def test_example_1(self): _symkey = KC_SYM_S.get(alg2keytype("HS256")) csr = CheckSessionRequest(id_token=IDTOKEN.to_jwt( key=_symkey, algorithm="HS256", lifetime=300)) keyjar = KeyJar() keyjar.add_kb(ISS, KC_SYM_S) assert csr.verify(keyjar=keyjar)
def test_dump_issuer_keys(self): kb = keybundle_from_local_file("file://%s/jwk.json" % BASE_PATH, "jwks", ["sig"]) assert len(kb) == 1 kj = KeyJar() kj.add_kb("", kb) _jwks_dict = kj.export_jwks() _info = _jwks_dict["keys"][0] assert _info == { "use": "sig", "e": "AQAB", "kty": "RSA", "alg": "RS256", "n": "pKybs0WaHU_y4cHxWbm8Wzj66HtcyFn7Fh3n" "-99qTXu5yNa30MRYIYfSDwe9JVc1JUoGw41yq2StdGBJ40HxichjE" "-Yopfu3B58Q" "lgJvToUbWD4gmTDGgMGxQxtv1En2yedaynQ73sDpIK-12JJDY55pvf" "-PCiSQ9OjxZLiVGKlClDus44_uv2370b9IN2JiEOF-a7JB" "qaTEYLPpXaoKWDSnJNonr79tL0T7iuJmO1l705oO3Y0TQ" "-INLY6jnKG_RpsvyvGNnwP9pMvcP1phKsWZ10ofuuhJGRp8IxQL9Rfz" "T87OvF0RBSO1U73h09YP-corWDsnKIi6TbzRpN5YDw", "kid": "abc", }
def test_get_decrypt_keys(): kj = KeyJar() kj['Alice'] = [KeyBundle(JWK0['keys'])] kj[''] = [KeyBundle(JWK1['keys'])] kj['C'] = [KeyBundle(JWK2['keys'])] kb = rsa_init({ 'use': ['enc', 'sig'], 'size': 1024, 'name': 'rsa', 'path': 'keys' }) kj.add_kb('', kb) jwt = JWEnc() jwt.headers = {'alg': 'RS256'} jwt.part = [{ 'alg': 'RS256' }, '{"aud": "Bob", "iss": "Alice"}', 'aksjdhaksjbd'] keys = kj.get_jwt_decrypt_keys(jwt) assert keys jwt.part = [{'alg': 'RS256'}, '{"iss": "Alice"}', 'aksjdhaksjbd'] keys = kj.get_jwt_decrypt_keys(jwt) assert keys keys = kj.get_jwt_decrypt_keys(jwt, aud='Bob') assert keys
def test_update_keyjar(): _path = full_path("jwk_private_key.json") kb = KeyBundle(source="file://{}".format(_path)) kj = KeyJar() kj.add_kb("Alice", kb) kj.update()
def test_construct(self, entity): token_service = entity.client_get("service", 'accesstoken') kb_rsa = KeyBundle(source='file://{}'.format( os.path.join(BASE_PATH, "data/keys/rsa.key")), fileformat='der') for key in kb_rsa: key.add_kid() _context = token_service.client_get("service_context") _context.keyjar.add_kb('', kb_rsa) _context.provider_info = { 'issuer': 'https://example.com/', 'token_endpoint': "https://example.com/token" } _context.registration_response = { 'token_endpoint_auth_signing_alg': 'RS256' } token_service.endpoint = "https://example.com/token" request = AccessTokenRequest() pkj = PrivateKeyJWT() http_args = pkj.construct(request, service=token_service, authn_endpoint='token_endpoint') assert http_args == {} cas = request["client_assertion"] _kj = KeyJar() _kj.add_kb(_context.client_id, kb_rsa) jso = JWT(key_jar=_kj).unpack(cas) assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"]) # assert _jwt.headers == {'alg': 'RS256'} assert jso['aud'] == [_context.provider_info['token_endpoint']]
def test_update_keyjar(): _path = full_path('jwk_private_key.json') kb = KeyBundle(source='file://{}'.format(_path)) kj = KeyJar() kj.add_kb('Alice', kb) update_keyjar(kj)
