def test_generate_compute_verify_mac(self): keyset_servicer = services.KeysetServicer() jwt_servicer = jwt_service.JwtServicer() template = jwt.jwt_hs256_template().SerializeToString() gen_request = testing_api_pb2.KeysetGenerateRequest(template=template) gen_response = keyset_servicer.Generate(gen_request, self._ctx) self.assertEqual(gen_response.WhichOneof('result'), 'keyset') keyset = gen_response.keyset comp_request = testing_api_pb2.JwtSignRequest(keyset=keyset) comp_request.raw_jwt.issuer.value = 'issuer' comp_request.raw_jwt.subject.value = 'subject' comp_request.raw_jwt.custom_claims['myclaim'].bool_value = True comp_request.raw_jwt.expiration.seconds = 1334 comp_request.raw_jwt.expiration.nanos = 123000000 comp_response = jwt_servicer.ComputeMacAndEncode(comp_request, self._ctx) self.assertEqual(comp_response.WhichOneof('result'), 'signed_compact_jwt') signed_compact_jwt = comp_response.signed_compact_jwt verify_request = testing_api_pb2.JwtVerifyRequest( keyset=keyset, signed_compact_jwt=signed_compact_jwt) verify_request.validator.expected_issuer.value = 'issuer' verify_request.validator.expected_subject.value = 'subject' verify_request.validator.now.seconds = 1234 verify_response = jwt_servicer.VerifyMacAndDecode(verify_request, self._ctx) self.assertEqual(verify_response.WhichOneof('result'), 'verified_jwt') self.assertEqual(verify_response.verified_jwt.issuer.value, 'issuer') self.assertEqual(verify_response.verified_jwt.subject.value, 'subject') self.assertEqual(verify_response.verified_jwt.expiration.seconds, 1334) self.assertEqual(verify_response.verified_jwt.expiration.nanos, 0)
def test_generate_compute_verify_signature(self): keyset_servicer = services.KeysetServicer() jwt_servicer = jwt_service.JwtServicer() template = jwt.jwt_es256_template().SerializeToString() gen_request = testing_api_pb2.KeysetGenerateRequest(template=template) gen_response = keyset_servicer.Generate(gen_request, self._ctx) self.assertEqual(gen_response.WhichOneof('result'), 'keyset') private_keyset = gen_response.keyset comp_request = testing_api_pb2.JwtSignRequest(keyset=private_keyset) comp_request.raw_jwt.issuer.value = 'issuer' comp_request.raw_jwt.subject.value = 'subject' comp_request.raw_jwt.custom_claims['myclaim'].bool_value = True comp_response = jwt_servicer.PublicKeySignAndEncode(comp_request, self._ctx) self.assertEqual(comp_response.WhichOneof('result'), 'signed_compact_jwt') signed_compact_jwt = comp_response.signed_compact_jwt pub_request = testing_api_pb2.KeysetPublicRequest( private_keyset=private_keyset) pub_response = keyset_servicer.Public(pub_request, self._ctx) self.assertEqual(pub_response.WhichOneof('result'), 'public_keyset') public_keyset = pub_response.public_keyset verify_request = testing_api_pb2.JwtVerifyRequest( keyset=public_keyset, signed_compact_jwt=signed_compact_jwt) verify_request.validator.expected_issuer.value = 'issuer' verify_request.validator.expected_subject.value = 'subject' verify_request.validator.allow_missing_expiration = True verify_response = jwt_servicer.PublicKeyVerifyAndDecode( verify_request, self._ctx) self.assertEqual(verify_response.WhichOneof('result'), 'verified_jwt') self.assertEqual(verify_response.verified_jwt.issuer.value, 'issuer')
def main(unused_argv): aead.register() daead.register() hybrid.register() mac.register() prf.register() signature.register() streaming_aead.register() jwt.register_jwt_mac() fake_kms.register_client() server = grpc.server(futures.ThreadPoolExecutor(max_workers=2)) testing_api_pb2_grpc.add_MetadataServicer_to_server( services.MetadataServicer(), server) testing_api_pb2_grpc.add_KeysetServicer_to_server( services.KeysetServicer(), server) testing_api_pb2_grpc.add_AeadServicer_to_server(services.AeadServicer(), server) testing_api_pb2_grpc.add_DeterministicAeadServicer_to_server( services.DeterministicAeadServicer(), server) testing_api_pb2_grpc.add_MacServicer_to_server(services.MacServicer(), server) testing_api_pb2_grpc.add_PrfSetServicer_to_server( services.PrfSetServicer(), server) testing_api_pb2_grpc.add_HybridServicer_to_server( services.HybridServicer(), server) testing_api_pb2_grpc.add_SignatureServicer_to_server( services.SignatureServicer(), server) testing_api_pb2_grpc.add_StreamingAeadServicer_to_server( services.StreamingAeadServicer(), server) testing_api_pb2_grpc.add_JwtServicer_to_server(jwt_service.JwtServicer(), server) server.add_secure_port('[::]:%d' % FLAGS.port, grpc.local_server_credentials()) server.start() server.wait_for_termination()
def test_to_jwk_set_with_invalid_keyset_fails(self): jwt_servicer = jwt_service.JwtServicer() to_jwkset_request = testing_api_pb2.JwtToJwkSetRequest( keyset=b'invalid') jwkset_response = jwt_servicer.ToJwkSet(to_jwkset_request, self._ctx) self.assertEqual(jwkset_response.WhichOneof('result'), 'err')
def test_generate_compute_verify_mac_without_expiration(self): keyset_servicer = services.KeysetServicer() jwt_servicer = jwt_service.JwtServicer() template = jwt.jwt_hs256_template().SerializeToString() gen_request = testing_api_pb2.KeysetGenerateRequest(template=template) gen_response = keyset_servicer.Generate(gen_request, self._ctx) self.assertEqual(gen_response.WhichOneof('result'), 'keyset') keyset = gen_response.keyset comp_request = testing_api_pb2.JwtSignRequest(keyset=keyset) comp_request.raw_jwt.issuer.value = 'issuer' comp_response = jwt_servicer.ComputeMacAndEncode( comp_request, self._ctx) self.assertEqual(comp_response.WhichOneof('result'), 'signed_compact_jwt') signed_compact_jwt = comp_response.signed_compact_jwt verify_request = testing_api_pb2.JwtVerifyRequest( keyset=keyset, signed_compact_jwt=signed_compact_jwt) verify_request.validator.expected_issuer.value = 'issuer' verify_request.validator.allow_missing_expiration = True verify_response = jwt_servicer.VerifyMacAndDecode( verify_request, self._ctx) print(verify_response.err) self.assertEqual(verify_response.WhichOneof('result'), 'verified_jwt') self.assertEqual(verify_response.verified_jwt.issuer.value, 'issuer')
def test_from_jwk_set_with_invalid_jwk_set_fails(self): jwt_servicer = jwt_service.JwtServicer() from_jwkset_request = testing_api_pb2.JwtFromJwkSetRequest( jwk_set='invalid') from_jwkset_response = jwt_servicer.FromJwkSet(from_jwkset_request, self._ctx) self.assertEqual(from_jwkset_response.WhichOneof('result'), 'err') print(from_jwkset_response.err)