Exemple #1
0
def test_pjwt_with_jwe_jwk():
    keys = KEYS()
    keys.append(RSAKey(use="enc", key=rsa, kid="some-key-id"))

    jwe = JWE(alg="RSA-OAEP", enc="A256CBC-HS512")

    pj = PopJWT("https://server.example.com",
                "https://client.example.org",
                sub='12345678',
                jwe=jwe,
                keys=keys)

    jwk = {
        "kty": "oct",
        "alg": "HS256",
        "k": "ZoRSOrFzN_FzUA5XKMYoVHyzff5oRJxl-IXRtztJ6uE"
    }

    pjwt = pj.pack_jwe(jwk=jwk, kid='some-key-id')

    s = pjwt.to_json()

    de_pjwt = PJWT().from_json(s)
    assert _eq(de_pjwt.keys(), ['iss', 'aud', 'exp', 'cnf', 'sub', 'iat'])
    assert list(de_pjwt['cnf'].keys()) == ['jwe']
    _jwe = de_pjwt['cnf']['jwe']
    msg = jwe.decrypt(_jwe, keys.keys())
    assert msg

    assert json.loads(msg.decode('utf8')) == jwk
Exemple #2
0
def test_enc_hmac():
    payload = {
        'nonce': 'CYeHPyA6Kmr_jy5HDHXykznu2BpDLm8ngbIJvhBoupI,',
        'sub': 'diana',
        'iss': 'https://xenosmilus2.umdc.umu.se:8091/',
        'acr': '2',
        'exp': 1401176001,
        'iat': 1401096801,
        'aud': ['ApB7TBoKV1tV']
    }

    _jwe = JWE(json.dumps(payload), alg="A128KW", enc="A128CBC-HS256")

    kb = KeyBundle(JWK1["keys"])
    kj = KeyJar()
    kj.issuer_keys["abcdefgh"] = [kb]
    keys = kj.get_encrypt_key(owner="abcdefgh")

    _enctxt = _jwe.encrypt(keys, context="public")
    assert _enctxt

    # and now for decryption

    msg, state = _jwe.decrypt(_enctxt, keys)

    assert json.loads(msg) == payload
Exemple #3
0
def test_pop_jwe():
    jwk = {"kty": "oct", "alg": "HS256",
           "k": "ZoRSOrFzN_FzUA5XKMYoVHyzff5oRJxl-IXRtztJ6uE"}

    encryption_keys = [RSAKey(use="enc", key=rsa,
                              kid="some-key-id")]
    jwe = JWE(json.dumps(jwk), alg="RSA-OAEP", enc="A256CBC-HS512")
    _jwe = jwe.encrypt(keys=encryption_keys, kid="some-key-id")

    jwt = {
        "iss": "https://server.example.com",
        "aud": "https://client.example.org",
        "exp": 1361398824,
        "cnf": {
            "jwe": _jwe
        }
    }

    pjwt = PJWT(**jwt)

    s = pjwt.to_json()

    de_pjwt = PJWT().from_json(s)
    assert _eq(de_pjwt.keys(), ['iss', 'aud', 'exp', 'cnf'])
    assert list(de_pjwt['cnf'].keys()) == ['jwe']
    _jwe = de_pjwt['cnf']['jwe']
    msg = jwe.decrypt(_jwe, encryption_keys)
    assert msg

    assert json.loads(msg.decode('utf8')) == jwk
Exemple #4
0
 def request_started_handler(self, sender, **extra):
     if request.content_type == u'application/jose':
         jwe = JWE()
         decrypted = jwe.decrypt(request.get_data(), self._keys)
         request._cached_data = decrypted
         cached_json = json.loads(decrypted)
         request._cached_json = (cached_json, cached_json)
Exemple #5
0
def test_pop_jwe():
    jwk = {"kty": "oct", "alg": "HS256",
           "k": "ZoRSOrFzN_FzUA5XKMYoVHyzff5oRJxl-IXRtztJ6uE"}

    encryption_keys = [RSAKey(use="enc", key=rsa,
                              kid="some-key-id")]
    jwe = JWE(json.dumps(jwk), alg="RSA-OAEP", enc="A256CBC-HS512")
    _jwe = jwe.encrypt(keys=encryption_keys, kid="some-key-id")

    jwt = {
        "iss": "https://server.example.com",
        "aud": "https://client.example.org",
        "exp": 1361398824,
        "cnf": {
            "jwe": _jwe
        }
    }

    pjwt = PJWT(**jwt)

    s = pjwt.to_json()

    de_pjwt = PJWT().from_json(s)
    assert _eq(de_pjwt.keys(), ['iss', 'aud', 'exp', 'cnf'])
    assert list(de_pjwt['cnf'].keys()) == ['jwe']
    _jwe = de_pjwt['cnf']['jwe']
    msg = jwe.decrypt(_jwe, encryption_keys)
    assert msg

    assert json.loads(msg.decode('utf8')) == jwk
Exemple #6
0
def test_pjwt_with_jwe_jwk():
    keys = KEYS()
    keys.append(RSAKey(use="enc", key=rsa, kid="some-key-id"))

