Ejemplo n.º 1
0
    def test_missing_kid_in_jws_header(self):
        jws = json.loads(jwts.make_jws({"a": 1}, self.keypairs[:1]))
        header = json.loads(utils.to_string(utils.base64url_decode(jws["signatures"][0]["protected"])))
        del header["kid"]
        jws["signatures"][0]["protected"] = utils.to_string(utils.base64url_encode(json.dumps(header)))

        with self.assertRaises(exceptions.InvalidFormatError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
    def test_encrypt_bytes(self):
        data = ['string', b'bytes']

        for text in data:
            logger.debug('enc/dec %s', text)
            enc = self.project_credentials.encrypt(text)
            cleartext = utils.to_string(self.project_credentials.decrypt(enc['ct'], enc['iv']))
            cleartext.should.equal(utils.to_string(text))
Ejemplo n.º 3
0
    def test_invalid_alg_in_jws_header(self):
        jws = json.loads(jwts.make_jws({"a": 1}, self.keypairs[:1]))
        header = json.loads(utils.to_string(utils.base64url_decode(jws["signatures"][0]["protected"])))
        header["alg"] = "bog"
        jws["signatures"][0]["protected"] = utils.to_string(utils.base64url_encode(json.dumps(header)))

        with self.assertRaises(exceptions.InvalidAlgorithmError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
Ejemplo n.º 4
0
    def test_encrypt_bytes(self):
        data = ['string', b'bytes']

        for text in data:
            logger.debug('enc/dec %s', text)
            enc = self.project_credentials.encrypt(text)
            cleartext = utils.to_string(self.project_credentials.decrypt(enc))
            self.assertEqual(cleartext, utils.to_string(text))
 def test_missing_kid_in_jws_header(self):
     jws = json.loads(jwts.make_jws({'a': 1}, self.keypairs[:1]))
     header = json.loads(utils.to_string(
         utils.base64url_decode(jws['signatures'][0]['protected'])
     ))
     del header['kid']
     jws['signatures'][0]['protected'] = utils.to_string(
         utils.base64url_encode(json.dumps(header))
     )
     (jwts.verify_jws.when.called_with(json.dumps(jws), self.keypairs[:1])
         .should.throw(exceptions.InvalidFormatError))
Ejemplo n.º 6
0
    def test_missing_kid_in_jws_header(self):
        jws = json.loads(jwts.make_jws({'a': 1}, self.keypairs[:1]))
        header = json.loads(
            utils.to_string(
                utils.base64url_decode(jws['signatures'][0]['protected'])))
        del header['kid']
        jws['signatures'][0]['protected'] = utils.to_string(
            utils.base64url_encode(json.dumps(header)))

        with self.assertRaises(exceptions.InvalidFormatError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
Ejemplo n.º 7
0
    def test_invalid_alg_in_jws_header(self):
        jws = json.loads(jwts.make_jws({'a': 1}, self.keypairs[:1]))
        header = json.loads(
            utils.to_string(
                utils.base64url_decode(jws['signatures'][0]['protected'])))
        header['alg'] = 'bog'
        jws['signatures'][0]['protected'] = utils.to_string(
            utils.base64url_encode(json.dumps(header)))

        with self.assertRaises(exceptions.InvalidAlgorithmError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
Ejemplo n.º 8
0
    def test_invalid_alg_in_jws_header(self):
        jws = json.loads(jwts.make_jws({'a': 1}, self.keypairs[:1]))
        header = json.loads(utils.to_string(
            utils.base64url_decode(jws['signatures'][0]['protected'])
        ))
        header['alg'] = 'bog'
        jws['signatures'][0]['protected'] = utils.to_string(
            utils.base64url_encode(json.dumps(header))
        )

        with self.assertRaises(exceptions.InvalidAlgorithmError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
Ejemplo n.º 9
0
    def test_missing_typ_in_jws_header(self):
        jws = json.loads(jwts.make_jws({'a': 1}, self.keypairs[:1]))
        header = json.loads(utils.to_string(
            utils.base64url_decode(jws['signatures'][0]['protected'])
        ))
        del header['typ']
        jws['signatures'][0]['protected'] = utils.to_string(
            utils.base64url_encode(json.dumps(header))
        )

