def test_get_public_key(self, private_key): key = RSAKey(private_key, ALGORITHMS.RS256) public_key = key.public_key() public_key2 = public_key.public_key() assert public_key.is_public() assert public_key2.is_public() assert public_key == public_key2
def test_RSAKey_errors(self): rsa_key = { "kty": "RSA", "kid": "*****@*****.**", "use": "sig", "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw", "e": "AQAB" } with pytest.raises(JWKError): key = RSAKey(rsa_key, 'HS256') rsa_key = { "kty": "oct", "kid": "*****@*****.**", "use": "sig", "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw", "e": "AQAB" } with pytest.raises(JWKError): key = RSAKey(rsa_key, 'RS256') # noqa: F841
def test_to_pem(self, pkey): key = RSAKey(pkey, ALGORITHMS.RS256) assert key.to_pem(pem_format='PKCS1').strip() == pkey.strip() pkcs8 = key.to_pem(pem_format='PKCS8').strip() assert pkcs8 != pkey.strip() newkey = RSAKey(pkcs8, ALGORITHMS.RS256) assert newkey.to_pem(pem_format='PKCS1').strip() == pkey.strip()
def test_RSA_jwk(self): key = { "kty": "RSA", "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", "e": "AQAB", } assert RSAKey(key, ALGORITHMS.RS256).is_public() key = { "kty": "RSA", "kid": "*****@*****.**", "use": "sig", "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw", "e": "AQAB", "d": "bWUC9B-EFRIo8kpGfh0ZuyGPvMNKvYWNtB_ikiH9k20eT-O1q_I78eiZkpXxXQ0UTEs2LsNRS-8uJbvQ-A1irkwMSMkK1J3XTGgdrhCku9gRldY7sNA_AKZGh-Q661_42rINLRCe8W-nZ34ui_qOfkLnK9QWDDqpaIsA-bMwWWSDFu2MUBYwkHTMEzLYGqOe04noqeq1hExBTHBOBdkMXiuFhUq1BU6l-DqEiWxqg82sXt2h-LMnT3046AOYJoRioz75tSUQfGCshWTBnP5uDjd18kKhyv07lhfSJdrPdM5Plyl21hsFf4L_mHCuoFau7gdsPfHPxxjVOcOpBrQzwQ", "p": "3Slxg_DwTXJcb6095RoXygQCAZ5RnAvZlno1yhHtnUex_fp7AZ_9nRaO7HX_-SFfGQeutao2TDjDAWU4Vupk8rw9JR0AzZ0N2fvuIAmr_WCsmGpeNqQnev1T7IyEsnh8UMt-n5CafhkikzhEsrmndH6LxOrvRJlsPp6Zv8bUq0k", "q": "uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs6grT8bR_cu0Dm1MZwWmtdqDyI95HrUeq3MP15vMMON8lHTeZu2lmKvwqW7anV5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxHlSqAZ192zB3pVFJ0s7pFc", "dp": "B8PVvXkvJrj2L-GYQ7v3y9r6Kw5g9SahXBwsWUzp19TVlgI-YV85q1NIb1rxQtD-IsXXR3-TanevuRPRt5OBOdiMGQp8pbt26gljYfKU_E9xn-RULHz0-ed9E9gXLKD4VGngpz-PfQ_q29pk5xWHoJp009Qf1HvChixRX 59ehik", "dq": "CLDmDGduhylc9o7r84rEUVn7pzQ6PF83Y-iBZx5NT-TpnOZKF1pErAMVeKzFEl41DlHHqqBLSM0W1sOFbwTxYWZDm6sI6og5iTbwQGIC3gnJKbi_7k_vJgGHwHxgPaX2PnvP-zyEkDERuf-ry4c_Z11Cq9AqC2yeL6kdKT1cYF8", "qi": "3PiqvXQN0zwMeE-sBvZgi289XP9XCQF3VWqPzMKnIgQp7_Tugo6-NZBKCQsMf3HaEGBjTVJs_jcK8-TRXvaKe-7ZMaQj8VfBdYkssbu0NKDDhjJ-GtiseaDVWt7dcH0cfwxgFUHpQh7FoCrjFJ6h6ZEpMF6xmujs4qMpPz8aaI4" } assert not RSAKey(key, ALGORITHMS.RS256).is_public() del key['p'] # Some but not all extra parameters are present with pytest.raises(JWKError): RSAKey(key, ALGORITHMS.RS256) del key['q'] del key['dp'] del key['dq'] del key['qi'] # None of the extra parameters are present, but 'key' is still private. assert not RSAKey(key, ALGORITHMS.RS256).is_public()
def test_invalid_hash_alg(self): with pytest.raises(JWKError): key = HMACKey(hmac_key, 'RS512') with pytest.raises(JWKError): key = RSAKey(rsa_key, 'HS512') with pytest.raises(JWKError): key = ECKey(ec_key, 'RS512') # noqa: F841
def test_invalid_jwk(self): with pytest.raises(JWKError): key = HMACKey(rsa_key, 'HS256') with pytest.raises(JWKError): key = RSAKey(hmac_key, 'RS256') with pytest.raises(JWKError): key = ECKey(rsa_key, 'ES256') # noqa: F841
def assert_roundtrip(self, key): assert RSAKey( key.to_dict(), ALGORITHMS.RS256 ).to_dict() == key.to_dict()
def test_invalid_algorithm(self): with pytest.raises(JWKError): RSAKey(private_key_4096_pkcs1, ALGORITHMS.ES256) with pytest.raises(JWKError): RSAKey({'kty': 'bla'}, ALGORITHMS.RS256)
def test_bad_cert(self,): key = '-----BEGIN CERTIFICATE-----' with pytest.raises(JOSEError): RSAKey(key, ALGORITHMS.RS256)
def test_object(self): key = object() with pytest.raises(JOSEError): RSAKey(key, ALGORITHMS.RS256)
def test_RSA_key(self): assert not RSAKey(private_key_4096_pkcs1, ALGORITHMS.RS256).is_public()
def test_to_dict(self, private_key): key = RSAKey(private_key, ALGORITHMS.RS256) self.assert_parameters(key.to_dict(), private=True) self.assert_parameters(key.public_key().to_dict(), private=False) self.assert_roundtrip(key) self.assert_roundtrip(key.public_key())
from jose import jws, jwt private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=default_backend()) pem = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()) pem = str(pem, 'utf-8') public_key = private_key.public_key() rsakey = RSAKey(public_key, ALGORITHMS.RS256) print(rsakey.to_dict()) tomorrow = datetime.now() + timedelta(days=1) tomorrow_in_seconds = tomorrow.timestamp() payload = { "sub": "a3bc91e1-dd79-433c-a3be-d5fe5ad5c608", "email_verified": False, "iss": "https://cognito-idp.us-east-2.amazonaws.com/us-east-2_rBDyyW1zu", "cognito:username": "******", "custom:Role": "Administrator", "aud": "f2alqmli8o74m8f63eb9qkdmm", "event_id": "51a8f501-b992-46ec-afd2-9eabf9ee36ff", "token_use": "id",
def test_string_secret(self): key = 'secret' with pytest.raises(JOSEError): RSAKey(key, ALGORITHMS.RS256)