def test_update_mark_inactive():
rsa_key = new_rsa_key()
_jwks = {"keys": [rsa_key.serialize()]}
fname = "tmp_jwks.json"
with open(fname, "w") as fp:
fp.write(json.dumps(_jwks))
kb = KeyBundle(source="file://{}".format(fname), fileformat="jwks")
assert len(kb) == 1
# new set of keys
rsa_key = new_rsa_key(alg="RS256")
ec_key = new_ec_key(crv="P-256")
_jwks = {"keys": [rsa_key.serialize(), ec_key.serialize()]}
with open(fname, "w") as fp:
fp.write(json.dumps(_jwks))
kb.update()
# 2 active and 1 inactive
assert len(kb) == 3
assert len(kb.active_keys()) == 2
assert len(kb.get("rsa")) == 1
assert len(kb.get("rsa", only_active=False)) == 2
def main():
""" Main function"""
parser = argparse.ArgumentParser(
description="JSON Web Key (JWK) Generator")
parser.add_argument("--kty",
dest="kty",
metavar="type",
help="Key type",
required=True)
parser.add_argument("--size",
dest="keysize",
type=int,
metavar="size",
help="Key size")
parser.add_argument(
"--crv",
dest="crv",
metavar="curve",
help="EC curve",
choices=NIST2SEC.keys(),
default=DEFAULT_EC_CURVE,
)
parser.add_argument(
"--exp",
dest="rsa_exp",
type=int,
metavar="exponent",
help="RSA public key exponent (default {})".format(DEFAULT_RSA_EXP),
default=DEFAULT_RSA_EXP,
)
parser.add_argument("--kid", dest="kid", metavar="id", help="Key ID")
args = parser.parse_args()
if args.kty.upper() == "RSA":
if args.keysize is None:
args.keysize = DEFAULT_RSA_KEYSIZE
jwk = new_rsa_key(public_exponent=args.rsa_exp,
key_size=args.keysize,
kid=args.kid)
elif args.kty.upper() == "EC":
if args.crv not in NIST2SEC:
print("Unknown curve: {0}".format(args.crv), file=sys.stderr)
exit(1)
jwk = new_ec_key(crv=args.crv, kid=args.kid)
elif args.kty.upper() == "SYM":
if args.keysize is None:
args.keysize = DEFAULT_SYM_KEYSIZE
randomkey = os.urandom(args.keysize)
jwk = SYMKey(key=randomkey, kid=args.kid)
else:
print("Unknown key type: {}".format(args.kty), file=sys.stderr)
exit(1)
jwk_dict = jwk.serialize(private=True)
print(json.dumps(jwk_dict, sort_keys=True, indent=4))
print("SHA-256: " + jwk.thumbprint("SHA-256").decode(), file=sys.stderr)
def gen_keypair():
jwk = new_ec_key(crv="P-256")
private_key_dict = jwk.serialize(private=True)
public_key_dict = jwk.serialize(private=False)
private_key = cosekey_from_jwk_dict(private_key_dict, private=True)
public_key = cosekey_from_jwk_dict(public_key_dict, private=False)
return private_key, public_key
def main():
""" Main function"""
parser = argparse.ArgumentParser(description='JSON Web Key (JWK) Generator')
parser.add_argument('--kty',
dest='kty',
metavar='type',
help='Key type',
required=True)
parser.add_argument('--size',
dest='keysize',
type=int,
metavar='size',
help='Key size')
parser.add_argument('--crv',
dest='crv',
metavar='curve',
help='EC curve',
choices=NIST2SEC.keys(),
default=DEFAULT_EC_CURVE)
parser.add_argument('--exp',
dest='rsa_exp',
type=int,
metavar='exponent',
help='RSA public key exponent (default {})'.format(DEFAULT_RSA_EXP),
default=DEFAULT_RSA_EXP)
parser.add_argument('--kid',
dest='kid',
metavar='id',
help='Key ID')
args = parser.parse_args()
if args.kty.upper() == 'RSA':
if args.keysize is None:
args.keysize = DEFAULT_RSA_KEYSIZE
jwk = new_rsa_key(public_exponent=args.rsa_exp, key_size=args.keysize, kid=args.kid)
elif args.kty.upper() == 'EC':
if args.crv not in NIST2SEC:
print("Unknown curve: {0}".format(args.crv), file=sys.stderr)
exit(1)
jwk = new_ec_key(crv=args.crv, kid=args.kid)
elif args.kty.upper() == 'SYM':
if args.keysize is None:
args.keysize = DEFAULT_SYM_KEYSIZE
randomkey = os.urandom(args.keysize)
