def test_sample_readme_cwt_with_pop_cose_key(self):
with open(key_path("private_key_ed25519.pem")) as key_file:
private_key = COSEKey.from_pem(key_file.read(), kid="issuer-01")
with open(key_path("public_key_es256.pem")) as key_file:
pop_key = COSEKey.from_pem(key_file.read())
token = cwt.encode(
{
1: "coaps://as.example", # iss
2: "dajiaji", # sub
7: b"123", # cti
8: { # cnf
1: pop_key.to_dict(),
},
},
private_key,
)
with open(key_path("public_key_ed25519.pem")) as key_file:
public_key = COSEKey.from_pem(key_file.read(), kid="issuer-01")
decoded = cwt.decode(token, public_key)
assert 8 in decoded and isinstance(decoded[8], dict)
assert 1 in decoded[8] and isinstance(decoded[8][1], dict)
extracted = COSEKey.new(decoded[8][1])
assert extracted.kty == 2 # EC2
assert extracted.crv == 1 # P-256
def test_sample_rfc8392_a4(self):
key = COSEKey.new(
{
-1: bytes.fromhex("403697de87af64611c1d32a05dab0fe1fcb715a86ab435f1ec99192d79569388"),
1: 4, # Symmetric
2: bytes.fromhex("53796d6d6574726963323536"),
3: 4, # HMAC256/64
}
)
token = cwt.encode(
{
1: "coap://as.example.com",
2: "erikw",
3: "coap://light.example.com",
4: 1444064944,
5: 1443944944,
6: 1443944944,
7: bytes.fromhex("0b71"),
},
key,
tagged=True,
)
assert token == bytes.fromhex(SAMPLE_CWT_RFC8392_A4)
decoded = cwt.decode(token, keys=key, no_verify=True)
assert 1 in decoded and decoded[1] == "coap://as.example.com"
def test_sample_readme_cwt_with_pop_encrypted_cose_key(self):
with open(key_path("private_key_ed25519.pem")) as key_file:
private_key = COSEKey.from_pem(key_file.read(), kid="issuer-01")
enc_key = COSEKey.from_symmetric_key(
"a-client-secret-of-cwt-recipient", # Just 32 bytes!
alg="ChaCha20/Poly1305",
kid="presenter-01",
)
pop_key = COSEKey.from_symmetric_key(
"a-client-secret-of-cwt-presenter",
alg="HMAC 256/256",
)
token = cwt.encode(
{
1: "coaps://as.example", # iss
2: "dajiaji", # sub
7: b"123", # cti
8: { # cnf
2: EncryptedCOSEKey.from_cose_key(pop_key, enc_key),
},
},
private_key,
)
with open(key_path("public_key_ed25519.pem")) as key_file:
public_key = COSEKey.from_pem(key_file.read(), kid="issuer-01")
decoded = cwt.decode(token, public_key)
assert 8 in decoded and isinstance(decoded[8], dict)
assert 2 in decoded[8] and isinstance(decoded[8][2], list)
extracted = EncryptedCOSEKey.to_cose_key(decoded[8][2], enc_key)
assert extracted.kty == 4 # Symmetric
assert extracted.alg == 5 # HMAC 256/256
assert extracted.key == b"a-client-secret-of-cwt-presenter"
def test_sample_hcert_testdata_AT_2DCode_raw_1(self):
