def test_verify_interop(self):
for data in self.sample_data:
jws = deserialize(data['compact_serialization'])
self.assertEqual(jws.header, data['header'])
self.assertTrue(jws.verify_with(data['verify_key']))
t = jws.payload
self.assertEqual(t.claims, data['claims'])
def test_round_trip(self):
for data in self.sample_data:
initial_jwe = JWE(header=data['header'], payload=data['payload'])
initial_jwe.encrypt_with(data['encrypt_key'])
serialization = initial_jwe.compact_serialize()
second_jwe = deserialize(serialization)
second_jwe.verify_and_decrypt_with(data['decrypt_key'])
self.assertEqual(second_jwe.payload, data['payload'])
def test_round_trip(self):
for data in self.sample_data:
jo = data['payload_class'](data['payload'])
initial_jwe = jo.encrypt_with(data['encrypt_key'],
alg=data['encrypt_alg'], enc=data['encrypt_enc'])
serialization = initial_jwe.compact_serialize()
second_jwe = deserialize(serialization)
payload = second_jwe.verify_and_decrypt_with(data['decrypt_key'])
self.assertEqual(payload, jo)
def test_spec_sample(self):
jwe = deserialize(_NESTED_SERIALIZED_JWE)
jws = jwe.verify_and_decrypt_with(spec_keys.jwe_private_key_2)
self.assertTrue(jws.verify_with(spec_keys.jws_public_key))
t = jws.payload
self.assertEqual(dict(t), {
'exp': 1300819380,
'iss': 'joe',
'http://example.com/is_root': True,
})
def test_should_return_multiple_audiences(self):
response = self._post_with_typical_params()
data = self._get_response_data(response)
id_token_jws = jot.deserialize(data['id_token'])
id_token = id_token_jws.payload
self.assertTrue(id_token.has_audience(
self.valid_client_data[0]['client_id']))
self.assertTrue(id_token.has_audience(
self.valid_client_data[1]['client_id']))
self.assertTrue(id_token.get_claim_from_namespace(NAMESPACE, 'posix'))
self.assertTrue(id_token.get_claim_from_namespace(NAMESPACE, 'roles'))
def test_encryption_round_trip(self):
for data in self.sample_data:
original_token = Token(claims=data['claims'])
jwe = original_token.encrypt_with(data['encrypt_key'],
alg=data['encrypt_alg'], enc=data['encrypt_enc'])
compact_serialization = jwe.compact_serialize()
deserialized_jwe = deserialize(compact_serialization)
t = deserialized_jwe.verify_and_decrypt_with(data['decrypt_key'])
self.assertIsInstance(t, Token)
self.assertEqual(t.header, jwe.header)
self.assertEqual(t.claims, original_token.claims)
def test_round_trip(self):
for data in self.sample_data:
original_token = Token(payload=data['payload'], alg=data['alg'])
original_token.sign_with(data['sign_key'])
compact_serialization = original_token.compact_serialize()
deserialized_token = deserialize(compact_serialization)
self.assertIsInstance(deserialized_token, Token)
self.assertTrue(deserialized_token.verify_with(data['verify_key']))
self.assertEqual(deserialized_token.header, original_token.header)
self.assertEqual(deserialized_token.payload, original_token.payload)
def test_round_trip(self):
for data in self.sample_data:
original_so = JWS(header=data['header'],
payload=data['payload'])
original_so.sign_with(data['sign_key'])
compact_serialization = original_so.compact_serialize()
deserialized_so = deserialize(compact_serialization)
self.assertIsInstance(deserialized_so, JWS)
self.assertTrue(deserialized_so.verify_with(data['verify_key']))
self.assertEqual(deserialized_so.header, data['header'])
self.assertEqual(deserialized_so.payload, data['payload'])
def test_signature_round_trip(self):
for data in self.sample_data:
original_token = Token(claims=data['claims'])
signed_token = original_token.sign_with(data['sign_key'],
alg=data['sign_alg'])
compact_serialization = signed_token.compact_serialize()
deserialized_jws = deserialize(compact_serialization)
self.assertTrue(deserialized_jws.verify_with(data['verify_key']))
deserialized_token = deserialized_jws.payload
self.assertIsInstance(deserialized_token, Token)
self.assertEqual(deserialized_token.header, signed_token.header)
self.assertEqual(deserialized_token.claims, original_token.claims)