def test_str(): kj = KeyJar() kj.add_kb("Alice", KeyBundle(JWK0["keys"])) desc = "{}".format(kj) _cont = json.loads(desc) assert set(_cont.keys()) == {"Alice"}
def test_construct(self, services): _service = services['accesstoken'] kb_rsa = KeyBundle(source='file://{}'.format( os.path.join(BASE_PATH, "data/keys/rsa.key")), fileformat='der') for key in kb_rsa: key.add_kid() _service.service_context.keyjar.add_kb('', kb_rsa) _service.service_context.set( 'provider_info', { 'issuer': 'https://example.com/', 'token_endpoint': "https://example.com/token" }) services['accesstoken'].endpoint = "https://example.com/token" request = AccessTokenRequest() pkj = PrivateKeyJWT() http_args = pkj.construct(request, service=_service, algorithm="RS256", authn_endpoint='token_endpoint') assert http_args == {} cas = request["client_assertion"] _kj = KeyJar() _kj.add_kb(_service.service_context.get('client_id'), kb_rsa) jso = JWT(key_jar=_kj).unpack(cas) assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"]) # assert _jwt.headers == {'alg': 'RS256'} assert jso['aud'] == [ _service.service_context.get('provider_info')['token_endpoint'] ]
def test_example(self): _symkey = KC_SYM_S.get(alg2keytype("HS256")) csr = CheckSessionRequest(id_token=IDTOKEN.to_jwt( key=_symkey, algorithm="HS256", lifetime=300)) keyjar = KeyJar() keyjar.add_kb('', KC_SYM_S) with pytest.raises(ValueError): assert csr.verify(keyjar=keyjar)
def test_find(): _path = full_path("jwk_private_key.json") kb = KeyBundle(source="file://{}".format(_path)) kj = KeyJar() kj.add_kb("Alice", kb) assert kj.find("{}".format(_path), "Alice") assert kj.find("https://example.com", "Alice") == [] assert kj.find("{}".format(_path), "Bob") is None
def test_find(): _path = full_path('jwk_private_key.json') kb = KeyBundle(source='file://{}'.format(_path)) kj = KeyJar() kj.add_kb('Alice', kb) assert kj.find('{}'.format(_path), 'Alice') assert kj.find('https://example.com', 'Alice') is None assert kj.find('{}'.format(_path), 'Bob') is None
def test_similar(): ISSUER = "xyzzy" kj = KeyJar() kb = KeyBundle(JWK2) kj.add_kb(issuer=ISSUER, kb=kb) keys1 = kj.get_issuer_keys(ISSUER) keys2 = kj[ISSUER].all_keys() assert keys1 == keys2
def test_jwt_pack_and_unpack_unknown_key(): alice = JWT(key_jar=ALICE_KEY_JAR, iss=ALICE, sign_alg="RS256") payload = {"sub": "sub"} _jwt = alice.pack(payload=payload) kj = KeyJar() kj.add_kb(ALICE, KeyBundle()) bob = JWT(key_jar=kj, iss=BOB, allowed_sign_algs=["RS256"]) with pytest.raises(NoSuitableSigningKeys): info = bob.unpack(_jwt)
def test_get_decrypt_keys(): kj = KeyJar() kj.add_kb("Alice", KeyBundle(JWK0["keys"])) kj.add_kb("", KeyBundle(JWK1["keys"])) kj.add_kb("C", KeyBundle(JWK2["keys"])) kb = rsa_init({ "use": ["enc", "sig"], "size": 1024, "name": "rsa", "path": "keys" }) kj.add_kb("", kb) jwt = JWEnc() jwt.headers = {"alg": "RS256"} jwt.part = [{ "alg": "RS256" }, '{"aud": "Bob", "iss": "Alice"}', "aksjdhaksjbd"] keys = kj.get_jwt_decrypt_keys(jwt) assert keys jwt.part = [{"alg": "RS256"}, '{"iss": "Alice"}', "aksjdhaksjbd"] keys = kj.get_jwt_decrypt_keys(jwt) assert keys with pytest.raises(IssuerNotFound): keys = kj.get_jwt_decrypt_keys(jwt, aud="Bob")
