def get_public_jwk(public_key, key_id):
key = json.loads(
RSAAlgorithm.to_jwk(
RSAAlgorithm(RSAAlgorithm.SHA256).prepare_key(public_key)))
key["alg"] = "RS256"
key["kid"] = key_id
return key
def get_public_jwk(public_key: bytes, key_id: str) -> Dict[str, Any]:
key = json.loads(
RSAAlgorithm.to_jwk(
RSAAlgorithm(RSAAlgorithm.SHA256).prepare_key(public_key)))
key["alg"] = "RS256"
key["kid"] = key_id
return key
def test_rsa_public_key_to_jwk_works_with_from_jwk(self):
algo = RSAAlgorithm(RSAAlgorithm.SHA256)
with open(key_path("testkey_rsa.pub")) as rsa_key:
orig_key = algo.prepare_key(rsa_key.read())
parsed_key = algo.from_jwk(algo.to_jwk(orig_key))
assert parsed_key.public_numbers() == orig_key.public_numbers()
def test_rsa_private_key_to_jwk_works_with_from_jwk(self):
algo = RSAAlgorithm(RSAAlgorithm.SHA256)
with open(key_path('testkey_rsa'), 'r') as rsa_key:
orig_key = algo.prepare_key(force_unicode(rsa_key.read()))
parsed_key = algo.from_jwk(algo.to_jwk(orig_key))
assert parsed_key.private_numbers() == orig_key.private_numbers()
assert parsed_key.private_numbers().public_numbers == orig_key.private_numbers().public_numbers
def make_jwks(_private_key: RSAPrivateKey):
"""Returns JWKS."""
jwk = json.loads(
RSAAlgorithm.to_jwk(_private_key.public_key()),
)
jwk['kid'] = TEST_KID
return {
'keys': [jwk]
}
def test_rsa_to_jwk_returns_correct_values_for_private_key(self):
algo = RSAAlgorithm(RSAAlgorithm.SHA256)
with open(key_path("testkey_rsa.priv")) as keyfile:
priv_key = algo.prepare_key(keyfile.read())
key = algo.to_jwk(priv_key)
expected = {
"key_ops": ["sign"],
"kty": "RSA",
"e": "AQAB",
"n": (
"1HgzBfJv2cOjQryCwe8NEelriOTNFWKZUivevUrRhlqcmZJdCvuCJRr-xCN-"
"OmO8qwgJJR98feNujxVg-J9Ls3_UOA4HcF9nYH6aqVXELAE8Hk_ALvxi96ms"
"1DDuAvQGaYZ-lANxlvxeQFOZSbjkz_9mh8aLeGKwqJLp3p-OhUBQpwvAUAPg"
"82-OUtgTW3nSljjeFr14B8qAneGSc_wl0ni--1SRZUXFSovzcqQOkla3W27r"
"rLfrD6LXgj_TsDs4vD1PnIm1zcVenKT7TfYI17bsG_O_Wecwz2Nl19pL7gDo"
"sNruF3ogJWNq1Lyn_ijPQnkPLpZHyhvuiycYcI3DiQ"
),
"d": (
"rfbs8AWdB1RkLJRlC51LukrAvYl5UfU1TE6XRa4o-DTg2-03OXLNEMyVpMr"
