def test_no_alg_and_alg_none_same():
payload = "Please take a moment to register today"
_jws = JWS(payload, alg="none")
# Create a JWS (signed JWT)
_jwt0 = _jws.sign_compact([])
# The class instance that sets up the signing operation
_jws = JWS(payload)
# Create a JWS (signed JWT)
_jwt1 = _jws.sign_compact([])
assert _jwt0 == _jwt1
def test_no_alg_and_alg_none_same():
payload = "Please take a moment to register today"
_jws = JWS(payload, alg="none")
# Create a JWS (signed JWT)
_jwt0 = _jws.sign_compact([])
# The class instance that sets up the signing operation
_jws = JWS(payload)
# Create a JWS (signed JWT)
_jwt1 = _jws.sign_compact([])
assert _jwt0 == _jwt1
def setUpClass(cls):
cls.g_config = {}
with open("../src/config/config.json") as j:
cls.g_config = json.load(j)
wkh = WellKnownHandler(cls.g_config["auth_server_url"], secure=False)
cls.__TOKEN_ENDPOINT = wkh.get(TYPE_OIDC, KEY_OIDC_TOKEN_ENDPOINT)
#Generate ID Token
_rsakey = RSA.generate(2048)
_private_key = _rsakey.exportKey()
_public_key = _rsakey.publickey().exportKey()
file_out = open("private.pem", "wb")
file_out.write(_private_key)
file_out.close()
file_out = open("public.pem", "wb")
file_out.write(_public_key)
file_out.close()
#Admin JWT
_rsajwk = RSAKey(kid='RSA1', key=import_rsa_key(_private_key))
_payload = {
"iss": cls.g_config["client_id"],
"sub": cls.g_config["client_id"],
"aud": cls.__TOKEN_ENDPOINT,
"jti": datetime.datetime.today().strftime('%Y%m%d%s'),
"exp": int(time.time())+3600,
"isOperator": False
}
_jws = JWS(_payload, alg="RS256")
cls.jwt_admin = _jws.sign_compact(keys=[_rsajwk])
#ROTest user JWT
_payload = {
"iss": cls.g_config["client_id"],
"sub": "54d10251-6cb5-4aee-8e1f-f492f1105c94",
"aud": cls.__TOKEN_ENDPOINT,
"jti": datetime.datetime.today().strftime('%Y%m%d%s'),
"exp": int(time.time())+3600,
"isOperator": False
}
_jws = JWS(_payload, alg="RS256")
cls.jwt_rotest = _jws.sign_compact(keys=[_rsajwk])
cls.scopes = 'public_access'
cls.resourceName = "TestROChangePEP"
cls.PEP_HOST = "http://localhost:5566"
def _get_request_token(method: str, path: str, body: str, jti: str, iss: str,
aud: str):
now = int(datetime.utcnow().timestamp())
claims = {
'jti': jti,
'iat': now,
'nbf': now,
'exp': now,
'iss': iss,
'aud': aud,
'request': {
'method': method,
'path': path
}
}
if body is not None:
claims['request']['body_hash_alg'] = 'S512'
claims['request']['body_hash'] = sha512(
body.encode('utf8')).hexdigest()
if config.verbose:
print("Request JWT Claims:")
print(json.dumps(claims, indent=2))
print()
jws = JWS(json.dumps(claims), alg="HS256")
signed_content = jws.sign_compact(keys=sig_keys)
return signed_content
def __init__(self):
self.g_config = {}
with open("../src/config/config.json") as j:
self.g_config = json.load(j)
wkh = WellKnownHandler(self.g_config["auth_server_url"], secure=False)
self.__TOKEN_ENDPOINT = wkh.get(TYPE_OIDC, KEY_OIDC_TOKEN_ENDPOINT)
#Generate ID Token
_rsakey = RSA.generate(2048)
_private_key = _rsakey.exportKey()
_public_key = _rsakey.publickey().exportKey()
file_out = open("private.pem", "wb")
file_out.write(_private_key)
file_out.close()
file_out = open("public.pem", "wb")
file_out.write(_public_key)
file_out.close()
_rsajwk = RSAKey(kid='RSA1', key=import_rsa_key(_private_key))
_payload = {
"iss": self.g_config["client_id"],
"sub": self.g_config["client_secret"],
"aud": self.__TOKEN_ENDPOINT,
"jti": datetime.datetime.today().strftime('%Y%m%d%s'),
"exp": int(time.time())+3600
}
_jws = JWS(_payload, alg="RS256")
self.jwt = _jws.sign_compact(keys=[_rsajwk])
self.scopes = 'public_access'
self.resourceName = "TestResourcePEP10"
self.PEP_HOST = "http://localhost:5566"
status, self.resourceID = self.createTestResource()
print(self.jwt)
print(self.resourceID)
def _get_jwt_signature(self, params):
try:
jws = JWS(params, alg=self.jwt_algorithm)
return jws.sign_compact(keys=self.issuer_private_keys)
except NoSuitableSigningKeys:
raise NoIssuerKey(
"An issuer key wasn't loaded. Please run set_issuer() first.")
