def test_cmp_rsa_ec(): _key1 = RSAKey() _key1.load_key(import_rsa_key_from_cert_file(CERT)) _key2 = ECKey(**ECKEY) assert _key1 != _key2
def test_serialize_rsa_pub_key(): rsakey = RSAKey(key=import_public_rsa_key_from_file(full_path("rsa.pub"))) assert rsakey.d == '' d_rsakey = rsakey.serialize(private=True) restored_key = RSAKey(**d_rsakey) assert restored_key == rsakey
def test_thumbprint_7638_example(): key = RSAKey( n= '0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw', e='AQAB', alg='RS256', kid='2011-04-29') thumbprint = key.thumbprint('SHA-256') assert thumbprint == b'NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs'
def test_signer_ps384(): payload = "Please take a moment to register today" _pkey = import_private_rsa_key_from_file(PRIV_KEY) keys = [RSAKey(key=_pkey)] # keys[0]._keytype = "private" _jws = JWS(payload, alg="PS384") _jwt = _jws.sign_compact(keys) vkeys = [RSAKey(key=_pkey.public_key())] _rj = JWS() info = _rj.verify_compact(_jwt, vkeys) assert info == payload
def test_signer_ps512(): payload = "Please take a moment to register today" # Key has to be big enough > 512+512+2 _pkey = import_private_rsa_key_from_file(full_path("./size2048.key")) keys = [RSAKey(key=_pkey)] # keys[0]._keytype = "private" _jws = JWS(payload, alg="PS512") _jwt = _jws.sign_compact(keys) vkeys = [RSAKey(key=_pkey.public_key())] _rj = factory(_jwt) info = _rj.verify_compact(_jwt, vkeys) assert info == payload
def test_cmp_rsa(): _key1 = RSAKey() _key1.load_key(import_rsa_key_from_cert_file(CERT)) _key2 = RSAKey() _key2.load_key(import_rsa_key_from_cert_file(CERT)) assert _key1 == _key2
def test_signer_ps256_fail(): payload = "Please take a moment to register today" _pkey = import_private_rsa_key_from_file(PRIV_KEY) keys = [RSAKey(key=_pkey)] # keys[0]._keytype = "private" _jws = JWS(payload, alg="PS256") _jwt = _jws.sign_compact(keys)[:-5] + 'abcde' vkeys = [RSAKey(key=_pkey.public_key())] _rj = JWS() try: _rj.verify_compact(_jwt, vkeys) except cryptojwt.exception.BadSignature: pass else: assert False
def test_pick_alg_dont_get_alg_from_single_key_if_already_specified(): expected_alg = "RS512" _pkey = import_private_rsa_key_from_file(PRIV_KEY) #keys = [RSAKey(key=_pkey, alg="RS256")] vkeys = [RSAKey(key=_pkey.public_key())] alg = JWS(alg=expected_alg)._pick_alg(vkeys) assert alg == expected_alg
def test_dj_usage(): pkey = import_private_rsa_key_from_file(full_path("./size2048.key")) payload = "Please take a moment to register today" keys = [RSAKey(key=pkey)] _jws = JWS(payload, alg='RS256') sjwt = _jws.sign_compact(keys) _jwt = factory(sjwt) assert _jwt.jwt.headers['alg'] == 'RS256'
def test_rs256_rm_signature(): payload = "Please take a moment to register today" _pkey = import_private_rsa_key_from_file(PRIV_KEY) keys = [RSAKey(key=_pkey)] # keys[0]._keytype = "private" _jws = JWS(payload, alg="RS256") _jwt = _jws.sign_compact(keys) p = _jwt.split('.') _jwt = '.'.join(p[:-1]) vkeys = [RSAKey(key=_pkey.public_key())] _rj = JWS() try: _ = _rj.verify_compact(_jwt, vkeys) except WrongNumberOfParts: pass else: assert False
def test_serialize_rsa_priv_key(): rsakey = RSAKey(key=import_private_rsa_key_from_file(full_path("rsa.key"))) assert rsakey.d d_rsakey = rsakey.serialize(private=True) restored_key = RSAKey(**d_rsakey) assert restored_key == rsakey assert rsakey.is_private_key() assert restored_key.is_private_key()
