Beispiel #1
0
    def test_rsa_sign_should_generate_correct_signature_value(self):
        algo = RSAAlgorithm(RSAAlgorithm.SHA256)

        jwt_message = force_bytes("Hello World!")

        expected_sig = base64.b64decode(
            force_bytes(
                "yS6zk9DBkuGTtcBzLUzSpo9gGJxJFOGvUqN01iLhWHrzBQ9ZEz3+Ae38AXp"
                "10RWwscp42ySC85Z6zoN67yGkLNWnfmCZSEv+xqELGEvBJvciOKsrhiObUl"
                "2mveSc1oeO/2ujkGDkkkJ2epn0YliacVjZF5+/uDmImUfAAj8lzjnHlzYix"
                "sn5jGz1H07jYYbi9diixN8IUhXeTafwFg02IcONhum29V40Wu6O5tAKWlJX"
                "fHJnNUzAEUOXS0WahHVb57D30pcgIji9z923q90p5c7E2cU8V+E1qe8NdCA"
                "APCDzZZ9zQ/dgcMVaBrGrgimrcLbPjueOKFgSO+SSjIElKA=="
            )
        )

        with open(key_path("testkey_rsa")) as keyfile:
            jwt_key = algo.prepare_key(keyfile.read())

        with open(key_path("testkey_rsa.pub")) as keyfile:
            jwt_pub_key = algo.prepare_key(keyfile.read())

        algo.sign(jwt_message, jwt_key)
        result = algo.verify(jwt_message, jwt_pub_key, expected_sig)
        assert result
Beispiel #2
0
    def test_rsa_verify_should_return_true_for_test_vector(self):
        """
        This test verifies that RSA PKCS v1.5 verification works with a known
        good signature and key.

        Reference: https://tools.ietf.org/html/rfc7520#section-4.1
        """
        signing_input = force_bytes(
            "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhb"
            "XBsZSJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb"
            "3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdS"
            "Bkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmU"
            "geW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4")

        signature = base64url_decode(
            force_bytes(
                "MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmKZop"
                "dHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4JIwmDLJ"
                "K3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4"
                "QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxUAhb6L2aXic"
                "1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_fcIe8u9ipH84ogor"
                "ee7vjbU5y18kDquDg"))

        algo = RSAAlgorithm(RSAAlgorithm.SHA256)
        key = algo.prepare_key(load_rsa_pub_key())

        result = algo.verify(signing_input, key, signature)
        assert result
Beispiel #3
0
    def test_ec_verify_should_return_true_for_test_vector(self):
        """
        This test verifies that ECDSA verification works with a known good
        signature and key.

        Reference: https://tools.ietf.org/html/rfc7520#section-4.3
        """
        signing_input = force_bytes(
            "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhb"
            "XBsZSJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb"
            "3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdS"
            "Bkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmU"
            "geW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4")

        signature = base64url_decode(
            force_bytes(
                "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvbu9P"
                "lon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kvAD890j"
                "l8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2"))

        algo = ECAlgorithm(ECAlgorithm.SHA512)
        key = algo.prepare_key(load_ec_pub_key_p_521())

        result = algo.verify(signing_input, key, signature)
        assert result
Beispiel #4
0
    def test_rsapss_verify_should_return_true_for_test_vector(self):
        """
        This test verifies that RSA-PSS verification works with a known good
        signature and key.

        Reference: https://tools.ietf.org/html/rfc7520#section-4.2
        """
        signing_input = force_bytes(
            "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhb"
            "XBsZSJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb"
            "3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdS"
            "Bkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmU"
            "geW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4")

        signature = base64url_decode(
            force_bytes(
                "cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2IpN6"
                "-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXUvdvWXz"
                "g-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p"
                "8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0qI0n6uiP1aC"
                "N_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a6GYmJUAfmWjwZ6o"
                "D4ifKo8DYM-X72Eaw"))

        algo = RSAPSSAlgorithm(RSAPSSAlgorithm.SHA384)
        key = algo.prepare_key(load_rsa_pub_key())