def _get_jwt_signature(self, params):
try:
jws = JWS(params, alg=self.jwt_algorithm)
return jws.sign_compact(keys=self.issuer_private_keys)
except NoSuitableSigningKeys:
raise NoIssuerKey(
"An issuer key wasn't loaded. Please run set_issuer() first.")
def encode(self, payload: dict[str, Any]) -> str:
"""Represent the ID Token as a JSON Web Token (JWT)."""
keys = self.get_jwt_keys()
# If the provider does not have an RSA Key assigned, it was switched to Symmetric
self.refresh_from_db()
jws = JWS(payload, alg=self.jwt_alg)
return jws.sign_compact(keys)
def setUpClass(cls):
cls.g_config = {}
with open("../src/config/config.json") as j:
cls.g_config = json.load(j)
wkh = WellKnownHandler(cls.g_config["auth_server_url"], secure=False)
cls.__TOKEN_ENDPOINT = wkh.get(TYPE_OIDC, KEY_OIDC_TOKEN_ENDPOINT)
_rsajwk = RSAKey(kid="RSA1",
key=import_rsa_key_from_file("../src/private.pem"))
_payload = {
"iss": cls.g_config["client_id"],
"sub": cls.g_config["client_id"],
"aud": cls.__TOKEN_ENDPOINT,
"user_name": "admin",
"jti": datetime.datetime.today().strftime('%Y%m%d%s'),
"exp": int(time.time()) + 3600,
"isOperator": False
}
_jws = JWS(_payload, alg="RS256")
cls.jwt = _jws.sign_compact(keys=[_rsajwk])
cls.scopes = 'protected_access'
cls.PDP_HOST = "http://" + cls.g_config["host"]
cls.PDP_PORT = cls.g_config["port"]
cls.UID = cls.g_config["client_id"]
def test_hmac_256():
payload = b'Please take a moment to register today'
keys = [SYMKey(key=jwkest.intarr2bin(HMAC_KEY))]
_jws = JWS(payload, alg="HS256")
_jwt = _jws.sign_compact(keys)
info = JWS().verify_compact(_jwt, keys)
assert info == payload.decode("utf-8")
def test_hmac_256():
payload = b'Please take a moment to register today'
keys = [SYMKey(key=jwkest.intarr2bin(HMAC_KEY))]
_jws = JWS(payload, alg="HS256")
_jwt = _jws.sign_compact(keys)
info = JWS().verify_compact(_jwt, keys)
assert info == payload.decode("utf-8")
def store_signed_jwks(keyjar, sign_keyjar, path, alg, iss=''):
_jwks = keyjar.export_jwks()
_jws = JWS(_jwks, alg=alg)
_jwt = _jws.sign_compact(
sign_keyjar.get_signing_key(owner=iss, key_type=alg2keytype(alg)))
fp = open(path, 'w')
fp.write(_jwt)
fp.close()
def make_request_object(request_args, jwk):
keys = KEYS()
jws = JWS(request_args)
if jwk:
keys.load_jwks(json.dumps(dict(keys=[jwk])))
return jws.sign_compact(keys)
def encode_id_token(payload, client):
"""
Represent the ID Token as a JSON Web Token (JWT).
