def test_dump_jwk(): keylist0 = KEYS() keylist0.wrap_add(import_rsa_key_from_cert_file(CERT)) jwk = keylist0.dump_jwks() _wk = json.loads(jwk) assert list(_wk.keys()) == ["keys"] assert len(_wk["keys"]) == 1 assert _eq(list(_wk["keys"][0].keys()), ["kty", "e", "n"])
def test_keys(): keyl = KEYS() keyl.load_dict(JWKS) assert len(keyl) == 3 assert _eq(keyl.key_types(), ['RSA', 'oct', 'EC']) assert len(keyl['rsa']) == 1 assert len(keyl['oct']) == 1 assert len(keyl['ec']) == 1
def test_loads_0(): keys = KEYS() keys.load_dict(JWK) assert len(keys) == 1 key = keys["rsa"][0] assert key.kid == 'abc' assert key.kty == 'RSA' _ckey = import_rsa_key_from_cert_file(CERT) pn = _ckey.public_numbers() assert deser(key.n) == pn.n assert deser(key.e) == pn.e
def test_load_jwk(): keylist0 = KEYS() keylist0.wrap_add(import_rsa_key_from_cert_file(CERT)) jwk = keylist0.dump_jwks() keylist1 = KEYS() keylist1.load_jwks(jwk) assert len(keylist1) == 1 key = keylist1["rsa"][0] assert key.kty == 'RSA' assert isinstance(key.key, rsa.RSAPublicKey)
def test_sign_2(): keyset = {"keys": [ {"alg": "RS512", "kty": "RSA", "d": "ckLyXxkbjC4szg8q8G0ERBZV" "-9CszeOxpRtx1KM9BLl0Do3li_Km2vvFvfXJ7MxQpiZ18pBoCcyYQEU262ym8wI22JWMPrZe24HCNxLxqzr_JEuBhpKFxQF6EFTSvJEJD1FkoTuCTvN0zD7YHGaJQG6JzVEuFUY3ewxjH0FYNa_ppTnPP3LC-T9u_GX9Yqyuw1KOYoHSzhWSWQOeAgs4dH9-iAxN1wdZ6eH1jFWAs43svk_rhwdgyJMlihFtV9MAInBlfi_Zu8wRVhVl5urkJrLf0tGFnMbnzb6dYSlUXxEYClpY12W7kXW9aePDqkCwI4oZyxmOmgq4hunKGR1dAQ", "e": "AQAB", "use": "sig", "kid": "af22448d-4c7b-464d-b63a-f5bd90f6d7d1", "n": "o9g8DpUwBW6B1qmcm-TfEh4rNX7n1t38jdo4Gkl_cI3q" "--7n0Blg0kN88LHZvyZjUB2NhBdFYNxMP8ucy0dOXvWGWzaPmGnq3DM__lN8P4WjD1cCTAVEYKawNBAmGKqrFj1SgpPNsSqiqK-ALM1w6mZ-QGimjOgwCyJy3l9lzZh5D8tKnS2t1pZgE0X5P7lZQWHYpHPqp4jKhETzrCpPGfv0Rl6nmmjp7NlRYBkWKf_HEKE333J6M039m2FbKgxrBg3zmYYpmHuMzVgxxb8LSiv5aqyeyJjxM-YDUAgNQBfKNhONqXyu9DqtSprNkw6sqmuxK0QUVrNYl3b03PgS5Q" }]} keys = KEYS() keys.load_dict(keyset) jws = JWS("payload", alg="RS512") jws.sign_compact(keys=keys)
def _get_keys(self): logger.debug("_get_keys(): self._dict.keys={0}".format( self._dict.keys())) if "jwk" in self: return [self["jwk"]] elif "jku" in self: keys = KEYS() keys.load_from_url(self["jku"]) return keys.as_dict() elif "x5u" in self: try: return {"rsa": [load_x509_cert(self["x5u"], {})]} except Exception: # ca_chain = load_x509_cert_chain(self["x5u"]) pass return {}
def test_jwt_pack_and_unpack_with_alg(): alice = JWT(own_keys=ALICE_KEYS, iss=ALICE) payload = {'sub': 'sub'} _jwt = alice.pack(payload=payload) from cryptojwt.jwk import KEYS alice_jwks = { "keys": [{ "kty": "RSA", "alg": "RS256", "use": "sig", "kid": "1", "n": ALICE_PUB_KEYS[0].n, "e": ALICE_PUB_KEYS[0].e }] } alg_keys = KEYS() alg_keys.load_dict(alice_jwks) bob = JWT(rec_keys={ALICE: alg_keys}) info = bob.unpack(_jwt) assert set(info.keys()) == {'iat', 'iss', 'sub', 'kid', 'aud'}
