def test_rsa_verify_bad_key():
private1, public1 = generate_rsa()
private2, public2 = generate_rsa()
data = json.dumps(
{
"private": base64.b64encode(
private1.private_bytes(
encoding=serialization.Encoding.DER,
encryption_algorithm=serialization.NoEncryption(),
format=serialization.PrivateFormat.PKCS8,
),
).decode(),
"public": base64.b64encode(
public2.public_bytes(
encoding=serialization.Encoding.DER,
format=serialization.PublicFormat.PKCS1,
),
).decode(),
}, indent="\t",
)
with mock.patch("sys.stdin", StringIO(data)):
with pytest.raises(InvalidSignature):
verify()
def test_rsa_sign():
bits = 2048
private, public = rsa.generate_rsa(bits)
assert private.key_size == bits
payload = os.urandom(1024 * 16)
signature = private.sign(
payload,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH,
),
hashes.SHA256(),
)
print("Signing OK")
result = public.verify(
signature,
payload,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH,
),
hashes.SHA256(),
)
assert result is None
def test_jwt_token_invalid_expiration():
bits = 2048
key, public = rsa.generate_rsa(bits)
jwt = JWT(key, public)
with pytest.raises(ValueError):
jwt.encode(foo="bar", expired=None, nbf=None)
def test_decode_only_ability():
bits = 2048
key, public = rsa.generate_rsa(bits)
jwt = JWT(key)
token = jwt.encode(foo="bar")
with pytest.raises(RuntimeError):
jwt.decode(token)
def test_encode_only_ability():
bits = 2048
key, public = rsa.generate_rsa(bits)
token = JWT(key).encode(foo="bar")
jwt = JWT(None, public)
assert "foo" in jwt.decode(token)
with pytest.raises(RuntimeError):
jwt.encode(foo=None)
def test_jwt_token(expired, nbf):
bits = 2048
key, public = rsa.generate_rsa(bits)
jwt = JWT(key, public)
token = jwt.encode(foo="bar", expired=expired, nbf=nbf)
assert token
assert "foo" in jwt.decode(token)
header, data, signature = token.split(".")
signature = signature[::-1]
with pytest.raises(InvalidSignatureError):
jwt.decode(".".join((header, data, signature)))
header = base64.b64encode(b'{"alg":"none"}').decode()
with pytest.raises(InvalidAlgorithmError):
jwt.decode(".".join((header, data, "")))
))
return self.__jwt.encode(
claims,
self.__private_key,
algorithm=self.__algorithm,
).decode()
def decode(self, token: str, verify=True, **kwargs) -> dict:
if not self.__public_key:
raise RuntimeError("Can't decode without public key")
return self.__jwt.decode(token,
key=self.__public_key,
verify=verify,
algorithms=self.ALGORITHMS,
**kwargs)
if __name__ == '__main__':
from jwt_rsa.rsa import generate_rsa
key, public = generate_rsa(2048)
jwt = JWT(key, public)
token = jwt.encode()
print('Token', token)
print('Content', jwt.decode(token))