def test_issuer_extra_slash(self): ks = KeyJar() ks.add_kb( "", KeyBundle( [ {"kty": "oct", "key": "abcdefghijklmnop", "use": "sig"}, {"kty": "oct", "key": "ABCDEFGHIJKLMNOP", "use": "enc"}, ] ), ) ks.add_kb( "http://www.example.org", KeyBundle( [ {"kty": "oct", "key": "0123456789012345", "use": "sig"}, {"kty": "oct", "key": "1234567890123456", "use": "enc"}, ] ), ) ks.add_kb( "http://www.example.org", keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]), ) assert ks.get("sig", "RSA", "http://www.example.org/")
def test_get_enc_not_mine(self): ks = KeyJar() ks.add_kb( "", KeyBundle( [ {"kty": "oct", "key": "a1b2c3d4e5f6g7h8", "use": "sig"}, {"kty": "oct", "key": "a1b2c3d4e5f6g7h8", "use": "enc"}, ] ), ) ks.add_kb( "http://www.example.org/", KeyBundle( [ {"kty": "oct", "key": "1a2b3c4d5e6f7g8h", "use": "sig"}, {"kty": "oct", "key": "1a2b3c4d5e6f7g8h", "use": "enc"}, ] ), ) ks.add_kb( "http://www.example.org/", keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]), ) assert ks.get("enc", "oct", "http://www.example.org/")
def test_items(self): ks = KeyJar() ks.add_kb( "", KeyBundle( [ {"kty": "oct", "key": "abcdefghijklmnop", "use": "sig"}, {"kty": "oct", "key": "ABCDEFGHIJKLMNOP", "use": "enc"}, ] ), ) ks.add_kb( "http://www.example.org", KeyBundle( [ {"kty": "oct", "key": "0123456789012345", "use": "sig"}, {"kty": "oct", "key": "1234567890123456", "use": "enc"}, ] ), ) ks.add_kb( "http://www.example.org", keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]), ) assert len(ks.items()) == 2
def test_key_summary(): kj = KeyJar() kj.add_kb("Alice", KeyBundle(JWK0["keys"])) kj.add_kb("Bob", KeyBundle(JWK1["keys"])) kj.add_kb("C", KeyBundle(JWK2["keys"])) out = kj.key_summary("Alice") assert out
def test_dump_json(): kj = KeyJar() kj.add_kb("Alice", KeyBundle(JWK0["keys"])) kj.add_kb("Bob", KeyBundle(JWK1["keys"])) kj.add_kb("C", KeyBundle(JWK2["keys"])) res = kj.dump() assert json.dumps(res)
def test_contains(): kj = KeyJar() kj.add_kb("Alice", KeyBundle(JWK0["keys"])) kj.add_kb("Bob", KeyBundle(JWK1["keys"])) kj.add_kb("C", KeyBundle(JWK2["keys"])) assert "Bob" in kj assert "David" not in kj
def test_repr(): kj = KeyJar() kj.add_kb("Alice", KeyBundle(JWK0["keys"])) kj.add_kb("Bob", KeyBundle(JWK1["keys"])) kj.add_kb("C", KeyBundle(JWK2["keys"])) txt = kj.__repr__() assert "<KeyJar(issuers=[" in txt _d = eval(txt[16:-2]) assert set(_d) == {"Alice", "Bob", "C"}
def __init__(self, srv, iss='', signer=None, self_signer=None, fo_bundle=None, mdss_endpoint='', context='', entity_id='', fo_priority=None, mdss_owner='', verify_ssl=True, mdss_keys=''): FederationEntity.__init__(self, srv, iss, signer=signer, self_signer=self_signer, fo_bundle=fo_bundle, context=context, entity_id=entity_id, fo_priority=fo_priority, verify_ssl=verify_ssl) self.mdss_endpoint = mdss_endpoint self.mdss_owner = mdss_owner kj = KeyJar(verify_ssl=verify_ssl) if mdss_keys.startswith('http'): kj.add_url(mdss_owner, self.mdss_keys) else: kb = KeyBundle(source=mdss_keys, fileformat='jwks') kj.add_kb(mdss_owner, kb=kb) self.mdss_keys = kj self.verify_ssl = verify_ssl
