def test_get_public_key(self, private_key):
key = RSAKey(private_key, ALGORITHMS.RS256)
public_key = key.public_key()
public_key2 = public_key.public_key()
assert public_key.is_public()
assert public_key2.is_public()
assert public_key == public_key2
def test_get_public_key(self, private_key):
key = RSAKey(private_key, ALGORITHMS.RS256)
public_key = key.public_key()
public_key2 = public_key.public_key()
assert public_key.is_public()
assert public_key2.is_public()
assert public_key == public_key2
def test_RSAKey_errors(self):
rsa_key = {
"kty": "RSA",
"kid": "*****@*****.**",
"use": "sig",
"n":
"n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw",
"e": "AQAB"
}
with pytest.raises(JWKError):
key = RSAKey(rsa_key, 'HS256')
rsa_key = {
"kty": "oct",
"kid": "*****@*****.**",
"use": "sig",
"n":
"n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw",
"e": "AQAB"
}
with pytest.raises(JWKError):
key = RSAKey(rsa_key, 'RS256') # noqa: F841
def test_to_pem(self, pkey):
key = RSAKey(pkey, ALGORITHMS.RS256)
assert key.to_pem(pem_format='PKCS1').strip() == pkey.strip()
pkcs8 = key.to_pem(pem_format='PKCS8').strip()
assert pkcs8 != pkey.strip()
newkey = RSAKey(pkcs8, ALGORITHMS.RS256)
assert newkey.to_pem(pem_format='PKCS1').strip() == pkey.strip()
def test_RSA_jwk(self):
key = {
"kty": "RSA",
"n":
"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
"e": "AQAB",
}
assert RSAKey(key, ALGORITHMS.RS256).is_public()
key = {
"kty":
"RSA",
"kid":
"*****@*****.**",
"use":
"sig",
"n":
"n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw",
"e":
"AQAB",
"d":
"bWUC9B-EFRIo8kpGfh0ZuyGPvMNKvYWNtB_ikiH9k20eT-O1q_I78eiZkpXxXQ0UTEs2LsNRS-8uJbvQ-A1irkwMSMkK1J3XTGgdrhCku9gRldY7sNA_AKZGh-Q661_42rINLRCe8W-nZ34ui_qOfkLnK9QWDDqpaIsA-bMwWWSDFu2MUBYwkHTMEzLYGqOe04noqeq1hExBTHBOBdkMXiuFhUq1BU6l-DqEiWxqg82sXt2h-LMnT3046AOYJoRioz75tSUQfGCshWTBnP5uDjd18kKhyv07lhfSJdrPdM5Plyl21hsFf4L_mHCuoFau7gdsPfHPxxjVOcOpBrQzwQ",
"p":
"3Slxg_DwTXJcb6095RoXygQCAZ5RnAvZlno1yhHtnUex_fp7AZ_9nRaO7HX_-SFfGQeutao2TDjDAWU4Vupk8rw9JR0AzZ0N2fvuIAmr_WCsmGpeNqQnev1T7IyEsnh8UMt-n5CafhkikzhEsrmndH6LxOrvRJlsPp6Zv8bUq0k",
"q":
"uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs6grT8bR_cu0Dm1MZwWmtdqDyI95HrUeq3MP15vMMON8lHTeZu2lmKvwqW7anV5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxHlSqAZ192zB3pVFJ0s7pFc",
"dp":
"B8PVvXkvJrj2L-GYQ7v3y9r6Kw5g9SahXBwsWUzp19TVlgI-YV85q1NIb1rxQtD-IsXXR3-TanevuRPRt5OBOdiMGQp8pbt26gljYfKU_E9xn-RULHz0-ed9E9gXLKD4VGngpz-PfQ_q29pk5xWHoJp009Qf1HvChixRX 59ehik",
"dq":
"CLDmDGduhylc9o7r84rEUVn7pzQ6PF83Y-iBZx5NT-TpnOZKF1pErAMVeKzFEl41DlHHqqBLSM0W1sOFbwTxYWZDm6sI6og5iTbwQGIC3gnJKbi_7k_vJgGHwHxgPaX2PnvP-zyEkDERuf-ry4c_Z11Cq9AqC2yeL6kdKT1cYF8",
"qi":
"3PiqvXQN0zwMeE-sBvZgi289XP9XCQF3VWqPzMKnIgQp7_Tugo6-NZBKCQsMf3HaEGBjTVJs_jcK8-TRXvaKe-7ZMaQj8VfBdYkssbu0NKDDhjJ-GtiseaDVWt7dcH0cfwxgFUHpQh7FoCrjFJ6h6ZEpMF6xmujs4qMpPz8aaI4"
}
assert not RSAKey(key, ALGORITHMS.RS256).is_public()
del key['p']
# Some but not all extra parameters are present
with pytest.raises(JWKError):
RSAKey(key, ALGORITHMS.RS256)
del key['q']
del key['dp']
del key['dq']
del key['qi']