"a47weEnu14StypzC8qXL7vxXOyd30SSFTffLfleaTg-qxgMZSDw-Fb_M-pU"
"HMPMEDYG-lgGma4l4fd1yTX2ATtoUo9BVOQgWS1LMZqi0ASEOkUfzlBgL04"
"UoaLhPSuDdLygdlDzgruVPnec0t1uOEObmrcWIkhwU2CGQzeLtuzX6OVgPh"
"k7xcnjbDurTTVpWH0R0gbZ5ukmQ2P-YuCX8T9iWNMGjPNSkb7h02s2Oe9ZR"
"zP007xQ0VF-Z7xyLuxk6ASmoX1S39ujSbk2WF0eXNPRgFwQ"
),
"q": (
"47hlW2f1ARuWYJf9Dl6MieXjdj2dGx9PL2UH0unVzJYInd56nqXNPrQrc5k"
"ZU65KApC9n9oKUwIxuqwAAbh8oGNEQDqnuTj-powCkdC6bwA8KH1Y-wotpq"
"_GSjxkNzjWRm2GArJSzZc6Fb8EuObOrAavKJ285-zMPCEfus1WZG0"
),
"p": (
"7tr0z929Lp4OHIRJjIKM_rDrWMPtRgnV-51pgWsN6qdpDzns_PgFwrHcoyY"
"sWIO-4yCdVWPxFOgEZ8xXTM_uwOe4VEmdZhw55Tx7axYZtmZYZbO_RIP4CG"
"mlJlOFTiYnxpr-2Cx6kIeQmd-hf7fA3tL018aEzwYMbFMcnAGnEg0"
),
"qi": (
"djo95mB0LVYikNPa-NgyDwLotLqrueb9IviMmn6zKHCwiOXReqXDX9slB8"
"RA15uv56bmN04O__NyVFcgJ2ef169GZHiRFIgIy0Pl8LYkMhCYKKhyqM7g"
"xN-SqGqDTKDC22j00S7jcvCaa1qadn1qbdfukZ4NXv7E2d_LO0Y2Kkc"
),
"dp": (
"tgZ2-tJpEdWxu1m1EzeKa644LHVjpTRptk7H0LDc8i6SieADEuWQvkb9df"
"fpY6tDFaQNQr3fQ6dtdAztmsP7l1b_ynwvT1nDZUcqZvl4ruBgDWFmKbjI"
"lOCt0v9jX6MEPP5xqBx9axdkw18BnGtUuHrbzHSlUX-yh_rumpVH1SE"
),
"dq": (
"xxCIuhD0YlWFbUcwFgGdBWcLIm_WCMGj7SB6aGu1VDTLr4Wu10TFWM0TNu"
"hc9YPker2gpj5qzAmdAzwcfWSSvXpJTYR43jfulBTMoj8-2o3wCM0anclW"
"AuKhin-kc4mh9ssDXRQZwlMymZP0QtaxUDw_nlfVrUCZgO7L1_ZsUTk"
),
}
assert json.loads(key) == expected
def test_should_load_key_from_jwk_data_json_string(self):
algo = RSAAlgorithm(RSAAlgorithm.SHA256)
with open(key_path("jwk_rsa_pub.json"), "r") as keyfile:
pub_key = algo.from_jwk(keyfile.read())
key_data_str = algo.to_jwk(pub_key)
key_data = json.loads(key_data_str)
# TODO Should `to_jwk` set these?
key_data["alg"] = "RS256"
key_data["use"] = "sig"
key_data["kid"] = "keyid-abc123"
jwk = PyJWK.from_json(json.dumps(key_data))
assert jwk.key_type == "RSA"
assert jwk.key_id == "keyid-abc123"
assert jwk.public_key_use == "sig"
def test_should_load_keys_from_jwk_data_dict(self):
algo = RSAAlgorithm(RSAAlgorithm.SHA256)
with open(key_path("jwk_rsa_pub.json")) as keyfile:
pub_key = algo.from_jwk(keyfile.read())
key_data_str = algo.to_jwk(pub_key)
key_data = json.loads(key_data_str)
