def test_dump_issuer_keys(self):
kb = keybundle_from_local_file("file://%s/jwk.json" % BASE_PATH,
"jwks", ["sig"])
assert len(kb) == 1
issuer = KeyIssuer()
issuer.add_kb(kb)
_jwks_dict = issuer.export_jwks()
_info = _jwks_dict["keys"][0]
assert _info == {
"use":
"sig",
"e":
"AQAB",
"kty":
"RSA",
"alg":
"RS256",
"n":
"pKybs0WaHU_y4cHxWbm8Wzj66HtcyFn7Fh3n"
"-99qTXu5yNa30MRYIYfSDwe9JVc1JUoGw41yq2StdGBJ40HxichjE"
"-Yopfu3B58Q"
"lgJvToUbWD4gmTDGgMGxQxtv1En2yedaynQ73sDpIK-12JJDY55pvf"
"-PCiSQ9OjxZLiVGKlClDus44_uv2370b9IN2JiEOF-a7JB"
"qaTEYLPpXaoKWDSnJNonr79tL0T7iuJmO1l705oO3Y0TQ"
"-INLY6jnKG_RpsvyvGNnwP9pMvcP1phKsWZ10ofuuhJGRp8IxQL9Rfz"
"T87OvF0RBSO1U73h09YP-corWDsnKIi6TbzRpN5YDw",
"kid":
"abc",
}
def main():
parser = argparse.ArgumentParser()
parser.add_argument("-r",
dest="rsa_file",
help="File containing a RSA key")
parser.add_argument("-k",
dest="hmac_key",
help="If using a HMAC algorithm this is the key")
parser.add_argument("-i", dest="kid", help="key id")
parser.add_argument("-j", dest="jwk", help="JSON Web Key")
parser.add_argument("-J", dest="jwks", help="JSON Web Keys")
parser.add_argument("-u", dest="jwks_url", help="JSON Web Keys URL")
parser.add_argument("-f", dest="msg", help="The message")
parser.add_argument(
"-q",
dest="quiet",
help="Quiet mode -- only show the RAW but prettified JSON",
action="store_true",
)
args = parser.parse_args()
if args.kid:
_kid = args.kid
else:
_kid = ""
keys = []
if args.rsa_file:
keys.append(RSAKey(key=import_rsa_key(args.rsa_file), kid=_kid))
if args.hmac_key:
keys.append(SYMKey(key=args.hmac_key, kid=_kid))
if args.jwk:
_key = key_from_jwk_dict(open(args.jwk).read())
keys.append(_key)
if args.jwks:
_iss = KeyIssuer()
_iss.import_jwks(open(args.jwks).read())
keys.extend(_iss.all_keys())
if args.jwks_url:
_kb = KeyBundle(source=args.jwks_url)
keys.extend(_kb.get())
if not args.msg: # If nothing specified assume stdin
message = sys.stdin.read()
elif args.msg == "-":
message = sys.stdin.read()
else:
if os.path.isfile(args.msg):
message = open(args.msg).read().strip("\n")
else:
message = args.msg
message = message.strip()
message = message.strip('"')
process(message, keys, args.quiet)
def test_load_keys_uri():
issuer = KeyIssuer(httpc_params={"verify": True})
url = "http://localhost/jwks.json"
with responses.RequestsMock() as rsps:
rsps.add(method="GET", url=url, json=JWK2, status=200)
issuer.load_keys(jwks_uri=url)
kb = issuer.find(url)
assert len(kb) == 1
assert kb[0].source == url
def test_get_enc_not_mine(self):
issuer = KeyIssuer()
issuer.add_kb(
KeyBundle([
{
"kty": "oct",
"key": "a1b2c3d4e5f6g7h8",
"use": "sig"
},
{
"kty": "oct",
"key": "a1b2c3d4e5f6g7h8",
"use": "enc"
},
]))
issuer.add_kb(
KeyBundle([
{
"kty": "oct",
"key": "1a2b3c4d5e6f7g8h",
"use": "sig"
},
{
"kty": "oct",
"key": "1a2b3c4d5e6f7g8h",
"use": "ver"
},
]))
issuer.add_kb(keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]))
assert issuer.get("enc", "oct")
def test_items(self):
issuer = KeyIssuer()
issuer.add_kb(
KeyBundle([
{
"kty": "oct",
"key": "abcdefghijklmnop",
"use": "sig"
},
{
"kty": "oct",
"key": "ABCDEFGHIJKLMNOP",
"use": "enc"
},
]))
issuer.add_kb(
KeyBundle([
{
"kty": "oct",
"key": "0123456789012345",
"use": "sig"
},
{
"kty": "oct",
"key": "1234567890123456",
"use": "enc"
},
]))
issuer.add_kb(keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]))
assert len(issuer.all_keys()) == 5
def test_key_issuer():
kb = keybundle_from_local_file("file://%s/jwk.json" % BASE_PATH, "jwks", ["sig"])
assert len(kb) == 1
issuer = KeyIssuer()
issuer.add(kb)
_item = item.KeyIssuer().serialize(issuer)
_iss = item.KeyIssuer().deserialize(_item)
assert len(_iss) == 1 # 1 key
assert len(_iss.get("sig", "rsa")) == 1 # 1 RSA key
_kb = _iss[0]
assert kb.difference(_kb) == [] # no difference
