def test_jws_verify_with_wrong_keypair(self):
        jws = jwts.make_jws({'a': 1}, self.keypairs[:1])

        with self.assertRaises(exceptions.KeySignatureMismatch):
            jwts.verify_jws(jws, self.keypairs[1:2])

        with self.assertRaises(exceptions.KeySignatureMismatch):
            jwts.verify_jws(jws, self.keypairs[1:2])
    def test_invalid_alg_in_jws_header(self):
        jws = json.loads(jwts.make_jws({"a": 1}, self.keypairs[:1]))
        header = json.loads(utils.to_string(utils.base64url_decode(jws["signatures"][0]["protected"])))
        header["alg"] = "bog"
        jws["signatures"][0]["protected"] = utils.to_string(utils.base64url_encode(json.dumps(header)))

        with self.assertRaises(exceptions.InvalidAlgorithmError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
    def test_jws_verify_no_signatures(self):
        jws = jwts.make_jws({"a": 1}, [])

        with self.assertRaises(exceptions.InvalidSignatureError):
            jwts.verify_jws(jws, self.keypairs[:2])

        with self.assertRaises(exceptions.InvalidSignatureError):
            jwts.verify_jws(jws, self.keypairs[:2])
    def test_jws_verify_mismatched_signatures(self):
        jws = jwts.make_jws({"a": 1}, self.keypairs[:2])

        # this test requires equal-length arrays, with some overlap
        with self.assertRaises(exceptions.KeySignatureMismatch):
            jwts.verify_jws(jws, self.keypairs[1:3])

        jwts.verify_jws(jws, self.keypairs[1:3], verify_all=False)
    def test_missing_kid_in_jws_header(self):
        jws = json.loads(jwts.make_jws({"a": 1}, self.keypairs[:1]))
        header = json.loads(utils.to_string(utils.base64url_decode(jws["signatures"][0]["protected"])))
        del header["kid"]
        jws["signatures"][0]["protected"] = utils.to_string(utils.base64url_encode(json.dumps(header)))

        with self.assertRaises(exceptions.InvalidFormatError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
    def test_jws_verify_no_signatures(self):
        jws = jwts.make_jws({"a": 1}, [])

        with self.assertRaises(exceptions.InvalidSignatureError):
            jwts.verify_jws(jws, self.keypairs[:2])

        with self.assertRaises(exceptions.InvalidSignatureError):
            jwts.verify_jws(jws, self.keypairs[:2])
    def test_jws_verify_with_wrong_keypair(self):
        jws = jwts.make_jws({'a': 1}, self.keypairs[:1])

        with self.assertRaises(exceptions.KeySignatureMismatch):
            jwts.verify_jws(jws, self.keypairs[1:2])

        with self.assertRaises(exceptions.KeySignatureMismatch):
            jwts.verify_jws(jws, self.keypairs[1:2])
    def test_jws_verify_mismatched_signatures(self):
        jws = jwts.make_jws({"a": 1}, self.keypairs[:2])

        # this test requires equal-length arrays, with some overlap
        with self.assertRaises(exceptions.KeySignatureMismatch):
            jwts.verify_jws(jws, self.keypairs[1:3])

        jwts.verify_jws(jws, self.keypairs[1:3], verify_all=False)
    def test_extend_jws_signatures_from_jwt_no_kid(self):
        keypair = service.create_secret_key()
        kid = str(uuid.uuid4())

        jwt = jwts.make_jwt({'a': 1}, keypair)
        jws = jwts.extend_jws_signatures(jwt, self.keypairs, kid)

        keypair.identity = kid
        keypairs = self.keypairs + [keypair]
        jwts.verify_jws(jws, keypairs).should.be.a(dict)
    def test_invalid_message_not_a_jws(self):
        jws = jwts.make_jws({'a': 1}, self.keypairs[:2])
        jws_dict = json.loads(jws)

        no_payload = {k: v for k, v in jws_dict.items() if k != 'payload'}
        with self.assertRaises(exceptions.InvalidFormatError):
            jwts.verify_jws(json.dumps(no_payload), self.keypairs[:2])

