def test_verify_id_token_bad_tokens(self): private_key = datafile("privatekey.p12") # Wrong number of segments self._check_jwt_failure("foo", "Wrong number of segments") # Not json self._check_jwt_failure("foo.bar.baz", "Can't parse token") # Bad signature jwt = "foo.%s.baz" % crypt._urlsafe_b64encode('{"a":"b"}') self._check_jwt_failure(jwt, "Invalid token signature") # No expiration signer = crypt.Signer.from_string(private_key) audience = "https:#www.googleapis.com/auth/id?client_id=" + "*****@*****.**" jwt = crypt.make_signed_jwt(signer, {"aud": "audience", "iat": time.time()}) self._check_jwt_failure(jwt, "No exp field in token") # No issued at jwt = crypt.make_signed_jwt(signer, {"aud": "audience", "exp": time.time() + 400}) self._check_jwt_failure(jwt, "No iat field in token") # Too early jwt = crypt.make_signed_jwt(signer, {"aud": "audience", "iat": time.time() + 301, "exp": time.time() + 400}) self._check_jwt_failure(jwt, "Token used too early") # Too late jwt = crypt.make_signed_jwt(signer, {"aud": "audience", "iat": time.time() - 500, "exp": time.time() - 301}) self._check_jwt_failure(jwt, "Token used too late") # Wrong target jwt = crypt.make_signed_jwt(signer, {"aud": "somebody else", "iat": time.time(), "exp": time.time() + 300}) self._check_jwt_failure(jwt, "Wrong recipient")
def test_verify_id_token_bad_tokens(self): private_key = datafile('privatekey.%s' % self.format) # Wrong number of segments self._check_jwt_failure('foo', 'Wrong number of segments') # Not json self._check_jwt_failure('foo.bar.baz', 'Can\'t parse token') # Bad signature jwt = 'foo.%s.baz' % crypt._urlsafe_b64encode('{"a":"b"}') self._check_jwt_failure(jwt, 'Invalid token signature') # No expiration signer = self.signer.from_string(private_key) audience = 'https:#www.googleapis.com/auth/id?client_id=' + \ '*****@*****.**' jwt = crypt.make_signed_jwt(signer, { 'aud': 'audience', 'iat': time.time(), } ) self._check_jwt_failure(jwt, 'No exp field in token') # No issued at jwt = crypt.make_signed_jwt(signer, { 'aud': 'audience', 'exp': time.time() + 400, } ) self._check_jwt_failure(jwt, 'No iat field in token') # Too early jwt = crypt.make_signed_jwt(signer, { 'aud': 'audience', 'iat': time.time() + 301, 'exp': time.time() + 400, }) self._check_jwt_failure(jwt, 'Token used too early') # Too late jwt = crypt.make_signed_jwt(signer, { 'aud': 'audience', 'iat': time.time() - 500, 'exp': time.time() - 301, }) self._check_jwt_failure(jwt, 'Token used too late') # Wrong target jwt = crypt.make_signed_jwt(signer, { 'aud': 'somebody else', 'iat': time.time(), 'exp': time.time() + 300, }) self._check_jwt_failure(jwt, 'Wrong recipient')