def parse(jwt): """Parse a JWT from a string.""" algorithm, payload, signature = jwt.split(".") signed_data = algorithm + "." + payload try: algorithm = decode_json_bytes(algorithm)["alg"] except KeyError: raise ValueError("badly formed JWT") payload = decode_json_bytes(payload) signature = decode_bytes(signature) return JWT(algorithm, payload, signature, signed_data)
def parse_jwt(data): """Parse a JWT from a string.""" header, payload, signature = data.split(".") signed_data = header + "." + payload try: header = decode_json_bytes(header) except KeyError: raise ValueError("badly formed JWT header") payload = decode_json_bytes(payload) signature = decode_bytes(signature) return ReceiptJWT(header, payload, signature, signed_data)
def test_error_handling_in_verify_certificate_chain(self): self.assertRaises(ValueError, self.verifier.verify_certificate_chain, []) certs = decode_json_bytes(EXPIRED_ASSERTION)["certificates"] certs = [jwt.parse(cert) for cert in certs] self.assertRaises(ExpiredSignatureError, self.verifier.verify_certificate_chain, certs)
def get_email_and_assertion(audience): global _email_assertion if not _email_assertion: import pickle try: import datetime from browserid.utils import unbundle_certs_and_assertion, decode_json_bytes # Get one from the cache, and check it's expiration email_assertion = pickle.load(open(ASSERTION_CACHE_FILE, 'rb')) _, assertion = unbundle_certs_and_assertion(email_assertion[1]) exp = decode_json_bytes(assertion.split('.')[1])['exp'] expiration_date = datetime.datetime.utcfromtimestamp(exp/1000) if expiration_date > datetime.datetime.utcnow(): # If it hasn't expired, return _email_assertion = email_assertion return email_assertion except FileNotFoundError: pass # If no good one is available, get a new one import requests from urllib.parse import quote_plus r = requests.get('http://personatestuser.org/email_with_assertion/%s'%quote_plus(audience)) _email_assertion = r.json()['email'], r.json()['assertion'] pickle.dump(_email_assertion, open(ASSERTION_CACHE_FILE, 'wb')) return _email_assertion def _login(self): res = self.testapp.get('/', status=403)
def test_encode_decode_json_bytes(self): obj = {"hello": "world"} self.assertEquals(obj, decode_json_bytes(encode_json_bytes(obj))) self.assertRaises(ValueError, decode_json_bytes, encode_bytes("NOJSON4U")) self.assertRaises(ValueError, decode_json_bytes, encode_bytes("42")) self.assertRaises(ValueError, decode_json_bytes, encode_bytes("[1, 2, 3]")) self.assertRaises(ValueError, encode_json_bytes, 42) self.assertRaises(ValueError, encode_json_bytes, [1, 3, 3])
def check_audience(self, assertion, expected_audience=None): """Check that the assertion matches the expected audience. This method verifies that the audience for the given assertion is as expected - either matching the audience parameter if given, or or matching one of the audience patterns from the constructor if not. If the audience matches then it is returned as a string; if not then an AudienceMismatchError is raised. """ try: _, token = unbundle_certs_and_assertion(assertion) audience = decode_json_bytes(token.split(".")[1])["aud"] except (KeyError, IndexError): raise ValueError("Malformed JWT") if expected_audience is None: audience_re = self._audience_re else: audience_re = self._compile_audience_patterns(expected_audience) if audience_re is None: raise AudienceMismatchError if not audience_re.match(audience): raise AudienceMismatchError return audience