Return a hash.
"""
keys = get_client_alg_keys(client)
_jws = JWS(payload, alg=client.jwt_alg)
return _jws.sign_compact(keys)
def encode_id_token(cls, payload, client):
"""
Represent the ID Token as a JSON Web Token (JWT).
Return a hash.
"""
keys = cls.get_client_alg_keys(client)
_jws = JWS(payload, alg=client.jwt_alg)
return _jws.sign_compact(keys)
def to_jwt(self, key=None, algorithm="", lev=0):
"""
Create a signed JWT representation of the class instance.
:param key: The signing key
:param algorithm: The signature algorithm to use
:return: A signed JWT
"""
_jws = JWS(self.to_json(lev), alg=algorithm, typ='JWT')
return _jws.sign_compact(key)
def test_dj_usage():
key_string = open(full_path("./size2048.key"), 'r').read()
key = RSA.importKey(key_string)
payload = "Please take a moment to register today"
keys = [RSAKey(key=key, kid=md5(key_string.encode('utf-8')).hexdigest())]
_jws = JWS(payload, alg='RS256')
sjwt = _jws.sign_compact(keys)
_jwt = factory(sjwt)
assert _jwt.jwt.headers['alg'] == 'RS256'
def test_dj_usage():
key_string = open(full_path("./size2048.key"), 'r').read()
key = RSA.importKey(key_string)
payload = "Please take a moment to register today"
keys = [RSAKey(key=key, kid=md5(key_string.encode('utf-8')).hexdigest())]
_jws = JWS(payload, alg='RS256')
sjwt = _jws.sign_compact(keys)
_jwt = factory(sjwt)
assert _jwt.jwt.headers['alg'] == 'RS256'
def test_jws_1():
msg = {"iss": "joe", "exp": 1300819380, "http://example.com/is_root": True}
jwk = SYMKey(key=jwkest.intarr2bin(HMAC_KEY))
_jws = JWS(msg, cty="JWT", alg="HS256", jwk=json.dumps(jwk.to_dict()))
res = _jws.sign_compact()
_jws2 = JWS(alg="HS256")
_jws2.verify_compact(res)
assert _jws2.msg == msg
def test_hmac_from_keyrep():
payload = "Please take a moment to register today"
symkeys = [k for k in SIGKEYS if k.kty == "oct"]
_jws = JWS(payload, alg="HS512")
_jwt = _jws.sign_compact(symkeys)
_rj = JWS()
info = _rj.verify_compact(_jwt, symkeys)
assert info == payload
def test_hmac_512():
payload = "Please take a moment to register today"
keys = [SYMKey(key=b'My hollow echo', alg="HS512")]
_jws = JWS(payload, alg="HS512")
_jwt = _jws.sign_compact(keys)
_rj = JWS()
info = _rj.verify_compact(_jwt, keys)
assert info == payload
def test_jws_1():
msg = {"iss": "joe", "exp": 1300819380, "http://example.com/is_root": True}
key = SYMKey(key=jwkest.intarr2bin(HMAC_KEY))
_jws = JWS(msg, cty="JWT", alg="HS256", jwk=key.serialize())
res = _jws.sign_compact()
_jws2 = JWS(alg="HS256")
_jws2.verify_compact(res, keys=[key])
assert _jws2.msg == msg
def test_jws_1():
msg = {"iss": "joe", "exp": 1300819380, "http://example.com/is_root": True}
key = SYMKey(key=jwkest.intarr2bin(HMAC_KEY))
_jws = JWS(msg, cty="JWT", alg="HS256", jwk=key.to_dict())
res = _jws.sign_compact()
_jws2 = JWS(alg="HS256")
_jws2.verify_compact(res, keys=[key])
assert _jws2.msg == msg
def test_hmac_512():
payload = "Please take a moment to register today"
keys = [SYM_key(key="My hollow echo")]
_jws = JWS(payload, alg="HS256")
