class JWTTest(TestCase):
def setUp(self):
self.inst = JWT()
self.key = jwk_from_dict(json.loads(load_testdata('oct.json', 'r')))
self.message = {
'iss': 'joe',
'exp': 1300819380,
'http://example.com/is_root': True,
}
self.compact_jws = (
'eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9'
'.'
'eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt'
'cGxlLmNvbS9pc19yb290Ijp0cnVlfQ'
'.'
'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk')
@freeze_time("2011-03-22 18:00:00", tz_offset=0)
def test_decode(self):
message = self.inst.decode(self.compact_jws, self.key)
self.assertEqual(message, self.message)
def test_decode_with_do_time_check_disabled(self):
message = self.inst.decode(self.compact_jws,
self.key,
do_time_check=False)
self.assertEqual(message, self.message)
def test_expiration(self):
self.assertRaisesRegex(JWTDecodeError, 'JWT Expired', self.inst.decode,
self.compact_jws, self.key)
def test_no_before_used_before(self):
compact_jws = self.inst.encode(
{
'nbf':
get_int_from_datetime(
datetime.now(timezone.utc) + timedelta(hours=1))
}, self.key)
self.assertRaisesRegex(JWTDecodeError, 'JWT Not valid yet',
self.inst.decode, compact_jws, self.key)
def test_no_before_used_after(self):
message = {
'nbf':
get_int_from_datetime(
datetime.now(timezone.utc) - timedelta(hours=1))
}
compact_jws = self.inst.encode(message, self.key)
self.assertEqual(self.inst.decode(compact_jws, self.key), message)
def jwt_encode_handler(keys, payload):
_jwt = JWT(keys)
return _jwt.encode({
"typ": "JWT",
"alg": JWTSetting.JWT_ALG,
'kid': JWTSetting.JWT_KID
}, payload)
def jwt_encode_handler(keys, payload):
_jwt = JWT(keys)
return _jwt.encode(
{
"typ": "JWT",
"alg": JWTSetting.JWT_ALG,
'kid': JWTSetting.JWT_KID
}, payload)
def encode_token(self, token, client, access_token=None):
assert isinstance(token, IDToken)
assert isinstance(client, IClient)
assert isinstance(access_token, (str, type(None)))
jwkset = self.jwkset.copy()
if access_token:
jwkset.append(JWK.from_dict({
'kty': 'oct',
'k': access_token,
}))
jwt = JWT(jwkset)
jws = jwt.encode(dict(alg=client.get_jws_alg()),
token.to_json().encode('utf8'))
if not self.is_token_encryption_enabled:
return jws
jwe = jwt.encode(
dict(alg=client.get_jwe_alg(), enc=client.get_jwe_enc(),
cty='JWT'), jws)
return jwe
def encode_token(self, token, client, access_token=None):
assert isinstance(token, IDToken)
assert isinstance(client, IClient)
assert isinstance(access_token, (str, type(None)))
jwkset = self.jwkset.copy()
if access_token:
jwkset.append(JWK.from_dict({
'kty': 'oct',
'k': access_token,
}))
jwt = JWT(jwkset)
jws = jwt.encode(dict(alg=client.get_jws_alg()),
token.to_json().encode('utf8'))
if not self.is_token_encryption_enabled:
return jws
jwe = jwt.encode(dict(alg=client.get_jwe_alg(),
enc=client.get_jwe_enc(),
cty='JWT'),
jws)
return jwe