jwk = SYMKey(key=randomkey, kid=args.kid)
else:
print("Unknown key type: {}".format(args.kty), file=sys.stderr)
exit(1)
jwk_dict = jwk.serialize(private=True)
print(json.dumps(jwk_dict, sort_keys=True, indent=4))
print("SHA-256: " + jwk.thumbprint('SHA-256').decode(), file=sys.stderr)
def test_get_key():
ec_key = new_ec_key("P-256")
asym_private_key = ECKey(priv_key=ec_key.priv_key)
asym_public_key = ECKey(pub_key=asym_private_key.pub_key)
key = SYMKey(key="mekmitasdigoatfo", kid="xyzzy")
assert asym_private_key.private_key()
assert asym_private_key.public_key()
assert asym_public_key.private_key() is None
assert asym_private_key.public_key()
assert key.key
def __init__(self,
issuer: str,
ttl: int = 300,
authz_rules: [] = AUTHZ_RULES) -> None:
token_key = new_ec_key(crv="P-256")
self.token_signer = TokenSigner()
self.token_signer.set_signing_key(token_key)
self.token_signer.set_issuer(issuer)
self.token_signer.set_valid_for(300)
token_public_key_dict = token_key.serialize(private=False)
token_public_key_dict["pid"] = issuer
jwks = {"keys": [token_public_key_dict]}
self.token_verifier = TokenVerifier.create_from_jwks_dict(jwks)
self.authz_verifier = AuthZVerifier(authz_rules)
def test_update_2():
rsa_key = new_rsa_key()
_jwks = {"keys": [rsa_key.serialize()]}
fname = "tmp_jwks.json"
with open(fname, "w") as fp:
fp.write(json.dumps(_jwks))
kb = KeyBundle(source="file://{}".format(fname), fileformat="jwks")
assert len(kb) == 1
# Added one more key
ec_key = new_ec_key(crv="P-256", key_ops=["sign"])
_jwks = {"keys": [rsa_key.serialize(), ec_key.serialize()]}
with open(fname, "w") as fp:
fp.write(json.dumps(_jwks))
kb.update()
assert len(kb) == 2
def test_verify_header():
_dpop = DPoPProof()
assert _dpop.verify_header(DPOP_HEADER)
assert set(_dpop.keys()) == {'typ', 'alg', 'jwk', 'jti', 'htm', 'htu', 'iat'}
assert _dpop.verify() is None
_dpop_dict = _dpop.to_dict()
_dpop2 = DPoPProof().from_dict(_dpop_dict)
assert isinstance(_dpop2.key, ECKey)
ec_key = new_ec_key(crv="P-256")
_dpop2.key = ec_key
_dpop2["jwk"] = ec_key.to_dict()
_header = _dpop2.create_header()
_dpop3 = DPoPProof()
assert _dpop3.verify_header(_header)
# should have the same content as _dpop only the key is different
assert _dpop["htm"] == _dpop3["htm"]
import os
from cryptojwt.jwk.ec import new_ec_key
from cryptojwt.jwk.hmac import SYMKey
from cryptojwt.jwk.rsa import new_rsa_key
from cryptojwt.jwk.wrap import unwrap_key
from cryptojwt.jwk.wrap import wrap_key
__author__ = "jschlyter"
WRAPPING_KEYS = [
SYMKey(use="enc", key=os.urandom(32)),
new_ec_key(crv="P-256"),
new_ec_key(crv="P-384"),
new_rsa_key(size=2048),
new_rsa_key(size=4096),
]
SECRET_KEYS = [
SYMKey(use="enc", key=os.urandom(32)),
new_ec_key(crv="P-256"),
new_rsa_key(size=2048),
]
def test_wrap_default():
for wrapping_key in WRAPPING_KEYS:
for key in SECRET_KEYS:
wrapped_key = wrap_key(key, wrapping_key)
unwrapped_key = unwrap_key(wrapped_key, [wrapping_key])
assert key == unwrapped_key
def test_cmp_eq_ec():
ec_key = new_ec_key("P-256")
_key1 = ECKey(priv_key=ec_key.priv_key)
_key2 = ECKey(priv_key=ec_key.priv_key)
assert _key1 == _key2
def test_cmp_neq_ec():
ec_key = new_ec_key("P-256")
_key1 = ECKey(priv_key=ec_key.priv_key)
_key2 = ECKey(**ECKEY)
assert _key1 != _key2
def test_create_eckey():
ec = new_ec_key("P-256")
exp_key = ec.serialize()
assert _eq(list(exp_key.keys()), ["y", "x", "crv", "kty", "kid"])
def test_new_ec_key():
ec_key = new_ec_key("P-256")
assert isinstance(ec_key, ECKey)
assert ec_key.key_len() == 256
def test_new_ec_key():
ec_key = new_ec_key("P-256")
assert isinstance(ec_key, ECKey)