# A DSC(Document Signing Certificate) issued by a CSCA (Certificate Signing Certificate Authority).
dsc = "-----BEGIN CERTIFICATE-----\nMIIBvTCCAWOgAwIBAgIKAXk8i88OleLsuTAKBggqhkjOPQQDAjA2MRYwFAYDVQQDDA1BVCBER0MgQ1NDQSAxMQswCQYDVQQGEwJBVDEPMA0GA1UECgwGQk1TR1BLMB4XDTIxMDUwNTEyNDEwNloXDTIzMDUwNTEyNDEwNlowPTERMA8GA1UEAwwIQVQgRFNDIDExCzAJBgNVBAYTAkFUMQ8wDQYDVQQKDAZCTVNHUEsxCjAIBgNVBAUTATEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASt1Vz1rRuW1HqObUE9MDe7RzIk1gq4XW5GTyHuHTj5cFEn2Rge37+hINfCZZcozpwQKdyaporPUP1TE7UWl0F3o1IwUDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFO49y1ISb6cvXshLcp8UUp9VoGLQMB8GA1UdIwQYMBaAFP7JKEOflGEvef2iMdtopsetwGGeMAoGCCqGSM49BAMCA0gAMEUCIQDG2opotWG8tJXN84ZZqT6wUBz9KF8D+z9NukYvnUEQ3QIgdBLFSTSiDt0UJaDF6St2bkUQuVHW6fQbONd731/M4nc=\n-----END CERTIFICATE-----"
# An EUDCC (EU Digital COVID Certificate)
eudcc = bytes.fromhex(
"d2844da20448d919375fc1e7b6b20126a0590133a4041a61817ca0061a60942ea001624154390103a101a4617681aa62646e01626d616d4f52472d3130303033303231356276706a313131393334393030376264746a323032312d30322d313862636f624154626369783155524e3a555643493a30313a41543a31303830373834334639344145453045453530393346424332353442443831332342626d706c45552f312f32302f31353238626973781b4d696e6973747279206f66204865616c74682c20417573747269616273640262746769383430353339303036636e616da463666e74754d5553544552465241553c474f455353494e47455262666e754d7573746572667261752d47c3b6c39f696e67657263676e74684741425249454c4562676e684761627269656c656376657265312e302e3063646f626a313939382d30322d323658405812fce67cb84c3911d78e3f61f890d0c80eb9675806aebed66aa2d0d0c91d1fc98d7bcb80bf00e181806a9502e11b071325901bd0d2c1b6438747b8cc50f521"
)
public_key = load_pem_hcert_dsc(dsc)
decoded = cwt.decode(eudcc, keys=[public_key], no_verify=True)
claims = Claims.new(decoded)
assert 1 in claims.hcert
assert isinstance(claims.hcert[1], dict)
assert "v" in claims.hcert[1]
assert "nam" in claims.hcert[1]
assert "dob" in claims.hcert[1]
assert "ver" in claims.hcert[1]
assert isinstance(claims.hcert[1]["v"], list)
assert len(claims.hcert[1]["v"]) == 1
assert isinstance(claims.hcert[1]["v"][0], dict)
assert isinstance(claims.hcert[1]["nam"], dict)
assert "fnt" in claims.hcert[1]["nam"]
assert claims.hcert[1]["nam"]["fnt"] == "MUSTERFRAU<GOESSINGER"
assert claims.hcert[1]["dob"] == "1998-02-26"
assert claims.hcert[1]["ver"] == "1.0.0"
def test_sample_readme_signed_cwt_ed25519_with_jwk(self):
# The sender side:
private_key = COSEKey.from_jwk(
{
"kid": "01",
"kty": "OKP",
"key_ops": ["sign"],
"alg": "EdDSA",
"crv": "Ed25519",
"x": "2E6dX83gqD_D0eAmqnaHe1TC1xuld6iAKXfw2OVATr0",
"d": "L8JS08VsFZoZxGa9JvzYmCWOwg7zaKcei3KZmYsj7dc",
}
)
token = cwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, private_key)
# The recipient side:
public_key = COSEKey.from_jwk(
{
"kid": "01",
"kty": "OKP",
"key_ops": ["verify"],
"crv": "Ed25519",
"x": "2E6dX83gqD_D0eAmqnaHe1TC1xuld6iAKXfw2OVATr0",
}
)
decoded = cwt.decode(token, public_key)
assert 1 in decoded and decoded[1] == "coaps://as.example"
def test_sample_hcert_testdata_AT_2DCode_raw_1_with_cert_file(self):
eudcc = bytes.fromhex(