        result = algo.verify(signing_input, key, signature)
        assert result
    def pipe_insert_files(self,
                          pipe,
                          files,
                          database=None,
                          schema=None,
                          request_id=None):
        database = database or self.database
        schema = schema or self.schema
        if self.private_key_password:
            cert = load_pem_private_key(force_bytes(self.private_key),
                                        password=force_bytes(
                                            self.private_key_password),
                                        backend=default_backend())
        else:
            cert = load_pem_private_key(force_bytes(self.private_key),
                                        password=None,
                                        backend=default_backend())
        now = time.time()
        auth_token = jwt.encode(
            {
                'iss': '{0}.{1}'.format(self.account.upper(),
                                        self.user.upper()),
                'exp': now + 3600,
                'iat': now
            },
            cert,
            algorithm='RS256')
        body = {'files': list(map(lambda f: {'path': f}, files))}
        uri = 'https://{account}.{region}.snowflakecomputing.com/v1/data/pipes/{database}.{schema}.{pipe}/insertFiles'.format(
            account=self.account,
            region=self.region,
            pipe=pipe,
            database=database,
            schema=schema)
        if request_id is None:
            request_id = str(uuid.uuid4())
        params = {'requestId': request_id}

        headers = {
            'Authorization': 'Bearer {0}'.format(auth_token.decode('UTF-8')),
            'Accept': 'application/json',
            'Content-Type': 'application/json'
        }
        self.log.debug('executing pipe: {0}'.format(uri))
        self.log.debug('with headers {0}:'.format(headers))
        self.log.debug('with body: {0}'.format(body))
        resp = requests.post(uri,
                             data=json.dumps(body),
                             headers=headers,
                             params=params)
        if resp.status_code != 200:
            raise Exception(
                '''failed to execute pipe, exited with error {0}'''.format(
                    resp.text))
        self.log.info('pipe response: {0}'.format(resp.json()))
        return resp.json()
Beispiel #6
0
    def test_rsa_jwk_public_and_private_keys_should_parse_and_verify(self):
        algo = RSAAlgorithm(RSAAlgorithm.SHA256)

        with open(key_path("jwk_rsa_pub.json"), "r") as keyfile:
            pub_key = algo.from_jwk(keyfile.read())

        with open(key_path("jwk_rsa_key.json"), "r") as keyfile:
            priv_key = algo.from_jwk(keyfile.read())

        signature = algo.sign(force_bytes("Hello World!"), priv_key)
        assert algo.verify(force_bytes("Hello World!"), pub_key, signature)
Beispiel #7
0
    def test_ec_verify_should_return_false_if_signature_wrong_length(self):
        algo = ECAlgorithm(ECAlgorithm.SHA256)

        message = force_bytes("Hello World!")

        sig = base64.b64decode(force_bytes("AC+m4Jf/xI3guAC6w0w3"))

        with open(key_path("testkey_ec.pub"), "r") as keyfile:
            pub_key = algo.prepare_key(keyfile.read())

        result = algo.verify(message, pub_key, sig)
        assert not result
Beispiel #8
0
    def test_ed25519_verify_should_return_false_if_signature_invalid(self):
        algo = Ed25519Algorithm()

        jwt_message = self.hello_world
        jwt_sig = base64.b64decode(force_bytes(self.hello_world_sig))

        jwt_sig += force_bytes("123")  # Signature is now invalid

        with open(key_path("testkey_ed25519.pub")) as keyfile:
            jwt_pub_key = algo.prepare_key(keyfile.read())

        result = algo.verify(jwt_message, jwt_pub_key, jwt_sig)
        assert not result
Beispiel #9
0
    def test_ec_verify_should_return_true_if_signature_valid(self):
        algo = ECAlgorithm(ECAlgorithm.SHA256)

        jwt_message = force_bytes('Hello World!')

        jwt_sig = base64.b64decode(force_bytes(
            'AC+m4Jf/xI3guAC6w0w37t5zRpSCF6F4udEz5LiMiTIjCS4vcVe6dDOxK+M'
            'mvkF8PxJuvqxP2CO3TR3okDPCl/NjATTO1jE+qBZ966CRQSSzcCM+tzcHzw'
            'LZS5kbvKu0Acd/K6Ol2/W3B1NeV5F/gjvZn/jOwaLgWEUYsg0o4XVrAg65'))

        with open(key_path('testkey_ec.pub'), 'r') as keyfile:
            jwt_pub_key = algo.prepare_key(keyfile.read())

        result = algo.verify(jwt_message, jwt_pub_key, jwt_sig)
        assert result
Beispiel #10
0
    def test_ec_verify_should_return_false_if_signature_invalid(self):
        algo = ECAlgorithm(ECAlgorithm.SHA256)

        message = force_bytes('Hello World!')