_jwt = _jws.sign_compact(keys)
_rj = JWS()
info = _rj.verify_compact(_jwt, keys)
assert info == payload
def test_hmac_from_keyrep():
payload = "Please take a moment to register today"
symkeys = [k for k in SIGKEYS if k.kty == "oct"]
_jws = JWS(payload, alg="HS512")
_jwt = _jws.sign_compact(symkeys)
_rj = JWS()
info = _rj.verify_compact(_jwt, symkeys)
assert info == payload
def test_jws_1():
msg = {"iss": "joe", "exp": 1300819380, "http://example.com/is_root": True}
jwk = SYMKey(key=jwkest.intarr2bin(HMAC_KEY))
jwk.serialize()
_jws = JWS(msg, cty="JWT", alg="HS256", jwk=json.dumps(jwk.to_dict()))
res = _jws.sign_compact()
_jws2 = JWS()
_jws2.verify_compact(res)
assert _jws2.msg == msg
def test_signer_ps384():
payload = "Please take a moment to register today"
keys = [RSAKey(key=import_rsa_key_from_file(KEY))]
#keys[0]._keytype = "private"
_jws = JWS(payload, alg="PS384")
_jwt = _jws.sign_compact(keys)
_rj = JWS()
info = _rj.verify_compact(_jwt, keys)
assert info == payload
def test_signer_es384():
payload = "Please take a moment to register today"
_key = ECKey().load_key(P384)
keys = [_key]
_jws = JWS(payload, alg="ES384")
_jwt = _jws.sign_compact(keys)
_rj = JWS()
info = _rj.verify_compact(_jwt, keys)
assert info == payload
class JwtCreator:
def __init__(self, map, alg, config):
self.map = map
self.jws = JWS(json.dumps(self.map), alg=alg)
keys = [SYMKey(key=config['api_secret'], alg=alg)]
self.keys = keys
def sign_compact(self):
self.signed = self.jws.sign_compact(keys=self.keys)
return self.signed
def test_signer_ps384():
payload = "Please take a moment to register today"
keys = [RSAKey(key=import_rsa_key_from_file(KEY))]
#keys[0]._keytype = "private"
_jws = JWS(payload, alg="PS384")
_jwt = _jws.sign_compact(keys)
_rj = JWS()
info = _rj.verify_compact(_jwt, keys)
assert info == payload
def test_rs512():
payload = "Please take a moment to register today"
keys = [RSA_key(key=rsa_load(KEY))]
keys[0]._keytype = "private"
_jws = JWS(payload, alg="RS512")
_jwt = _jws.sign_compact(keys)
_rj = JWS()
info = _rj.verify_compact(_jwt, keys)
assert info == payload
def _to_jws(self, data: dict) -> str:
"""
Converts data to a jws
:param data: Data to be converted to jws
:return: a signed jwt
"""
algorithm = "RS256"
_jws = JWS(json.dumps(data), alg=algorithm)
return _jws.sign_compact([self.sign_key])
def encode_id_token(payload):
"""
Represent the ID Token as a JSON Web Token (JWT).
Return a hash.
"""
key_string = get_rsa_key().encode('utf-8')
keys = [ RSAKey(key=importKey(key_string), kid=md5(key_string).hexdigest()) ]
_jws = JWS(payload, alg='RS256')
return _jws.sign_compact(keys)
def test_signer_es384():
payload = "Please take a moment to register today"
_key = ECKey().load_key(P384)
keys = [_key]
_jws = JWS(payload, alg="ES384")
_jwt = _jws.sign_compact(keys)
_rj = JWS()
info = _rj.verify_compact(_jwt, keys)
assert info == payload
def encode_id_token(payload):
"""
Represent the ID Token as a JSON Web Token (JWT).
Return a hash.
