def test_sign_json(): key = ECKey().load_key(P256) payload = "hello world" unprotected_headers = {"abc": "xyz"} protected_headers = {"foo": "bar"} _jwt = JWS(msg=payload, alg="ES256").sign_json( headers=[(protected_headers, unprotected_headers)], keys=[key]) jwt = json.loads(_jwt) assert b64d_enc_dec(jwt["payload"]) == payload assert len(jwt["signatures"]) == 1 assert jwt["signatures"][0]["header"] == unprotected_headers assert json.loads(b64d_enc_dec(jwt["signatures"][0]["protected"])) == protected_headers
def test_sign_json_flattened_syntax(): key = ECKey().load_key(P256) protected_headers = {"foo": "bar"} unprotected_headers = {"abc": "xyz"} payload = "hello world" _jwt = JWS(msg=payload, alg="ES256").sign_json( headers=[(protected_headers, unprotected_headers)], keys=[key], flatten=True) json_jws = json.loads(_jwt) assert "signatures" not in json_jws assert b64d_enc_dec(json_jws["payload"]) == payload assert json_jws["header"] == unprotected_headers assert json.loads(b64d_enc_dec(json_jws["protected"])) == protected_headers
def test_sign_json(): key = ECKey().load_key(P256) payload = "hello world" unprotected_headers = {"abc": "xyz"} protected_headers = {"foo": "bar"} _jwt = JWS(msg=payload, alg="ES256").sign_json(headers=[ (protected_headers, unprotected_headers) ], keys=[key]) jwt = json.loads(_jwt) assert b64d_enc_dec(jwt["payload"]) == payload assert len(jwt["signatures"]) == 1 assert jwt["signatures"][0]["header"] == unprotected_headers assert json.loads(b64d_enc_dec( jwt["signatures"][0]["protected"])) == protected_headers
def test_sign_json_flattened_syntax(): key = ECKey().load_key(P256) protected_headers = {"foo": "bar"} unprotected_headers = {"abc": "xyz"} payload = "hello world" _jwt = JWS(msg=payload, alg="ES256").sign_json(headers=[ (protected_headers, unprotected_headers) ], keys=[key], flatten=True) json_jws = json.loads(_jwt) assert "signatures" not in json_jws assert b64d_enc_dec(json_jws["payload"]) == payload assert json_jws["header"] == unprotected_headers assert json.loads(b64d_enc_dec(json_jws["protected"])) == protected_headers
def test_sign_json_dont_include_empty_unprotected_headers(): key = ECKey().load_key(P256) protected_headers = {"foo": "bar"} _jwt = JWS(msg="hello world", alg="ES256").sign_json(headers=[(protected_headers, None)], keys=[key]) json_jws = json.loads(_jwt) assert "header" not in json_jws["signatures"][0] jws_protected_headers = json.loads(b64d_enc_dec(json_jws["signatures"][0]["protected"])) assert set(protected_headers.items()).issubset(set(jws_protected_headers.items()))
def test_sign_json_dont_include_empty_protected_headers(): key = ECKey().load_key(P256) unprotected_headers = {"foo": "bar"} _jwt = JWS(msg="hello world", alg="ES256").sign_json(headers=[(None, unprotected_headers)], keys=[key]) json_jws = json.loads(_jwt) jws_protected_headers = json.loads(b64d_enc_dec(json_jws["signatures"][0]["protected"])) assert jws_protected_headers == {"alg": "ES256"} jws_unprotected_headers = json_jws["signatures"][0]["header"] assert unprotected_headers == jws_unprotected_headers
def test_sign_json_dont_include_empty_protected_headers(): key = ECKey().load_key(P256) unprotected_headers = {"foo": "bar"} _jwt = JWS(msg="hello world", alg="ES256").sign_json(headers=[(None, unprotected_headers)], keys=[key]) json_jws = json.loads(_jwt) jws_protected_headers = json.loads( b64d_enc_dec(json_jws["signatures"][0]["protected"])) assert jws_protected_headers == {"alg": "ES256"} jws_unprotected_headers = json_jws["signatures"][0]["header"] assert unprotected_headers == jws_unprotected_headers
def test_sign_json_dont_include_empty_unprotected_headers(): key = ECKey().load_key(P256) protected_headers = {"foo": "bar"} _jwt = JWS(msg="hello world", alg="ES256").sign_json(headers=[(protected_headers, None)], keys=[key]) json_jws = json.loads(_jwt) assert "header" not in json_jws["signatures"][0] jws_protected_headers = json.loads( b64d_enc_dec(json_jws["signatures"][0]["protected"])) assert set(protected_headers.items()).issubset( set(jws_protected_headers.items()))
def verify_json(self, jws, keys=None, allow_none=False, sigalg=None): """ :param jws: :param keys: :return: """ _jwss = json.loads(jws) try: _payload = _jwss["payload"] except KeyError: raise FormatError("Missing payload") try: _signs = _jwss["signatures"] except KeyError: # handle Flattened JWKS Serialization Syntax signature = {} for key in ["protected", "header", "signature"]: if key in _jwss: signature[key] = _jwss[key] _signs = [signature] _claim = None for _sign in _signs: protected_headers = _sign.get("protected", "") token = b".".join([ protected_headers.encode(), _payload.encode(), _sign["signature"].encode() ]) unprotected_headers = _sign.get("header", {}) all_headers = unprotected_headers.copy() all_headers.update( json.loads(b64d_enc_dec(protected_headers) or {})) self.__init__(**all_headers) _tmp = self.verify_compact(token, keys, allow_none, sigalg) if _claim is None: _claim = _tmp else: assert _claim == _tmp return _claim
def verify_json(self, jws, keys=None, allow_none=False, sigalg=None): """ :param jws: :param keys: :return: """ _jwss = json.loads(jws) try: _payload = _jwss["payload"] except KeyError: raise FormatError("Missing payload") try: _signs = _jwss["signatures"] except KeyError: # handle Flattened JWKS Serialization Syntax signature = {} for key in ["protected", "header", "signature"]: if key in _jwss: signature[key] = _jwss[key] _signs = [signature] _claim = None for _sign in _signs: protected_headers = _sign.get("protected", "") token = b".".join([protected_headers.encode(), _payload.encode(), _sign["signature"].encode()]) unprotected_headers = _sign.get("header", {}) all_headers = unprotected_headers.copy() all_headers.update( json.loads(b64d_enc_dec(protected_headers) or {})) self.__init__(**all_headers) _tmp = self.verify_compact(token, keys, allow_none, sigalg) if _claim is None: _claim = _tmp else: assert _claim == _tmp return _claim