        # Mess up the signature by replacing a known byte
        sig = base64.b64decode(force_bytes(
            'AC+m4Jf/xI3guAC6w0w37t5zRpSCF6F4udEz5LiMiTIjCS4vcVe6dDOxK+M'
            'mvkF8PxJuvqxP2CO3TR3okDPCl/NjATTO1jE+qBZ966CRQSSzcCM+tzcHzw'
            'LZS5kbvKu0Acd/K6Ol2/W3B1NeV5F/gjvZn/jOwaLgWEUYsg0o4XVrAg65'.replace('r', 's')))

        with open(key_path('testkey_ec.pub'), 'r') as keyfile:
            pub_key = algo.prepare_key(keyfile.read())

        result = algo.verify(message, pub_key, sig)
        assert not result
Beispiel #11
0
    def test_ec_verify_should_return_true_if_signature_valid(self):
        algo = ECAlgorithm(ECAlgorithm.SHA256)

        jwt_message = force_bytes("Hello World!")

        jwt_sig = base64.b64decode(
            force_bytes(
                "AC+m4Jf/xI3guAC6w0w37t5zRpSCF6F4udEz5LiMiTIjCS4vcVe6dDOxK+M"
                "mvkF8PxJuvqxP2CO3TR3okDPCl/NjATTO1jE+qBZ966CRQSSzcCM+tzcHzw"
                "LZS5kbvKu0Acd/K6Ol2/W3B1NeV5F/gjvZn/jOwaLgWEUYsg0o4XVrAg65"))

        with open(key_path("testkey_ec.pub")) as keyfile:
            jwt_pub_key = algo.prepare_key(keyfile.read())

        result = algo.verify(jwt_message, jwt_pub_key, jwt_sig)
        assert result
Beispiel #12
0
    def test_rsa_verify_should_return_true_if_signature_valid(self):
        algo = RSAAlgorithm(RSAAlgorithm.SHA256)

        jwt_message = force_bytes('Hello World!')

        jwt_sig = base64.b64decode(force_bytes(
            'yS6zk9DBkuGTtcBzLUzSpo9gGJxJFOGvUqN01iLhWHrzBQ9ZEz3+Ae38AXp'
            '10RWwscp42ySC85Z6zoN67yGkLNWnfmCZSEv+xqELGEvBJvciOKsrhiObUl'
            '2mveSc1oeO/2ujkGDkkkJ2epn0YliacVjZF5+/uDmImUfAAj8lzjnHlzYix'
            'sn5jGz1H07jYYbi9diixN8IUhXeTafwFg02IcONhum29V40Wu6O5tAKWlJX'
            'fHJnNUzAEUOXS0WahHVb57D30pcgIji9z923q90p5c7E2cU8V+E1qe8NdCA'
            'APCDzZZ9zQ/dgcMVaBrGrgimrcLbPjueOKFgSO+SSjIElKA=='))

        with open(key_path('testkey_rsa.pub'), 'r') as keyfile:
            jwt_pub_key = algo.prepare_key(keyfile.read())

        result = algo.verify(jwt_message, jwt_pub_key, jwt_sig)
        assert result
Beispiel #13
0
    def test_encode_decode_with_ecdsa_sha512(self, jws, payload):
        # PEM-formatted EC key
        with open('tests/keys/testkey_ec', 'r') as ec_priv_file:
            priv_eckey = load_pem_private_key(force_bytes(ec_priv_file.read()),
                                              password=None, backend=default_backend())
            jws_message = jws.encode(payload, priv_eckey, algorithm='ES521')

        with open('tests/keys/testkey_ec.pub', 'r') as ec_pub_file:
            pub_eckey = load_pem_public_key(force_bytes(ec_pub_file.read()), backend=default_backend())
            jws.decode(jws_message, pub_eckey)