"""
key_string = get_rsa_key().encode('utf-8')
keys = [RSAKey(key=importKey(key_string), kid=md5(key_string).hexdigest())]
_jws = JWS(payload, alg='RS256')
return _jws.sign_compact(keys)
def test_1():
claimset = {"iss": "joe", "exp": 1300819380, "http://example.com/is_root": True}
_jws = JWS(claimset, cty="JWT")
_jwt = _jws.sign_compact()
_jr = JWS()
_msg = _jr.verify_compact(_jwt, allow_none=True)
print(_jr)
assert _jr.jwt.headers["alg"] == "none"
assert _msg == claimset
def test_signer_es512():
payload = "Please take a moment to register today"
_key = ECKey().load_key(P521)
keys = [_key]
#keys[0]._keytype = "private"
_jws = JWS(payload, alg="ES512")
_jwt = _jws.sign_compact(keys)
_rj = JWS()
info = _rj.verify_compact(_jwt, keys)
assert info == payload
def test_signer_es512():
payload = "Please take a moment to register today"
_key = ECKey().load_key(P521)
keys = [_key]
#keys[0]._keytype = "private"
_jws = JWS(payload, alg="ES512")
_jwt = _jws.sign_compact(keys)
_rj = JWS()
info = _rj.verify_compact(_jwt, keys)
assert info == payload
def test_signer_es256_verbose():
payload = "Please take a moment to register today"
_key = ECKey().load_key(P256)
keys = [_key]
_jws = JWS(payload, alg="ES256")
_jwt = _jws.sign_compact(keys)
_rj = JWS()
info = _rj.verify_compact_verbose(_jwt, keys)
assert info['msg'] == payload
assert info['key'] == _key
def test_signer_ps512():
payload = "Please take a moment to register today"
# Key has to be big enough > 512+512+2
keys = [RSAKey(key=import_rsa_key_from_file(full_path("./size2048.key")))]
#keys[0]._keytype = "private"
_jws = JWS(payload, alg="PS512")
_jwt = _jws.sign_compact(keys)
_rj = factory(_jwt)
info = _rj.verify_compact(_jwt, keys)
assert info == payload
def encode_id_token(payload):
"""
Represent the ID Token as a JSON Web Token (JWT).
Return a hash.
"""
keys = [ RSAKey(key=importKey(get_rsa_key())) ]
_jws = JWS(payload, alg='RS256')
_jwt = _jws.sign_compact(keys)
return _jwt.decode('utf-8')
def test_signer_es256_verbose():
payload = "Please take a moment to register today"
_key = ECKey().load_key(P256)
keys = [_key]
_jws = JWS(payload, alg="ES256")
_jwt = _jws.sign_compact(keys)
_rj = JWS()
info = _rj.verify_compact_verbose(_jwt, keys)
assert info['msg'] == payload
assert info['key'] == _key
def test_signer_ps512():
payload = "Please take a moment to register today"
# Key has to be big enough > 512+512+2
keys = [RSAKey(key=import_rsa_key_from_file(full_path("./size2048.key")))]
#keys[0]._keytype = "private"
_jws = JWS(payload, alg="PS521")
_jwt = _jws.sign_compact(keys)
_rj = JWS()
info = _rj.verify_compact(_jwt, keys)
assert info == payload
def to_jwt(self, key=None, algorithm="", lev=0):
"""
Create a signed JWT representation of the class instance
:param key: The signing key
:param algorithm: The signature algorithm to use
:return: A signed JWT
"""
_jws = JWS(self.to_json(lev), alg=algorithm)
return _jws.sign_compact(key)
def setUpClass(cls):
cls.g_config = {}
with open("../src/config/config.json") as j:
cls.g_config = json.load(j)
wkh = WellKnownHandler(cls.g_config["auth_server_url"], secure=False)
cls.__TOKEN_ENDPOINT = wkh.get(TYPE_OIDC, KEY_OIDC_TOKEN_ENDPOINT)
_rsajwk = RSAKey(
kid="RSA1",
key=import_rsa_key_from_file("../src/config/private.pem"))
