def test_jwe_decrypt_legacy_v1_without_temp_ver_not_yet_valid(self):
# not valid for another hour.
claim_not_before = int(time()) + 3600
claims = {jose.CLAIM_NOT_BEFORE: claim_not_before}
jwe = legacy_encrypt(claims, rsa_pub_key)
legacy_patch = mock.patch.object(
jose, 'legacy_decrypt', wraps=jose.legacy_decrypt
)
spec_patch = mock.patch.object(
jose, 'spec_compliant_decrypt', wraps=jose.spec_compliant_decrypt
)
with legacy_patch as legacy_mock, spec_patch as spec_mock:
with self.assertRaises(jose.NotYetValid) as not_valid_error:
jose.decrypt(jwe, rsa_priv_key)
self.assertEqual(legacy_mock.call_count, 1)
self.assertEqual(spec_mock.call_count, 0)
self.assertEqual(
not_valid_error.exception.message,
'Token not valid until {}'.format(
jose._format_timestamp(claim_not_before)
)
)
def test_jwe_decrypt_legacy_v1_without_temp_var_expiry(self):
expiry_seconds = 10
claims = {jose.CLAIM_ISSUED_AT: int(time()) - 15}
jwe = legacy_encrypt(claims, rsa_pub_key)
legacy_patch = mock.patch.object(
jose, 'legacy_decrypt', wraps=jose.legacy_decrypt
)
spec_patch = mock.patch.object(
jose, 'spec_compliant_decrypt', wraps=jose.spec_compliant_decrypt
)
with legacy_patch as legacy_mock, spec_patch as spec_mock:
with self.assertRaises(jose.Expired) as expiry_error:
jose.decrypt(jwe, rsa_priv_key, expiry_seconds=expiry_seconds)
expiration_time = claims[jose.CLAIM_ISSUED_AT] + expiry_seconds
self.assertEqual(legacy_mock.call_count, 1)
self.assertEqual(spec_mock.call_count, 0)
self.assertEqual(
expiry_error.exception.message,
'Token expired at {}'.format(
jose._format_timestamp(expiration_time)
)
)
def test_jwe_decrypt_legacy_v1_without_temp_ver_not_yet_valid(self):
# not valid for another hour.
claim_not_before = int(time()) + 3600
claims = {jose.CLAIM_NOT_BEFORE: claim_not_before}
jwe = legacy_encrypt(claims, rsa_pub_key)
legacy_patch = mock.patch.object(
jose, 'legacy_decrypt', wraps=jose.legacy_decrypt
)
spec_patch = mock.patch.object(
jose, 'spec_compliant_decrypt', wraps=jose.spec_compliant_decrypt
)
with legacy_patch as legacy_mock, spec_patch as spec_mock:
with self.assertRaises(jose.NotYetValid) as not_valid_error:
jose.decrypt(jwe, rsa_priv_key)
self.assertEqual(legacy_mock.call_count, 1)
self.assertEqual(spec_mock.call_count, 0)
self.assertEqual(
not_valid_error.exception.message,
'Token not valid until {}'.format(
jose._format_timestamp(claim_not_before)
)
)
def test_jwe_decrypt_legacy_v1_without_temp_var_expiry(self):
expiry_seconds = 10
claims = {jose.CLAIM_ISSUED_AT: int(time()) - 15}
jwe = legacy_encrypt(claims, rsa_pub_key)
legacy_patch = mock.patch.object(
jose, 'legacy_decrypt', wraps=jose.legacy_decrypt
)
spec_patch = mock.patch.object(
jose, 'spec_compliant_decrypt', wraps=jose.spec_compliant_decrypt
)
with legacy_patch as legacy_mock, spec_patch as spec_mock:
with self.assertRaises(jose.Expired) as expiry_error:
jose.decrypt(jwe, rsa_priv_key, expiry_seconds=expiry_seconds)
expiration_time = claims[jose.CLAIM_ISSUED_AT] + expiry_seconds
self.assertEqual(legacy_mock.call_count, 1)
self.assertEqual(spec_mock.call_count, 0)