        # string-formatted key
        with open('tests/keys/testkey_ec', 'r') as ec_priv_file:
            priv_eckey = ec_priv_file.read()
            jws_message = jws.encode(payload, priv_eckey, algorithm='ES521')

        with open('tests/keys/testkey_ec.pub', 'r') as ec_pub_file:
            pub_eckey = ec_pub_file.read()
            jws.decode(jws_message, pub_eckey)
Beispiel #14
0
    def test_rsa_verify_should_return_true_if_signature_valid(self):
        algo = RSAAlgorithm(RSAAlgorithm.SHA256)

        jwt_message = force_bytes('Hello World!')

        jwt_sig = base64.b64decode(
            force_bytes(
                'yS6zk9DBkuGTtcBzLUzSpo9gGJxJFOGvUqN01iLhWHrzBQ9ZEz3+Ae38AXp'
                '10RWwscp42ySC85Z6zoN67yGkLNWnfmCZSEv+xqELGEvBJvciOKsrhiObUl'
                '2mveSc1oeO/2ujkGDkkkJ2epn0YliacVjZF5+/uDmImUfAAj8lzjnHlzYix'
                'sn5jGz1H07jYYbi9diixN8IUhXeTafwFg02IcONhum29V40Wu6O5tAKWlJX'
                'fHJnNUzAEUOXS0WahHVb57D30pcgIji9z923q90p5c7E2cU8V+E1qe8NdCA'
                'APCDzZZ9zQ/dgcMVaBrGrgimrcLbPjueOKFgSO+SSjIElKA=='))

        with open(key_path('testkey_rsa.pub'), 'r') as keyfile:
            jwt_pub_key = algo.prepare_key(keyfile.read())

        result = algo.verify(jwt_message, jwt_pub_key, jwt_sig)
        assert result
Beispiel #15
0
    def test_encode_decode_with_ecdsa_sha512(self, jws, payload):
        # PEM-formatted EC key
        with open('tests/keys/testkey_ec', 'r') as ec_priv_file:
            priv_eckey = load_pem_private_key(force_bytes(ec_priv_file.read()),
                                              password=None, backend=default_backend())
            jws_message = jws.encode(payload, priv_eckey, algorithm='ES521')

        with open('tests/keys/testkey_ec.pub', 'r') as ec_pub_file:
            pub_eckey = load_pem_public_key(force_bytes(ec_pub_file.read()), backend=default_backend())
            jws.decode(jws_message, pub_eckey)

        # string-formatted key
        with open('tests/keys/testkey_ec', 'r') as ec_priv_file:
            priv_eckey = ec_priv_file.read()
            jws_message = jws.encode(payload, priv_eckey, algorithm='ES521')

        with open('tests/keys/testkey_ec.pub', 'r') as ec_pub_file:
            pub_eckey = ec_pub_file.read()
            jws.decode(jws_message, pub_eckey)
Beispiel #16
0
    def test_ec_jwk_public_and_private_keys_should_parse_and_verify(self):
        tests = {
            "P-256": ECAlgorithm.SHA256,
            "P-384": ECAlgorithm.SHA384,
            "P-521": ECAlgorithm.SHA512,
        }
        for (curve, hash) in tests.items():
            algo = ECAlgorithm(hash)

            with open(key_path("jwk_ec_pub_{}.json".format(curve)),
                      "r") as keyfile:
                pub_key = algo.from_jwk(keyfile.read())

            with open(key_path("jwk_ec_key_{}.json".format(curve)),
                      "r") as keyfile:
                priv_key = algo.from_jwk(keyfile.read())

            signature = algo.sign(force_bytes("Hello World!"), priv_key)
            assert algo.verify(force_bytes("Hello World!"), pub_key, signature)
Beispiel #17
0
    def test_ec_sign_should_generate_correct_signature_value(self):
        algo = ECAlgorithm(ECAlgorithm.SHA256)

        jwt_message = force_bytes('Hello World!')