_payload = {
"iss": cls.g_config["client_id"],
"sub": cls.g_config["client_id"],
"aud": cls.__TOKEN_ENDPOINT,
"user_name": "admin",
"jti": datetime.datetime.today().strftime('%Y%m%d%s'),
"exp": int(time.time()) + 3600,
"isOperator": False
}
_jws = JWS(_payload, alg="RS256")
_payload_ownership = {
"iss": cls.g_config["client_id"],
"sub": "54d10251-6cb5-4aee-8e1f-f492f1105c94",
"aud": cls.__TOKEN_ENDPOINT,
"user_name": "admin",
"jti": datetime.datetime.today().strftime('%Y%m%d%s'),
"exp": int(time.time()) + 3600,
"isOperator": False
}
_jws_ownership = JWS(_payload_ownership, alg="RS256")
cls.jwt = _jws.sign_compact(keys=[_rsajwk])
cls.jwt_rotest = _jws_ownership.sign_compact(keys=[_rsajwk])
#cls.scopes = 'public_access'
cls.scopes = 'protected_access'
cls.resourceName = "TestResourcePEP"
cls.PEP_HOST = "http://localhost:5566"
cls.PEP_RES_HOST = "http://localhost:5576"
def _to_jws(self, data):
"""
Converts data to a jws
:type data: Any
:rtype: str
:param data: Data to be converted to jws
:return: a jws
"""
algorithm = "RS256"
_jws = JWS(json.dumps(data), alg=algorithm)
return _jws.sign_compact([self.sign_key])
def to_jwt(self, key=None, algorithm="", lev=0, lifetime=0):
"""
Create a signed JWT representation of the class instance
:param key: The signing key
:param algorithm: The signature algorithm to use
:param lev:
:param lifetime: The lifetime of the JWS
:return: A signed JWT
"""
_jws = JWS(self.to_json(lev), alg=algorithm)
return _jws.sign_compact(key)
def test_1():
claimset = {"iss": "joe",
"exp": 1300819380,
"http://example.com/is_root": True}
_jws = JWS(claimset, cty="JWT")
_jwt = _jws.sign_compact()
_jr = JWS()
_msg = _jr.verify_compact(_jwt, allow_none=True)
print(_jr)
assert _jr.jwt.headers["alg"] == 'none'
assert _msg == claimset
def _to_jws(self, data):
"""
Converts data to a jws
:type data: Any
:rtype: str
:param data: Data to be converted to jws
:return: a jws
"""
algorithm = "RS256"
_jws = JWS(json.dumps(data), alg=algorithm)
return _jws.sign_compact([self.sign_key])
def test_signing():
kb = keybundle_from_local_file("file://jwk.json", "jwk", ["ver", "sig"])
assert len(kb) == 1
kj = KeyJar()
kj.issuer_keys[""] = [kb]
keys = kj.get_signing_key()
payload = "Please take a moment to register today"
_jws = JWS(payload, alg="RS512")
try:
_jwt = _jws.sign_compact(keys)
assert False
except (NoSuitableSigningKeys, WrongTypeOfKey):
assert True
def test_signer_ps256_fail():
payload = "Please take a moment to register today"
keys = [RSAKey(key=import_rsa_key_from_file(KEY))]
#keys[0]._keytype = "private"
_jws = JWS(payload, alg="PS256")
_jwt = _jws.sign_compact(keys)[:-1] + "a"
_rj = JWS()
try:
_rj.verify_compact(_jwt, keys)
except jwkest.BadSignature:
pass
else:
assert False
def test_signer_ps256_fail():
payload = "Please take a moment to register today"
keys = [RSAKey(key=import_rsa_key_from_file(KEY))]
#keys[0]._keytype = "private"
_jws = JWS(payload, alg="PS256")
_jwt = _jws.sign_compact(keys)[:-5] + 'abcde'
_rj = JWS()
try:
_rj.verify_compact(_jwt, keys)
except jwkest.BadSignature:
pass
else:
assert False
def store_signed_jwks_uri(self):
"""
:return:
"""
file_name = 'static/signed_jwks'
_jwks = self.keyjar.export_jwks()
_jws = JWS(_jwks)
_jwt = _jws.sign_compact(