# TODO Should `to_jwk` set these?
key_data["alg"] = "RS256"
key_data["use"] = "sig"
key_data["kid"] = "keyid-abc123"
jwk_set = PyJWKSet.from_dict({"keys": [key_data]})
jwk = jwk_set.keys[0]
assert jwk.key_type == "RSA"
assert jwk.key_id == "keyid-abc123"
assert jwk.public_key_use == "sig"
def test_rsa_to_jwk_returns_correct_values_for_public_key(self):
algo = RSAAlgorithm(RSAAlgorithm.SHA256)
with open(key_path("testkey_rsa.pub")) as keyfile:
pub_key = algo.prepare_key(keyfile.read())
key = algo.to_jwk(pub_key)
expected = {
"e": "AQAB",
"key_ops": ["verify"],
"kty": "RSA",
"n": (
"1HgzBfJv2cOjQryCwe8NEelriOTNFWKZUivevUrRhlqcmZJdCvuCJRr-xCN-"
"OmO8qwgJJR98feNujxVg-J9Ls3_UOA4HcF9nYH6aqVXELAE8Hk_ALvxi96ms"
"1DDuAvQGaYZ-lANxlvxeQFOZSbjkz_9mh8aLeGKwqJLp3p-OhUBQpwvAUAPg"
"82-OUtgTW3nSljjeFr14B8qAneGSc_wl0ni--1SRZUXFSovzcqQOkla3W27r"
"rLfrD6LXgj_TsDs4vD1PnIm1zcVenKT7TfYI17bsG_O_Wecwz2Nl19pL7gDo"
"sNruF3ogJWNq1Lyn_ijPQnkPLpZHyhvuiycYcI3DiQ"
),
}
assert json.loads(key) == expected
def get(self, request, *args, **kwargs):
"""
jwks_uri view (http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata)
"""
certs = get_certs_jwks()
rsa256 = RSAAlgorithm(RSAAlgorithm.SHA256)
keys = []
for pub_key in get_public_keys():
key_obj = rsa256.prepare_key(pub_key.value)
key = json.loads(RSAAlgorithm.to_jwk(key_obj))
key["kid"] = pub_key.component.uuid.hex
key["alg"] = pub_key.component.name
key["use"] = "sig"
if pub_key.component.uuid.hex in certs:
key.update(certs[pub_key.component.uuid.hex])
keys.append(key)
data = {'keys': keys}
return JsonHttpResponse(data,
request,
allow_jsonp=True,
public_cors=True)
def test_rsa_to_jwk_returns_correct_values_for_public_key(self):
algo = RSAAlgorithm(RSAAlgorithm.SHA256)
with open(key_path('testkey_rsa.pub'), 'r') as keyfile:
pub_key = algo.prepare_key(keyfile.read())
key = algo.to_jwk(pub_key)
expected = {
'e': 'AQAB',
'key_ops': ['verify'],
'kty': 'RSA',
'n': (
'1HgzBfJv2cOjQryCwe8NEelriOTNFWKZUivevUrRhlqcmZJdCvuCJRr-xCN-'
'OmO8qwgJJR98feNujxVg-J9Ls3_UOA4HcF9nYH6aqVXELAE8Hk_ALvxi96ms'
'1DDuAvQGaYZ-lANxlvxeQFOZSbjkz_9mh8aLeGKwqJLp3p-OhUBQpwvAUAPg'
'82-OUtgTW3nSljjeFr14B8qAneGSc_wl0ni--1SRZUXFSovzcqQOkla3W27r'
'rLfrD6LXgj_TsDs4vD1PnIm1zcVenKT7TfYI17bsG_O_Wecwz2Nl19pL7gDo'
'sNruF3ogJWNq1Lyn_ijPQnkPLpZHyhvuiycYcI3DiQ'
),
}
assert json.loads(key) == expected
def test_rsa_to_jwk_raises_exception_on_invalid_key(self):
algo = RSAAlgorithm(RSAAlgorithm.SHA256)
with pytest.raises(InvalidKeyError):
algo.to_jwk({"not": "a valid key"})
def get_jwks(cls) -> dict:
jwk_dict = json.loads(RSAAlgorithm.to_jwk(cls.get_public_key()))
jwk_dict.update({"use": "sig", "kid": KID})
return {"keys": [jwk_dict]}
key = rsa.generate_private_key(backend=crypto_default_backend(),
public_exponent=65537,
key_size=2048)
private_key = key.private_bytes(
crypto_serialization.Encoding.PEM,
crypto_serialization.PrivateFormat.PKCS8,
crypto_serialization.NoEncryption(),
)
public_key_obj = key.public_key()
public_key = public_key_obj.public_bytes(
crypto_serialization.Encoding.OpenSSH,
crypto_serialization.PublicFormat.OpenSSH)
_jwk = json.loads(RSAAlgorithm.to_jwk(public_key_obj))
dummy_alg = "RS256"
dummy_kid = "test123"
dummy_jwks_url = "https://identity-provider/.well-known/jwks.json"
dummy_audience = "https://some-resource"
dummy_jwks_response_data = {
"keys": [
{
"alg": dummy_alg,
"kty": _jwk["kty"],
"use": "sig",
"n": _jwk["n"],
"e": _jwk["e"],
"kid": dummy_kid,
},
def generate_jwk(private_key):
jwk = json.loads(RSAAlgorithm.to_jwk(private_key.public_key()))
jwk['kid'] = generate_key_id(jwk)
return jwk