def test_encode_decode(): key = bitjws.PrivateKey() ser = bitjws.sign_serialize(key) header, payload = bitjws.validate_deserialize(ser) rawheader, rawpayload = ser.rsplit('.', 1)[0].split('.') origheader = bitjws.base64url_decode(rawheader.encode('utf8')) origpayload = bitjws.base64url_decode(rawpayload.encode('utf8')) assert header['typ'] == 'JWT' assert header['alg'] == 'CUSTOM-BITCOIN-SIGN' assert header['kid'] == bitjws.pubkey_to_addr(key.pubkey.serialize()) assert len(header) == 3 assert header == json.loads(origheader.decode('utf8')) assert isinstance(payload.get('exp', ''), (float, int)) assert payload['aud'] is None assert len(payload) == 2 assert payload == json.loads(origpayload.decode('utf8')) # Assumption: it takes mores than 0 seconds to perform the above # instructions but less than 1 second. 3600 is the default # expiration time. diff = 3600 - (payload['exp'] - time.time()) assert diff > 0 and diff < 1
def test_encode_decode(): key1 = bitjws.PrivateKey() pubkey1 = bitjws.pubkey_to_addr(key1.pubkey.serialize()) key2 = bitjws.PrivateKey() pubkey2 = bitjws.pubkey_to_addr(key2.pubkey.serialize()) ser = bitjws.multisig_sign_serialize([key1, key2]) headers, payload = bitjws.multisig_validate_deserialize(ser) rawpayload = json.loads(ser)['payload'] origpayload = bitjws.base64url_decode(rawpayload.encode('utf8')) keys_found = {pubkey1: False, pubkey2: False} assert len(headers) == 2 for h in headers: assert len(h) == 3 assert h['typ'] == 'JWT' assert h['alg'] == 'CUSTOM-BITCOIN-SIGN' assert h['kid'] in keys_found assert keys_found[h['kid']] == False keys_found[h['kid']] = True assert all(keys_found.values()) assert isinstance(payload.get('exp', ''), (float, int)) assert payload['aud'] is None assert len(payload) == 2 assert payload == json.loads(origpayload.decode('utf8'))
def test_invalid_signature_key(): key = bitjws.PrivateKey() print(bitjws.privkey_to_wif(key.private_key)) ser = bitjws.sign_serialize(key) # Decode header. rawheader = ser.rsplit('.')[0] origheader = bitjws.base64url_decode(rawheader.encode('utf8')) header = json.loads(origheader.decode('utf8')) # Modify the key declared to be used in the signature. header['kid'] = '123' ser = _encode_header(header, ser) header, payload = bitjws.validate_deserialize(ser) # If both header or payload are None then it failed to validate # the signature (as expected). assert header is None assert payload is None
def test_invalid_header(): key = bitjws.PrivateKey() print(bitjws.privkey_to_wif(key.private_key)) ser = bitjws.sign_serialize(key) # Decode header. rawheader = ser.split('.')[0] origheader = bitjws.base64url_decode(rawheader.encode('utf8')) header = json.loads(origheader.decode('utf8')) # Modify the algorithm specified (by removing it). algorithm = header.pop('alg') # Encode header and try to deserialize. ser = _encode_header(header, ser) with pytest.raises(bitjws.jws.InvalidMessage): # Unknown algorithm. bitjws.validate_deserialize(ser) # Set some other algorithm. header['alg'] = 'SHA256' ser = _encode_header(header, ser) with pytest.raises(bitjws.jws.InvalidMessage): # Unknown algorithm. bitjws.validate_deserialize(ser) # Drop the key used to sign. header['alg'] = algorithm kid = header.pop('kid') ser = _encode_header(header, ser) with pytest.raises(bitjws.jws.InvalidMessage): # No address specified. bitjws.validate_deserialize(ser) # Try to decode the original one. ser = rawheader + '.' + ser.split('.', 1)[1] header, payload = bitjws.validate_deserialize(ser) assert header is not None assert payload is not None h, p = bitjws.validate_deserialize(ser, check_expiration=False) assert h == header assert p == payload