        expected_sig = base64.b64decode(
            force_bytes(
                'AC+m4Jf/xI3guAC6w0w37t5zRpSCF6F4udEz5LiMiTIjCS4vcVe6dDOxK+M'
                'mvkF8PxJuvqxP2CO3TR3okDPCl/NjATTO1jE+qBZ966CRQSSzcCM+tzcHzw'
                'LZS5kbvKu0Acd/K6Ol2/W3B1NeV5F/gjvZn/jOwaLgWEUYsg0o4XVrAg65'))

        with open(key_path('testkey_ec'), 'r') as keyfile:
            jwt_key = algo.prepare_key(keyfile.read())

        with open(key_path('testkey_ec.pub'), 'r') as keyfile:
            jwt_pub_key = algo.prepare_key(keyfile.read())

        algo.sign(jwt_message, jwt_key)
        result = algo.verify(jwt_message, jwt_pub_key, expected_sig)
        assert result
Beispiel #18
0
    def test_encode_decode_with_rsa_sha512(self, jws, payload):
        # PEM-formatted RSA key
        with open('tests/keys/testkey_rsa', 'r') as rsa_priv_file:
            priv_rsakey = load_pem_private_key(force_bytes(rsa_priv_file.read()),
                                               password=None, backend=default_backend())
            jws_message = jws.encode(payload, priv_rsakey, algorithm='RS512')

        with open('tests/keys/testkey_rsa.pub', 'r') as rsa_pub_file:
            pub_rsakey = load_ssh_public_key(force_bytes(rsa_pub_file.read()),
                                             backend=default_backend())
            jws.decode(jws_message, pub_rsakey)

        # string-formatted key
        with open('tests/keys/testkey_rsa', 'r') as rsa_priv_file:
            priv_rsakey = rsa_priv_file.read()
            jws_message = jws.encode(payload, priv_rsakey, algorithm='RS512')

        with open('tests/keys/testkey_rsa.pub', 'r') as rsa_pub_file:
            pub_rsakey = rsa_pub_file.read()
            jws.decode(jws_message, pub_rsakey)
Beispiel #19
0
    def test_rsa_pss_verify_should_return_false_if_signature_invalid(self):
        algo = RSAPSSAlgorithm(RSAPSSAlgorithm.SHA256)

        jwt_message = force_bytes('Hello World!')

        jwt_sig = base64.b64decode(force_bytes(
            'ywKAUGRIDC//6X+tjvZA96yEtMqpOrSppCNfYI7NKyon3P7doud5v65oWNu'
            'vQsz0fzPGfF7mQFGo9Cm9Vn0nljm4G6PtqZRbz5fXNQBH9k10gq34AtM02c'
            '/cveqACQ8gF3zxWh6qr9jVqIpeMEaEBIkvqG954E0HT9s9ybHShgHX9mlWk'
            '186/LopP4xe5c/hxOQjwhv6yDlTiwJFiqjNCvj0GyBKsc4iECLGIIO+4mC4'
            'daOCWqbpZDuLb1imKpmm8Nsm56kAxijMLZnpCcnPgyb7CqG+B93W9GHglA5'
            'drUeR1gRtO7vqbZMsCAQ4bpjXxwbYyjQlEVuMl73UL6sOWg=='))

        jwt_sig += force_bytes('123')  # Signature is now invalid

        with open(key_path('testkey_rsa.pub'), 'r') as keyfile:
            jwt_pub_key = algo.prepare_key(keyfile.read())

        result = algo.verify(jwt_message, jwt_pub_key, jwt_sig)
        assert not result
Beispiel #20
0
    def test_encode_decode_with_rsa_sha512(self, jws, payload):
        # PEM-formatted RSA key
        with open('tests/keys/testkey_rsa', 'r') as rsa_priv_file:
            priv_rsakey = load_pem_private_key(force_bytes(rsa_priv_file.read()),
                                               password=None, backend=default_backend())
            jws_message = jws.encode(payload, priv_rsakey, algorithm='RS512')

        with open('tests/keys/testkey_rsa.pub', 'r') as rsa_pub_file:
            pub_rsakey = load_ssh_public_key(force_bytes(rsa_pub_file.read()),
                                             backend=default_backend())
            jws.decode(jws_message, pub_rsakey)