        with self.assertRaises(exceptions.InvalidFormatError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
Ejemplo n.º 10
0
    def test_protected_header_overrides(self):
        jwe_json = json.loads(self.jwe)
        jwe_json['protected'] = utils.to_string(
            utils.base64url_encode(
                json.dumps({
                    "apu":
                    utils.to_string(utils.base64url_encode('bogus')),
                })))
        jwe = json.dumps(jwe_json)

        with self.assertRaises(exceptions.DecryptionFailed):
            jwes.decrypt_jwe(jwe, self.recipient_keypairs[0])
Ejemplo n.º 11
0
 def test_decrypt_only_legacy(self):
     enc = service.encrypt_attr_value(self.data, self.key, True)
     del enc['header']
     del enc['ciphertext']
     del enc['tag']
     decrypted = utils.to_string(service.decrypt_attr_value(enc, self.key))
     self.assertEqual(decrypted, self.data)
Ejemplo n.º 12
0
 def test_string_encryption(self):
     key = service.create_aes_key()
     data = 'Hello, Im Data'
     edata = service.encrypt_attr_value(data, key)
     self.assertEqual(
         utils.to_string(service.decrypt_attr_value(edata, key)),
         data
     )
    def test_encrypt(self):
        enc = self.project_credentials.encrypt(self.data)
        enc.should.have.key('cipher').with_value.equal('aes')
        enc.should.have.key('mode').with_value.equal('gcm')
        enc.should.have.key('ts').with_value.equal(128)

        cleartext = utils.to_string(self.project_credentials.decrypt(enc['ct'], enc['iv']))
        cleartext.should.equal(self.data)
Ejemplo n.º 14
0
    def test_content_encryption_failure(self):
        jwe_json = json.loads(self.jwe)
        jwe_json['ciphertext'] = utils.to_string(
            utils.base64url_encode('bogus'))
        jwe = json.dumps(jwe_json)

        with self.assertRaises(exceptions.DecryptionFailed):
            jwes.decrypt_jwe(jwe, self.recipient_keypairs[0])
Ejemplo n.º 15
0
    def _check_write_file(self, binary):
        filename = None

        with tempfile.NamedTemporaryFile(delete=True) as tf:
            key = tf.name[1:]
            filename = 's3://{}/{}'.format(self.bucket_name, key)
        self.assertIsNotNone(filename)
        s3_handler.write_file(filename, self.data, binary)

        obj = self.bucket.Object(key)
        data = obj.get()['Body'].read()

        if binary:
            self.assertEqual(data, self.data)
        else:
            self.assertEqual(utils.to_string(data), utils.to_string(self.data))

        obj.delete()
    def _check_write_file(self, binary):
        filename = None

        with tempfile.NamedTemporaryFile(delete=True) as tf:
            key = tf.name[1:]
            filename = 's3://{}/{}'.format(self.bucket_name, key)
        self.assertIsNotNone(filename)
        s3_handler.write_file(filename, self.data, binary)

        obj = self.bucket.Object(key)
        data = obj.get()['Body'].read()

        if binary:
            self.assertEqual(data, self.data)
        else:
            self.assertEqual(utils.to_string(data), utils.to_string(self.data))

        obj.delete()
Ejemplo n.º 17
0
    def test_encrypt(self):
        enc = self.project_credentials.encrypt(self.data)
        self.assertIn("cipher", enc)
        self.assertIn("mode", enc)
        self.assertIn("ts", enc)
        self.assertEqual(enc.get("cipher"), "aes")
        self.assertEqual(enc.get("mode"), "gcm")
        self.assertEqual(enc.get("ts"), 128)

        cleartext = utils.to_string(self.project_credentials.decrypt(enc))
        self.assertEqual(cleartext, self.data)
Ejemplo n.º 18
0
    def test_encrypt(self):
        enc = self.project_credentials.encrypt(self.data)
        self.assertIn("cipher", enc)
        self.assertIn("mode", enc)
        self.assertIn("ts", enc)
        self.assertEqual(enc.get("cipher"), "aes")
        self.assertEqual(enc.get("mode"), "gcm")
        self.assertEqual(enc.get("ts"), 128)

