Example #1
0
    def test_invalid_alg_in_jws_header(self):
        jws = json.loads(jwts.make_jws({"a": 1}, self.keypairs[:1]))
        header = json.loads(utils.to_string(utils.base64url_decode(jws["signatures"][0]["protected"])))
        header["alg"] = "bog"
        jws["signatures"][0]["protected"] = utils.to_string(utils.base64url_encode(json.dumps(header)))

        with self.assertRaises(exceptions.InvalidAlgorithmError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
Example #2
0
    def test_missing_kid_in_jws_header(self):
        jws = json.loads(jwts.make_jws({"a": 1}, self.keypairs[:1]))
        header = json.loads(utils.to_string(utils.base64url_decode(jws["signatures"][0]["protected"])))
        del header["kid"]
        jws["signatures"][0]["protected"] = utils.to_string(utils.base64url_encode(json.dumps(header)))

        with self.assertRaises(exceptions.InvalidFormatError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
Example #3
0
    def test_missing_kid_in_jws_header(self):
        jws = json.loads(jwts.make_jws({'a': 1}, self.keypairs[:1]))
        header = json.loads(
            utils.to_string(
                utils.base64url_decode(jws['signatures'][0]['protected'])))
        del header['kid']
        jws['signatures'][0]['protected'] = utils.to_string(
            utils.base64url_encode(json.dumps(header)))

        with self.assertRaises(exceptions.InvalidFormatError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
Example #4
0
    def test_invalid_alg_in_jws_header(self):
        jws = json.loads(jwts.make_jws({'a': 1}, self.keypairs[:1]))
        header = json.loads(
            utils.to_string(
                utils.base64url_decode(jws['signatures'][0]['protected'])))
        header['alg'] = 'bog'
        jws['signatures'][0]['protected'] = utils.to_string(
            utils.base64url_encode(json.dumps(header)))

        with self.assertRaises(exceptions.InvalidAlgorithmError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
Example #5
0
 def test_missing_kid_in_jws_header(self):
     jws = json.loads(jwts.make_jws({'a': 1}, self.keypairs[:1]))
     header = json.loads(utils.to_string(
         utils.base64url_decode(jws['signatures'][0]['protected'])
     ))
     del header['kid']
     jws['signatures'][0]['protected'] = utils.to_string(
         utils.base64url_encode(json.dumps(header))
     )
     (jwts.verify_jws.when.called_with(json.dumps(jws), self.keypairs[:1])
         .should.throw(exceptions.InvalidFormatError))
Example #6
0
    def test_invalid_alg_in_jws_header(self):
        jws = json.loads(jwts.make_jws({'a': 1}, self.keypairs[:1]))
        header = json.loads(utils.to_string(
            utils.base64url_decode(jws['signatures'][0]['protected'])
        ))
        header['alg'] = 'bog'
        jws['signatures'][0]['protected'] = utils.to_string(
            utils.base64url_encode(json.dumps(header))
        )

        with self.assertRaises(exceptions.InvalidAlgorithmError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
Example #7
0
    def test_missing_typ_in_jws_header(self):
        jws = json.loads(jwts.make_jws({'a': 1}, self.keypairs[:1]))
        header = json.loads(utils.to_string(
            utils.base64url_decode(jws['signatures'][0]['protected'])
        ))
        del header['typ']
        jws['signatures'][0]['protected'] = utils.to_string(
            utils.base64url_encode(json.dumps(header))
        )

        with self.assertRaises(exceptions.InvalidFormatError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
Example #8
0
def _handle_auth_endpoint(headers=None, data=None):
    logger.debug('data=%s', data)
    try:
        jwt_header, jwt_claims, jwt_sig = data.split('.')
    except ValueError:
        jws = json.loads(data)
        jwt_claims = jws['payload']
        sigs = jws['signatures']
        if len(sigs) != 1:
            raise AttributeError
        jwt_header = sigs[0]['protected']
        jwt_sig = sigs[0]['signature']
    except:
        return MockResponse('Bad Request', 400)

    try:
        key = keychain.Keypair.from_secret_pem(
            key_bytes=TestSession.id_key_bytes,
        )
        key.identity = 'id'
        oneid_key = keychain.Keypair.from_secret_pem(
            key_bytes=TestSession.oneid_key_bytes,
        )
        oneid_key.identity = 'oneID'
        payload = '{}.{}'.format(jwt_header, jwt_claims)
        key.verify(payload, jwt_sig)
        logger.debug('claims=%s', jwt_claims)
        json_claims = utils.to_string(utils.base64url_decode(jwt_claims))
        jws = jwts.make_jws(json.loads(json_claims), [key, oneid_key])
        logger.debug('jws=%s', jws)
        return MockResponse(jws, 200)
    except InvalidSignature:
        logger.debug('invalid signature', exc_info=True)
        return MockResponse('Forbidden', 403)

    return MockResponse('Internal Server Error', 500)
Example #9
0
 def test_decode(self):
     for s, b in self.pairs:
         self.assertEqual(utils.base64url_decode(b).decode('utf-8'), s)
Example #10
0
 def test_decrypt_without_legacy_follow_standard_encoding(self):
     enc = service.encrypt_attr_value(self.data, self.key, False)
     enc['iv'] = base64.b64encode(utils.base64url_decode(enc['iv']))
     decrypted = utils.to_string(service.decrypt_attr_value(enc, self.key))
     self.assertEqual(decrypted, self.data)
Example #11
0
 def test_decode(self):
     for s, b in self.pairs:
         self.assertEqual(utils.base64url_decode(b).decode('utf-8'), s)