        # string-formatted key
        with open('tests/keys/testkey_rsa', 'r') as rsa_priv_file:
            priv_rsakey = rsa_priv_file.read()
            jws_message = jws.encode(payload, priv_rsakey, algorithm='RS512')

        with open('tests/keys/testkey_rsa.pub', 'r') as rsa_pub_file:
            pub_rsakey = rsa_pub_file.read()
            jws.decode(jws_message, pub_rsakey)
Beispiel #21
0
    def test_encode_decode_with_rsa_sha512(self, jws, payload):
        # PEM-formatted RSA key
        with open("tests/keys/testkey_rsa.priv", "r") as rsa_priv_file:
            priv_rsakey = load_pem_private_key(
                force_bytes(rsa_priv_file.read()),
                password=None,
            )
            jws_message = jws.encode(payload, priv_rsakey, algorithm="RS512")

        with open("tests/keys/testkey_rsa.pub", "r") as rsa_pub_file:
            pub_rsakey = load_ssh_public_key(force_bytes(rsa_pub_file.read()))
            jws.decode(jws_message, pub_rsakey, algorithms=["RS512"])

        # string-formatted key
        with open("tests/keys/testkey_rsa.priv", "r") as rsa_priv_file:
            priv_rsakey = rsa_priv_file.read()
            jws_message = jws.encode(payload, priv_rsakey, algorithm="RS512")

        with open("tests/keys/testkey_rsa.pub", "r") as rsa_pub_file:
            pub_rsakey = rsa_pub_file.read()
            jws.decode(jws_message, pub_rsakey, algorithms=["RS512"])
Beispiel #22
0
    def test_rsa_verify_should_return_false_if_signature_invalid(self):
        algo = RSAAlgorithm(RSAAlgorithm.SHA256)

        message = force_bytes("Hello World!")

        sig = base64.b64decode(
            force_bytes(
                "yS6zk9DBkuGTtcBzLUzSpo9gGJxJFOGvUqN01iLhWHrzBQ9ZEz3+Ae38AXp"
                "10RWwscp42ySC85Z6zoN67yGkLNWnfmCZSEv+xqELGEvBJvciOKsrhiObUl"
                "2mveSc1oeO/2ujkGDkkkJ2epn0YliacVjZF5+/uDmImUfAAj8lzjnHlzYix"
                "sn5jGz1H07jYYbi9diixN8IUhXeTafwFg02IcONhum29V40Wu6O5tAKWlJX"
                "fHJnNUzAEUOXS0WahHVb57D30pcgIji9z923q90p5c7E2cU8V+E1qe8NdCA"
                "APCDzZZ9zQ/dgcMVaBrGrgimrcLbPjueOKFgSO+SSjIElKA=="))

        sig += force_bytes("123")  # Signature is now invalid

        with open(key_path("testkey_rsa.pub"), "r") as keyfile:
            pub_key = algo.prepare_key(keyfile.read())

        result = algo.verify(message, pub_key, sig)
        assert not result
Beispiel #23
0
    def test_encode_decode_with_ecdsa_sha512(self, jws, payload):
        # PEM-formatted EC key
        with open("tests/keys/testkey_ec.priv", "r") as ec_priv_file:
            priv_eckey = load_pem_private_key(
                force_bytes(ec_priv_file.read()),
                password=None,
            )
            jws_message = jws.encode(payload, priv_eckey, algorithm="ES512")

        with open("tests/keys/testkey_ec.pub", "r") as ec_pub_file:
            pub_eckey = load_pem_public_key(force_bytes(ec_pub_file.read()))
            jws.decode(jws_message, pub_eckey, algorithms=["ES512"])

        # string-formatted key
        with open("tests/keys/testkey_ec.priv", "r") as ec_priv_file:
            priv_eckey = ec_priv_file.read()
            jws_message = jws.encode(payload, priv_eckey, algorithm="ES512")

        with open("tests/keys/testkey_ec.pub", "r") as ec_pub_file:
            pub_eckey = ec_pub_file.read()
            jws.decode(jws_message, pub_eckey, algorithms=["ES512"])
Beispiel #24
0
    def test_hmac_verify_should_return_true_for_test_vector(self):
        """
        This test verifies that HMAC verification works with a known good
        signature and key.