    jwe = JWE(alg="RSA-OAEP", enc="A256CBC-HS512")

    pj = PopJWT(
        "https://server.example.com",
        "https://client.example.org",
        sub="12345678",
        jwe=jwe,
        keys=keys,
    )

    jwk = {
        "kty": "oct",
        "alg": "HS256",
        "k": "ZoRSOrFzN_FzUA5XKMYoVHyzff5oRJxl-IXRtztJ6uE",
    }

    pjwt = pj.pack_jwe(jwk=jwk, kid="some-key-id")

    s = pjwt.to_json()

    de_pjwt = PJWT().from_json(s)
    assert _eq(de_pjwt.keys(), ["iss", "aud", "exp", "cnf", "sub", "iat"])
    assert list(de_pjwt["cnf"].keys()) == ["jwe"]
    _jwe = de_pjwt["cnf"]["jwe"]
    msg = jwe.decrypt(_jwe, keys.keys())
    assert msg

    assert json.loads(msg.decode("utf8")) == jwk
Exemple #7
0
def test_encrypt_decrypt_rsa_cbc():
    _key = RSAKey(key=rsa)
    _key._keytype = "private"
    _jwe0 = JWE(plain, alg="RSA1_5", enc="A128CBC-HS256")

    jwt = _jwe0.encrypt([_key])

    _jwe1 = JWE()
    msg = _jwe1.decrypt(jwt, [_key])

    assert msg == plain
Exemple #8
0
def test_encrypt_decrypt_rsa_cbc():
    _key = RSAKey(key=rsa)
    _key._keytype = "private"
    _jwe0 = JWE(plain, alg="RSA1_5", enc="A128CBC-HS256")

    jwt = _jwe0.encrypt([_key])

    _jwe1 = JWE()
    msg = _jwe1.decrypt(jwt, [_key])

    assert msg == plain
Exemple #9
0
def deconstruct_state(relay_state, keys, alg="A128KW", enc="A128CBC-HS256"):
    """
    Deconstruct the SAML RelayState (received back from the IdP).

    :param relay_state: A JWS
    :param key: A decryption key (a SYMKey instance)
    :return: The payload of the JWS
    """
    jwe = JWE(alg=alg, enc=enc)
    payload, success = jwe.decrypt(relay_state, keys)
    if success:
        return json.loads(payload)
    else:
        raise DecryptionFailed()
Exemple #10
0
def test_enc_hmac():
    payload = {'nonce': 'CYeHPyA6Kmr_jy5HDHXykznu2BpDLm8ngbIJvhBoupI,',
               'sub': 'diana', 'iss': 'https://xenosmilus2.umdc.umu.se:8091/',
               'acr': '2', 'exp': 1401176001, 'iat': 1401096801,
               'aud': ['ApB7TBoKV1tV']}

    _jwe = JWE(json.dumps(payload), alg="A128KW", enc="A128CBC-HS256")

    kb = KeyBundle(JWK1["keys"])
    kj = KeyJar()
    kj.issuer_keys["abcdefgh"] = [kb]
    keys = kj.get_encrypt_key(owner="abcdefgh")

    _enctxt = _jwe.encrypt(keys, context="public")
    assert _enctxt

    # and now for decryption

    msg, state = _jwe.decrypt(_enctxt, keys)

    assert json.loads(msg) == payload
Exemple #11
0
def test_pjwt_with_jwe_jwk():
    keys = KEYS()
    keys.append(RSAKey(use="enc", key=rsa, kid="some-key-id"))

    jwe = JWE(alg="RSA-OAEP", enc="A256CBC-HS512")

    pj = PopJWT("https://server.example.com", "https://client.example.org",
                sub='12345678', jwe=jwe, keys=keys)

    jwk = {"kty": "oct", "alg": "HS256",
           "k": "ZoRSOrFzN_FzUA5XKMYoVHyzff5oRJxl-IXRtztJ6uE"}

    pjwt = pj.pack_jwe(jwk=jwk, kid='some-key-id')

    s = pjwt.to_json()

    de_pjwt = PJWT().from_json(s)
    assert _eq(de_pjwt.keys(), ['iss', 'aud', 'exp', 'cnf', 'sub', 'iat'])
    assert list(de_pjwt['cnf'].keys()) == ['jwe']
    _jwe = de_pjwt['cnf']['jwe']
    msg = jwe.decrypt(_jwe, keys.keys())
    assert msg

    assert json.loads(msg.decode('utf8')) == jwk
Exemple #12
0
    parser.add_argument("message", nargs="?", help="The message to encrypt")

    args = parser.parse_args()

    keys = {}
    if args.jwk_url:
        keys = assign(load_jwks_from_url(lrequest, args.jwk_url))
    elif args.jwk_file:
        keys = load_jwks(open(args.jwk_file).read())
    elif args.x509_url:
        keys = load_x509_cert(lrequest, args.x509_url)
    elif args.x509_file:
        keys = [import_rsa_key_from_file(args.x509_file)]
    elif args.rsa_file:
        key = rsa_load(args.rsa_file)
        rsa_key = RSAKey(key=key)
        rsa_key.serialize()
        keys = [rsa_key]
    else:
        print >> sys.stderr, "Needs encryption key"
        exit()

