Exemple #1
0
 def test_kid_header_not_present_when_not_provided(self):
     enc = ALGORITHMS.A256CBC_HS512
     alg = ALGORITHMS.RSA_OAEP_256
     encrypted = jwe.encrypt("Text", PUBLIC_KEY_PEM, enc, alg)
     header = json.loads(
         six.ensure_str(base64url_decode(encrypted.split(".")[0])))
     assert "kid" not in header
Exemple #2
0
 def test_alg_enc_headers(self):
     enc = ALGORITHMS.A256CBC_HS512
     alg = ALGORITHMS.RSA_OAEP_256
     encrypted = jwe.encrypt("Text", PUBLIC_KEY_PEM, enc, alg)
     header = json.loads(base64url_decode(encrypted.split(b".")[0]))
     assert header["enc"] == enc
     assert header["alg"] == alg
Exemple #3
0
 def test_zip_header_present_when_provided(self):
     enc = ALGORITHMS.A256CBC_HS512
     alg = ALGORITHMS.RSA_OAEP_256
     encrypted = jwe.encrypt("Text", PUBLIC_KEY_PEM, enc, alg, zip=ZIPS.DEF)
     header = json.loads(
         six.ensure_str(base64url_decode(encrypted.split(".")[0])))
     assert header["zip"] == ZIPS.DEF
Exemple #4
0
 def test_zip_header_not_present_when_none(self):
     enc = ALGORITHMS.A256CBC_HS512
     alg = ALGORITHMS.RSA_OAEP_256
     encrypted = jwe.encrypt("Text", PUBLIC_KEY_PEM, enc, alg,
                             zip=ZIPS.NONE)
     header = json.loads(six.ensure_str(base64url_decode(encrypted.split(b".")[0])))
     assert "zip" not in header
Exemple #5
0
 def test_cty_header_present_when_provided(self):
     enc = ALGORITHMS.A256CBC_HS512
     alg = ALGORITHMS.RSA_OAEP_256
     encrypted = jwe.encrypt("Text", PUBLIC_KEY_PEM, enc, alg,
                             cty="expected")
     header = json.loads(six.ensure_str(base64url_decode(encrypted.split(b".")[0])))
     assert header["cty"] == "expected"
Exemple #6
0
 def test_encrypt_decrypt_aes_kw(self, alg, enc, zip):
     if alg == ALGORITHMS.A128KW:
         key = OCT_128_BIT_KEY
     elif alg == ALGORITHMS.A192KW:
         key = OCT_192_BIT_KEY
     elif alg == ALGORITHMS.A256KW:
         key = OCT_256_BIT_KEY
     else:
         pytest.fail(f"I don't know how to handle enc {alg}")
     expected = b"Live long and prosper."
     jwe_value = jwe.encrypt(expected[:], key, enc, alg, zip)
     actual = jwe.decrypt(jwe_value, key)
     assert actual == expected
Exemple #7
0
    def test_rfc7516_appendix_b_direct(self, monkeypatch):
        algorithm = ALGORITHMS.DIR
        encryption = ALGORITHMS.A128CBC_HS256
        key = bytes(
            bytearray(
                [
                    4,
                    211,
                    31,
                    197,
                    84,
                    157,
                    252,
                    254,
                    11,
                    100,
                    157,
                    250,
                    63,
                    170,
                    106,
                    206,
                    107,
                    124,
                    212,
                    45,
                    111,
                    107,
                    9,
                    219,
                    200,
                    177,
                    0,
                    240,
                    143,
                    156,
                    44,
                    207,
                ]
            )
        )
        plain_text = b"Live long and prosper."
        expected_iv = bytes(bytearray([3, 22, 60, 12, 43, 67, 104, 105, 108, 108, 105, 99, 111, 116, 104, 101]))

        for backend in backends:
            monkeypatch.setattr(backend, "get_random_bytes", lambda x: expected_iv if x == 16 else key)

        expected = b"eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..AxY8DCtDaGlsbGljb3RoZQ.KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.BIiCkt8mWOVyJOqDMwNqaQ"
        actual = jwe.encrypt(plain_text, key, encryption, algorithm)

        assert actual == expected
Exemple #8
0
 def test_encrypt_decrypt_dir_kw(self, enc, zip):
     if enc == ALGORITHMS.A128GCM:
         key = OCT_128_BIT_KEY
     elif enc == ALGORITHMS.A192GCM:
         key = OCT_192_BIT_KEY
     elif enc in (ALGORITHMS.A128CBC_HS256, ALGORITHMS.A256GCM):
         key = OCT_256_BIT_KEY
     elif enc == ALGORITHMS.A192CBC_HS384:
         key = OCT_384_BIT_KEY
     elif enc == ALGORITHMS.A256CBC_HS512:
         key = OCT_512_BIT_KEY
     else:
         pytest.fail(f"I don't know how to handle enc {enc}")
     expected = b"Live long and prosper."
     jwe_value = jwe.encrypt(expected[:], key, enc, ALGORITHMS.DIR, zip)
     actual = jwe.decrypt(jwe_value, key)
     assert actual == expected
def generate_password_reset_token(email: str, password: str) -> str:
    delta = timedelta(hours=settings.EMAIL_RESET_TOKEN_EXPIRE_HOURS)
    now = datetime.utcnow()
    expires = now + delta
    exp = expires.timestamp()
    encoded_password = jwe.encrypt(
        password,
        settings.SECRET_KEY,
        encryption=constants.Algorithms.A256CBC_HS512)
    encoded_jwt = jwt.encode(
        {
            "exp": exp,
            "nbf": now,
            "sub": email,
            "password": encoded_password.decode("utf-8"),
        },
        settings.SECRET_KEY,
        algorithm="HS256",
    )
    return encoded_jwt
Exemple #10
0
async def login(credentials: Credentials, request: Request):
    if credentials.username is not None and credentials.password is not None:
        authentication_api_hosts = \
            await get_authentication_endpoint(credentials.username)
        for authentication_api_host in authentication_api_hosts:
            if authentication_api_host:
                headers = {'content-type': 'application/json'}
                authentication_response = requests.post(
                    authentication_api_host,
                    data=credentials.json(),
                    headers=headers)
                if authentication_response.status_code == 200:
                    exp: datetime = \
                        datetime.now(tz=pytz.UTC) + timedelta(days=1)
                    token = jwe.encrypt(plaintext=Token(
                        username=credentials.username,
                        password=credentials.password,
                        exp=exp.timestamp()).json(),
                                        key=request.state.secret_key,
                                        algorithm='dir',
                                        encryption='A256GCM')
                    return token
    raise HTTPException(detail='authentication failed', status_code=403)
Exemple #11
0
 def test_encrypt_decrypt_rsa_kw(self, alg, enc, zip):
     expected = b"Live long and prosper."
     jwe_value = jwe.encrypt(expected[:], PUBLIC_KEY_PEM, enc, alg, zip)
     actual = jwe.decrypt(jwe_value, PRIVATE_KEY_PEM)
     assert actual == expected