def test_rsa_verify_bad_key(): private1, public1 = generate_rsa() private2, public2 = generate_rsa() data = json.dumps( { "private": base64.b64encode( private1.private_bytes( encoding=serialization.Encoding.DER, encryption_algorithm=serialization.NoEncryption(), format=serialization.PrivateFormat.PKCS8, ), ).decode(), "public": base64.b64encode( public2.public_bytes( encoding=serialization.Encoding.DER, format=serialization.PublicFormat.PKCS1, ), ).decode(), }, indent="\t", ) with mock.patch("sys.stdin", StringIO(data)): with pytest.raises(InvalidSignature): verify()
def test_rsa_sign(): bits = 2048 private, public = rsa.generate_rsa(bits) assert private.key_size == bits payload = os.urandom(1024 * 16) signature = private.sign( payload, padding.PSS( mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH, ), hashes.SHA256(), ) print("Signing OK") result = public.verify( signature, payload, padding.PSS( mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH, ), hashes.SHA256(), ) assert result is None
def test_jwt_token_invalid_expiration(): bits = 2048 key, public = rsa.generate_rsa(bits) jwt = JWT(key, public) with pytest.raises(ValueError): jwt.encode(foo="bar", expired=None, nbf=None)
def test_decode_only_ability(): bits = 2048 key, public = rsa.generate_rsa(bits) jwt = JWT(key) token = jwt.encode(foo="bar") with pytest.raises(RuntimeError): jwt.decode(token)
def test_encode_only_ability(): bits = 2048 key, public = rsa.generate_rsa(bits) token = JWT(key).encode(foo="bar") jwt = JWT(None, public) assert "foo" in jwt.decode(token) with pytest.raises(RuntimeError): jwt.encode(foo=None)
def test_jwt_token(expired, nbf): bits = 2048 key, public = rsa.generate_rsa(bits) jwt = JWT(key, public) token = jwt.encode(foo="bar", expired=expired, nbf=nbf) assert token assert "foo" in jwt.decode(token) header, data, signature = token.split(".") signature = signature[::-1] with pytest.raises(InvalidSignatureError): jwt.decode(".".join((header, data, signature))) header = base64.b64encode(b'{"alg":"none"}').decode() with pytest.raises(InvalidAlgorithmError): jwt.decode(".".join((header, data, "")))
)) return self.__jwt.encode( claims, self.__private_key, algorithm=self.__algorithm, ).decode() def decode(self, token: str, verify=True, **kwargs) -> dict: if not self.__public_key: raise RuntimeError("Can't decode without public key") return self.__jwt.decode(token, key=self.__public_key, verify=verify, algorithms=self.ALGORITHMS, **kwargs) if __name__ == '__main__': from jwt_rsa.rsa import generate_rsa key, public = generate_rsa(2048) jwt = JWT(key, public) token = jwt.encode() print('Token', token) print('Content', jwt.decode(token))