        cleartext = utils.to_string(
            self.project_credentials.decrypt(enc['ct'], enc['iv'])
        )
        self.assertEqual(cleartext, self.data)
Ejemplo n.º 19
0
def _handle_auth_endpoint(headers=None, data=None):
    logger.debug('data=%s', data)
    try:
        jwt_header, jwt_claims, jwt_sig = data.split('.')
    except ValueError:
        jws = json.loads(data)
        jwt_claims = jws['payload']
        sigs = jws['signatures']
        if len(sigs) != 1:
            raise AttributeError
        jwt_header = sigs[0]['protected']
        jwt_sig = sigs[0]['signature']
    except:
        return MockResponse('Bad Request', 400)

    try:
        key = keychain.Keypair.from_secret_pem(
            key_bytes=TestSession.id_key_bytes,
        )
        key.identity = 'id'
        oneid_key = keychain.Keypair.from_secret_pem(
            key_bytes=TestSession.oneid_key_bytes,
        )
        oneid_key.identity = 'oneID'
        payload = '{}.{}'.format(jwt_header, jwt_claims)
        key.verify(payload, jwt_sig)
        logger.debug('claims=%s', jwt_claims)
        json_claims = utils.to_string(utils.base64url_decode(jwt_claims))
        jws = jwts.make_jws(json.loads(json_claims), [key, oneid_key])
        logger.debug('jws=%s', jws)
        return MockResponse(jws, 200)
    except InvalidSignature:
        logger.debug('invalid signature', exc_info=True)
        return MockResponse('Forbidden', 403)

    return MockResponse('Internal Server Error', 500)
    def test_decrypt_dict(self):
        enc = self.project_credentials.encrypt(self.data)

        cleartext = utils.to_string(self.project_credentials.decrypt(enc))
        cleartext.should.equal(self.data)
Ejemplo n.º 21
0
 def test_to_string(self):
     self.assertEqual(self.str_thing, utils.to_string(self.str_thing))
     self.assertEqual(self.str_thing, utils.to_string(self.bytes_thing))
    def test_decrypt_dict(self):
        enc = self.project_credentials.encrypt(self.data)

        cleartext = utils.to_string(self.project_credentials.decrypt(enc))
        self.assertEqual(cleartext, self.data)
 def test_decrypt(self):
     enc = service.encrypt_attr_value(self.data, self.key)
     utils.to_string(service.decrypt_attr_value(enc, self.key)).should.equal(self.data)
Ejemplo n.º 24
0
 def test_decrypt_without_legacy_follow_standard_encoding(self):
     enc = service.encrypt_attr_value(self.data, self.key, False)
     enc['iv'] = base64.b64encode(utils.base64url_decode(enc['iv']))
     decrypted = utils.to_string(service.decrypt_attr_value(enc, self.key))
     self.assertEqual(decrypted, self.data)
Ejemplo n.º 25
0
 def test_decrypt(self):
     enc = service.encrypt_attr_value(self.data, self.key)
     decrypted = utils.to_string(service.decrypt_attr_value(enc, self.key))
     self.assertEqual(decrypted, self.data)
Ejemplo n.º 26
0
 def test_decrypt_without_legacy(self):
     enc = service.encrypt_attr_value(self.data, self.key, False)
     decrypted = utils.to_string(service.decrypt_attr_value(enc, self.key))
     self.assertEqual(decrypted, self.data)
Ejemplo n.º 27
0
 def test_string_encryption(self):
     key = service.create_aes_key()
     data = 'Hello, Im Data'
     edata = service.encrypt_attr_value(data, key)
     self.assertEqual(
         utils.to_string(service.decrypt_attr_value(edata, key)), data)
Ejemplo n.º 28
0
 def test_to_string(self):
     self.assertEqual(self.str_thing, utils.to_string(self.str_thing))
     self.assertEqual(self.str_thing, utils.to_string(self.bytes_thing))
Ejemplo n.º 29
0
 def test_decrypt(self):
     enc = service.encrypt_attr_value(self.data, self.key)
     decrypted = utils.to_string(service.decrypt_attr_value(enc, self.key))
     self.assertEqual(decrypted, self.data)
Ejemplo n.º 30
0
    def test_decrypt_dict(self):
        enc = self.project_credentials.encrypt(self.data)

        cleartext = utils.to_string(self.project_credentials.decrypt(enc))
        self.assertEqual(cleartext, self.data)