        no_sigs = {k: v for k, v in jws_dict.items() if k != 'signatures'}
        with self.assertRaises(exceptions.InvalidFormatError):
            jwts.verify_jws(json.dumps(no_sigs), self.keypairs[:2])
Exemple #11
0
    def test_missing_kid_in_jws_header(self):
        jws = json.loads(jwts.make_jws({'a': 1}, self.keypairs[:1]))
        header = json.loads(
            utils.to_string(
                utils.base64url_decode(jws['signatures'][0]['protected'])))
        del header['kid']
        jws['signatures'][0]['protected'] = utils.to_string(
            utils.base64url_encode(json.dumps(header)))

        with self.assertRaises(exceptions.InvalidFormatError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
Exemple #12
0
    def test_invalid_alg_in_jws_header(self):
        jws = json.loads(jwts.make_jws({'a': 1}, self.keypairs[:1]))
        header = json.loads(
            utils.to_string(
                utils.base64url_decode(jws['signatures'][0]['protected'])))
        header['alg'] = 'bog'
        jws['signatures'][0]['protected'] = utils.to_string(
            utils.base64url_encode(json.dumps(header)))

        with self.assertRaises(exceptions.InvalidAlgorithmError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
Exemple #13
0
    def test_invalid_message_not_a_jws(self):
        jws = jwts.make_jws({'a': 1}, self.keypairs[:2])
        jws_dict = json.loads(jws)

        no_payload = {k: v for k, v in jws_dict.items() if k != 'payload'}
        with self.assertRaises(exceptions.InvalidFormatError):
            jwts.verify_jws(json.dumps(no_payload), self.keypairs[:2])

        no_sigs = {k: v for k, v in jws_dict.items() if k != 'signatures'}
        with self.assertRaises(exceptions.InvalidFormatError):
            jwts.verify_jws(json.dumps(no_sigs), self.keypairs[:2])
    def test_prepare_message(self):
        sess = session.ServerSession(identity_credentials=self.server_credentials,
                                     oneid_credentials=self.oneid_credentials,
                                     project_credentials=self.project_credentials)

        authenticated_data = sess.prepare_message(oneid_response=self.oneid_response)

        keypairs = [
            self.oneid_credentials.keypair,
            self.project_credentials.keypair,
        ]
        jwts.verify_jws(authenticated_data, keypairs).should.be.a(dict)
    def test_missing_typ_in_jws_header(self):
        jws = json.loads(jwts.make_jws({'a': 1}, self.keypairs[:1]))
        header = json.loads(utils.to_string(
            utils.base64url_decode(jws['signatures'][0]['protected'])
        ))
        del header['typ']
        jws['signatures'][0]['protected'] = utils.to_string(
            utils.base64url_encode(json.dumps(header))
        )

        with self.assertRaises(exceptions.InvalidFormatError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
    def test_invalid_alg_in_jws_header(self):
        jws = json.loads(jwts.make_jws({'a': 1}, self.keypairs[:1]))
        header = json.loads(utils.to_string(
            utils.base64url_decode(jws['signatures'][0]['protected'])
        ))
        header['alg'] = 'bog'
        jws['signatures'][0]['protected'] = utils.to_string(
            utils.base64url_encode(json.dumps(header))
        )

        with self.assertRaises(exceptions.InvalidAlgorithmError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
    def _create_and_verify_good_jws(self, claims, keypairs=None):
        keypairs = keypairs or self.keypairs
        jws = jwts.make_jws(claims, keypairs)

        self.assertIsInstance(jws, str)

        verifications = [jwts.verify_jws(jws, keypairs), jwts.verify_jws(jws), jwts.verify_jws(utils.to_bytes(jws))]

        for verification in verifications:
            self.assertTrue(verification)

            for claim in claims:
                self.assertIn(claim, verification)
                self.assertEqual(verification.get(claim), claims[claim])
    def test_reset_keys(self):
        sess = session.ServerSession(
            identity_credentials=self.server_credentials,
            oneid_credentials=self.oneid_credentials,
            project_credentials=self.project_credentials
        )

        authenticated_data = sess.prepare_message(
            oneid_response=self.oneid_response,
            rekey_credentials=[
                self.resetA_credentials,
                self.resetB_credentials,
                self.resetC_credentials,
            ]
        )

