def test_generate_compute_verify_mac(self):
keyset_servicer = services.KeysetServicer()
jwt_servicer = jwt_service.JwtServicer()
template = jwt.jwt_hs256_template().SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
keyset = gen_response.keyset
comp_request = testing_api_pb2.JwtSignRequest(keyset=keyset)
comp_request.raw_jwt.issuer.value = 'issuer'
comp_request.raw_jwt.subject.value = 'subject'
comp_request.raw_jwt.custom_claims['myclaim'].bool_value = True
comp_request.raw_jwt.expiration.seconds = 1334
comp_request.raw_jwt.expiration.nanos = 123000000
comp_response = jwt_servicer.ComputeMacAndEncode(comp_request, self._ctx)
self.assertEqual(comp_response.WhichOneof('result'), 'signed_compact_jwt')
signed_compact_jwt = comp_response.signed_compact_jwt
verify_request = testing_api_pb2.JwtVerifyRequest(
keyset=keyset, signed_compact_jwt=signed_compact_jwt)
verify_request.validator.expected_issuer.value = 'issuer'
verify_request.validator.expected_subject.value = 'subject'
verify_request.validator.now.seconds = 1234
verify_response = jwt_servicer.VerifyMacAndDecode(verify_request, self._ctx)
self.assertEqual(verify_response.WhichOneof('result'), 'verified_jwt')
self.assertEqual(verify_response.verified_jwt.issuer.value, 'issuer')
self.assertEqual(verify_response.verified_jwt.subject.value, 'subject')
self.assertEqual(verify_response.verified_jwt.expiration.seconds, 1334)
self.assertEqual(verify_response.verified_jwt.expiration.nanos, 0)
def test_generate_compute_verify_signature(self):
keyset_servicer = services.KeysetServicer()
jwt_servicer = jwt_service.JwtServicer()
template = jwt.jwt_es256_template().SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
private_keyset = gen_response.keyset
comp_request = testing_api_pb2.JwtSignRequest(keyset=private_keyset)
comp_request.raw_jwt.issuer.value = 'issuer'
comp_request.raw_jwt.subject.value = 'subject'
comp_request.raw_jwt.custom_claims['myclaim'].bool_value = True
comp_response = jwt_servicer.PublicKeySignAndEncode(comp_request, self._ctx)
self.assertEqual(comp_response.WhichOneof('result'), 'signed_compact_jwt')
signed_compact_jwt = comp_response.signed_compact_jwt
pub_request = testing_api_pb2.KeysetPublicRequest(
private_keyset=private_keyset)
pub_response = keyset_servicer.Public(pub_request, self._ctx)
self.assertEqual(pub_response.WhichOneof('result'), 'public_keyset')
public_keyset = pub_response.public_keyset
verify_request = testing_api_pb2.JwtVerifyRequest(
keyset=public_keyset, signed_compact_jwt=signed_compact_jwt)
verify_request.validator.expected_issuer.value = 'issuer'
verify_request.validator.expected_subject.value = 'subject'
verify_request.validator.allow_missing_expiration = True
verify_response = jwt_servicer.PublicKeyVerifyAndDecode(
verify_request, self._ctx)
self.assertEqual(verify_response.WhichOneof('result'), 'verified_jwt')
self.assertEqual(verify_response.verified_jwt.issuer.value, 'issuer')
def compute_mac_and_encode(self, raw_jwt: jwt.RawJwt) -> str:
request = testing_api_pb2.JwtSignRequest(
keyset=self._keyset, raw_jwt=raw_jwt_to_proto(raw_jwt))
response = self._stub.ComputeMacAndEncode(request)
if response.err:
raise tink.TinkError(response.err)
return response.signed_compact_jwt
def sign_and_encode(self, raw_jwt: jwt.RawJwt) -> Text:
request = testing_api_pb2.JwtSignRequest(
keyset=self._keyset, raw_jwt=raw_jwt_to_proto(raw_jwt))
response = self._stub.PublicKeySignAndEncode(request)
if response.err:
raise tink.TinkError(response.err)
return response.signed_compact_jwt
def test_generate_compute_verify_mac_without_expiration(self):
keyset_servicer = services.KeysetServicer()
jwt_servicer = jwt_service.JwtServicer()
template = jwt.jwt_hs256_template().SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
keyset = gen_response.keyset
comp_request = testing_api_pb2.JwtSignRequest(keyset=keyset)
comp_request.raw_jwt.issuer.value = 'issuer'
comp_response = jwt_servicer.ComputeMacAndEncode(
comp_request, self._ctx)
self.assertEqual(comp_response.WhichOneof('result'),
'signed_compact_jwt')
signed_compact_jwt = comp_response.signed_compact_jwt
verify_request = testing_api_pb2.JwtVerifyRequest(
keyset=keyset, signed_compact_jwt=signed_compact_jwt)
verify_request.validator.expected_issuer.value = 'issuer'
verify_request.validator.allow_missing_expiration = True
verify_response = jwt_servicer.VerifyMacAndDecode(
verify_request, self._ctx)
print(verify_response.err)
self.assertEqual(verify_response.WhichOneof('result'), 'verified_jwt')
self.assertEqual(verify_response.verified_jwt.issuer.value, 'issuer')
