Example #1
0
def parse(jwt):
    """Parse a JWT from a string."""
    algorithm, payload, signature = jwt.split(".")
    signed_data = algorithm + "." + payload
    try:
        algorithm = decode_json_bytes(algorithm)["alg"]
    except KeyError:
        raise ValueError("badly formed JWT")
    payload = decode_json_bytes(payload)
    signature = decode_bytes(signature)
    return JWT(algorithm, payload, signature, signed_data)
def parse_jwt(data):
    """Parse a JWT from a string."""
    header, payload, signature = data.split(".")
    signed_data = header + "." + payload
    try:
        header = decode_json_bytes(header)
    except KeyError:
        raise ValueError("badly formed JWT header")
    payload = decode_json_bytes(payload)
    signature = decode_bytes(signature)
    return ReceiptJWT(header, payload, signature, signed_data)
Example #3
0
def parse_jwt(data):
    """Parse a JWT from a string."""
    header, payload, signature = data.split(".")
    signed_data = header + "." + payload
    try:
        header = decode_json_bytes(header)
    except KeyError:
        raise ValueError("badly formed JWT header")
    payload = decode_json_bytes(payload)
    signature = decode_bytes(signature)
    return ReceiptJWT(header, payload, signature, signed_data)
Example #4
0
def parse(jwt):
    """Parse a JWT from a string."""
    algorithm, payload, signature = jwt.split(".")
    signed_data = algorithm + "." + payload
    try:
        algorithm = decode_json_bytes(algorithm)["alg"]
    except KeyError:
        raise ValueError("badly formed JWT")
    payload = decode_json_bytes(payload)
    signature = decode_bytes(signature)
    return JWT(algorithm, payload, signature, signed_data)
Example #5
0
 def test_error_handling_in_verify_certificate_chain(self):
     self.assertRaises(ValueError,
                       self.verifier.verify_certificate_chain, [])
     certs = decode_json_bytes(EXPIRED_ASSERTION)["certificates"]
     certs = [jwt.parse(cert) for cert in certs]
     self.assertRaises(ExpiredSignatureError,
                       self.verifier.verify_certificate_chain, certs)
Example #6
0
 def test_error_handling_in_verify_certificate_chain(self):
     self.assertRaises(ValueError,
                       self.verifier.verify_certificate_chain, [])
     certs = decode_json_bytes(EXPIRED_ASSERTION)["certificates"]
     certs = [jwt.parse(cert) for cert in certs]
     self.assertRaises(ExpiredSignatureError,
                       self.verifier.verify_certificate_chain, certs)
Example #7
0
def get_email_and_assertion(audience):
    global _email_assertion
    if not _email_assertion:
        import pickle
        try:
            import datetime
            from browserid.utils import unbundle_certs_and_assertion, decode_json_bytes
            # Get one from the cache, and check it's expiration
            email_assertion = pickle.load(open(ASSERTION_CACHE_FILE, 'rb'))
            _, assertion = unbundle_certs_and_assertion(email_assertion[1])
            exp = decode_json_bytes(assertion.split('.')[1])['exp']
            expiration_date = datetime.datetime.utcfromtimestamp(exp/1000)
            if expiration_date > datetime.datetime.utcnow():
                # If it hasn't expired, return
                _email_assertion = email_assertion
                return email_assertion
        except FileNotFoundError:
            pass
            # If no good one is available, get a new one
        import requests
        from urllib.parse import quote_plus
        r = requests.get('http://personatestuser.org/email_with_assertion/%s'%quote_plus(audience))
        _email_assertion = r.json()['email'], r.json()['assertion']
        pickle.dump(_email_assertion, open(ASSERTION_CACHE_FILE, 'wb'))
    return _email_assertion



    def _login(self):
        res = self.testapp.get('/', status=403)
 def test_encode_decode_json_bytes(self):
     obj = {"hello": "world"}
     self.assertEquals(obj, decode_json_bytes(encode_json_bytes(obj)))
     self.assertRaises(ValueError, decode_json_bytes,
                       encode_bytes("NOJSON4U"))
     self.assertRaises(ValueError, decode_json_bytes, encode_bytes("42"))
     self.assertRaises(ValueError, decode_json_bytes,
                       encode_bytes("[1, 2, 3]"))
     self.assertRaises(ValueError, encode_json_bytes, 42)
     self.assertRaises(ValueError, encode_json_bytes, [1, 3, 3])
Example #9
0
 def test_encode_decode_json_bytes(self):
     obj = {"hello": "world"}
     self.assertEquals(obj, decode_json_bytes(encode_json_bytes(obj)))
     self.assertRaises(ValueError,
                       decode_json_bytes, encode_bytes("NOJSON4U"))
     self.assertRaises(ValueError,
                       decode_json_bytes, encode_bytes("42"))
     self.assertRaises(ValueError,
                       decode_json_bytes, encode_bytes("[1, 2, 3]"))
     self.assertRaises(ValueError, encode_json_bytes, 42)
     self.assertRaises(ValueError, encode_json_bytes, [1, 3, 3])
    def check_audience(self, assertion, expected_audience=None):
        """Check that the assertion matches the expected audience.

        This method verifies that the audience for the given assertion is
        as expected - either matching the audience parameter if given, or
        or matching one of the audience patterns from the constructor if not.

        If the audience matches then it is returned as a string; if not then
        an AudienceMismatchError is raised.
        """
        try:
            _, token = unbundle_certs_and_assertion(assertion)
            audience = decode_json_bytes(token.split(".")[1])["aud"]
        except (KeyError, IndexError):
            raise ValueError("Malformed JWT")
        if expected_audience is None:
            audience_re = self._audience_re
        else:
            audience_re = self._compile_audience_patterns(expected_audience)
        if audience_re is None:
            raise AudienceMismatchError
        if not audience_re.match(audience):
            raise AudienceMismatchError
        return audience