    if args.file:
        msg = open(args.file).read()
        msg = msg.strip("\n\r")
    else:
        msg = args.message

    jwe = JWE()
    print jwe.decrypt(msg, keys)
Exemple #13
0
def decrypt(msg, keys):
    _jwe = JWE()
    return _jwe.decrypt(msg, keys)
Exemple #14
0
 def from_jwe(self, msg, keys):
     krs = keyitems2keyreps(keys)
     jwe = JWE()
     _res = jwe.decrypt(msg, krs)
     return self.from_json(_res[0])
Exemple #15
0
        keys = assign(load_jwks(open(args.jwk_file).read()))
        if args.mode == "private":
            print >> sys.stderr, "Missing private key to decrypt with"
            exit()
    elif args.x509_url:
        keys = assign(load_x509_cert(lrequest, args.x509_url))
        if args.mode == "private":
            print >> sys.stderr, "Missing private key to decrypt with"
            exit()
    elif args.x509_file:
        keys = {"rsa": [import_rsa_key_from_file(args.x509_file)]}
        if args.mode == "private":
            print >> sys.stderr, "Missing private key to decrypt with"
            exit()
    elif args.rsa_file:
        keys = {"rsa": [rsa_load(args.rsa_file)]}
    else:
        print >> sys.stderr, "Needs encryption key"
        exit()

    if args.file:
        msg = open(args.file).read()
        msg = msg.strip("\n\r")
    else:
        msg = args.message

    krs = keyitems2keyreps(keys)

    jwe = JWE()
    print jwe.decrypt(msg, krs)
Exemple #16
0
 def request_started_handler(self, sender, **extra):
     if request.content_type == u'application/jose':
         jwe = JWE()
         decrypted = jwe.decrypt(request.body, self._keys)
Exemple #17
0
def decrypt(msg, keys):
    _jwe = JWE()
    return _jwe.decrypt(msg, keys)
Exemple #18
0
        if jwt['response']['body_hash'] != body_hash:
            raise Exception("Unexpected response body_hash")


print("REQUEST:")
print()
method, url, headers, body, jti = _get_request_data()
request = Request(method, url, headers, None, body)
prepared = request.prepare()

response = Session().send(prepared)
print()
print("RESPONSE:")
print()
if config.verbose:
    print(u"HTTP/1.1 {} {}".format(response.status_code, response.reason))
    for header in response.headers.items():
        print(u'{}: {}'.format(*header))
    print(u'\n{}\n'.format(response.content.decode()))

_verify_response(response)

if response.headers.get('content-type') == 'application/jose':
    jwe = JWE()
    decrypted = jwe.decrypt(response.content, enc_keys)
    decoded = decrypted.decode()
    print("Decrypted Body:")
    print(decoded)
elif not config.verbose:
    print(response.text)
Exemple #19
0
    parser.add_argument("message", nargs="?", help="The message to encrypt")

    args = parser.parse_args()

    keys = {}
    if args.jwk_url:
        keys = load_jwks_from_url(args.jwk_url)
    elif args.jwk_file:
        keys = load_jwks(open(args.jwk_file).read())
    elif args.x509_url:
        keys = load_x509_cert(args.x509_url, {})
    elif args.x509_file:
        keys = [import_rsa_key_from_file(args.x509_file)]
    elif args.rsa_file:
        key = rsa_load(args.rsa_file)
        rsa_key = RSAKey(key=key)
        rsa_key.serialize()
        keys = [rsa_key]
    else:
        print("Needs encryption key")
        exit()

    if args.file:
        msg = open(args.file).read()
        msg = msg.strip("\n\r")
    else:
        msg = args.message

    jwe = JWE()
    print(jwe.decrypt(msg, keys))
Exemple #20
0
    parser.add_argument("message", nargs="?", help="The message to encrypt")

    args = parser.parse_args()

    keys = {}
    if args.jwk_url:
        keys = assign(load_jwks_from_url(lrequest, args.jwk_url))
    elif args.jwk_file:
        keys = load_jwks(open(args.jwk_file).read())
    elif args.x509_url:
        keys = load_x509_cert(lrequest, args.x509_url)
    elif args.x509_file:
        keys = [import_rsa_key_from_file(args.x509_file)]
    elif args.rsa_file:
        key = rsa_load(args.rsa_file)
        rsa_key = RSAKey(key=key)
        rsa_key.serialize()
        keys = [rsa_key]
    else:
        print("Needs encryption key")
        exit()

    if args.file:
        msg = open(args.file).read()
        msg = msg.strip("\n\r")
    else:
        msg = args.message

    jwe = JWE()
    print(jwe.decrypt(msg, keys))
Exemple #21
0
 def from_jwe(self, msg, keys):
     krs = keyitems2keyreps(keys)
     jwe = JWE()
     _res = jwe.decrypt(msg, krs)
     return self.from_json(_res[0])