        Reference: https://tools.ietf.org/html/rfc7520#section-4.4
        """
        signing_input = force_bytes(
            "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LWVlZ"
            "jMxNGJjNzAzNyJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ"
            "29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIG"
            "lmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmc"
            "gd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4")

        signature = base64url_decode(
            force_bytes("s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"))

        algo = HMACAlgorithm(HMACAlgorithm.SHA256)
        key = algo.prepare_key(load_hmac_key())

        result = algo.verify(signing_input, key, signature)
        assert result
 def pipe_insert_report(self, pipe, database=None, schema=None):
     database = database or self.database
     schema = schema or self.schema
     if self.private_key_password:
         cert = load_pem_private_key(force_bytes(self.private_key),
                                     password=force_bytes(
                                         self.private_key_password),
                                     backend=default_backend())
     else:
         cert = load_pem_private_key(force_bytes(self.private_key),
                                     password=None,
                                     backend=default_backend())
     now = time.time()
     auth_token = jwt.encode(
         {
             'iss': '{0}.{1}'.format(self.account.upper(),
                                     self.user.upper()),
             'exp': now + 3600,
             'iat': now
         },
         cert,
         algorithm='RS256')
     uri = 'https://{account}.{region}.snowflakecomputing.com/v1/data/pipes/{database}.{schema}.{pipe}/insertReport'.format(
         account=self.account,
         region=self.region,
         pipe=pipe,
         database=database,
         schema=schema)
     headers = {
         'Authorization': 'Bearer {0}'.format(auth_token.decode('UTF-8')),
         'Accept': 'application/json',
         'Content-Type': 'application/json'
     }
     self.log.debug('executing pipe: {0}'.format(uri))
     self.log.debug('with headers {0}:'.format(headers))
     resp = requests.get(uri, headers=headers)
     self.log.info('pipe response: {0}'.format(resp.json()))
     return resp.json()
Beispiel #26
0
    def test_rsa_pss_sign_then_verify_should_return_true(self):
        algo = RSAPSSAlgorithm(RSAPSSAlgorithm.SHA256)

        message = force_bytes("Hello World!")

        with open(key_path("testkey_rsa.priv"), "r") as keyfile:
            priv_key = algo.prepare_key(keyfile.read())
            sig = algo.sign(message, priv_key)

        with open(key_path("testkey_rsa.pub"), "r") as keyfile:
            pub_key = algo.prepare_key(keyfile.read())

        result = algo.verify(message, pub_key, sig)
        assert result
Beispiel #27
0
def send_activation_email(req, user):
    current_site = get_current_site(req)
    message = render_to_string(
        'registration/account_activation_email.html', {
            'user': user,
            'domain': current_site.domain,
            'uid': urlsafe_base64_encode(force_bytes(str(
                user.pk))).decode("utf-8"),
            'token': account_activation_token.make_token(user),
        })
    send_mail('Please confirm your email address', message,
              settings.EMAIL_HOST_USER, [user.email])

    return 'Activation link email sent to user successfully'
Beispiel #28
0
    def test_ed25519_sign_should_generate_correct_signature_value(self):
        algo = Ed25519Algorithm()

        jwt_message = self.hello_world

        expected_sig = base64.b64decode(force_bytes(self.hello_world_sig))

        with open(key_path("testkey_ed25519")) as keyfile:
            jwt_key = algo.prepare_key(keyfile.read())

        with open(key_path("testkey_ed25519.pub")) as keyfile:
            jwt_pub_key = algo.prepare_key(keyfile.read())

        algo.sign(jwt_message, jwt_key)
        result = algo.verify(jwt_message, jwt_pub_key, expected_sig)
        assert result
Beispiel #29
0
def decode(token, keyfile, algo=None):
    """解析token
    token: token字符串
    keyfile: 公钥
    algo: 加密算法,默认RS256
          可用: RS256 RS384 RS512 ES256 ES384 ES521 ES512 PS256 PS384 PS512
    """
    if not token.strip():
        raise jwt.InvalidTokenError("empty token")

