def test_a_1_3b():
_jwt = ("eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJl"
"eHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0c"
"nVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk")
keys = [SYMKey(key=cryptojwt.intarr2bin(HMAC_KEY))]
_jws2 = JWS()
_jws2.verify_compact(_jwt, keys)
def test_jws_1():
msg = {"iss": "joe", "exp": 1300819380, "http://example.com/is_root": True}
key = SYMKey(key=cryptojwt.intarr2bin(HMAC_KEY))
_jws = JWS(msg, cty="JWT", alg="HS256", jwk=key.serialize())
res = _jws.sign_compact()
_jws2 = JWS(alg="HS256")
_jws2.verify_compact(res, keys=[key])
assert _jws2.msg == msg
def test_signer_ps256_fail():
payload = "Please take a moment to register today"
_pkey = import_private_rsa_key_from_file(PRIV_KEY)
keys = [RSAKey(key=_pkey)]
# keys[0]._keytype = "private"
_jws = JWS(payload, alg="PS256")
_jwt = _jws.sign_compact(keys)[:-5] + 'abcde'
vkeys = [RSAKey(key=_pkey.public_key())]
_rj = JWS()
try:
_rj.verify_compact(_jwt, vkeys)
except cryptojwt.exception.BadSignature:
pass
else:
assert False
def test_client_secret_jwt(self, client):
_ci = client.client_info
_ci.token_endpoint = "https://example.com/token"
_ci.provider_info = {
'issuer': 'https://example.com/',
'token_endpoint': "https://example.com/token"
}
csj = ClientSecretJWT()
request = AccessTokenRequest()
csj.construct(request,
cli_info=client.client_info,
algorithm="HS256",
authn_endpoint='userinfo')
assert request["client_assertion_type"] == JWT_BEARER
assert "client_assertion" in request
cas = request["client_assertion"]
_skey = [SYMKey(k=b64e(as_bytes(_ci.client_secret)), use='sig')]
jso = JWT(rec_keys={client.client_id: _skey}).unpack(cas)
assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
_rj = JWS()
info = _rj.verify_compact(
cas, [SYMKey(k=b64e(as_bytes(_ci.client_secret)))])
assert _eq(info.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
assert info['aud'] == [_ci.provider_info['issuer']]
def test_hmac_from_keyrep():
payload = "Please take a moment to register today"
symkeys = [k for k in SIGKEYS if k.kty == "oct"]
_jws = JWS(payload, alg="HS512")
_jwt = _jws.sign_compact(symkeys)
_rj = JWS()
info = _rj.verify_compact(_jwt, symkeys)
assert info == payload
def test_hmac_512():
payload = "Please take a moment to register today"
keys = [SYMKey(key=b'My hollow echo', alg="HS512")]
_jws = JWS(payload, alg="HS512")
_jwt = _jws.sign_compact(keys)
_rj = JWS()
info = _rj.verify_compact(_jwt, keys)
assert info == payload
def test_signer_es256():
payload = "Please take a moment to register today"
eck = ec.generate_private_key(ec.SECP256R1(), default_backend())
keys = [ECKey().load_key(eck)]
_jws = JWS(payload, alg="ES256")
_jwt = _jws.sign_compact(keys)
_pubkey = ECKey().load_key(eck.public_key())
_rj = JWS()
info = _rj.verify_compact(_jwt, [_pubkey])
assert info == payload
def test_signer_ps384():
payload = "Please take a moment to register today"
_pkey = import_private_rsa_key_from_file(PRIV_KEY)
keys = [RSAKey(key=_pkey)]
# keys[0]._keytype = "private"
_jws = JWS(payload, alg="PS384")
_jwt = _jws.sign_compact(keys)
vkeys = [RSAKey(key=_pkey.public_key())]
_rj = JWS()
info = _rj.verify_compact(_jwt, vkeys)
assert info == payload
def test_signer_es512():
payload = "Please take a moment to register today"
eck = ec.generate_private_key(ec.SECP521R1(), default_backend())
_key = ECKey().load_key(eck)
keys = [_key]
# keys[0]._keytype = "private"
_jws = JWS(payload, alg="ES512")
_jwt = _jws.sign_compact(keys)
_pubkey = ECKey().load_key(eck.public_key())
_rj = JWS()
info = _rj.verify_compact(_jwt, [_pubkey])
assert info == payload
def test_1():
claimset = {"iss": "joe",
"exp": 1300819380,
"http://example.com/is_root": True}
_jws = JWS(claimset, cty="JWT")
_jwt = _jws.sign_compact()
_jr = JWS()
_msg = _jr.verify_compact(_jwt, allow_none=True)
print(_jr)
assert _jr.jwt.headers["alg"] == 'none'
assert _msg == claimset
def test_rs256_rm_signature():
payload = "Please take a moment to register today"
_pkey = import_private_rsa_key_from_file(PRIV_KEY)
keys = [RSAKey(key=_pkey)]
# keys[0]._keytype = "private"
_jws = JWS(payload, alg="RS256")
_jwt = _jws.sign_compact(keys)
p = _jwt.split('.')
_jwt = '.'.join(p[:-1])
vkeys = [RSAKey(key=_pkey.public_key())]
_rj = JWS()
try:
_ = _rj.verify_compact(_jwt, vkeys)
except WrongNumberOfParts:
pass
else:
assert False
def test_signer_protected_headers():
payload = "Please take a moment to register today"
eck = ec.generate_private_key(ec.SECP256R1(), default_backend())
_key = ECKey().load_key(eck)
keys = [_key]
_jws = JWS(payload, alg="ES256")
protected = dict(header1=u"header1 is protected",
header2="header2 is protected too", a=1)
_jwt = _jws.sign_compact(keys, protected=protected)
exp_protected = protected.copy()
exp_protected['alg'] = 'ES256'
enc_header, enc_payload, sig = _jwt.split('.')
assert json.loads(
b64d(enc_header.encode("utf-8")).decode("utf-8")) == exp_protected
assert b64d(enc_payload.encode("utf-8")).decode("utf-8") == payload
_pub_key = ECKey().load_key(eck.public_key())
_rj = JWS()
info = _rj.verify_compact(_jwt, [_pub_key])
assert info == payload