        keypairs = [
            self.oneid_credentials.keypair,
            self.project_credentials.keypair,
            self.resetA_credentials.keypair,
            self.resetB_credentials.keypair,
            self.resetC_credentials.keypair,
        ]

        verified = jwts.verify_jws(authenticated_data, keypairs)
        self.assertIsInstance(verified, dict)
    def test_reset_keys(self, mock_request):
        sess = session.ServerSession(
            identity_credentials=self.id_credentials,
            oneid_credentials=self.oneid_credentials,
            project_credentials=self.project_credentials,
            config=self.fake_config,
        )

        authenticated_data = sess.prepare_message(a=1,
                                                  b=2,
                                                  rekey_credentials=[
                                                      self.resetA_credentials,
                                                      self.resetB_credentials,
                                                      self.resetC_credentials,
                                                  ])

        keypairs = [
            self.oneid_credentials.keypair,
            self.project_credentials.keypair,
            self.resetA_credentials.keypair,
            self.resetB_credentials.keypair,
            self.resetC_credentials.keypair,
        ]

        verified = jwts.verify_jws(authenticated_data, keypairs)
        self.assertIsInstance(verified, dict)
Exemple #20
0
    def test_extend_jws_signatures_from_jwt_single_key(self):
        jwt = jwts.make_jwt({'a': 1}, self.keypairs[0])
        jws = jwts.extend_jws_signatures(jwt, self.keypairs[1],
                                         self.keypairs[1].identity)

        verified_msg = jwts.verify_jws(jws, self.keypairs[:2])
        self.assertIsInstance(verified_msg, dict)
    def test_prepare_message_encrypted_session(self, mock_request):
        peer_credentials = self.alt_credentials
        sess = session.ServerSession(
            identity_credentials=self.id_credentials,
            oneid_credentials=self.oneid_credentials,
            project_credentials=self.project_credentials,
            peer_credentials=peer_credentials,
            config=self.fake_config,
        )

        jws = sess.prepare_message(
            a=1,
            b=2,
        )

        keypairs = [
            self.oneid_credentials.keypair,
            self.project_credentials.keypair,
        ]

        jwe = jwts.verify_jws(jws, keypairs)

        claims = jwes.decrypt_jwe(jwe, peer_credentials.keypair)

        self.assertIsInstance(claims, dict)
        self.assertIn('a', claims)
        self.assertIn('b', claims)
    def test_reset_keys(self, mock_request):
        sess = session.ServerSession(
            identity_credentials=self.id_credentials,
            oneid_credentials=self.oneid_credentials,
            project_credentials=self.project_credentials,
            config=self.fake_config,
        )

        authenticated_data = sess.prepare_message(
            a=1, b=2,
            rekey_credentials=[
                self.resetA_credentials,
                self.resetB_credentials,
                self.resetC_credentials,
            ]
        )

        keypairs = [
            self.oneid_credentials.keypair,
            self.project_credentials.keypair,
            self.resetA_credentials.keypair,
            self.resetB_credentials.keypair,
            self.resetC_credentials.keypair,
        ]

        verified = jwts.verify_jws(authenticated_data, keypairs)
        self.assertIsInstance(verified, dict)
    def _create_and_verify_good_jws(self, claims, keypairs=None):
        keypairs = keypairs or self.keypairs
        jws = jwts.make_jws(claims, keypairs)
        jws.should.be.a(str)

        verifications = [
            jwts.verify_jws(jws, keypairs),
            jwts.verify_jws(jws),
            jwts.verify_jws(utils.to_bytes(jws)),
        ]

        for verification in verifications:
            verification.should.be.truthy

            for claim in claims:
                verification.should.have.key(claim).equal_to(claims[claim])
Exemple #24
0
def _handle_auth_endpoint(headers=None, data=None):
    logger.debug('data=%s', data)

    try:
        oneid_key = keychain.Keypair.from_secret_pem(
            key_bytes=TestSession.oneid_key_bytes, )
        oneid_key.identity = 'oneID'
        jwts.verify_jws(data)
        jws = jwts.extend_jws_signatures(data, oneid_key)
        logger.debug('jws=%s', jws)
        return MockResponse(jws, 200)
    except InvalidSignature:
        logger.debug('invalid signature', exc_info=True)
        return MockResponse('Forbidden', 403)

