def test_client_secret_jwt(self, client):
_ci = client.client_info
_ci.token_endpoint = "https://example.com/token"
_ci.provider_info = {
'issuer': 'https://example.com/',
'token_endpoint': "https://example.com/token"
}
csj = ClientSecretJWT()
request = AccessTokenRequest()
csj.construct(request,
cli_info=client.client_info,
algorithm="HS256",
authn_endpoint='userinfo')
assert request["client_assertion_type"] == JWT_BEARER
assert "client_assertion" in request
cas = request["client_assertion"]
_skey = [SYMKey(k=b64e(as_bytes(_ci.client_secret)), use='sig')]
jso = JWT(rec_keys={client.client_id: _skey}).unpack(cas)
assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
_rj = JWS()
info = _rj.verify_compact(
cas, [SYMKey(k=b64e(as_bytes(_ci.client_secret)))])
assert _eq(info.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
assert info['aud'] == [_ci.provider_info['issuer']]
def test_jws_1():
msg = {"iss": "joe", "exp": 1300819380, "http://example.com/is_root": True}
key = SYMKey(key=cryptojwt.intarr2bin(HMAC_KEY))
_jws = JWS(msg, cty="JWT", alg="HS256", jwk=key.serialize())
res = _jws.sign_compact()
_jws2 = JWS(alg="HS256")
_jws2.verify_compact(res, keys=[key])
assert _jws2.msg == msg
def test_a_1_3b():
_jwt = ("eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJl"
"eHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0c"
"nVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk")
keys = [SYMKey(key=cryptojwt.intarr2bin(HMAC_KEY))]
_jws2 = JWS()
_jws2.verify_compact(_jwt, keys)
def test_hmac_512():
payload = "Please take a moment to register today"
keys = [SYMKey(key=b'My hollow echo', alg="HS512")]
_jws = JWS(payload, alg="HS512")
_jwt = _jws.sign_compact(keys)
_rj = JWS()
info = _rj.verify_compact(_jwt, keys)
assert info == payload
def test_hmac_256():
payload = 'Please take a moment to register today'
keys = [SYMKey(key=cryptojwt.intarr2bin(HMAC_KEY))]
_jws = JWS(payload, alg="HS256")
_jwt = _jws.sign_compact(keys)
info = JWS().verify_compact(_jwt, keys)
assert info == payload
def test_jwt_pack_unpack_sym():
_sym_key = SYMKey(key='hemligt ord', use='sig')
alice = JWT(own_keys=[_sym_key], iss=ALICE, sign_alg="HS256")
payload = {'sub': 'sub2'}
_jwt = alice.pack(payload=payload)
bob = JWT(own_keys=None, iss=BOB, rec_keys={ALICE: [_sym_key]})
info = bob.unpack(_jwt)
assert info
def test_sym_encrypt_decrypt():
encryption_key = SYMKey(use="enc",
key='DukeofHazardpass',
kid="some-key-id")
jwe = JWE_SYM("some content", alg="A128KW", enc="A128CBC-HS256")
_jwe = jwe.encrypt(key=encryption_key, kid="some-key-id")
jwdec = JWE_SYM()
resp = jwdec.decrypt(_jwe, encryption_key)
assert resp == b'some content'
def test_get_key():
ec_key = generate_private_key(NIST2SEC['P-256'], default_backend())
asym_private_key = ECKey(key=ec_key)
asym_public_key = ECKey(key=asym_private_key.key.public_key())
sym_key = SYMKey(key='mekmitasdigoat', kid='xyzzy')
asym_private_key.get_key(private=True)
asym_private_key.get_key(private=False)
with pytest.raises(ValueError):
asym_public_key.get_key(private=True)
asym_public_key.get_key(private=False)
sym_key.get_key(private=True)
sym_key.get_key(private=False)
def test_pick_alg_assume_alg_from_single_key():
expected_alg = "HS256"
keys = [SYMKey(k="foobar", alg=expected_alg)]
alg = JWS()._pick_alg(keys)
assert alg == expected_alg
def test_encryption_key():
sk = SYMKey(key='df34db91c16613deba460752522d28f6ebc8a73d0d9185836270c26b')
_enc = sk.encryption_key(alg='A128KW')
_v = as_unicode(b64e(_enc))
assert _v == 'xCo9VhtommCTGMWi-RyWBw'
sk = SYMKey(key='df34db91c16613deba460752522d28f6ebc8a73d0d9185836270c26b')
_enc = sk.encryption_key(alg='A192KW')
_v = as_unicode(b64e(_enc))
assert _v == 'xCo9VhtommCTGMWi-RyWB14GQqHAGC86'
sk = SYMKey(key='df34db91c16613deba460752522d28f6ebc8a73d0d9185836270c26b')
_enc = sk.encryption_key(alg='A256KW')
_v = as_unicode(b64e(_enc))
assert _v == 'xCo9VhtommCTGMWi-RyWB14GQqHAGC86vweU_Pi62X8'
ek = sha256_digest(
'YzE0MjgzNmRlODI5Yzg2MGYyZTRjNGE0NTZlMzBkZDRiNzJkNDA5MzUzNjM0ODkzM2E2MDk3ZWY'
)[:16]
assert as_unicode(b64e(ek)) == 'yf_UUkAFZ8Pn_prxPPgu9w'
sk = SYMKey(
key=
'YzE0MjgzNmRlODI5Yzg2MGYyZTRjNGE0NTZlMzBkZDRiNzJkNDA5MzUzNjM0ODkzM2E2MDk3ZWY'
)
_enc = sk.encryption_key(alg='A128KW')
_v = as_unicode(b64e(_enc))
assert _v == as_unicode(b64e(ek))