self.assertEqual(
expiry_error.exception.message,
'Token expired at {}'.format(
jose._format_timestamp(expiration_time)
)
)
def test_jwe_not_yet_valid_error_with_nbf_claim(self):
claims = {jose.CLAIM_NOT_BEFORE: int(time()) + 5}
et = jose.serialize_compact(jose.encrypt(claims, rsa_pub_key))
try:
jose.decrypt(jose.deserialize_compact(et), rsa_priv_key)
self.fail() # expecting not valid yet
except jose.NotYetValid as e:
pass
self.assertEquals(
e.args[0], 'Token not valid until {}'.format(
jose._format_timestamp(claims[jose.CLAIM_NOT_BEFORE])))
def test_jwe_expired_error_with_exp_claim(self):
claims = {jose.CLAIM_EXPIRATION_TIME: int(time()) - 5}
et = jose.serialize_compact(jose.encrypt(claims, rsa_pub_key))
try:
jose.decrypt(jose.deserialize_compact(et), rsa_priv_key)
self.fail() # expecting expired token
except jose.Expired as e:
pass
self.assertEquals(
e.args[0], 'Token expired at {}'.format(
jose._format_timestamp(claims[jose.CLAIM_EXPIRATION_TIME])))
def test_jwe_not_yet_valid_error_with_nbf_claim(self):
claims = {jose.CLAIM_NOT_BEFORE: int(time()) + 5}
et = jose.serialize_compact(jose.encrypt(claims, rsa_pub_key))
try:
jose.decrypt(jose.deserialize_compact(et), rsa_priv_key)
self.fail() # expecting not valid yet
except jose.NotYetValid as e:
pass
self.assertEquals(
e.args[0],
'Token not valid until {}'.format(
jose._format_timestamp(claims[jose.CLAIM_NOT_BEFORE])
)
)
def test_jwe_expired_error_with_exp_claim(self):
claims = {jose.CLAIM_EXPIRATION_TIME: int(time()) - 5}
et = jose.serialize_compact(jose.encrypt(claims, rsa_pub_key))
try:
jose.decrypt(jose.deserialize_compact(et), rsa_priv_key)
self.fail() # expecting expired token
except jose.Expired as e:
pass
self.assertEquals(
e.args[0],
'Token expired at {}'.format(
jose._format_timestamp(claims[jose.CLAIM_EXPIRATION_TIME])
)
)
def test_jwe_expired_error_with_iat_claim(self):
expiry_seconds = 10
claims = {jose.CLAIM_ISSUED_AT: int(time()) - 15}
et = jose.serialize_compact(jose.encrypt(claims, rsa_pub_key))
try:
jose.decrypt(jose.deserialize_compact(et),
rsa_priv_key,
expiry_seconds=expiry_seconds)
self.fail() # expecting expired token
except jose.Expired as e:
pass
expiration_time = claims[jose.CLAIM_ISSUED_AT] + expiry_seconds
self.assertEquals(
e.args[0], 'Token expired at {}'.format(
jose._format_timestamp(expiration_time)))
def test_jwe_expired_error_with_iat_claim(self):
expiry_seconds = 10
claims = {jose.CLAIM_ISSUED_AT: int(time()) - 15}
et = jose.serialize_compact(jose.encrypt(claims, rsa_pub_key))
try:
jose.decrypt(jose.deserialize_compact(et), rsa_priv_key,
expiry_seconds=expiry_seconds)
self.fail() # expecting expired token
except jose.Expired as e:
pass
expiration_time = claims[jose.CLAIM_ISSUED_AT] + expiry_seconds
self.assertEquals(
e.args[0],
'Token expired at {}'.format(
jose._format_timestamp(expiration_time)
)
)
def test_format_timestamp(self):
self.assertEquals(jose._format_timestamp(1403054056),
'2014-06-18T01:14:16Z')
def test_format_timestamp(self):
self.assertEquals(
jose._format_timestamp(1403054056),
'2014-06-18T01:14:16Z'
)
