def test_cmp_rsa_ec():
_key1 = RSAKey()
_key1.load_key(import_rsa_key_from_cert_file(CERT))
_key2 = ECKey(**ECKEY)
assert _key1 != _key2
def test_serialize_rsa_pub_key():
rsakey = RSAKey(key=import_public_rsa_key_from_file(full_path("rsa.pub")))
assert rsakey.d == ''
d_rsakey = rsakey.serialize(private=True)
restored_key = RSAKey(**d_rsakey)
assert restored_key == rsakey
def test_thumbprint_7638_example():
key = RSAKey(
n=
'0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw',
e='AQAB',
alg='RS256',
kid='2011-04-29')
thumbprint = key.thumbprint('SHA-256')
assert thumbprint == b'NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs'
def test_signer_ps384():
payload = "Please take a moment to register today"
_pkey = import_private_rsa_key_from_file(PRIV_KEY)
keys = [RSAKey(key=_pkey)]
# keys[0]._keytype = "private"
_jws = JWS(payload, alg="PS384")
_jwt = _jws.sign_compact(keys)
vkeys = [RSAKey(key=_pkey.public_key())]
_rj = JWS()
info = _rj.verify_compact(_jwt, vkeys)
assert info == payload
def test_signer_ps512():
payload = "Please take a moment to register today"
# Key has to be big enough > 512+512+2
_pkey = import_private_rsa_key_from_file(full_path("./size2048.key"))
keys = [RSAKey(key=_pkey)]
# keys[0]._keytype = "private"
_jws = JWS(payload, alg="PS512")
_jwt = _jws.sign_compact(keys)
vkeys = [RSAKey(key=_pkey.public_key())]
_rj = factory(_jwt)
info = _rj.verify_compact(_jwt, vkeys)
assert info == payload
def test_cmp_rsa():
_key1 = RSAKey()
_key1.load_key(import_rsa_key_from_cert_file(CERT))
_key2 = RSAKey()
_key2.load_key(import_rsa_key_from_cert_file(CERT))
assert _key1 == _key2
def test_signer_ps256_fail():
payload = "Please take a moment to register today"
_pkey = import_private_rsa_key_from_file(PRIV_KEY)
keys = [RSAKey(key=_pkey)]
# keys[0]._keytype = "private"
_jws = JWS(payload, alg="PS256")
_jwt = _jws.sign_compact(keys)[:-5] + 'abcde'
vkeys = [RSAKey(key=_pkey.public_key())]
_rj = JWS()
try:
_rj.verify_compact(_jwt, vkeys)
except cryptojwt.exception.BadSignature:
pass
else:
assert False
def test_pick_alg_dont_get_alg_from_single_key_if_already_specified():
expected_alg = "RS512"
_pkey = import_private_rsa_key_from_file(PRIV_KEY)
#keys = [RSAKey(key=_pkey, alg="RS256")]
vkeys = [RSAKey(key=_pkey.public_key())]
alg = JWS(alg=expected_alg)._pick_alg(vkeys)
assert alg == expected_alg
def test_dj_usage():
pkey = import_private_rsa_key_from_file(full_path("./size2048.key"))
payload = "Please take a moment to register today"
keys = [RSAKey(key=pkey)]
_jws = JWS(payload, alg='RS256')
sjwt = _jws.sign_compact(keys)
_jwt = factory(sjwt)
assert _jwt.jwt.headers['alg'] == 'RS256'
def test_rs256_rm_signature():
payload = "Please take a moment to register today"
_pkey = import_private_rsa_key_from_file(PRIV_KEY)
keys = [RSAKey(key=_pkey)]
# keys[0]._keytype = "private"
_jws = JWS(payload, alg="RS256")
_jwt = _jws.sign_compact(keys)
p = _jwt.split('.')