    return MockResponse('Internal Server Error', 500)
Exemple #25
0
    def test_extend_jws_signatures_from_jwt(self):
        jwt = jwts.make_jwt({"a": 1}, self.keypairs[0])
        jws = jwts.extend_jws_signatures(jwt, self.keypairs[1:],
                                         self.keypairs[0].identity)

        verified_msg = jwts.verify_jws(jws, self.keypairs)
        self.assertIsInstance(verified_msg, dict)
Exemple #26
0
    def test_jws_verify_any_signature_is_ok(self):
        jws = jwts.make_jws({'a': 1}, self.keypairs[:1])

        verified_msg = jwts.verify_jws(jws,
                                       self.keypairs[:2],
                                       verify_all=False)
        self.assertIn("a", verified_msg)
    def test_extend_jws_signatures_from_jwt_single_key(self):
        jwt = jwts.make_jwt({'a': 1}, self.keypairs[0])
        jws = jwts.extend_jws_signatures(jwt,
                                         self.keypairs[1],
                                         self.keypairs[1].identity)

        verified_msg = jwts.verify_jws(jws, self.keypairs[:2])
        self.assertIsInstance(verified_msg, dict)
    def test_extend_jws_signatures_from_jwt(self):
        jwt = jwts.make_jwt({"a": 1}, self.keypairs[0])
        jws = jwts.extend_jws_signatures(jwt,
                                         self.keypairs[1:],
                                         self.keypairs[0].identity)

        verified_msg = jwts.verify_jws(jws, self.keypairs)
        self.assertIsInstance(verified_msg, dict)
    def test_prepare_message(self):
        sess = session.DeviceSession(self.id_credentials)
        jws = sess.prepare_message(a=1)

        claims = jwts.verify_jws(jws, self.id_credentials.keypair)

        claims.should.be.a(dict)
        claims.should.have.key('a').equal_to(1)
    def test_prepare_message(self):
        sess = session.DeviceSession(self.id_credentials)
        jws = sess.prepare_message(a=1)

        claims = jwts.verify_jws(jws, self.id_credentials.keypair)

        self.assertIsInstance(claims, dict)
        self.assertIn("a", claims)
        self.assertEqual(claims.get("a"), 1)
Exemple #31
0
    def _create_and_verify_good_jws(self, claims, keypairs=None):
        keypairs = keypairs or self.keypairs
        jws = jwts.make_jws(claims, keypairs)

        self.assertIsInstance(jws, str)

        verifications = [
            jwts.verify_jws(jws, keypairs),
            jwts.verify_jws(jws),
            jwts.verify_jws(utils.to_bytes(jws)),
        ]

        for verification in verifications:
            self.assertTrue(verification)

            for claim in claims:
                self.assertIn(claim, verification)
                self.assertEqual(verification.get(claim), claims[claim])
    def test_prepare_message(self):
        sess = session.DeviceSession(self.id_credentials)
        jws = sess.prepare_message(a=1)

        claims = jwts.verify_jws(jws, self.id_credentials.keypair)

        self.assertIsInstance(claims, dict)
        self.assertIn("a", claims)
        self.assertEqual(claims.get("a"), 1)
    def test_extend_jws_signatures_from_jwt_no_kid(self):
        keypair = service.create_secret_key()
        kid = str(uuid.uuid4())

        jwt = jwts.make_jwt({'a': 1}, keypair)
        jws = jwts.extend_jws_signatures(jwt, self.keypairs, kid)

        keypair.identity = kid
        keypairs = self.keypairs + [keypair]
        verified_msg = jwts.verify_jws(jws, keypairs)
        self.assertIsInstance(verified_msg, dict)
Exemple #34
0
    def test_extend_jws_signatures_from_jwt_no_kid(self):
        keypair = service.create_secret_key()
        kid = str(uuid.uuid4())

        jwt = jwts.make_jwt({'a': 1}, keypair)
        jws = jwts.extend_jws_signatures(jwt, self.keypairs, kid)

