Esempio n. 1
0
  def test_generate_compute_verify_mac(self):
    keyset_servicer = services.KeysetServicer()
    jwt_servicer = jwt_service.JwtServicer()

    template = jwt.jwt_hs256_template().SerializeToString()
    gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
    gen_response = keyset_servicer.Generate(gen_request, self._ctx)
    self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
    keyset = gen_response.keyset

    comp_request = testing_api_pb2.JwtSignRequest(keyset=keyset)
    comp_request.raw_jwt.issuer.value = 'issuer'
    comp_request.raw_jwt.subject.value = 'subject'
    comp_request.raw_jwt.custom_claims['myclaim'].bool_value = True
    comp_request.raw_jwt.expiration.seconds = 1334
    comp_request.raw_jwt.expiration.nanos = 123000000

    comp_response = jwt_servicer.ComputeMacAndEncode(comp_request, self._ctx)
    self.assertEqual(comp_response.WhichOneof('result'), 'signed_compact_jwt')
    signed_compact_jwt = comp_response.signed_compact_jwt
    verify_request = testing_api_pb2.JwtVerifyRequest(
        keyset=keyset, signed_compact_jwt=signed_compact_jwt)
    verify_request.validator.expected_issuer.value = 'issuer'
    verify_request.validator.expected_subject.value = 'subject'
    verify_request.validator.now.seconds = 1234
    verify_response = jwt_servicer.VerifyMacAndDecode(verify_request, self._ctx)
    self.assertEqual(verify_response.WhichOneof('result'), 'verified_jwt')
    self.assertEqual(verify_response.verified_jwt.issuer.value, 'issuer')
    self.assertEqual(verify_response.verified_jwt.subject.value, 'subject')
    self.assertEqual(verify_response.verified_jwt.expiration.seconds, 1334)
    self.assertEqual(verify_response.verified_jwt.expiration.nanos, 0)
Esempio n. 2
0
  def test_generate_compute_verify_signature(self):
    keyset_servicer = services.KeysetServicer()
    jwt_servicer = jwt_service.JwtServicer()

    template = jwt.jwt_es256_template().SerializeToString()
    gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
    gen_response = keyset_servicer.Generate(gen_request, self._ctx)
    self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
    private_keyset = gen_response.keyset

    comp_request = testing_api_pb2.JwtSignRequest(keyset=private_keyset)
    comp_request.raw_jwt.issuer.value = 'issuer'
    comp_request.raw_jwt.subject.value = 'subject'
    comp_request.raw_jwt.custom_claims['myclaim'].bool_value = True
    comp_response = jwt_servicer.PublicKeySignAndEncode(comp_request, self._ctx)
    self.assertEqual(comp_response.WhichOneof('result'), 'signed_compact_jwt')
    signed_compact_jwt = comp_response.signed_compact_jwt

    pub_request = testing_api_pb2.KeysetPublicRequest(
        private_keyset=private_keyset)
    pub_response = keyset_servicer.Public(pub_request, self._ctx)
    self.assertEqual(pub_response.WhichOneof('result'), 'public_keyset')
    public_keyset = pub_response.public_keyset

    verify_request = testing_api_pb2.JwtVerifyRequest(
        keyset=public_keyset, signed_compact_jwt=signed_compact_jwt)
    verify_request.validator.expected_issuer.value = 'issuer'
    verify_request.validator.expected_subject.value = 'subject'
    verify_request.validator.allow_missing_expiration = True
    verify_response = jwt_servicer.PublicKeyVerifyAndDecode(
        verify_request, self._ctx)
    self.assertEqual(verify_response.WhichOneof('result'), 'verified_jwt')
    self.assertEqual(verify_response.verified_jwt.issuer.value, 'issuer')
Esempio n. 3
0
def main(unused_argv):
    aead.register()
    daead.register()
    hybrid.register()
    mac.register()
    prf.register()
    signature.register()
    streaming_aead.register()
    jwt.register_jwt_mac()
    fake_kms.register_client()
    server = grpc.server(futures.ThreadPoolExecutor(max_workers=2))
    testing_api_pb2_grpc.add_MetadataServicer_to_server(
        services.MetadataServicer(), server)
    testing_api_pb2_grpc.add_KeysetServicer_to_server(
        services.KeysetServicer(), server)
    testing_api_pb2_grpc.add_AeadServicer_to_server(services.AeadServicer(),
                                                    server)
    testing_api_pb2_grpc.add_DeterministicAeadServicer_to_server(
        services.DeterministicAeadServicer(), server)
    testing_api_pb2_grpc.add_MacServicer_to_server(services.MacServicer(),
                                                   server)
    testing_api_pb2_grpc.add_PrfSetServicer_to_server(
        services.PrfSetServicer(), server)
    testing_api_pb2_grpc.add_HybridServicer_to_server(
        services.HybridServicer(), server)
    testing_api_pb2_grpc.add_SignatureServicer_to_server(
        services.SignatureServicer(), server)
    testing_api_pb2_grpc.add_StreamingAeadServicer_to_server(
        services.StreamingAeadServicer(), server)
    testing_api_pb2_grpc.add_JwtServicer_to_server(jwt_service.JwtServicer(),
                                                   server)
    server.add_secure_port('[::]:%d' % FLAGS.port,
                           grpc.local_server_credentials())
    server.start()
    server.wait_for_termination()
Esempio n. 4
0
    def test_to_jwk_set_with_invalid_keyset_fails(self):
        jwt_servicer = jwt_service.JwtServicer()

        to_jwkset_request = testing_api_pb2.JwtToJwkSetRequest(
            keyset=b'invalid')
        jwkset_response = jwt_servicer.ToJwkSet(to_jwkset_request, self._ctx)
        self.assertEqual(jwkset_response.WhichOneof('result'), 'err')
Esempio n. 5
0
    def test_generate_compute_verify_mac_without_expiration(self):
        keyset_servicer = services.KeysetServicer()
        jwt_servicer = jwt_service.JwtServicer()

        template = jwt.jwt_hs256_template().SerializeToString()
        gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
        gen_response = keyset_servicer.Generate(gen_request, self._ctx)
        self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
        keyset = gen_response.keyset

        comp_request = testing_api_pb2.JwtSignRequest(keyset=keyset)
        comp_request.raw_jwt.issuer.value = 'issuer'

        comp_response = jwt_servicer.ComputeMacAndEncode(
            comp_request, self._ctx)
        self.assertEqual(comp_response.WhichOneof('result'),
                         'signed_compact_jwt')
        signed_compact_jwt = comp_response.signed_compact_jwt
        verify_request = testing_api_pb2.JwtVerifyRequest(
            keyset=keyset, signed_compact_jwt=signed_compact_jwt)
        verify_request.validator.expected_issuer.value = 'issuer'
        verify_request.validator.allow_missing_expiration = True
        verify_response = jwt_servicer.VerifyMacAndDecode(
            verify_request, self._ctx)
        print(verify_response.err)
        self.assertEqual(verify_response.WhichOneof('result'), 'verified_jwt')
        self.assertEqual(verify_response.verified_jwt.issuer.value, 'issuer')
Esempio n. 6
0
  def test_from_jwk_set_with_invalid_jwk_set_fails(self):
    jwt_servicer = jwt_service.JwtServicer()

    from_jwkset_request = testing_api_pb2.JwtFromJwkSetRequest(
        jwk_set='invalid')
    from_jwkset_response = jwt_servicer.FromJwkSet(from_jwkset_request,
                                                   self._ctx)
    self.assertEqual(from_jwkset_response.WhichOneof('result'), 'err')
    print(from_jwkset_response.err)