    if algo is None:
        algo = default_algo
    try:
        algo = ALGOMAP[algo]
    except:
        raise jwt.InvalidAlgorithmError(algo)
    key = algo.prepare_key(open(keyfile).read())
    print "6666666666666666666", key
    token_info = jwt.decode(force_bytes(token), key=key, verify=True)
    return token_info
Beispiel #30
0
    def test_custom_json_encoder(self, jws, payload):
        class CustomJSONEncoder(json.JSONEncoder):
            def default(self, o):
                if isinstance(o, Decimal):
                    return 'it worked'
                return super(CustomJSONEncoder, self).default(o)

        data = {'some_decimal': Decimal('2.2')}

        with pytest.raises(TypeError):
            jws.encode(payload, 'secret', headers=data)

        token = jws.encode(payload,
                           'secret',
                           headers=data,
                           json_encoder=CustomJSONEncoder)

        header = force_bytes(force_unicode(token).split('.')[0])
        header = json.loads(force_unicode(base64url_decode(header)))

        assert 'some_decimal' in header
        assert header['some_decimal'] == 'it worked'
Beispiel #31
0
    def test_custom_json_encoder(self, jws, payload):
        class CustomJSONEncoder(json.JSONEncoder):
            def default(self, o):
                if isinstance(o, Decimal):
                    return "it worked"
                return super(CustomJSONEncoder, self).default(o)

        data = {"some_decimal": Decimal("2.2")}

        with pytest.raises(TypeError):
            jws.encode(payload, "secret", headers=data)

        token = jws.encode(payload,
                           "secret",
                           headers=data,
                           json_encoder=CustomJSONEncoder)

        header = force_bytes(force_unicode(token).split(".")[0])
        header = json.loads(force_unicode(base64url_decode(header)))

        assert "some_decimal" in header
        assert header["some_decimal"] == "it worked"
Beispiel #32
0
    def test_custom_json_encoder(self, jws, payload):

        class CustomJSONEncoder(json.JSONEncoder):

            def default(self, o):
                if isinstance(o, Decimal):
                    return 'it worked'
                return super(CustomJSONEncoder, self).default(o)

        data = {
            'some_decimal': Decimal('2.2')
        }

        with pytest.raises(TypeError):
            jws.encode(payload, 'secret', headers=data)

        token = jws.encode(payload, 'secret', headers=data,
                           json_encoder=CustomJSONEncoder)

        header = force_bytes(force_unicode(token).split('.')[0])
        header = json.loads(force_unicode(base64url_decode(header)))

        assert 'some_decimal' in header
        assert header['some_decimal'] == 'it worked'
Beispiel #33
0
def payload():
    """ Creates a sample jws claimset for use as a payload during tests """
    return force_bytes('hello world')
Beispiel #34
0
def payload():
    """ Creates a sample jws claimset for use as a payload during tests """
    return force_bytes("hello world")
Beispiel #35
0
 def test_constant_time_compare_returns_true_if_same(self):
     assert constant_time_compare(
         force_bytes('abc'), force_bytes('abc')
     )
Beispiel #36
0
 def test_constant_time_compare_returns_false_if_totally_different(self):
     assert not constant_time_compare(
         force_bytes('abcd'), force_bytes('efgh')
     )
Beispiel #37
0
 def test_constant_time_compare_returns_false_if_diff_lengths(self):
     assert not constant_time_compare(
         force_bytes('abc'), force_bytes('abcd')
     )
Beispiel #38
0
def decode_value(val):
    decoded = base64url_decode(force_bytes(val))
    return int_from_bytes(decoded, 'big')
Beispiel #39
0
def decode_value(val):
    decoded = base64url_decode(force_bytes(val))
    return int_from_bytes(decoded, "big")
Beispiel #40
0
def load_hmac_key():
    with open(os.path.join(BASE_PATH, "jwk_hmac.json")) as infile:
        keyobj = json.load(infile)

    return base64url_decode(force_bytes(keyobj["k"]))
Beispiel #41
0
def test_force_bytes_raises_error_on_invalid_object():
    with pytest.raises(TypeError):
        force_bytes({})
Beispiel #42
0
def load_hmac_key():
    with open(os.path.join(BASE_PATH, 'jwk_hmac.json'), 'r') as infile:
        keyobj = json.load(infile)

    return base64url_decode(force_bytes(keyobj['k']))