"d2844da20448d919375fc1e7b6b20126a0590133a4041a61817ca0061a60942ea001624154390103a101a4617681aa62646e01626d616d4f52472d3130303033303231356276706a313131393334393030376264746a323032312d30322d313862636f624154626369783155524e3a555643493a30313a41543a31303830373834334639344145453045453530393346424332353442443831332342626d706c45552f312f32302f31353238626973781b4d696e6973747279206f66204865616c74682c20417573747269616273640262746769383430353339303036636e616da463666e74754d5553544552465241553c474f455353494e47455262666e754d7573746572667261752d47c3b6c39f696e67657263676e74684741425249454c4562676e684761627269656c656376657265312e302e3063646f626a313939382d30322d323658405812fce67cb84c3911d78e3f61f890d0c80eb9675806aebed66aa2d0d0c91d1fc98d7bcb80bf00e181806a9502e11b071325901bd0d2c1b6438747b8cc50f521"
)
with open(key_path("hcert_testdata_cert_at.pem")) as key_file:
dsc = key_file.read()
public_key = load_pem_hcert_dsc(dsc)
decoded = cwt.decode(eudcc, keys=[public_key], no_verify=True)
claims = Claims.new(decoded)
assert 1 in claims.hcert
assert isinstance(claims.hcert[1], dict)
assert "v" in claims.hcert[1]
assert "nam" in claims.hcert[1]
assert "dob" in claims.hcert[1]
assert "ver" in claims.hcert[1]
assert isinstance(claims.hcert[1]["v"], list)
assert len(claims.hcert[1]["v"]) == 1
assert isinstance(claims.hcert[1]["v"][0], dict)
assert isinstance(claims.hcert[1]["nam"], dict)
assert "fnt" in claims.hcert[1]["nam"]
assert claims.hcert[1]["nam"]["fnt"] == "MUSTERFRAU<GOESSINGER"
assert claims.hcert[1]["dob"] == "1998-02-26"
assert claims.hcert[1]["ver"] == "1.0.0"
def test_sample_readme_cwt_with_pop_encrypted_cose_key_readable(self):
with open(key_path("private_key_ed25519.pem")) as key_file:
private_key = COSEKey.from_pem(key_file.read(), kid="issuer-01")
enc_key = COSEKey.from_symmetric_key(
"a-client-secret-of-cwt-recipient", # Just 32 bytes!
alg="ChaCha20/Poly1305",
kid="presenter-01",
)
pop_key = COSEKey.from_symmetric_key(
"a-client-secret-of-cwt-presenter",
alg="HMAC 256/256",
)
token = cwt.encode(
{
"iss": "coaps://as.example",
"sub": "dajiaji",
"cti": "123",
"cnf": {
# 'eck'(Encrypted Cose Key) is a keyword defined by this library.
"eck": EncryptedCOSEKey.from_cose_key(pop_key, enc_key),
},
},
private_key,
)
with open(key_path("public_key_ed25519.pem")) as key_file:
public_key = COSEKey.from_pem(key_file.read(), kid="issuer-01")
decoded = cwt.decode(token, public_key)
assert 8 in decoded and isinstance(decoded[8], dict)
assert 2 in decoded[8] and isinstance(decoded[8][2], list)
c = Claims.new(decoded)
extracted = EncryptedCOSEKey.to_cose_key(c.cnf, enc_key)
assert extracted.kty == 4 # Symmetric
assert extracted.alg == 5 # HMAC 256/256
assert extracted.key == b"a-client-secret-of-cwt-presenter"
def test_sample_readme_cwt_with_user_defined_claims(self):
with open(key_path("private_key_ed25519.pem")) as key_file:
private_key = COSEKey.from_pem(key_file.read(), kid="01")
token = cwt.encode(
{
1: "coaps://as.example", # iss
2: "dajiaji", # sub
7: b"123", # cti
-70001: "foo",
-70002: ["bar"],
-70003: {"baz": "qux"},
-70004: 123,
},
private_key,
)
with open(key_path("public_key_ed25519.pem")) as key_file:
public_key = COSEKey.from_pem(key_file.read(), kid="01")
raw = cwt.decode(token, public_key)
assert raw[-70001] == "foo"
assert isinstance(raw[-70002], list)
assert raw[-70002][0] == "bar"
assert isinstance(raw[-70003], dict)
assert raw[-70003]["baz"] == "qux"
assert raw[-70004] == 123
readable = Claims.new(raw)
assert readable.get(-70001) == "foo"
assert readable.get(-70002)[0] == "bar"
assert readable.get(-70003)["baz"] == "qux"
assert readable.get(-70004) == 123
def verify_and_decode(self, eudcc: bytes) -> Union[Dict[int, Any], bytes]:
if eudcc.startswith(b"HC1:"):
