def test_malformed_assertions(self): # This one doesn't actually contain an assertion assertion = encode_json_bytes({}) self.assertRaises(ValueError, self.verifier.verify, assertion) # This one has no certificates pub, priv = DummyVerifier._get_keypair("TEST") assertion = encode_json_bytes({ "assertion": JWT.generate({"aud": "TEST"}, priv), "certificates": [] }) self.assertRaises(ValueError, self.verifier.verify, assertion)
def test_error_jwt_with_mismatched_algorithm(self): pub, priv = DummyVerifier._get_keypair("TEST") jwt = JWT.generate({}, priv) jwt = JWT.parse(jwt) pub["algorithm"] = "RS" self.assertFalse(jwt.check_signature(pub))