def test_keyissuer_eq():
kj1 = KeyIssuer()
kj1.import_jwks(JWKS_SPO)
kj2 = KeyIssuer()
kj2.import_jwks(JWKS_SPO)
assert kj1 == kj2
def test_dump():
issuer = KeyIssuer()
issuer.add_kb(KeyBundle(JWK2["keys"]))
res = issuer.dump()
nkj = KeyIssuer().load(res)
assert nkj.get("sig", "rsa", kid="kriMPdmBvx68skT8-mPAB3BseeA")
assert nkj.get("sig", "rsa", kid="MnC_VZcATfM5pOYiJHMba9goEKY")
def test_get_signing_key_use_undefined():
issuer = KeyIssuer()
issuer.import_jwks(JWK1)
keys = issuer.get("sig", kid="rsa1")
assert len(keys) == 1
keys = issuer.get("sig", key_type="rsa")
assert len(keys) == 1
keys = issuer.get("sig", key_type="rsa", kid="rsa1")
assert len(keys) == 1
def test_ec_alg():
kb = KeyBundle(source=os.path.join(BASE_PATH, "ec-p256.json"),
keyusage="sig")
issuer = KeyIssuer()
issuer.add_kb(kb)
k = issuer.get(key_use="sig", key_type="ec", alg="P-384")
assert k == []
k = issuer.get(key_use="sig", key_type="ec", alg="P-256")
assert len(k) == 1
def test_items():
issuer = KeyIssuer(name="foo")
url = "http://localhost/jwks.json"
with responses.RequestsMock() as rsps:
rsps.add(method="GET", url=url, json=JWK2, status=200)
issuer.add(url)
issuer.add("LongRamblingKeyThatShouldBeLongEnough")
items = issuer.items()
assert set(items.keys()) == {None, url}
assert items[None][0].keys()[0].kty == "oct"
assert len(items[url][0].keys()) == 4
def test_add_symmetric():
issuer = KeyIssuer()
issuer.add("LongRamblingKeyThatShouldBeLongEnough")
kb = issuer.find(None)
assert len(kb) == 1
assert kb[0].keys()[0].kty == "oct"
def test_missing_url():
issuer = KeyIssuer()
with pytest.raises(KeyError):
issuer.add_url("")
def test_contains():
issuer = KeyIssuer()
issuer.add_kb(KeyBundle(JWK1["keys"]))
for k in issuer.all_keys():
assert k in issuer
def test_dump_json():
issuer = KeyIssuer()
issuer.add_kb(KeyBundle(JWK2["keys"]))
res = issuer.dump()
assert json.dumps(res)
def test_load_keys():
issuer = KeyIssuer(httpc_params={"verify": True})
issuer.load_keys(jwks=JWK2)
items = issuer.items()
assert len(items[None][0].keys()) == 4
def test_get_ec_wrong_alg():
issuer = KeyIssuer()
issuer.import_jwks(JWKS_SPO)
k = issuer.get("sig", "EC", alg="ES512")
assert k == []
def test_get_ec():
issuer = KeyIssuer()
issuer.import_jwks(JWKS_SPO)
k = issuer.get("sig", "EC", alg="ES256")
assert k
def test_keyissuer_add(self):
issuer = KeyIssuer()
kb = keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"])
issuer.add_kb(kb)
assert len(issuer.all_keys()) == 1
def test_add_symmetric(self):
issuer = KeyIssuer()
issuer.add_symmetric("abcdefghijklmnop", ["sig"])
assert len(issuer.get("sig", "oct")) == 1
def test_not_in():
issuer = KeyIssuer()
_jwk = SYMKey(key="LongRamblingKeyThatShouldBeLongEnough")
assert _jwk not in issuer
def test_import_jwks():
issuer = KeyIssuer()
issuer.import_jwks(JWK1)
assert len(issuer.all_keys()) == 2
def test_no_use(self):
kb = KeyBundle(JWK0["keys"])
issuer = KeyIssuer()
issuer.add_kb(kb)
enc_key = issuer.get("enc", "RSA")
assert enc_key != []
def test_str():
issuer = KeyIssuer(name="foo")
issuer.add("LongRamblingKeyThatShouldBeLongEnough")
assert str(issuer).startswith('<KeyIssuer "foo" oct::')
def test_load_unknown_keytype():
issuer = KeyIssuer()
issuer.import_jwks(JWK_UK)
assert len(issuer.all_keys()) == 1
def test_load_missing_key_parameter():
issuer = KeyIssuer()
with pytest.raises(JWKESTException):
issuer.import_jwks(JWK_FP)
def test_load_spomky_keys():
issuer = KeyIssuer()
issuer.import_jwks(JWKS_SPO)
assert len(issuer) == 4
def serialize(item: key_issuer.KeyIssuer) -> str:
"""Convert from KeyIssuer to JSON"""
return json.dumps(item.dump(exclude_attributes=["keybundle_cls"]))
def serialize(item: key_issuer.KeyIssuer) -> str:
""" Convert from KeyIssuer to JSON """
return json.dumps(item.dump())