def test_sign_json_flattened_syntax(): key = ECKey().load_key(P256()) protected_headers = {"foo": "bar"} unprotected_headers = {"abc": "xyz"} payload = "hello world" _jwt = JWS(msg=payload, alg="ES256").sign_json(headers=[ (protected_headers, unprotected_headers) ], keys=[key], flatten=True) json_jws = json.loads(_jwt) assert "signatures" not in json_jws assert b64d_enc_dec(json_jws["payload"]) == payload assert json_jws["header"] == unprotected_headers assert json.loads(b64d_enc_dec(json_jws["protected"])) == protected_headers
def test_sign_json(): eck = ec.generate_private_key(ec.SECP256R1(), default_backend()) key = ECKey().load_key(eck) payload = "hello world" unprotected_headers = {"abc": "xyz"} protected_headers = {"foo": "bar"} _jwt = JWS(msg=payload, alg="ES256").sign_json(headers=[ (protected_headers, unprotected_headers) ], keys=[key]) jwt = json.loads(_jwt) assert b64d_enc_dec(jwt["payload"]) == payload assert len(jwt["signatures"]) == 1 assert jwt["signatures"][0]["header"] == unprotected_headers assert json.loads(b64d_enc_dec( jwt["signatures"][0]["protected"])) == protected_headers
def test_sign_json_dont_include_empty_protected_headers(): key = ECKey().load_key(P256()) unprotected_headers = {"foo": "bar"} _jwt = JWS(msg="hello world", alg="ES256").sign_json(headers=[(None, unprotected_headers)], keys=[key]) json_jws = json.loads(_jwt) jws_protected_headers = json.loads( b64d_enc_dec(json_jws["signatures"][0]["protected"])) assert jws_protected_headers == {"alg": "ES256"} jws_unprotected_headers = json_jws["signatures"][0]["header"] assert unprotected_headers == jws_unprotected_headers
def test_sign_json_dont_include_empty_unprotected_headers(): key = ECKey().load_key(P256()) protected_headers = {"foo": "bar"} _jwt = JWS(msg="hello world", alg="ES256").sign_json(headers=[(protected_headers, None)], keys=[key]) json_jws = json.loads(_jwt) assert "header" not in json_jws["signatures"][0] jws_protected_headers = json.loads( b64d_enc_dec(json_jws["signatures"][0]["protected"])) assert set(protected_headers.items()).issubset( set(jws_protected_headers.items()))