def test_extend_incorrect_number_of_headers(self): jws = jwts.make_jws({'a': 1}, self.keypairs[:2]) with self.assertRaises(exceptions.KeyHeaderMismatch): jwts.extend_jws_signatures(jws, self.keypairs[0], multiple_sig_headers=[{ 'z': 0 }, { 'z': 99 }])
def test_extend_jws_signatures_from_jwt(self): jwt = jwts.make_jwt({"a": 1}, self.keypairs[0]) jws = jwts.extend_jws_signatures(jwt, self.keypairs[1:], self.keypairs[0].identity) verified_msg = jwts.verify_jws(jws, self.keypairs) self.assertIsInstance(verified_msg, dict)
def test_extend_jws_signatures_from_jwt_single_key(self): jwt = jwts.make_jwt({'a': 1}, self.keypairs[0]) jws = jwts.extend_jws_signatures(jwt, self.keypairs[1], self.keypairs[1].identity) verified_msg = jwts.verify_jws(jws, self.keypairs[:2]) self.assertIsInstance(verified_msg, dict)
def test_extend_jws_signatures_from_jws_without_1_sidx(self): jws = self.JWS_MISSING_1_SIGNATURE_INDEXES jws = jwts.extend_jws_signatures(jws, self.keypairs[2:]) kids = jwts.get_jws_key_ids(jws, ordered=True) self.assertIsInstance(kids, list) for params in kids: self.assertIn('kid', params) self.assertIn('kids', params) self.assertIn('sidxs', params)
def test_extend_jws_signatures_from_jwt_no_kid(self): keypair = service.create_secret_key() kid = str(uuid.uuid4()) jwt = jwts.make_jwt({'a': 1}, keypair) jws = jwts.extend_jws_signatures(jwt, self.keypairs, kid) keypair.identity = kid keypairs = self.keypairs + [keypair] jwts.verify_jws(jws, keypairs).should.be.a(dict)
def test_extend_jws_signatures_from_jwt_no_kid(self): keypair = service.create_secret_key() kid = str(uuid.uuid4()) jwt = jwts.make_jwt({'a': 1}, keypair) jws = jwts.extend_jws_signatures(jwt, self.keypairs, kid) keypair.identity = kid keypairs = self.keypairs + [keypair] verified_msg = jwts.verify_jws(jws, keypairs) self.assertIsInstance(verified_msg, dict)
def _handle_auth_endpoint(headers=None, data=None): logger.debug('data=%s', data) try: oneid_key = keychain.Keypair.from_secret_pem( key_bytes=TestSession.oneid_key_bytes, ) oneid_key.identity = 'oneID' jwts.verify_jws(data) jws = jwts.extend_jws_signatures(data, oneid_key) logger.debug('jws=%s', jws) return MockResponse(jws, 200) except InvalidSignature: logger.debug('invalid signature', exc_info=True) return MockResponse('Forbidden', 403) return MockResponse('Internal Server Error', 500)
def test_extend_jws_signatures_from_jwt_single_key(self): jwt = jwts.make_jwt({'a': 1}, self.keypairs[0]) jws = jwts.extend_jws_signatures(jwt, self.keypairs[1], self.keypairs[1].identity) jwts.verify_jws(jws, self.keypairs[:2]).should.be.a(dict)
def test_extend_jws_signatures_from_jws_multiple_without_sidx(self): jws = self.JWS_MISSING_2_SIGNATURE_INDEXES jws = jwts.extend_jws_signatures(jws, self.keypairs[2:]) headers = jwts.get_jws_headers(jws) indexes = list(filter(None, [h.get('sidx', None) for h in headers])) self.assertEqual(len(indexes), 0)
def test_extend_jws_signatures_from_jws(self): jws = jwts.make_jws({'a': 1}, self.keypairs[:2]) jws = jwts.extend_jws_signatures(jws, self.keypairs[2:]) verified_msg = jwts.verify_jws(jws, self.keypairs) self.assertIsInstance(verified_msg, dict)
def test_extend_jws_missing_keypair_identity(self): keypair = service.create_secret_key() jws = jwts.make_jws({'a': 1}, self.keypairs[0]) with self.assertRaises(exceptions.InvalidKeyError): jwts.extend_jws_signatures(jws, keypair)
def test_extend_jws_signatures_from_jws(self): jws = jwts.make_jws({'a': 1}, self.keypairs[:2]) jws = jwts.extend_jws_signatures(jws, self.keypairs[2:]) jwts.verify_jws(jws, self.keypairs).should.be.a(dict)