def test_jws_ecdsa_signer_verifier(self): # Sign priv_key = CleartextJwkSetReader.from_json(self.json_ecdsa_priv_key) signer = jws.JwsPublicKeySign(priv_key) signed_token = signer.sign(self.test_header_ecdsa, self.test_payload) # Verify pub_key = CleartextJwkSetReader.from_json(self.json_ecdsa_pub_key) verifier = jws.JwsPublicKeyVerify(pub_key) self.assertTrue(verifier.verify(signed_token)) self.assertFalse(verifier.verify(_modify_token(signed_token)))
def test_jws_verifier_with_kid(self): # Sign priv_key = CleartextJwkSetReader.from_json( self.test_json_ecdsa_priv_key_kid1) signer = jws.JwsPublicKeySign(priv_key) signed_token_kid1 = signer.sign(self.test_header_ecdsa_kid1, self.test_payload) signed_token_kid2 = signer.sign(self.test_header_ecdsa_kid2, self.test_payload) # Verify pub_key = CleartextJwkSetReader.from_json(self.test_json_ecdsa_pub_key_kid1) verifier = jws.JwsPublicKeyVerify(pub_key) self.assertTrue(verifier.verify(signed_token_kid1)) # The signature is valid but the kids don't match. self.assertFalse(verifier.verify(signed_token_kid2))
def test_jws_mac_verifier_with_rfc(self): # Set up phase: parse the key and initialize the JwsMacVerify key = CleartextJwkSetReader.from_json(self.json_hmac_key) verifier = jws.JwsMacVerify(key) # Use phase self.assertTrue(verifier.verify(self.hmac_token)) self.assertFalse(verifier.verify(_modify_token(self.hmac_token)))
def test_jws_ecdsa_verifier_with_rfc(self): # Set up phase: parse the key and initialize the verifier. key = CleartextJwkSetReader.from_json(self.json_ecdsa_pub_key) verifier = jws.JwsPublicKeyVerify(key) # Use phase self.assertTrue(verifier.verify(self.ecdsa_token)) self.assertFalse(verifier.verify(_modify_token(self.ecdsa_token)))
def test_jws_mac_authenticator_and_verifier(self): # Authenticator mac_key = CleartextJwkSetReader.from_json(self.json_hmac_key) authenticator = jws.JwsMacAuthenticator(mac_key) signed_token = authenticator.authenticate(self.test_header_hmac, self.test_payload) # Verify verifier = jws.JwsMacVerify(mac_key) self.assertTrue(verifier.verify(signed_token)) self.assertFalse(verifier.verify(_modify_token(signed_token)))