def test_non_json_header_is_parse_error(self):
jwe_str = "ciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0." \
"UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7" \
"Zx0-kFm1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgN" \
"Z__deLKxGHZ7PcHALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRir" \
"b6Y5Cl_p-ko3YvkkysZIFNPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8" \
"OtvzlV7elprCbuPhcCdZ6XDP0_F8rkXds2vE4X-ncOIM8hAYHHi29NX0m" \
"cKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv-B3oWh2TbqmScqXMR4gp_A" \
"." \
"AxY8DCtDaGlsbGljb3RoZQ." \
"KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY." \
"9hH0vgRfYgPnAHOd8stkvw"
with pytest.raises(JWEParseError):
jwe.decrypt(jwe_str, "key")
def decrypt_token(encrypted_token: str, key: str) -> Token:
try:
decrypted_token = jwe.decrypt(encrypted_token.encode('utf-8'),
key).decode('utf-8')
return Token(**json.loads(decrypted_token))
except (JOSEError, JWKError, JWEError):
traceback.print_exc(file=sys.stderr)
return None
def test_decrypt_oct_256_key_wrap(self, jwe_package):
headers = jwe.get_unverified_header(jwe_package)
if headers["alg"] not in ALGORITHMS.SUPPORTED:
pytest.skip("alg {} not supported".format(headers["alg"]))
if headers["enc"] not in ALGORITHMS.SUPPORTED:
pytest.skip("enc {} not supported".format(headers["enc"]))
key = OCT_256_BIT_KEY
actual = jwe.decrypt(jwe_package, key)
assert actual == b"Live long and prosper."
def verify_password_reset_token(token: str) -> Optional[Tuple[str, str]]:
try:
decoded_token = jwt.decode(token,
settings.SECRET_KEY,
algorithms=["HS256"])
decoded_password = jwe.decrypt(decoded_token["password"],
settings.SECRET_KEY).decode("utf-8")
return decoded_token["sub"], decoded_password
except jwt.JWTError:
return None
def test_encrypt_decrypt_aes_kw(self, alg, enc, zip):
if alg == ALGORITHMS.A128KW:
key = OCT_128_BIT_KEY
elif alg == ALGORITHMS.A192KW:
key = OCT_192_BIT_KEY
elif alg == ALGORITHMS.A256KW:
key = OCT_256_BIT_KEY
else:
pytest.fail(f"I don't know how to handle enc {alg}")
expected = b"Live long and prosper."
jwe_value = jwe.encrypt(expected[:], key, enc, alg, zip)
actual = jwe.decrypt(jwe_value, key)
assert actual == expected
def test_encrypt_decrypt_dir_kw(self, enc, zip):
if enc == ALGORITHMS.A128GCM:
key = OCT_128_BIT_KEY
elif enc == ALGORITHMS.A192GCM:
key = OCT_192_BIT_KEY
elif enc in (ALGORITHMS.A128CBC_HS256, ALGORITHMS.A256GCM):
key = OCT_256_BIT_KEY
elif enc == ALGORITHMS.A192CBC_HS384:
key = OCT_384_BIT_KEY
elif enc == ALGORITHMS.A256CBC_HS512:
key = OCT_512_BIT_KEY
else:
pytest.fail(f"I don't know how to handle enc {enc}")
expected = b"Live long and prosper."
jwe_value = jwe.encrypt(expected[:], key, enc, ALGORITHMS.DIR, zip)
actual = jwe.decrypt(jwe_value, key)
assert actual == expected
def test_encrypt_decrypt_rsa_kw(self, alg, enc, zip):
expected = b"Live long and prosper."
jwe_value = jwe.encrypt(expected[:], PUBLIC_KEY_PEM, enc, alg, zip)
actual = jwe.decrypt(jwe_value, PRIVATE_KEY_PEM)
assert actual == expected
def test_invalid_jwe_is_parse_error(self):
with pytest.raises(JWEParseError):
jwe.decrypt("invalid", "key")