def test_should_return_valid_id_token(self):
response = self.client.get(
self.public_authorize_url(scopes=['openid', 'bar']),
headers={'Authorization': 'API-Key ' + self.bob_key})
fragment_data = self._get_frament_data(response)
self.assertIn('id_token', fragment_data)
id_token_jwe = jot.deserialize(fragment_data['id_token'][0])
id_token_jws = id_token_jwe.verify_and_decrypt_with(
rsa_key.RESOURCE_PRIVATE_KEY)
self.assertTrue(id_token_jws.verify_with(self.public_key))
id_token = id_token_jws.payload
self.assertTrue(id_token.is_valid)
self.assertTrue(
id_token.has_audience(self.confidential_client_data['client_id']))
def test_should_return_valid_id_token(self):
response = self._post_with_typical_params(
scopes=['bar', 'foo', 'openid'])
data = self._get_response_data(response)
self.assertIn('id_token', data)
id_token_jws = jot.deserialize(data['id_token'])
self.assertTrue(id_token_jws.verify_with(self.public_key))
id_token = id_token_jws.payload
self.assertTrue(id_token.is_valid)
self.assertEqual(len(id_token.claims['aud']), 1)
self.assertTrue(id_token.has_audience(
self.valid_client_data[0]['client_id']))
self.assertTrue(id_token.get_claim_from_namespace(NAMESPACE, 'posix'))
self.assertFalse(id_token.get_claim_from_namespace(NAMESPACE, 'roles'))
def test_should_return_valid_id_token(self):
response = self.client.get(self.public_authorize_url(
scopes=['openid', 'bar']),
headers={'Authorization': 'API-Key ' + self.bob_key})
fragment_data = self._get_frament_data(response)
self.assertIn('id_token', fragment_data)
id_token_jwe = jot.deserialize(fragment_data['id_token'][0])
id_token_jws = id_token_jwe.verify_and_decrypt_with(
rsa_key.RESOURCE_PRIVATE_KEY)
self.assertTrue(id_token_jws.verify_with(self.public_key))
id_token = id_token_jws.payload
self.assertTrue(id_token.is_valid)
self.assertTrue(id_token.has_audience(
self.confidential_client_data['client_id']))
def verify_and_decrypt_with(self, key):
alg_cipher = get_alg_cipher(alg=self.header['alg'], key=key)
symmetric_key = alg_cipher.decrypt_key(self.encrypted_key)
enc_cipher = get_enc_cipher(enc=self.header['enc'], key=symmetric_key,
initialization_vector=self.initialization_vector)
enc_cipher.verify(self.ciphertext, self.encoded_header,
self.authentication_tag)
payload = enc_cipher.decrypt(self.ciphertext)
if self.header.get('cty', '').upper() == 'JWT':
from jot import deserialize
return deserialize(payload)
elif self.header.get('typ', '').upper() == 'JWT':
return token.Token(header=self.header,
claims=jose.factory(_simple_parse(payload)))
else:
pl_obj = jose.factory(_load_obj(payload))
return pl_obj
def test_round_trip(self):
claims = {
'iss': 'http://example.com/jwt/example',
'claim1': 1,
'claim2': ['foo', 'bar'],
}
begin_token = jot.Token(claims)
begin_jws = begin_token.sign_with(spec_keys.jws_private_key,
alg='RS256')
begin_jwe = begin_jws.encrypt_with(spec_keys.jwe_public_key,
alg='RSA1_5', enc='A128CBC-HS256')
serialization = begin_jwe.compact_serialize()
end_jwe = deserialize(serialization)
end_jws = end_jwe.verify_and_decrypt_with(spec_keys.jwe_private_key)
end_jws = end_jwe.verify_and_decrypt_with(spec_keys.jwe_private_key)
self.assertTrue(end_jws.verify_with(spec_keys.jws_public_key))
end_token = end_jws.payload
self.assertIsInstance(end_token, jot.Token)
self.assertEqual(end_token.claims, claims)
def test_verify_interop(self):
for data in self.sample_data:
so = deserialize(data['compact_serialization'])
self.assertEqual(so.header, data['header'])
self.assertEqual(so.payload, data['payload'])
self.assertTrue(so.verify_with(data['verify_key']))
def test_header(self):
for data in self.sample_data:
jwe = deserialize(data['compact_serialization'])
self.assertEqual(jwe.header, data['expected_header'])
def test_decrypt(self):
for data in self.sample_data:
jwe = deserialize(data['compact_serialization'])
jwe.verify_and_decrypt_with(data['decrypt_key'])
self.assertEqual(jwe.payload, data['expected_payload'])