def test_rsa_pubkey_verify_x509_thumbprint(): cert = "MIID0jCCArqgAwIBAgIBSTANBgkqhkiG9w0BAQQFADCBiDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0JhdmF" \ "yaWExEzARBgNVBAoTCkJpb0lEIEdtYkgxLzAtBgNVBAMTJkJpb0lEIENsaWVudCBDZXJ0aWZpY2F0aW9uIE" \ "F1dGhvcml0eSAyMSEwHwYJKoZIhvcNAQkBFhJzZWN1cml0eUBiaW9pZC5jb20wHhcNMTUwNDE1MTQ1NjM4W" \ "hcNMTYwNDE0MTQ1NjM4WjBfMQswCQYDVQQGEwJERTETMBEGA1UEChMKQmlvSUQgR21iSDE7MDkGA1UEAxMy" \ "QmlvSUQgT3BlbklEIENvbm5lY3QgSWRlbnRpdHkgUHJvdmlkZXIgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb" \ "3DQEBAQUAA4IBDwAwggEKAoIBAQC9aFETmU6kDfMBPKM2OfI5eedO3XP12Ci0hDC99bdzUUIhDZG34PQqcH" \ "89gVWGthJv5w3kqpdSrxfPCFMsBdnyk1VCuXmLgXS8s4oBtt1c9iM0J8X6Z+5subS3Xje8fu55Csh0JXNfo" \ "y29rCY/O6y0fNignegg0KS4PHv5T+agFmaG4rxCQV9/kd8tlo/HTyVPsuSPDgsXxisIVqur9aujYwdCoAZU" \ "8OU+5ccMLNIhpWJn+xNjgDRr4L9nxAYKc9vy+f7EoH3LT24B71zazZsQ78vpocz98UT/7vdgS/IYXFniPuU" \ "fblja7cq31bUoySDx6FYrtfCSUxNhaZSX8mppAgMBAAGjbzBtMAkGA1UdEwQCMAAwHQYDVR0OBBYEFOfg3f" \ "/ewBLK5SkcBEXusD62OlzaMB8GA1UdIwQYMBaAFCQmdD+nVcVLaKt3vu73XyNgpPEpMAsGA1UdDwQEAwIDi" \ "DATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQQFAAOCAQEAKQjhcL/iGhy0549hEHRQArJXs1im" \ "7W244yE+TSChdMWKe2eWvEhc9wX1aVV2mNJM1ZNeYSgfoK6jjuXaHiSaIJEUcW1wVM3rDywi2a9GKzOFgrW" \ "pVbpXQ05LSE7qEEWRmSpIMyKTitUalNpNA6cOML5hiuUTfZbw7OvPwbnbSYYL674gEA2sW5AhPiCr9dVnMn" \ "/UK2II40802zdXUOvIxWeXpcsCxxZMjp/Ir2jIZWOEjlAXQVGr2oBfL/be/o5WXpaqWSfPRBZV8htRIf0vT" \ "lGx7xR8FPWDYmcj4o/tKoNC1AchjOnCwwE/mj4hgtoAsHNmYXF0oZXk7cozqYDqKQ==" rsa_key = RSAKey(x5c=[cert], x5t="KvHXVspLmjWC6cPDIIVMHlJjN-c") assert rsa_key.key with pytest.raises(DeSerializationNotPossible): RSAKey(x5c=[cert], x5t="abcdefgh") # incorrect thumbprint
def test_kspec(): _ckey = import_rsa_key_from_cert_file(CERT) _key = RSAKey() _key.load_key(_ckey) jwk = _key.serialize() assert jwk["kty"] == "RSA" assert jwk["e"] == JWK["keys"][0]["e"] assert jwk["n"] == JWK["keys"][0]["n"] assert not _key.is_private_key()
def test_encrypt_decrypt_rsa_cbc(): _key = RSAKey(key=pub_key) _key._keytype = "public" _jwe0 = JWE(plain, alg="RSA1_5", enc="A128CBC-HS256") jwt = _jwe0.encrypt([_key]) _jwe1 = factory(jwt) _dkey = RSAKey(key=priv_key) _dkey._keytype = "private" msg = _jwe1.decrypt(jwt, [_dkey]) assert msg == plain
def test_extract_rsa_from_cert_2(): _ckey = import_rsa_key_from_cert_file(CERT) _key = RSAKey() _key.load_key(_ckey) assert _ckey.public_numbers().n == base64_to_long(_key.n)
def test_verify_2(): _key = RSAKey() _key.load_key(import_rsa_key_from_cert_file(CERT)) assert _key.verify()
def test_rsa_with_kid(): encryption_keys = [RSAKey(use="enc", key=pub_key, kid="some-key-id")] jwe = JWE("some content", alg="RSA-OAEP", enc="A256CBC-HS512") jwe.encrypt(keys=encryption_keys, kid="some-key-id")
__author__ = 'Roland Hedberg' ALICE = 'https://example.org/alice' BOB = 'https://example.com/bob' BASEDIR = os.path.abspath(os.path.dirname(__file__)) def full_path(local_file): return os.path.join(BASEDIR, local_file) k1 = import_private_rsa_key_from_file(full_path('rsa.key')) k2 = import_private_rsa_key_from_file(full_path('size2048.key')) ALICE_KEYS = [ RSAKey(use='sig', kid='1').load_key(k1), RSAKey(use='enc', kid='2').load_key(k2) ] ALICE_PUB_KEYS = [ RSAKey(use='sig', kid='1').load_key(k1.public_key()), RSAKey(use='enc', kid='2').load_key(k2.public_key()) ] k3 = import_private_rsa_key_from_file(full_path('server.key')) BOB_KEYS = [RSAKey(use='enc', kid='3').load_key(k3)] BOB_PUB_KEYS = [RSAKey(use='enc', kid='3').load_key(k3.public_key())] def _eq(l1, l2): return set(l1) == set(l2)