# Decode Base45 data.
eudcc = b45decode(eudcc[4:])
# Decompress with zlib.
eudcc = zlib.decompress(eudcc)
# Verify and decode CWT.
return cwt.decode(eudcc, keys=self._dscs)
def test_sample_readme_maced_cwt_with_json_str_old(self):
key = COSEKey.from_symmetric_key("mysecretpassword", alg="HS256", kid="01")
encoded = cwt.encode_and_mac(
Claims.from_json('{"iss":"coaps://as.example","sub":"dajiaji","cti":"123"}'),
key,
)
decoded = cwt.decode(encoded, key)
assert 1 in decoded and decoded[1] == "coaps://as.example"
def test_sample_readme_signed_cwt_ps256(self):
with open(key_path("private_key_rsa.pem")) as key_file:
private_key = COSEKey.from_pem(key_file.read(), alg="PS256", kid="01")
token = cwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, private_key)
with open(key_path("public_key_rsa.pem")) as key_file:
public_key = COSEKey.from_pem(key_file.read(), alg="PS256", kid="01")
decoded = cwt.decode(token, public_key)
assert 1 in decoded and decoded[1] == "coaps://as.example"
def test_sample_readme_nested_cwt(self):
with open(key_path("private_key_es256.pem")) as key_file:
private_key = COSEKey.from_pem(key_file.read(), kid="01")
token = cwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, private_key)
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="02")
nested = cwt.encode(token, enc_key)
with open(key_path("public_key_es256.pem")) as key_file:
public_key = COSEKey.from_pem(key_file.read(), kid="01")
decoded = cwt.decode(nested, [enc_key, public_key])
assert 1 in decoded and decoded[1] == "coaps://as.example"
def test_sample_readme_encrypted_cwt_old(self):
nonce = token_bytes(13)
mysecret = token_bytes(32)
enc_key = COSEKey.from_symmetric_key(mysecret, alg="AES-CCM-16-64-256", kid="01")
encoded = cwt.encode_and_encrypt(
Claims.from_json({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}),
enc_key,
nonce=nonce,
)
decoded = cwt.decode(encoded, enc_key)
assert 1 in decoded and decoded[1] == "coaps://as.example"
def test_sample_rfc8392_a3(self):
key = COSEKey.from_bytes(bytes.fromhex(SAMPLE_COSE_KEY_RFC8392_A2_3))
encoded = bytes.fromhex(SAMPLE_CWT_RFC8392_A3)
decoded = cwt.decode(encoded, keys=key, no_verify=True)
assert 1 in decoded and decoded[1] == "coap://as.example.com"
assert 2 in decoded and decoded[2] == "erikw"
assert 3 in decoded and decoded[3] == "coap://light.example.com"
assert 4 in decoded and decoded[4] == 1444064944
assert 5 in decoded and decoded[5] == 1443944944
assert 6 in decoded and decoded[6] == 1443944944
assert 7 in decoded and decoded[7] == bytes.fromhex("0b71")
def test_sample_readme_signed_cwt_ed25519_old(self):
with open(key_path("private_key_ed25519.pem")) as key_file:
private_key = COSEKey.from_pem(key_file.read(), kid="01")
encoded = cwt.encode_and_sign(
Claims.from_json({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}),
private_key,
)
with open(key_path("public_key_ed25519.pem")) as key_file:
public_key = COSEKey.from_pem(key_file.read(), kid="01")
decoded = cwt.decode(encoded, public_key)
