def test_verify_protected_headers():
payload = "Please take a moment to register today"
eck = ec.generate_private_key(ec.SECP256R1(), default_backend())
_key = ECKey().load_key(eck)
keys = [_key]
_jws = JWS(payload, alg="ES256")
protected = dict(header1=u"header1 is protected",
header2="header2 is protected too",
a=1)
_jwt = _jws.sign_compact(keys, protected=protected)
protectedHeader, enc_payload, sig = _jwt.split(".")
data = dict(
payload=enc_payload,
signatures=[
dict(
header=dict(alg=u"ES256", jwk=_key.serialize()),
protected=protectedHeader,
signature=sig,
)
],
)
# _pub_key = ECKey().load_key(eck.public_key())
_jws = JWS()
assert _jws.verify_json(json.dumps(data)) == payload
def test_key_from_jwk_dict_ec():
key = ECKey().load(full_path("570-ec-sect571r1-keypair.pem"))
assert key.has_private_key()
jwk = key.serialize(private=True)
_key = key_from_jwk_dict(jwk)
assert isinstance(_key, ECKey)
assert _key.has_private_key()
def read_cosekey(filename: str, private: bool = True) -> CoseKey:
"""Read key and return CoseKey"""
if filename.endswith(".json"):
with open(filename, "rt") as jwk_file:
jwk_dict = json.load(jwk_file)
elif filename.endswith(".key"):
key = import_private_key_from_pem_file(filename)
jwk = ECKey()
jwk.load_key(key)
jwk_dict = jwk.serialize(private=private)
elif filename.endswith(".crt"):
if private:
raise ValueError("No private keys in certificates")
key = import_public_key_from_cert_file(filename)
jwk = ECKey()
jwk.load_key(key)
jwk_dict = jwk.serialize(private=private)
else:
raise ValueError("Unknown key format")
return cosekey_from_jwk_dict(jwk_dict, private)
def test_create_eckey():
ec_key = generate_private_key(NIST2SEC['P-256'], default_backend())
ec = ECKey(priv_key=ec_key)
exp_key = ec.serialize()
assert _eq(list(exp_key.keys()), ["y", "x", "crv", "kty"])