def test_parse_corrupted_key_missing_key_id():
with pytest.raises(ParseJWTBundleError) as exception:
JwtBundle.parse(trust_domain, JWKS_MISSING_KEY_ID)
assert (
str(exception.value) ==
'Error parsing JWT bundle: Error adding authority from JWKS: keyID cannot be empty.'
)
def test_parse_invalid_bytes(test_bytes):
with pytest.raises(ParseJWTBundleError) as exception:
JwtBundle.parse(trust_domain, test_bytes)
assert (
str(exception.value) ==
'Error parsing JWT bundle: Cannot parse jwks. bundle_bytes does not represent a valid jwks.'
)
def test_parse_bundle_bytes_invalid_key(mocker):
mocker.patch(
'pyspiffe.bundle.jwt_bundle.jwt_bundle.PyJWKSet.from_json',
side_effect=InvalidKeyError('Invalid Key'),
autospect=True,
)
with pytest.raises(ParseJWTBundleError) as exception:
JwtBundle.parse(trust_domain, JWKS_MISSING_X)
assert (
str(exception.value) ==
'Error parsing JWT bundle: Cannot parse jwks from bundle_bytes: Invalid Key.'
)
def _create_td_jwt_bundle_dict(
jwt_bundle_response: workload_pb2.JWTBundlesResponse,
) -> Dict[TrustDomain, JwtBundle]:
jwt_bundles = {}
for td, jwk_set in jwt_bundle_response.bundles.items():
jwt_bundles[TrustDomain.parse(td)] = JwtBundle.parse(
TrustDomain.parse(td), jwk_set)
return jwt_bundles
def test_parse(test_bytes, expected_authorities):
jwt_bundle = JwtBundle.parse(trust_domain, test_bytes)
assert jwt_bundle
assert len(jwt_bundle.jwt_authorities()) == expected_authorities
def test_parse_missing_bundle_bytes(test_bundle_bytes):
with pytest.raises(ArgumentError) as exception:
JwtBundle.parse(trust_domain, test_bundle_bytes)
assert str(exception.value) == 'Bundle bytes cannot be empty.'
def test_parse_invalid_trust_domain(test_trust_domain):
with pytest.raises(ArgumentError) as exception:
JwtBundle.parse(test_trust_domain, JWKS_1_EC_KEY)
assert str(exception.value) == 'Trust domain is missing.'