# None of the extra parameters are present, but 'key' is still private.
assert not RSAKey(key, ALGORITHMS.RS256).is_public()
def test_invalid_hash_alg(self):
with pytest.raises(JWKError):
key = HMACKey(hmac_key, 'RS512')
with pytest.raises(JWKError):
key = RSAKey(rsa_key, 'HS512')
with pytest.raises(JWKError):
key = ECKey(ec_key, 'RS512') # noqa: F841
def test_invalid_jwk(self):
with pytest.raises(JWKError):
key = HMACKey(rsa_key, 'HS256')
with pytest.raises(JWKError):
key = RSAKey(hmac_key, 'RS256')
with pytest.raises(JWKError):
key = ECKey(rsa_key, 'ES256') # noqa: F841
def test_to_pem(self, pkey):
key = RSAKey(pkey, ALGORITHMS.RS256)
assert key.to_pem(pem_format='PKCS1').strip() == pkey.strip()
pkcs8 = key.to_pem(pem_format='PKCS8').strip()
assert pkcs8 != pkey.strip()
newkey = RSAKey(pkcs8, ALGORITHMS.RS256)
assert newkey.to_pem(pem_format='PKCS1').strip() == pkey.strip()
def assert_roundtrip(self, key):
assert RSAKey(
key.to_dict(),
ALGORITHMS.RS256
).to_dict() == key.to_dict()
def test_invalid_algorithm(self):
with pytest.raises(JWKError):
RSAKey(private_key_4096_pkcs1, ALGORITHMS.ES256)
with pytest.raises(JWKError):
RSAKey({'kty': 'bla'}, ALGORITHMS.RS256)
def test_bad_cert(self,):
key = '-----BEGIN CERTIFICATE-----'
with pytest.raises(JOSEError):
RSAKey(key, ALGORITHMS.RS256)
def test_object(self):
key = object()
with pytest.raises(JOSEError):
RSAKey(key, ALGORITHMS.RS256)
def test_RSA_key(self):
assert not RSAKey(private_key_4096_pkcs1, ALGORITHMS.RS256).is_public()
def test_to_dict(self, private_key):
key = RSAKey(private_key, ALGORITHMS.RS256)
self.assert_parameters(key.to_dict(), private=True)
self.assert_parameters(key.public_key().to_dict(), private=False)
self.assert_roundtrip(key)
self.assert_roundtrip(key.public_key())
def test_to_dict(self, private_key):
key = RSAKey(private_key, ALGORITHMS.RS256)
self.assert_parameters(key.to_dict(), private=True)
self.assert_parameters(key.public_key().to_dict(), private=False)
self.assert_roundtrip(key)
self.assert_roundtrip(key.public_key())
from jose import jws, jwt
private_key = rsa.generate_private_key(public_exponent=65537,
key_size=2048,
backend=default_backend())
pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption())
pem = str(pem, 'utf-8')
public_key = private_key.public_key()
rsakey = RSAKey(public_key, ALGORITHMS.RS256)
print(rsakey.to_dict())
tomorrow = datetime.now() + timedelta(days=1)
tomorrow_in_seconds = tomorrow.timestamp()
payload = {
"sub": "a3bc91e1-dd79-433c-a3be-d5fe5ad5c608",
"email_verified": False,
"iss": "https://cognito-idp.us-east-2.amazonaws.com/us-east-2_rBDyyW1zu",
"cognito:username": "******",
"custom:Role": "Administrator",
"aud": "f2alqmli8o74m8f63eb9qkdmm",
"event_id": "51a8f501-b992-46ec-afd2-9eabf9ee36ff",
"token_use": "id",
def test_string_secret(self):
key = 'secret'
with pytest.raises(JOSEError):
RSAKey(key, ALGORITHMS.RS256)