data['claims'])
            jwe = original_token.encrypt_with(data['encrypt_key'],
                    alg=data['encrypt_alg'], enc=data['encrypt_enc'])

            compact_serialization = jwe.compact_serialize()

            deserialized_jwe = deserialize(compact_serialization)
            t = deserialized_jwe.verify_and_decrypt_with(data['decrypt_key'])
            self.assertIsInstance(t, Token)

            self.assertEqual(t.header, jwe.header)
            self.assertEqual(t.claims, original_token.claims)
Beispiel #7
0
    def test_round_trip(self):
        for data in self.sample_data:
            original_token = Token(payload=data['payload'], alg=data['alg'])
            original_token.sign_with(data['sign_key'])

            compact_serialization = original_token.compact_serialize()

            deserialized_token = deserialize(compact_serialization)
            self.assertIsInstance(deserialized_token, Token)

            self.assertTrue(deserialized_token.verify_with(data['verify_key']))

            self.assertEqual(deserialized_token.header, original_token.header)
            self.assertEqual(deserialized_token.payload, original_token.payload)
Beispiel #8
0
    def test_round_trip(self):
        for data in self.sample_data:
            original_so = JWS(header=data['header'],
                    payload=data['payload'])
            original_so.sign_with(data['sign_key'])

            compact_serialization = original_so.compact_serialize()

            deserialized_so = deserialize(compact_serialization)
            self.assertIsInstance(deserialized_so, JWS)

            self.assertTrue(deserialized_so.verify_with(data['verify_key']))

            self.assertEqual(deserialized_so.header, data['header'])
            self.assertEqual(deserialized_so.payload, data['payload'])
Beispiel #9
0
    def test_signature_round_trip(self):
        for data in self.sample_data:
            original_token = Token(claims=data['claims'])
            signed_token = original_token.sign_with(data['sign_key'],
                    alg=data['sign_alg'])

            compact_serialization = signed_token.compact_serialize()

            deserialized_jws = deserialize(compact_serialization)
            self.assertTrue(deserialized_jws.verify_with(data['verify_key']))

            deserialized_token = deserialized_jws.payload
            self.assertIsInstance(deserialized_token, Token)

            self.assertEqual(deserialized_token.header, signed_token.header)
            self.assertEqual(deserialized_token.claims, original_token.claims)
Beispiel #10
0
    def test_should_return_valid_id_token(self):
        response = self.client.get(
            self.public_authorize_url(scopes=['openid', 'bar']),
            headers={'Authorization': 'API-Key ' + self.bob_key})

        fragment_data = self._get_frament_data(response)

        self.assertIn('id_token', fragment_data)
        id_token_jwe = jot.deserialize(fragment_data['id_token'][0])

        id_token_jws = id_token_jwe.verify_and_decrypt_with(
            rsa_key.RESOURCE_PRIVATE_KEY)
        self.assertTrue(id_token_jws.verify_with(self.public_key))

        id_token = id_token_jws.payload
        self.assertTrue(id_token.is_valid)
        self.assertTrue(
            id_token.has_audience(self.confidential_client_data['client_id']))
Beispiel #11
0
    def test_should_return_valid_id_token(self):
        response = self._post_with_typical_params(
                scopes=['bar', 'foo', 'openid'])

        data = self._get_response_data(response)
        self.assertIn('id_token', data)

        id_token_jws = jot.deserialize(data['id_token'])
        self.assertTrue(id_token_jws.verify_with(self.public_key))

        id_token = id_token_jws.payload
        self.assertTrue(id_token.is_valid)
        self.assertEqual(len(id_token.claims['aud']), 1)
        self.assertTrue(id_token.has_audience(
            self.valid_client_data[0]['client_id']))

        self.assertTrue(id_token.get_claim_from_namespace(NAMESPACE, 'posix'))
        self.assertFalse(id_token.get_claim_from_namespace(NAMESPACE, 'roles'))
Beispiel #12
0
    def test_should_return_valid_id_token(self):
        response = self.client.get(self.public_authorize_url(
            scopes=['openid', 'bar']),
            headers={'Authorization': 'API-Key ' + self.bob_key})

        fragment_data = self._get_frament_data(response)

        self.assertIn('id_token', fragment_data)
        id_token_jwe = jot.deserialize(fragment_data['id_token'][0])


        id_token_jws = id_token_jwe.verify_and_decrypt_with(
                rsa_key.RESOURCE_PRIVATE_KEY)
        self.assertTrue(id_token_jws.verify_with(self.public_key))

        id_token = id_token_jws.payload
        self.assertTrue(id_token.is_valid)
        self.assertTrue(id_token.has_audience(
            self.confidential_client_data['client_id']))
Beispiel #13
0
    def verify_and_decrypt_with(self, key):
        alg_cipher = get_alg_cipher(alg=self.header['alg'], key=key)
        symmetric_key = alg_cipher.decrypt_key(self.encrypted_key)
        enc_cipher = get_enc_cipher(enc=self.header['enc'], key=symmetric_key,
                initialization_vector=self.initialization_vector)

        enc_cipher.verify(self.ciphertext, self.encoded_header,
                self.authentication_tag)

        payload = enc_cipher.decrypt(self.ciphertext)
        if self.header.get('cty', '').upper() == 'JWT':
            from jot import deserialize
            return deserialize(payload)

        elif self.header.get('typ', '').upper() == 'JWT':
            return token.Token(header=self.header,
                    claims=jose.factory(_simple_parse(payload)))

        else:
            pl_obj = jose.factory(_load_obj(payload))
            return pl_obj
Beispiel #14
0
    def test_round_trip(self):
        claims = {
            'iss': 'http://example.com/jwt/example',
            'claim1': 1,
            'claim2': ['foo', 'bar'],
        }

        begin_token = jot.Token(claims)
        begin_jws = begin_token.sign_with(spec_keys.jws_private_key,
                alg='RS256')
        begin_jwe = begin_jws.encrypt_with(spec_keys.jwe_public_key,
                alg='RSA1_5', enc='A128CBC-HS256')

        serialization = begin_jwe.compact_serialize()

        end_jwe = deserialize(serialization)
        end_jws = end_jwe.verify_and_decrypt_with(spec_keys.jwe_private_key)
        end_jws = end_jwe.verify_and_decrypt_with(spec_keys.jwe_private_key)

        self.assertTrue(end_jws.verify_with(spec_keys.jws_public_key))

        end_token = end_jws.payload
        self.assertIsInstance(end_token, jot.Token)
        self.assertEqual(end_token.claims, claims)
Beispiel #15
0
 def test_verify_interop(self):
     for data in self.sample_data:
         so = deserialize(data['compact_serialization'])
         self.assertEqual(so.header, data['header'])
         self.assertEqual(so.payload, data['payload'])
         self.assertTrue(so.verify_with(data['verify_key']))
Beispiel #16
0
 def test_header(self):
     for data in self.sample_data:
         jwe = deserialize(data['compact_serialization'])
         self.assertEqual(jwe.header, data['expected_header'])
Beispiel #17
0
 def test_decrypt(self):
     for data in self.sample_data:
         jwe = deserialize(data['compact_serialization'])
         jwe.verify_and_decrypt_with(data['decrypt_key'])
         self.assertEqual(jwe.payload, data['expected_payload'])