def test_extend_incorrect_number_of_headers(self):
jws = jwts.make_jws({'a': 1}, self.keypairs[:2])
with self.assertRaises(exceptions.KeyHeaderMismatch):
jwts.extend_jws_signatures(jws,
self.keypairs[0],
multiple_sig_headers=[{
'z': 0
}, {
'z': 99
}])
def test_extend_jws_signatures_from_jwt(self):
jwt = jwts.make_jwt({"a": 1}, self.keypairs[0])
jws = jwts.extend_jws_signatures(jwt, self.keypairs[1:],
self.keypairs[0].identity)
verified_msg = jwts.verify_jws(jws, self.keypairs)
self.assertIsInstance(verified_msg, dict)
def test_extend_jws_signatures_from_jwt_single_key(self):
jwt = jwts.make_jwt({'a': 1}, self.keypairs[0])
jws = jwts.extend_jws_signatures(jwt, self.keypairs[1],
self.keypairs[1].identity)
verified_msg = jwts.verify_jws(jws, self.keypairs[:2])
self.assertIsInstance(verified_msg, dict)
def test_extend_jws_signatures_from_jwt(self):
jwt = jwts.make_jwt({"a": 1}, self.keypairs[0])
jws = jwts.extend_jws_signatures(jwt,
self.keypairs[1:],
self.keypairs[0].identity)
verified_msg = jwts.verify_jws(jws, self.keypairs)
self.assertIsInstance(verified_msg, dict)
def test_extend_jws_signatures_from_jwt_single_key(self):
jwt = jwts.make_jwt({'a': 1}, self.keypairs[0])
jws = jwts.extend_jws_signatures(jwt,
self.keypairs[1],
self.keypairs[1].identity)
verified_msg = jwts.verify_jws(jws, self.keypairs[:2])
self.assertIsInstance(verified_msg, dict)
def test_extend_jws_signatures_from_jws_without_1_sidx(self):
jws = self.JWS_MISSING_1_SIGNATURE_INDEXES
jws = jwts.extend_jws_signatures(jws, self.keypairs[2:])
kids = jwts.get_jws_key_ids(jws, ordered=True)
self.assertIsInstance(kids, list)
for params in kids:
self.assertIn('kid', params)
self.assertIn('kids', params)
self.assertIn('sidxs', params)
def test_extend_jws_signatures_from_jwt_no_kid(self):
keypair = service.create_secret_key()
kid = str(uuid.uuid4())
jwt = jwts.make_jwt({'a': 1}, keypair)
jws = jwts.extend_jws_signatures(jwt, self.keypairs, kid)
keypair.identity = kid
keypairs = self.keypairs + [keypair]
jwts.verify_jws(jws, keypairs).should.be.a(dict)
def test_extend_jws_signatures_from_jwt_no_kid(self):
keypair = service.create_secret_key()
kid = str(uuid.uuid4())
jwt = jwts.make_jwt({'a': 1}, keypair)
jws = jwts.extend_jws_signatures(jwt, self.keypairs, kid)
keypair.identity = kid
keypairs = self.keypairs + [keypair]
verified_msg = jwts.verify_jws(jws, keypairs)
self.assertIsInstance(verified_msg, dict)
def test_extend_jws_signatures_from_jwt_no_kid(self):
keypair = service.create_secret_key()
kid = str(uuid.uuid4())
jwt = jwts.make_jwt({'a': 1}, keypair)
jws = jwts.extend_jws_signatures(jwt, self.keypairs, kid)
keypair.identity = kid
keypairs = self.keypairs + [keypair]
verified_msg = jwts.verify_jws(jws, keypairs)
self.assertIsInstance(verified_msg, dict)
def _handle_auth_endpoint(headers=None, data=None):
logger.debug('data=%s', data)
try:
oneid_key = keychain.Keypair.from_secret_pem(
key_bytes=TestSession.oneid_key_bytes, )
oneid_key.identity = 'oneID'
jwts.verify_jws(data)
jws = jwts.extend_jws_signatures(data, oneid_key)
logger.debug('jws=%s', jws)
return MockResponse(jws, 200)
except InvalidSignature:
logger.debug('invalid signature', exc_info=True)
return MockResponse('Forbidden', 403)
return MockResponse('Internal Server Error', 500)
def test_extend_jws_signatures_from_jwt_single_key(self):
jwt = jwts.make_jwt({'a': 1}, self.keypairs[0])
jws = jwts.extend_jws_signatures(jwt, self.keypairs[1], self.keypairs[1].identity)
jwts.verify_jws(jws, self.keypairs[:2]).should.be.a(dict)
def test_extend_jws_signatures_from_jws_multiple_without_sidx(self):
jws = self.JWS_MISSING_2_SIGNATURE_INDEXES
jws = jwts.extend_jws_signatures(jws, self.keypairs[2:])
headers = jwts.get_jws_headers(jws)
indexes = list(filter(None, [h.get('sidx', None) for h in headers]))
self.assertEqual(len(indexes), 0)
def test_extend_jws_signatures_from_jws(self):
jws = jwts.make_jws({'a': 1}, self.keypairs[:2])
jws = jwts.extend_jws_signatures(jws, self.keypairs[2:])
verified_msg = jwts.verify_jws(jws, self.keypairs)
self.assertIsInstance(verified_msg, dict)
def test_extend_jws_missing_keypair_identity(self):
keypair = service.create_secret_key()
jws = jwts.make_jws({'a': 1}, self.keypairs[0])
with self.assertRaises(exceptions.InvalidKeyError):
jwts.extend_jws_signatures(jws, keypair)
def test_extend_jws_signatures_from_jws(self):
jws = jwts.make_jws({'a': 1}, self.keypairs[:2])
jws = jwts.extend_jws_signatures(jws, self.keypairs[2:])
verified_msg = jwts.verify_jws(jws, self.keypairs)
self.assertIsInstance(verified_msg, dict)
def test_extend_jws_missing_keypair_identity(self):
keypair = service.create_secret_key()
jws = jwts.make_jws({'a': 1}, self.keypairs[0])
with self.assertRaises(exceptions.InvalidKeyError):
jwts.extend_jws_signatures(jws, keypair)
def test_extend_jws_signatures_from_jws(self):
jws = jwts.make_jws({'a': 1}, self.keypairs[:2])
jws = jwts.extend_jws_signatures(jws, self.keypairs[2:])
jwts.verify_jws(jws, self.keypairs).should.be.a(dict)