        keypair.identity = kid
        keypairs = self.keypairs + [keypair]
        verified_msg = jwts.verify_jws(jws, keypairs)
        self.assertIsInstance(verified_msg, dict)
Exemple #35
0
 def test_missing_nonce(self):
     jws = json.dumps({
         "payload":
         "eyJhIjogMX0",
         "signatures": [{
             "protected": ("eyJ0eXAiOiAiSk9TRStKU09OIiwgImFsZyI6ICJFUzI1"
                           "NiIsICJraWQiOiAiMTIzNDUifQ"),
             "signature": ("9PXHibGclG2wNT5f6BZhkk6YGFI0kUSITBWlmBQIKipL"
                           "N-UMPKvKUMvelhZX7EIqNpmZB7b9LvIiiNYZ6NFkJg")
         }]
     })
     self.assertTrue(jwts.verify_jws(jws, self.keypair))
    def test_prepare_message_encrypted_to_other(self):
        sess = session.DeviceSession(self.id_credentials)
        jws = sess.prepare_message(a=1,
                                   other_recipients=[self.peer_credentials])

        jwe = jwts.verify_jws(jws, self.id_credentials.keypair)
        self.assertTrue(jose.is_jwe(jwe))

        claims = jwes.decrypt_jwe(jwe, self.peer_credentials.keypair)

        self.assertIsInstance(claims, dict)
        self.assertIn("a", claims)
        self.assertEqual(claims.get("a"), 1)
    def test_add_signature_to_jws(self):
        claims = {
            'a': 1,
        }
        sess = session.DeviceSession(self.id_credentials)

        jws1 = jwts.make_jws(claims, self.alt_credentials.keypair)
        jws2 = sess.add_signature(jws1)

        claims = jwts.verify_jws(
            jws2, [self.alt_credentials.keypair, self.id_credentials.keypair])

        self.assertIsInstance(claims, dict)
        self.assertIn("a", claims)
        self.assertEqual(claims.get("a"), 1)
Exemple #38
0
    def test_prepare_message(self):
        sess = session.ServerSession(
            identity_credentials=self.server_credentials,
            oneid_credentials=self.oneid_credentials,
            project_credentials=self.project_credentials)

        authenticated_data = sess.prepare_message(
            oneid_response=self.oneid_response)

        keypairs = [
            self.oneid_credentials.keypair,
            self.project_credentials.keypair,
        ]

        verified = jwts.verify_jws(authenticated_data, keypairs)
        self.assertIsInstance(verified, dict)
    def test_prepare_message_by_param(self, mock_request):
        sess = session.ServerSession(
            identity_credentials=self.id_credentials,
            oneid_credentials=self.oneid_credentials,
            project_credentials=self.project_credentials,
            config=self.fake_config,
        )

        authenticated_data = sess.prepare_message(
            raw_message='hello',
        )

        keypairs = [
            self.oneid_credentials.keypair,
            self.project_credentials.keypair,
        ]

        verified = jwts.verify_jws(authenticated_data, keypairs)
        self.assertIsInstance(verified, dict)
        self.assertIn('message', verified)
 def test_remove_jws_signature_list(self):
     jws = jwts.make_jws({'a': 1}, self.keypairs)
     ids = [keypair.identity for keypair in self.keypairs[:2]]
     jws = jwts.remove_jws_signatures(jws, ids)
     verified_msg = jwts.verify_jws(jws, self.keypairs[2:])
     self.assertIsInstance(verified_msg, dict)
 def test_remove_jws_signature(self):
     jws = jwts.make_jws({'a': 1}, self.keypairs)
     jws = jwts.remove_jws_signatures(jws, self.keypairs[0].identity)
     verified_msg = jwts.verify_jws(jws, self.keypairs[1:])
     self.assertIsInstance(verified_msg, dict)
Exemple #42
0
    def test_jws_verify_invalid_signature(self):
        jws = json.loads(jwts.make_jws({'a': 1}, self.keypairs[:1]))
        jws['signatures'][0]['signature'] = 'bogus'

        with self.assertRaises(exceptions.InvalidSignatureError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
 def test_extend_jws_signatures_from_jws(self):
     jws = jwts.make_jws({'a': 1}, self.keypairs[:2])
     jws = jwts.extend_jws_signatures(jws, self.keypairs[2:])
     verified_msg = jwts.verify_jws(jws, self.keypairs)
     self.assertIsInstance(verified_msg, dict)
Exemple #44
0
    def test_jwt_verify_with_redundant_keypairs(self):
        jws = jwts.make_jws({'a': 1}, self.keypairs[:2])