assert 1 in decoded and decoded[1] == "coaps://as.example"
def test_sample_readme_maced_cwt_with_json_dict_old(self):
key = COSEKey.from_symmetric_key("mysecretpassword", alg="HS256", kid="01")
encoded = cwt.encode_and_mac(
Claims.from_json({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}),
key,
)
decoded = cwt.decode(encoded, key)
assert 1 in decoded and decoded[1] == "coaps://as.example"
assert 2 in decoded and decoded[2] == "dajiaji"
assert 4 in decoded and decoded[4] <= now() + 3600
assert 5 in decoded and decoded[5] <= now()
assert 6 in decoded and decoded[6] <= now()
assert 7 in decoded and decoded[7] == b"123"
def test_sample_readme_cwt_with_pop_jwk(self):
# issuer:
with open(key_path("private_key_ed25519.pem")) as key_file:
private_key = COSEKey.from_pem(key_file.read(), kid="issuer-01")
token = cwt.encode(
{
"iss": "coaps://as.example",
"sub": "dajiaji",
"cti": "123",
"cnf": {
"jwk": {
"kty": "OKP",
"use": "sig",
"crv": "Ed25519",
"kid": "01",
"x": "2E6dX83gqD_D0eAmqnaHe1TC1xuld6iAKXfw2OVATr0",
"alg": "EdDSA",
},
},
},
private_key,
)
# presenter:
msg = b"could-you-sign-this-message?" # Provided by recipient.
pop_key_private = COSEKey.from_jwk(
{
"kty": "OKP",
"d": "L8JS08VsFZoZxGa9JvzYmCWOwg7zaKcei3KZmYsj7dc",
"use": "sig",
"crv": "Ed25519",
"kid": "01",
"x": "2E6dX83gqD_D0eAmqnaHe1TC1xuld6iAKXfw2OVATr0",
"alg": "EdDSA",
}
)
sig = pop_key_private.sign(msg)
# recipient:
with open(key_path("public_key_ed25519.pem")) as key_file:
public_key = COSEKey.from_pem(key_file.read(), kid="issuer-01")
decoded = cwt.decode(token, public_key)
assert 8 in decoded and isinstance(decoded[8], dict)
assert 1 in decoded[8] and isinstance(decoded[8][1], dict)
c = Claims.new(decoded)
extracted = COSEKey.new(c.cnf)
try:
extracted.verify(msg, sig)
except Exception:
pytest.fail("verify should not fail.")
def test_sample_readme_nested_cwt_old(self):
with open(key_path("private_key_es256.pem")) as key_file:
private_key = COSEKey.from_pem(key_file.read(), kid="01")
encoded = cwt.encode_and_sign(
Claims.from_json({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}),
private_key,
)
nonce = token_bytes(13)
mysecret = token_bytes(32)
enc_key = COSEKey.from_symmetric_key(mysecret, alg="AES-CCM-16-64-256", kid="02")
nested = cwt.encode_and_encrypt(encoded, enc_key, nonce=nonce)
with open(key_path("public_key_es256.pem")) as key_file:
public_key = COSEKey.from_pem(key_file.read(), kid="01")
decoded = cwt.decode(nested, [enc_key, public_key])
assert 1 in decoded and decoded[1] == "coaps://as.example"
def test_key_builder_from_jwk_with_encode(self, private_key_path,
public_key_path):
with open(key_path(private_key_path)) as key_file:
private_key = COSEKey.from_jwk(key_file.read())
with open(key_path(public_key_path)) as key_file:
public_key = COSEKey.from_jwk(key_file.read())
token = cwt.encode(
{
"iss": "coaps://as.example",
"sub": "dajiaji",
"cti": "123"
},
private_key,
)
decoded = cwt.decode(token, public_key)
assert 1 in decoded and decoded[1] == "coaps://as.example"