def test_loads_1(): jwk = { "keys": [{ 'kty': 'RSA', 'use': 'foo', 'e': 'AQAB', "n": 'wf-wiusGhA-gleZYQAOPQlNUIucPiqXdPVyieDqQbXXOPBe3nuggtVzeq7pVFH1dZz4dY2Q2LA5DaegvP8kRvoSB_87ds3dy3Rfym_GUSc5B0l1TgEobcyaep8jguRoHto6GWHfCfKqoUYZq4N8vh4LLMQwLR6zi6Jtu82nB5k8', 'kid': "1" }, { 'kty': 'RSA', 'use': 'bar', 'e': 'AQAB', "n": 'wf-wiusGhA-gleZYQAOPQlNUIucPiqXdPVyieDqQbXXOPBe3nuggtVzeq7pVFH1dZz4dY2Q2LA5DaegvP8kRvoSB_87ds3dy3Rfym_GUSc5B0l1TgEobcyaep8jguRoHto6GWHfCfKqoUYZq4N8vh4LLMQwLR6zi6Jtu82nB5k8', 'kid': "2" }] } keys = KEYS() keys.load_dict(jwk) assert len(keys) == 2 assert _eq(keys.kids(), ['1', '2'])
def test_pick_wrong_alg(): keys = KEYS() keys.load_dict(JWKS0) _jws = JWS("foobar", alg="RS256", kid="rsa1") # should be RSA256 _keys = _jws.pick_keys(keys, use="sig") assert len(_keys) == 0
def test_pick_use(): keys = KEYS() keys.load_dict(JWK2) _jws = JWS("foobar", alg="RS256", kid="MnC_VZcATfM5pOYiJHMba9goEKY") _keys = _jws.pick_keys(keys, use="sig") assert len(_keys) == 1
"issuer": "https://login.microsoftonline.com/9188040d-6c67-4c5b" "-b112-36a304b66dad/v2.0/", "kid": "dEtpjbEvbhfgwUI-bdK5xAU_9UQ", "kty": "RSA", "n": "x7HNcD9ZxTFRaAgZ7-gdYLkgQua3zvQseqBJIt8Uq3MimInMZoE9QGQeSML7qZPlowb5BUakdLI70ayM4vN36--0ht8-oCHhl8YjGFQkU-Iv2yahWHEP-1EK6eOEYu6INQP9Lk0HMk3QViLwshwb-KXVD02jdmX2HNdYJdPyc0c", "use": "sig", "x5c": [ "MIICWzCCAcSgAwIBAgIJAL3MzqqEFMYjMA0GCSqGSIb3DQEBBQUAMCkxJzAlBgNVBAMTHkxpdmUgSUQgU1RTIFNpZ25pbmcgUHVibGljIEtleTAeFw0xMzExMTExOTA1MDJaFw0xOTExMTAxOTA1MDJaMCkxJzAlBgNVBAMTHkxpdmUgSUQgU1RTIFNpZ25pbmcgUHVibGljIEtleTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAx7HNcD9ZxTFRaAgZ7+gdYLkgQua3zvQseqBJIt8Uq3MimInMZoE9QGQeSML7qZPlowb5BUakdLI70ayM4vN36++0ht8+oCHhl8YjGFQkU+Iv2yahWHEP+1EK6eOEYu6INQP9Lk0HMk3QViLwshwb+KXVD02jdmX2HNdYJdPyc0cCAwEAAaOBijCBhzAdBgNVHQ4EFgQULR0aj9AtiNMgqIY8ZyXZGsHcJ5gwWQYDVR0jBFIwUIAULR0aj9AtiNMgqIY8ZyXZGsHcJ5ihLaQrMCkxJzAlBgNVBAMTHkxpdmUgSUQgU1RTIFNpZ25pbmcgUHVibGljIEtleYIJAL3MzqqEFMYjMAsGA1UdDwQEAwIBxjANBgkqhkiG9w0BAQUFAAOBgQBshrsF9yls4ArxOKqXdQPDgHrbynZL8m1iinLI4TeSfmTCDevXVBJrQ6SgDkihl3aCj74IEte2MWN78sHvLLTWTAkiQSlGf1Zb0durw+OvlunQ2AKbK79Qv0Q+wwGuK+oymWc3GSdP1wZqk9dhrQxb3FtdU2tMke01QTut6wr7ig==" ], "x5t": "dEtpjbEvbhfgwUI-bdK5xAU_9UQ" } ] } SIGKEYS = KEYS() SIGKEYS.load_dict(JWKS) def P256(): return ec.generate_private_key(ec.SECP256R1(), default_backend()) def test_1(): claimset = {"iss": "joe", "exp": 1300819380, "http://example.com/is_root": True} _jws = JWS(claimset, cty="JWT") _jwt = _jws.sign_compact() _jr = JWS()
def test_thumbprint(): keyl = KEYS() keyl.load_dict(JWKS) for key in keyl: txt = key.thumbprint('SHA-256') assert txt in EXPECTED