def test_malformed(self):
""" Test that we raise ValidationError when the JWT is malformed. """
for bogus in ['abc', 'a.b', 'xyz.123.456']:
with self.assertRaises(ValidationError):
brkt_jwt.get_header(bogus)
with self.assertRaises(ValidationError):
brkt_jwt.get_payload(bogus)
def test_malformed(self):
""" Test that we raise ValidationError when the JWT is malformed. """
for bogus in ['abc', 'a.b', 'xyz.123.456']:
with self.assertRaises(ValidationError):
brkt_jwt.get_header(bogus)
with self.assertRaises(ValidationError):
brkt_jwt.get_payload(bogus)
def validate_jwt(jwt):
""" Check the incoming JWT and verify that it has all of the fields that
we require.
:param jwt a JSON Web Token as a string
:return the JWT string
:raise ValidationError if validation fails
"""
if not jwt:
return None
# Validate header.
header = brkt_jwt.get_header(jwt)
expected_fields = ['typ', 'alg', 'kid']
missing_fields = [f for f in expected_fields if f not in header]
if missing_fields:
raise ValidationError(
'Missing fields in token header: %s. Use the %s command '
'to generate a valid token.' % (
','.join(missing_fields),
brkt_jwt.SUBCOMMAND_NAME
)
)
# Validate payload.
payload = brkt_jwt.get_payload(jwt)
if not payload.get('jti'):
raise ValidationError(
'Token payload does not contain the jti field. Use the %s '
'command to generate a valid token.' %
brkt_jwt.SUBCOMMAND_NAME
)
return jwt
def validate_jwt(jwt):
""" Check the incoming JWT and verify that it has all of the fields that
we require.
:param jwt a JSON Web Token as a string
:return the JWT string
:raise ValidationError if validation fails
"""
if not jwt:
return None
# Validate header.
header = brkt_jwt.get_header(jwt)
expected_fields = ['typ', 'alg', 'kid']
missing_fields = [f for f in expected_fields if f not in header]
if missing_fields:
raise ValidationError(
'Missing fields in token header: %s. Use the %s command '
'to generate a valid token.' %
(','.join(missing_fields), brkt_jwt.SUBCOMMAND_NAME))
# Validate payload.
payload = brkt_jwt.get_payload(jwt)
if not payload.get('jti'):
raise ValidationError(
'Token payload does not contain the jti field. Use the %s '
'command to generate a valid token.' % brkt_jwt.SUBCOMMAND_NAME)
return jwt
def test_make_jwt(self):
# Generate the JWT.
now = datetime.now(tz=iso8601.UTC).replace(microsecond=0)
nbf = now + timedelta(days=1)
exp = now + timedelta(days=7)
customer = str(uuid.uuid4())
jwt = brkt_jwt.make_jwt(_crypto,
nbf=nbf,
exp=exp,
customer=customer,
claims={
'one': 1,
'two': 2
})
brkt_cli.validate_jwt(jwt)
after = datetime.now(tz=iso8601.UTC)
# Check the header.
header = brkt_jwt.get_header(jwt)
self.assertEqual('JWT', header['typ'])
self.assertEqual('ES384', header['alg'])
self.assertTrue('kid' in header)
# Check the payload
payload = brkt_jwt.get_payload(jwt)
self.assertTrue('jti' in payload)
self.assertTrue(payload['iss'].startswith('brkt-cli'))
self.assertEqual(customer, payload['customer'])
self.assertEqual(1, payload['one'])
self.assertEqual(2, payload['two'])
iat = brkt_jwt._timestamp_to_datetime(payload['iat'])
self.assertTrue(now <= iat <= after)
nbf_result = brkt_jwt._timestamp_to_datetime(payload['nbf'])
self.assertEqual(nbf, nbf_result)
exp_result = brkt_jwt._timestamp_to_datetime(payload['exp'])
self.assertEqual(exp, exp_result)
def test_make_jwt(self):
# Generate the JWT.
now = datetime.now(tz=iso8601.UTC).replace(microsecond=0)
nbf = now + timedelta(days=1)
exp = now + timedelta(days=7)
customer = str(uuid.uuid4())
jwt = brkt_jwt.make_jwt(
_crypto,
nbf=nbf,
exp=exp,
customer=customer,
claims={'one': 1, 'two': 2}
)
brkt_cli.validate_jwt(jwt)
after = datetime.now(tz=iso8601.UTC)
# Check the header.
header = brkt_jwt.get_header(jwt)
self.assertEqual('JWT', header['typ'])
self.assertEqual('ES384', header['alg'])
self.assertTrue('kid' in header)
# Check the payload
payload = brkt_jwt.get_payload(jwt)
self.assertTrue('jti' in payload)
self.assertTrue(payload['iss'].startswith('brkt-cli'))
self.assertEqual(customer, payload['customer'])
self.assertEqual(1, payload['one'])
self.assertEqual(2, payload['two'])
iat = brkt_jwt._timestamp_to_datetime(payload['iat'])
self.assertTrue(now <= iat <= after)
nbf_result = brkt_jwt._timestamp_to_datetime(payload['nbf'])
self.assertEqual(nbf, nbf_result)
exp_result = brkt_jwt._timestamp_to_datetime(payload['exp'])
self.assertEqual(exp, exp_result)