def test_sample_rfc8392_a3_with_encoding(self):
key = COSEKey.from_bytes(bytes.fromhex(SAMPLE_COSE_KEY_RFC8392_A2_3))
token = cwt.encode(
{
1: "coap://as.example.com",
2: "erikw",
3: "coap://light.example.com",
4: 1444064944,
5: 1443944944,
6: 1443944944,
7: bytes.fromhex("0b71"),
},
key,
)
decoded = cwt.decode(token, keys=key, no_verify=True)
assert 1 in decoded and decoded[1] == "coap://as.example.com"
def test_sample_readme_decode_with_multiple_keys(self):
with open(key_path("private_key_ed25519.pem")) as key_file:
private_key = COSEKey.from_pem(key_file.read(), kid="02")
token = cwt.encode(
{
"iss": "coaps://as.example",
"sub": "dajiaji",
"cti": b"123",
},
private_key,
)
with open(key_path("public_key_es256.pem")) as key_file:
public_key_1 = COSEKey.from_pem(key_file.read(), kid="01")
with open(key_path("public_key_ed25519.pem")) as key_file:
public_key_2 = COSEKey.from_pem(key_file.read(), kid="02")
decoded = cwt.decode(token, [public_key_1, public_key_2])
assert 1 in decoded and decoded[1] == "coaps://as.example"
def test_sample_rfc8392_a6_with_encoding(self):
sig_key = COSEKey.from_bytes(bytes.fromhex(SAMPLE_COSE_KEY_RFC8392_A2_3))
signed = cwt.encode(
{
1: "coap://as.example.com",
2: "erikw",
3: "coap://light.example.com",
4: 1444064944,
5: 1443944944,
6: 1443944944,
7: bytes.fromhex("0b71"),
},
key=sig_key,
)
enc_key = COSEKey.from_bytes(bytes.fromhex(SAMPLE_COSE_KEY_RFC8392_A2_1))
nonce = bytes.fromhex("4a0694c0e69ee6b5956655c7b2")
encrypted = cwt.encode(signed, key=enc_key, nonce=nonce)
decoded = cwt.decode(encrypted, keys=[enc_key, sig_key], no_verify=True)
assert 1 in decoded and decoded[1] == "coap://as.example.com"
def test_sample_rfc8392_a5(self):
key = COSEKey.from_bytes(bytes.fromhex(SAMPLE_COSE_KEY_RFC8392_A2_1))
nonce = bytes.fromhex("99a0d7846e762c49ffe8a63e0b")
token = cwt.encode(
{
1: "coap://as.example.com",
2: "erikw",
3: "coap://light.example.com",
4: 1444064944,
5: 1443944944,
6: 1443944944,
7: bytes.fromhex("0b71"),
},
key=key,
nonce=nonce,
)
assert token == bytes.fromhex(SAMPLE_CWT_RFC8392_A5)
decoded = cwt.decode(token, keys=key, no_verify=True)
assert 1 in decoded and decoded[1] == "coap://as.example.com"
def test_sample_readme_cwt_with_pop_kid(self):
with open(key_path("private_key_ed25519.pem")) as key_file:
private_key = COSEKey.from_pem(key_file.read(), kid="01")
token = cwt.encode(
{
1: "coaps://as.example", # iss
2: "dajiaji", # sub
7: b"123", # cti
8: { # cnf
3: b"pop-key-id-of-cwt-presenter",
},
},
private_key,
)
with open(key_path("public_key_ed25519.pem")) as key_file:
public_key = COSEKey.from_pem(key_file.read(), kid="01")
decoded = cwt.decode(token, public_key)
assert 8 in decoded and isinstance(decoded[8], dict)
assert 3 in decoded[8] and decoded[8][3] == b"pop-key-id-of-cwt-presenter"
def test_sample_readme_cwt_with_user_defined_claims_readable(self):
with open(key_path("private_key_ed25519.pem")) as key_file:
private_key = COSEKey.from_pem(key_file.read(), kid="01")
cwt.set_private_claim_names(
{
"ext_1": -70001,
"ext_2": -70002,
