Beispiel #1
0
def test_key_export():
    kj = KeyJar()
    url = key_export(
        "http://example.com/keys/",
        "outbound",
        "secret",
        keyjar=kj,
        sig={
            "alg": "rsa",
            "format": ["x509", "jwk"]
        },
    )

    assert url == "http://example.com/keys/outbound/jwks"

    # Now a jwks should reside in './keys/outbound/jwks'

    kb = KeyBundle(source="file://./keys/outbound/jwks")

    # One key
    assert len(kb) == 1
    # more specifically one RSA key
    assert len(kb.get("RSA")) == 1
    k = kb.get("RSA")[0]
    # For signing
    assert k.use == "sig"
Beispiel #2
0
def test_chain_1():
    kc = KeyBundle([{"kty": "oct", "key": "supersecret", "use": "sig"}])
    assert len(kc.get("oct")) == 1
    assert len(kc.get("rsa")) == 0
    assert kc.remote is False
    assert kc.source is None

    kc.update()  # Nothing should happen
    assert len(kc.get("oct")) == 1
    assert len(kc.get("rsa")) == 0
    assert kc.remote is False
    assert kc.source is None
Beispiel #3
0
    def test_update(self):
        kc = KeyBundle([{"kty": "oct", "key": "supersecret", "use": "sig"}])
        assert len(kc.get("oct")) == 1
        assert len(kc.get("rsa")) == 0
        assert kc.remote is False
        assert kc.source is None

        kc.update()  # Nothing should happen
        assert len(kc.get("oct")) == 1
        assert len(kc.get("rsa")) == 0
        assert kc.remote is False
        assert kc.source is None
Beispiel #4
0
def test_chain_1():
    kc = KeyBundle({"hmac": "supersecret"}, usage="sig")
    assert len(kc.get("hmac")) == 1
    assert len(kc.get("rsa")) == 0
    assert kc.usage == ["sig"]
    assert kc.remote == False
    assert kc.source is None

    kc.update() # Nothing should happen
    assert len(kc.get("hmac")) == 1
    assert len(kc.get("rsa")) == 0
    assert kc.usage == ["sig"]
    assert kc.remote == False
    assert kc.source is None
Beispiel #5
0
def test_key_export():
    kj = KeyJar()
    url = key_export("http://example.com/keys/", "outbound", "secret",
                     keyjar=kj, sig={"alg": "rsa", "format": ["x509", "jwk"]})

    assert url == "http://example.com/keys/outbound/jwks"

    # Now a jwks should reside in './keys/outbound/jwks'

    kb = KeyBundle(source='file://./keys/outbound/jwks')

    # One key
    assert len(kb) == 1
    # more specifically one RSA key
    assert len(kb.get('RSA')) == 1
    k = kb.get('RSA')[0]
    # For signing
    assert k.use == 'sig'
Beispiel #6
0
def test_chain_3():
    kc = KeyBundle(source="file://../oc3/certs/server.crt", type="rsa",
                  src_type="x509", usage=["sig", "enc"])
    assert kc.usage == ["sig", "enc"]
    assert kc.remote == False
    assert kc.source == "../oc3/certs/server.crt"
    assert len(kc.get("hmac")) == 0
    assert len(kc.get("rsa")) == 1

    key = kc.get("rsa")[0]
    assert isinstance(key, M2Crypto.RSA.RSA)

    kc.update()
    assert kc.usage == ["sig", "enc"]
    assert kc.remote == False
    assert kc.source == "../oc3/certs/server.crt"
    assert len(kc.get("hmac")) == 0
    assert len(kc.get("rsa")) == 1

    key = kc.get("rsa")[0]
    assert isinstance(key, M2Crypto.RSA.RSA)
Beispiel #7
0
def test_chain_2():
    kc = KeyBundle(source="file://../oc3/certs/mycert.key", type="rsa",
                  usage=["ver", "sig"])
    assert kc.usage == ["ver", "sig"]
    assert kc.remote == False
    assert kc.source == "../oc3/certs/mycert.key"
    assert len(kc.get("hmac")) == 0
    assert len(kc.get("rsa")) == 1

    key = kc.get("rsa")[0]
    assert isinstance(key, M2Crypto.RSA.RSA)

    kc.update()
    assert kc.usage == ["ver", "sig"]
    assert kc.remote == False
    assert kc.source == "../oc3/certs/mycert.key"
    assert len(kc.get("hmac")) == 0
    assert len(kc.get("rsa")) == 1

    key = kc.get("rsa")[0]
    assert isinstance(key, M2Crypto.RSA.RSA)
Beispiel #8
0
REGREQ = RegistrationRequest(contacts=["*****@*****.**"],
                             redirect_uris=["http://example.org/jqauthz"],
                             application_name="pacubar",
                             client_id=CLIENT_ID,
                             operation="register",
                             application_type="web")

RSREQ = RefreshSessionRequest(id_token="id_token",
                              redirect_url="http://example.com/authz",
                              state="state0")

#key, type, usage, owner="."

alg = "HS256"
ktype = alg2keytype(alg)
keys = KC_SYM_S.get(ktype)
CSREQ = CheckSessionRequest(
    id_token=IDTOKEN.to_jwt(key=keys, algorithm="HS256"))

ESREQ = EndSessionRequest(id_token=IDTOKEN.to_jwt(key=keys, algorithm="HS256"),
                          redirect_url="http://example.org/jqauthz",
                          state="state0")

UINFO = Claims(name={"essential": True},
               nickname=None,
               email={"essential": True},
               email_verified={"essential": True},
               picture=None)

IDT2 = Claims(auth_time={
    "essential": True,
Beispiel #9
0
UIREQ = UserInfoRequest(access_token="access_token")

REGREQ = RegistrationRequest(contacts=["*****@*****.**"],
                             redirect_uris=["http://example.org/jqauthz"],
                             application_name="pacubar", client_id=CLIENT_ID,
                             operation="register", application_type="web")

RSREQ = RefreshSessionRequest(id_token="id_token",
                              redirect_url="http://example.com/authz",
                              state="state0")

#key, type, usage, owner="."

alg = "HS256"
ktype = alg2keytype(alg)
keys = KC_SYM_S.get(ktype)
CSREQ = CheckSessionRequest(id_token=IDTOKEN.to_jwt(key=keys,
                                                    algorithm="HS256"))

ESREQ = EndSessionRequest(id_token=IDTOKEN.to_jwt(key=keys,
                                                  algorithm="HS256"),
                          redirect_url="http://example.org/jqauthz",
                          state="state0")

UINFO = Claims(name={"essential": True}, nickname=None,
               email={"essential": True},
               email_verified={"essential": True}, picture=None)

IDT2 = Claims(auth_time={"essential": True,
                         "acr": {"values": ["urn:mace:incommon:iap:silver"]}})
Beispiel #10
0
from oic.utils.keyio import KeyBundle, key_eq

__author__ = 'rolandh'

jwk_url = ["https://connect.openid4.us/connect4us.jwk", # edmund
       "https://connect-op.heroku.com/jwk.json"]    # nov

x509_url = ["https://connect-op.heroku.com/cert.pem"]

kc0 = KeyBundle(source=jwk_url[1], src_type="jwk", type="rsa", usage=["sig", "enc"])

kc1 = KeyBundle(source=x509_url[0], src_type="x509", type="rsa", usage=["sig", "enc"])

kc0.update()

print kc0

kc1.update()

print kc1

print key_eq(kc0.get("rsa")[0], kc1.get("rsa")[0])