def test_match_owner(): kj = KeyJar() kj.add_kb("Alice", KeyBundle(JWK0["keys"])) kj.add_kb("Bob", KeyBundle(JWK1["keys"])) kj.add_kb("https://delphi.example.com/path", KeyBundle(JWK2["keys"])) a = kj.match_owner("https://delphi.example.com") assert a == "https://delphi.example.com/path" with pytest.raises(KeyError): kj.match_owner("https://example.com")
def test_dump(): kj = KeyJar() kj.add_kb("Alice", KeyBundle(JWK0["keys"])) kj.add_kb("Bob", KeyBundle(JWK1["keys"])) kj.add_kb("C", KeyBundle(JWK2["keys"])) res = kj.dump() nkj = KeyJar().load(res) assert set(nkj.owners()) == {"Alice", "Bob", "C"} assert nkj.get_signing_key("rsa", "Alice", kid="abc") assert nkj.get_signing_key("rsa", "C", kid="MnC_VZcATfM5pOYiJHMba9goEKY")
def test_get_wrong_owner(): kj = KeyJar() kj.add_kb("Alice", KeyBundle(JWK0["keys"])) kj.add_kb("Bob", KeyBundle(JWK1["keys"])) kj.add_kb("C", KeyBundle(JWK2["keys"])) assert kj.get("sig", "rsa", "https://delphi.example.com/") == [] assert kj.get("sig", "rsa", "https://delphi.example.com") == [] assert kj.get("sig", "rsa") == [] assert "https://delphi.example.com" not in kj with pytest.raises(KeyError): kj["https://delphi.example.com"]
def test_dump(): kj = KeyJar() kj.add_kb("Alice", KeyBundle(JWK0["keys"])) kj.add_kb("Bob", KeyBundle(JWK1["keys"])) kj.add_kb("C", KeyBundle(JWK2["keys"])) res = kj.dump() nkj = KeyJar().load(res) assert set(nkj.owners()) == {"Alice", "Bob", "C"} assert nkj.get_signing_key("rsa", "Alice", kid="abc") assert nkj.get_signing_key( "rsa", "C", kid="R3NJRW1EVHRsaUcwSXVydi14cVVoTmxhaU4zckU1MlFPa05NWGNpUUZtcw" )
def test_copy(): kj = KeyJar() kj.add_kb("Alice", KeyBundle(JWK0["keys"])) kj.add_kb("Bob", KeyBundle(JWK1["keys"])) kj.add_kb("C", KeyBundle(JWK2["keys"])) kjc = kj.copy() assert set(kjc.owners()) == {"Alice", "Bob", "C"} assert len(kjc.get("sig", "oct", "Alice")) == 0 assert len(kjc.get("sig", "rsa", "Alice")) == 1 assert len(kjc.get("sig", "oct", "Bob")) == 1 assert len(kjc.get("sig", "rsa", "Bob")) == 1 assert len(kjc.get("sig", "oct", "C")) == 0 assert len(kjc.get("sig", "rsa", "C")) == 4
def test_no_use(self): kb = KeyBundle(JWK0["keys"]) kj = KeyJar() kj.add_kb("abcdefgh", kb) enc_key = kj.get_encrypt_key("RSA", "abcdefgh") assert enc_key != []
def test_keyjar_add(self): kj = KeyJar() kb = keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]) kj.add_kb('https://issuer.example.com', kb) assert list(kj.owners()) == ['https://issuer.example.com']
def test_setitem(self): kj = KeyJar() kb = keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]) kj.add_kb("https://issuer.example.com", kb) assert list(kj.owners()) == ["https://issuer.example.com"]