"ext_3": -70003,
"ext_4": -70004,
}
)
token = cwt.encode(
{
"iss": "coaps://as.example",
"sub": "dajiaji",
"cti": b"123",
"ext_1": "foo",
"ext_2": ["bar"],
"ext_3": {"baz": "qux"},
"ext_4": 123,
},
private_key,
)
with open(key_path("public_key_ed25519.pem")) as key_file:
public_key = COSEKey.from_pem(key_file.read(), kid="01")
raw = cwt.decode(token, public_key)
readable = Claims.new(
raw,
private_claim_names={
"ext_1": -70001,
"ext_2": -70002,
"ext_3": -70003,
"ext_4": -70004,
},
)
assert readable.get("ext_1") == "foo"
assert readable.get("ext_2")[0] == "bar"
assert readable.get("ext_3")["baz"] == "qux"
assert readable.get("ext_4") == 123
def test_sample_readme_cwt_with_pop_kid_readable(self):
with open(key_path("private_key_ed25519.pem")) as key_file:
private_key = COSEKey.from_pem(key_file.read(), kid="issuer-01")
token = cwt.encode(
{
"iss": "coaps://as.example",
"sub": "dajiaji",
"cti": "123",
"cnf": {
"kid": "pop-key-id-of-cwt-presenter",
},
},
private_key,
)
with open(key_path("public_key_ed25519.pem")) as key_file:
public_key = COSEKey.from_pem(key_file.read(), kid="issuer-01")
decoded = cwt.decode(token, public_key)
assert 8 in decoded and isinstance(decoded[8], dict)
assert 3 in decoded[8] and decoded[8][3] == b"pop-key-id-of-cwt-presenter"
c = Claims.new(decoded)
assert c.cnf == "pop-key-id-of-cwt-presenter"
def test_sample_readme_signed_cwt_es384_old(self):
with open(key_path("private_key_es384.pem")) as key_file:
private_key = COSEKey.from_pem(key_file.read(), kid="01")
with open(key_path("public_key_es384.pem")) as key_file:
public_key = COSEKey.from_pem(key_file.read(), kid="01")
encoded = cwt.encode_and_sign(
Claims.from_json(
{
"iss": "coaps://as.example",
"sub": "dajiaji",
"aud": ["coaps://rs1.example", "coaps://rs2.example"],
"cti": "123",
}
),
private_key,
)
decoded = cwt.decode(encoded, public_key)
assert 1 in decoded and decoded[1] == "coaps://as.example"
assert 3 in decoded and isinstance(decoded[3], list)
assert 3 in decoded and decoded[3][0] == "coaps://rs1.example"
assert 3 in decoded and decoded[3][1] == "coaps://rs2.example"
def test_sample_readme_encrypted_cwt(self):
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
token = cwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, enc_key)
decoded = cwt.decode(token, enc_key)
assert 1 in decoded and decoded[1] == "coaps://as.example"
def test_sample_readme_maced_cwt_with_json_dict(self):
key = COSEKey.from_symmetric_key(alg="HMAC 256/256", kid="01")
token = cwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, key)
decoded = cwt.decode(token, key)
assert 1 in decoded and decoded[1] == "coaps://as.example"
def test_sample_rfc8392_a6(self):
sig_key = COSEKey.from_bytes(bytes.fromhex(SAMPLE_COSE_KEY_RFC8392_A2_3))
enc_key = COSEKey.from_bytes(bytes.fromhex(SAMPLE_COSE_KEY_RFC8392_A2_1))
encrypted = bytes.fromhex(SAMPLE_CWT_RFC8392_A6)
decoded = cwt.decode(encrypted, keys=[enc_key, sig_key], no_verify=True)
assert 1 in decoded and decoded[1] == "coap://as.example.com"
