def test_single_recipient(self):
jwe = jwes.make_jwe(self.raw_claims, self.sender_keypair,
self.recipient_keypairs[0])
claims = jwes.decrypt_jwe(jwe, self.recipient_keypairs[0])
self._assertValidClaims(claims)
with self.assertRaises(exceptions.InvalidRecipient):
jwes.decrypt_jwe(jwe, self.recipient_keypairs[1])
def test_skip_jsonify(self):
self.assertIsInstance(self.jwe, str)
claims1 = jwes.decrypt_jwe(self.jwe, self.recipient_keypairs[0])
jwe_json = jwes.make_jwe(claims1,
self.sender_keypair,
self.recipient_keypairs,
jsonify=False)
self.assertIsInstance(jwe_json, dict)
claims2 = jwes.decrypt_jwe(jwe_json, self.recipient_keypairs[0])
self.assertDictEqual(claims1, claims2)
def setUp(self):
# self.tmpdir = tempfile.mkdtemp()
# os.environ['HOME'] = self.tmpdir
# nonces.set_nonce_handlers(lambda _n: True, lambda _n: True)
self.claim_keys = ['a', 'b', 'c', 'héllo!', '😬']
self.raw_claims = {k: 0 for k in self.claim_keys}
self.sender_keypair = service.create_secret_key()
self.sender_keypair.identity = str(uuid.uuid4())
self.recipient_keypair = service.create_secret_key()
self.recipient_keypair.identity = str(uuid.uuid4())
self.jwe = jwes.make_jwe(self.raw_claims, self.sender_keypair,
self.recipient_keypair)
def test_verify_encrypted_session_message(self):
jwe = jwes.make_jwe(
{'b': 2},
self.proj_credentials.keypair,
self.id_credentials.keypair,
jsonify=False,
)
jws = jwts.make_jws(jwe,
[self.mock_proj_keypair, self.mock_oneid_keypair])
sess = session.DeviceSession(self.id_credentials,
self.proj_credentials,
self.oneid_credentials)
claims = sess.verify_message(jws)
self.assertIsInstance(claims, dict)
self.assertIn("b", claims)
self.assertEqual(claims.get("b"), 2)
def test_verify_message_project_server_jwe(self, mock_request):
jwe = jwes.make_jwe(
{'c': 3},
self.id_credentials.keypair,
self.alt_credentials.keypair,
jsonify=False,
)
message = jwts.make_jws(jwe, [self.id_credentials.keypair])
sess = session.ServerSession(
identity_credentials=self.alt_credentials,
oneid_credentials=self.oneid_credentials,
project_credentials=self.project_credentials,
config=self.fake_config,
)
claims = sess.verify_message(message, self.id_credentials)
self.assertIsInstance(claims, dict)
self.assertIn("c", claims)
self.assertEqual(claims.get("c"), 3)
def test_disallowed_claims(self):
for claim in ['enc', 'alg', 'epk', 'apu']:
with self.assertRaises(ValueError):
jwes.make_jwe({claim: 'bogus'}, self.sender_keypair,
self.recipient_keypairs)
def test_anonymous_sender(self):
with self.assertRaises(exceptions.IdentityRequired):
sender_keypair = service.create_secret_key()
jwes.make_jwe(self.raw_claims, sender_keypair,
self.recipient_keypairs)