self.federation_entity.keyjar.get_signing_key())
fp = open(file_name, 'w')
fp.write(_jwt)
fp.close()
return ''.join([self.baseurl, file_name])
def test_signer_es512():
payload = "Please take a moment to register today"
_key = ECKey(crv="P-521",
x="AekpBQ8ST8a8VcfVOTNl353vSrDCLLJXmPk06wTjxrrjcBpXp5EOnYG_NjFZ6OvLFV1jSfS9tsz4qUxcWceqwQGk",
y="ADSmRA43Z1DSNx_RvcLI87cdL07l6jQyyBXMoxVg_l2Th-x3S1WDhjDly79ajL4Kkd0AZMaZmh9ubmf63e3kyMj2",
d="AY5pb7A0UFiB3RELSD64fTLOSV_jazdF7fLYyuTw8lOfRhWg6Y6rUrPAxerEzgdRhajnu0ferB0d53vM9mE15j2C")
keys = [_key]
#keys[0]._keytype = "private"
_jws = JWS(payload, alg="ES512")
_jwt = _jws.sign_compact(keys)
_rj = JWS()
info = _rj.verify_compact(_jwt, keys)
assert info == payload
def test_signing():
# Signing is only possible if key is a private RSA key
kb = keybundle_from_local_file("rsa.key", "rsa", ["ver", "sig"])
assert len(kb) == 2
kj = KeyJar()
kj.issuer_keys[""] = [kb]
keys = kj.get_signing_key()
payload = "Please take a moment to register today"
_jws = JWS(payload, alg="RS512")
try:
_jwt = _jws.sign_compact(keys)
assert True
except (NoSuitableSigningKeys, WrongTypeOfKey):
assert False
def encode(self, payload):
"""Encode the provided payload."""
keys = KEYS()
if self.asymmetric:
keys.add(RSAKey(key=RSA.importKey(settings.JWT_PRIVATE_SIGNING_KEY)))
algorithm = 'RS512'
else:
key = self.secret if self.secret else self.jwt_auth['JWT_SECRET_KEY']
keys.add({'key': key, 'kty': 'oct'})
algorithm = self.jwt_auth['JWT_ALGORITHM']
data = json.dumps(payload)
jws = JWS(data, alg=algorithm)
return jws.sign_compact(keys=keys)
def test_1():
claimset = {"iss": "joe",
"exp": 1300819380,
"http://example.com/is_root": True}
_jws = JWS(claimset, cty="JWT")
_jwt = _jws.sign_compact()
_jr = JWS()
_jr.verify_compact(_jwt)
print _jr
assert _jr.alg == u'none'
assert _jr.msg == {"iss": "joe",
"exp": 1300819380,
"http://example.com/is_root": True}
def sign(msg, key, alg="", msgtype=None):
"""
:param msg: The message to sign
:param key: The signing key
:param alg: Which signing algorithm to use, this information may
appear in the headers dictionary
:param msgtype: The type of payload
:return: A JWS
"""
_jws = JWS(msg, alg=alg)
if msgtype:
_jws["typ"] = msgtype
return _jws.sign_compact(key)
def fxa_preverify_token(user, expiry):
"""
Takes a user and a timedelta and generates a preverify token for FxA OAuth.
See https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#preverifytoken
for details.
"""
msg = {
'exp': get_token_expiry(expiry),
'aud': settings.FXA_AUTH_DOMAIN,
'sub': user.email,
'typ': 'mozilla/fxa/preVerifyToken/v1',
}
jws = JWS(msg, cty='JWT', alg='RS256',
kid=PREVERIFY_KEY.kid,
jku=absolutify(reverse('fxa-preverify-key')))
return jws.sign_compact([PREVERIFY_KEY])
def encode(self, payload):
"""Encode the provided payload."""
keys = jwk.KEYS()
if self.asymmetric:
serialized_keypair = json.loads(self.jwt_auth['JWT_PRIVATE_SIGNING_JWK'])
keys.add(serialized_keypair)
algorithm = self.jwt_auth['JWT_SIGNING_ALGORITHM']
else:
key = self.secret if self.secret else self.jwt_auth['JWT_SECRET_KEY']
keys.add({'key': key, 'kty': 'oct'})
algorithm = self.jwt_auth['JWT_ALGORITHM']
data = json.dumps(payload)
jws = JWS(data, alg=algorithm)
return jws.sign_compact(keys=keys)