_jwt = '.'.join(p[:-1])
vkeys = [RSAKey(key=_pkey.public_key())]
_rj = JWS()
try:
_ = _rj.verify_compact(_jwt, vkeys)
except WrongNumberOfParts:
pass
else:
assert False
def test_serialize_rsa_priv_key():
rsakey = RSAKey(key=import_private_rsa_key_from_file(full_path("rsa.key")))
assert rsakey.d
d_rsakey = rsakey.serialize(private=True)
restored_key = RSAKey(**d_rsakey)
assert restored_key == rsakey
assert rsakey.is_private_key()
assert restored_key.is_private_key()
def test_rsa_pubkey_verify_x509_thumbprint():
cert = "MIID0jCCArqgAwIBAgIBSTANBgkqhkiG9w0BAQQFADCBiDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0JhdmF" \
"yaWExEzARBgNVBAoTCkJpb0lEIEdtYkgxLzAtBgNVBAMTJkJpb0lEIENsaWVudCBDZXJ0aWZpY2F0aW9uIE" \
"F1dGhvcml0eSAyMSEwHwYJKoZIhvcNAQkBFhJzZWN1cml0eUBiaW9pZC5jb20wHhcNMTUwNDE1MTQ1NjM4W" \
"hcNMTYwNDE0MTQ1NjM4WjBfMQswCQYDVQQGEwJERTETMBEGA1UEChMKQmlvSUQgR21iSDE7MDkGA1UEAxMy" \
"QmlvSUQgT3BlbklEIENvbm5lY3QgSWRlbnRpdHkgUHJvdmlkZXIgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb" \
"3DQEBAQUAA4IBDwAwggEKAoIBAQC9aFETmU6kDfMBPKM2OfI5eedO3XP12Ci0hDC99bdzUUIhDZG34PQqcH" \
"89gVWGthJv5w3kqpdSrxfPCFMsBdnyk1VCuXmLgXS8s4oBtt1c9iM0J8X6Z+5subS3Xje8fu55Csh0JXNfo" \
"y29rCY/O6y0fNignegg0KS4PHv5T+agFmaG4rxCQV9/kd8tlo/HTyVPsuSPDgsXxisIVqur9aujYwdCoAZU" \
"8OU+5ccMLNIhpWJn+xNjgDRr4L9nxAYKc9vy+f7EoH3LT24B71zazZsQ78vpocz98UT/7vdgS/IYXFniPuU" \
"fblja7cq31bUoySDx6FYrtfCSUxNhaZSX8mppAgMBAAGjbzBtMAkGA1UdEwQCMAAwHQYDVR0OBBYEFOfg3f" \
"/ewBLK5SkcBEXusD62OlzaMB8GA1UdIwQYMBaAFCQmdD+nVcVLaKt3vu73XyNgpPEpMAsGA1UdDwQEAwIDi" \
"DATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQQFAAOCAQEAKQjhcL/iGhy0549hEHRQArJXs1im" \
"7W244yE+TSChdMWKe2eWvEhc9wX1aVV2mNJM1ZNeYSgfoK6jjuXaHiSaIJEUcW1wVM3rDywi2a9GKzOFgrW" \
"pVbpXQ05LSE7qEEWRmSpIMyKTitUalNpNA6cOML5hiuUTfZbw7OvPwbnbSYYL674gEA2sW5AhPiCr9dVnMn" \
"/UK2II40802zdXUOvIxWeXpcsCxxZMjp/Ir2jIZWOEjlAXQVGr2oBfL/be/o5WXpaqWSfPRBZV8htRIf0vT" \
"lGx7xR8FPWDYmcj4o/tKoNC1AchjOnCwwE/mj4hgtoAsHNmYXF0oZXk7cozqYDqKQ=="
rsa_key = RSAKey(x5c=[cert], x5t="KvHXVspLmjWC6cPDIIVMHlJjN-c")
assert rsa_key.key
with pytest.raises(DeSerializationNotPossible):
RSAKey(x5c=[cert], x5t="abcdefgh") # incorrect thumbprint
def test_kspec():
_ckey = import_rsa_key_from_cert_file(CERT)
_key = RSAKey()
_key.load_key(_ckey)
jwk = _key.serialize()
assert jwk["kty"] == "RSA"
assert jwk["e"] == JWK["keys"][0]["e"]
assert jwk["n"] == JWK["keys"][0]["n"]
assert not _key.is_private_key()
def test_encrypt_decrypt_rsa_cbc():
_key = RSAKey(key=pub_key)
_key._keytype = "public"
_jwe0 = JWE(plain, alg="RSA1_5", enc="A128CBC-HS256")
jwt = _jwe0.encrypt([_key])
_jwe1 = factory(jwt)
_dkey = RSAKey(key=priv_key)
_dkey._keytype = "private"
msg = _jwe1.decrypt(jwt, [_dkey])
assert msg == plain
def test_extract_rsa_from_cert_2():
_ckey = import_rsa_key_from_cert_file(CERT)
_key = RSAKey()
_key.load_key(_ckey)
assert _ckey.public_numbers().n == base64_to_long(_key.n)
def test_verify_2():
_key = RSAKey()
_key.load_key(import_rsa_key_from_cert_file(CERT))
assert _key.verify()
def test_rsa_with_kid():
encryption_keys = [RSAKey(use="enc", key=pub_key, kid="some-key-id")]
jwe = JWE("some content", alg="RSA-OAEP", enc="A256CBC-HS512")
jwe.encrypt(keys=encryption_keys, kid="some-key-id")
__author__ = 'Roland Hedberg'
ALICE = 'https://example.org/alice'
BOB = 'https://example.com/bob'
BASEDIR = os.path.abspath(os.path.dirname(__file__))
def full_path(local_file):
return os.path.join(BASEDIR, local_file)
k1 = import_private_rsa_key_from_file(full_path('rsa.key'))
k2 = import_private_rsa_key_from_file(full_path('size2048.key'))
ALICE_KEYS = [
RSAKey(use='sig', kid='1').load_key(k1),
RSAKey(use='enc', kid='2').load_key(k2)
]
ALICE_PUB_KEYS = [
RSAKey(use='sig', kid='1').load_key(k1.public_key()),
RSAKey(use='enc', kid='2').load_key(k2.public_key())
]
k3 = import_private_rsa_key_from_file(full_path('server.key'))
BOB_KEYS = [RSAKey(use='enc', kid='3').load_key(k3)]
BOB_PUB_KEYS = [RSAKey(use='enc', kid='3').load_key(k3.public_key())]
def _eq(l1, l2):
return set(l1) == set(l2)