        with self.assertRaises(exceptions.InvalidKeyError):
            jwts.verify_jws(jws, self.keypairs[:1] * 2)
    def test_jws_verify_too_many_signatures(self):
        jws = jwts.make_jws({"a": 1}, self.keypairs[:2])

        with self.assertRaises(exceptions.KeySignatureMismatch):
            jwts.verify_jws(jws, self.keypairs[:1])
Exemple #46
0
    def test_jwt_verify_with_mult_sigs(self):
        jwt = jwts.make_jwt({'a': 1}, self.keypairs[0])

        with self.assertRaises(Exception):
            jwts.verify_jws(jwt, self.keypairs[:2])
Exemple #47
0
 def test_extend_jws_signatures_from_jws(self):
     jws = jwts.make_jws({'a': 1}, self.keypairs[:2])
     jws = jwts.extend_jws_signatures(jws, self.keypairs[2:])
     verified_msg = jwts.verify_jws(jws, self.keypairs)
     self.assertIsInstance(verified_msg, dict)
Exemple #48
0
 def test_remove_bytes_jws_signature(self):
     jws = utils.to_bytes(jwts.make_jws({'a': 1}, self.keypairs))
     jws = jwts.remove_jws_signatures(jws, self.keypairs[0].identity)
     verified_msg = jwts.verify_jws(jws, self.keypairs[1:])
     self.assertIsInstance(verified_msg, dict)
Exemple #49
0
 def test_verify_jws_from_jwt(self):
     jwt = jwts.make_jwt({'a': 1}, self.keypairs[0])
     verified_msg = jwts.verify_jws(jwt, self.keypairs[0])
     self.assertIsInstance(verified_msg, dict)
    def test_jwt_verify_with_redundant_keypairs(self):
        jws = jwts.make_jws({'a': 1}, self.keypairs[:2])

        with self.assertRaises(exceptions.InvalidKeyError):
            jwts.verify_jws(jws, self.keypairs[:1] * 2)
    def test_jws_verify_invalid_signature(self):
        jws = json.loads(jwts.make_jws({'a': 1}, self.keypairs[:1]))
        jws['signatures'][0]['signature'] = 'bogus'

        with self.assertRaises(exceptions.InvalidSignatureError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
    def test_jws_verify_any_signature_is_ok(self):
        jws = jwts.make_jws({'a': 1}, self.keypairs[:1])

        verified_msg = jwts.verify_jws(jws, self.keypairs[:2], verify_all=False)
        self.assertIn("a", verified_msg)
    def test_jws_verify_invalid_signature(self):
        jws = json.loads(jwts.make_jws({"a": 1}, self.keypairs[:1]))
        jws["signatures"][0]["signature"] = "bogus"

        with self.assertRaises(exceptions.InvalidSignatureError):
            jwts.verify_jws(json.dumps(jws), self.keypairs[:1])
Exemple #54
0
    def test_jws_verify_too_many_signatures(self):
        jws = jwts.make_jws({"a": 1}, self.keypairs[:2])

        with self.assertRaises(exceptions.KeySignatureMismatch):
            jwts.verify_jws(jws, self.keypairs[:1])
Exemple #55
0
 def test_remove_jws_signature_list(self):
     jws = jwts.make_jws({'a': 1}, self.keypairs)
     ids = [keypair.identity for keypair in self.keypairs[:2]]
     jws = jwts.remove_jws_signatures(jws, ids)
     verified_msg = jwts.verify_jws(jws, self.keypairs[2:])
     self.assertIsInstance(verified_msg, dict)
    def test_jwt_verify_with_mult_sigs(self):
        jwt = jwts.make_jwt({'a': 1}, self.keypairs[0])

        with self.assertRaises(Exception):
            jwts.verify_jws(jwt, self.keypairs[:2])
 def test_verify_jws_from_jwt(self):
     jwt = jwts.make_jwt({'a': 1}, self.keypairs[0])
     verified_msg = jwts.verify_jws(jwt, self.keypairs[0])
     self.assertIsInstance(verified_msg, dict)