def test_key_update(self): first_cert = signing.crypto.get_certificate() first_receipt = signing.crypto.sign_jwt(stamp()) #self.assert_(signing.crypto.verify_jwt(first_receipt)) self.assert_( jwt.decode(first_receipt, signing.crypto.KEYSTORE.key.get_rsa())) # Generate a replacement key, BABY cmd = "--environment dev newcert --signing-key=%s " \ "--issuer=%s --keyid=dev-testing" % (ROOT_PRIV_PATH, ISSUER_URL) run(cmd.split()) # Fudge our last stat() time l = signing.crypto.KEYSTORE.last_stat p = signing.crypto.KEYSTORE.poll_interval + 5 signing.crypto.KEYSTORE.last_stat = l - p # Sign first to force a stat() check second_receipt = signing.crypto.sign_jwt(stamp()) second_cert = signing.crypto.get_certificate() #self.assert_(signing.crypto.verify_jwt(first_receipt)) self.assert_( jwt.decode(second_receipt, signing.crypto.KEYSTORE.key.get_rsa())) c1 = jwt.decode(first_cert, verify=False) c2 = jwt.decode(second_cert, verify=False) self.assertNotEqual(c1["jwk"][0]["mod"], c2["jwk"][0]["mod"], msg="certificate unchanged")
def test_0_sign_verify(self): cert = signing.crypto.get_certificate() receipt = signing.crypto.sign_jwt(stamp()) # This should work but isn't. Again. #self.assert_(signing.crypto.verify_jwt(receipt)) self.assert_(jwt.decode(receipt, signing.crypto.KEYSTORE.key.get_rsa()))
def test_key_update(self): first_cert = signing.crypto.get_certificate() first_receipt = signing.crypto.sign_jwt(stamp()) # self.assert_(signing.crypto.verify_jwt(first_receipt)) self.assert_(jwt.decode(first_receipt, signing.crypto.KEYSTORE.key.get_rsa())) # Generate a replacement key, BABY cmd = "--environment dev newcert --signing-key=%s " "--issuer=%s --keyid=dev-testing" % ( ROOT_PRIV_PATH, ISSUER_URL, ) run(cmd.split()) # Fudge our last stat() time l = signing.crypto.KEYSTORE.last_stat p = signing.crypto.KEYSTORE.poll_interval + 5 signing.crypto.KEYSTORE.last_stat = l - p # Sign first to force a stat() check second_receipt = signing.crypto.sign_jwt(stamp()) second_cert = signing.crypto.get_certificate() # self.assert_(signing.crypto.verify_jwt(first_receipt)) self.assert_(jwt.decode(second_receipt, signing.crypto.KEYSTORE.key.get_rsa())) c1 = jwt.decode(first_cert, verify=False) c2 = jwt.decode(second_cert, verify=False) self.assertNotEqual(c1["jwk"][0]["mod"], c2["jwk"][0]["mod"], msg="certificate unchanged")
sys.exit(1) # Load the private key try: priv = M2Crypto.RSA.load_key(keyfile) except Exception, e: print "Failed ot load private key:\n\t%s\n" % e sys.exit(1) # Buffer the file contents for later verification with open(certfile) as f: cert_data = f.read().encode("ascii") # Load but don't verify the JWK-in-a-JWT certificate. try: cert = jwt.decode(cert_data, verify=False) except Exception, e: print "Failed to decode JWT: %s" % e # Convert the JWK into a form usable by M2Crypto try: pub = M2Crypto.RSA.new_pub_key((conv(cert["jwk"][0]["exp"]), conv(cert["jwk"][0]["mod"]))) except Exception, e: print "Failed to create RSA object from certificate's JWK: %s" % e sys.exit(1) # Fetch the issuer's public key from the URL provided by the key try: print "Fetching root pub key from %s" % cert["iss"] response = requests.get(cert["iss"]) if response.status_code == 200:
sys.exit(1) # Load the private key try: priv = M2Crypto.RSA.load_key(keyfile) except Exception, e: print "Failed ot load private key:\n\t%s\n" % e sys.exit(1) # Buffer the file contents for later verification with open(certfile) as f: cert_data = f.read().encode('ascii') # Load but don't verify the JWK-in-a-JWT certificate. try: cert = jwt.decode(cert_data, verify=False) except Exception, e: print "Failed to decode JWT: %s" % e # Convert the JWK into a form usable by M2Crypto try: pub = M2Crypto.RSA.new_pub_key((conv(cert['jwk'][0]['exp']), conv(cert['jwk'][0]['mod']))) except Exception, e: print "Failed to create RSA object from certificate's JWK: %s" % e sys.exit(1) # Fetch the issuer's public key from the URL provided by the key try: print "Fetching root pub key from %s" % cert['iss'] response = requests.get(cert['iss'])
def test_0_sign_verify(self): cert = signing.crypto.get_certificate() receipt = signing.crypto.sign_jwt(stamp()) # This should work but isn't. Again. # self.assert_(signing.crypto.verify_jwt(receipt)) self.assert_(jwt.decode(receipt, signing.crypto.KEYSTORE.key.get_rsa()))