def test_do_remote(self): expected_kid = "test key" url = "https://example.com/signed_jwks" signing_key = RSAKey(key=RSA.generate(1024), alg="RS256") jws = create_signed_jwks(signing_key, expected_kid) responses.add(responses.GET, url, body=jws, status=200, content_type="application/jose") kb = SignedKeyBundle(verification_key=signing_key, source=url) assert kb.do_remote() assert kb.keys()[0].kid == expected_kid
def test_do_remote_reject_malformed_jwks(self): url = "https://example.com/signed_jwks" signing_key = RSAKey(key=RSA.generate(1024), alg="RS256") jws = JWS("foobar", alg=signing_key.alg).sign_compact(keys=[signing_key]) responses.add(responses.GET, url, body=jws, status=200, content_type="application/jose") kb = SignedKeyBundle(verification_key=signing_key, source=url) with pytest.raises(UpdateFailed) as exc: kb.do_remote() assert "malformed" in str(exc.value)
def test_do_remote_reject_jwks_signed_with_unknown_key(self): url = "https://example.com/signed_jwks" signing_key = RSAKey(key=RSA.generate(1024), alg="RS256") other_key = RSAKey(key=RSA.generate(1024), alg="RS256") jws = create_signed_jwks(signing_key) responses.add(responses.GET, url, body=jws, status=200, content_type="application/jose") kb = SignedKeyBundle(verification_key=other_key, source=url) with pytest.raises(UpdateFailed) as exc: kb.do_remote() assert "signature" in str(exc.value)
def test_do_remote_handles_connection_error(self): url = "https://example.com/signed_jwks" responses.add(responses.GET, url, body=requests.ConnectionError("Error")) kb = SignedKeyBundle(verification_key=None, source=url) with pytest.raises(UpdateFailed) as exc: kb.do_remote()