def test_EC_key(self):
key = ecdsa.SigningKey.from_pem(private_key)
k = CryptographyECKey(key, ALGORITHMS.ES256)
assert k.to_pem().strip() == private_key.strip()
public_pem = k.public_key().to_pem()
public_key = CryptographyECKey(public_pem, ALGORITHMS.ES256)
def test_EC_key(self):
key = ecdsa.SigningKey.from_pem(private_key)
ECDSAECKey(key, ALGORITHMS.ES256)
CryptographyECKey(key, ALGORITHMS.ES256)
ECDSAECKey(private_key, ALGORITHMS.ES256)
CryptographyECKey(private_key, ALGORITHMS.ES256)
def test_cryptography_sig_component_length(algorithm, expected_length):
# Put mapping inside here to avoid more complex handling for test runs that do not have pyca/cryptography
mapping = {
ALGORITHMS.ES256: CryptographyEc.SECP256R1,
ALGORITHMS.ES384: CryptographyEc.SECP384R1,
ALGORITHMS.ES512: CryptographyEc.SECP521R1,
}
key = CryptographyECKey(
CryptographyEc.generate_private_key(mapping[algorithm](), backend=CryptographyBackend()),
algorithm
)
assert key._sig_component_length() == expected_length
def test_cryptography_sig_component_length(algorithm, expected_length):
# Put mapping inside here to avoid more complex handling for test runs that do not have pyca/cryptography
mapping = {
ALGORITHMS.ES256: CryptographyEc.SECP256R1,
ALGORITHMS.ES384: CryptographyEc.SECP384R1,
ALGORITHMS.ES512: CryptographyEc.SECP521R1,
}
key = CryptographyECKey(
CryptographyEc.generate_private_key(mapping[algorithm](), backend=CryptographyBackend()),
algorithm
)
assert key._sig_component_length() == expected_length
def test_object(self):
key = object()
with pytest.raises(JOSEError):
ECDSAECKey(key, ALGORITHMS.ES256)
with pytest.raises(JOSEError):
CryptographyECKey(key, ALGORITHMS.ES256)
def test_string_secret(self):
key = 'secret'
with pytest.raises(JOSEError):
ECDSAECKey(key, ALGORITHMS.ES256)
with pytest.raises(JOSEError):
CryptographyECKey(key, ALGORITHMS.ES256)
def test_signing_parity(self):
key1 = ECDSAECKey(private_key, ALGORITHMS.ES256)
public_key = key1.public_key().to_pem()
vkey1 = ECDSAECKey(public_key, ALGORITHMS.ES256)
key2 = CryptographyECKey(private_key, ALGORITHMS.ES256)
vkey2 = CryptographyECKey(public_key, ALGORITHMS.ES256)
msg = b'test'
sig1 = key1.sign(msg)
sig2 = key2.sign(msg)
assert vkey1.verify(msg, sig1)
assert vkey1.verify(msg, sig2)
assert vkey2.verify(msg, sig1)
assert vkey2.verify(msg, sig2)
# invalid signature
assert not vkey2.verify(msg, b'n' * 64)
def test_cryptograhy_der_to_raw():
key = CryptographyECKey(private_key, ALGORITHMS.ES256)
assert key._der_to_raw(DER_SIGNATURE) == RAW_SIGNATURE
def test_construct_EC_from_jwk(self):
key = CryptographyECKey(ec_key, algorithm='ES512')
assert isinstance(key, jwk.Key)
key = ECDSAECKey(ec_key, algorithm='ES512')
assert isinstance(key, jwk.Key)
def test_get_public_key(self):
key = CryptographyECKey(private_key, ALGORITHMS.ES256)
pubkey = key.public_key()
pubkey2 = pubkey.public_key()
assert pubkey == pubkey2
def test_key_too_short(self):
priv_key = ecdsa.SigningKey.generate(curve=ecdsa.NIST256p).to_pem()
key = CryptographyECKey(priv_key, ALGORITHMS.ES512)
with pytest.raises(TypeError):
key.sign('foo')
def test_invalid_algorithm(self):
with pytest.raises(JWKError):
CryptographyECKey(private_key, 'nonexistent')
with pytest.raises(JWKError):
CryptographyECKey({'kty': 'bla'}, ALGORITHMS.ES256)
def test_cryptograhy_raw_to_der():
key = CryptographyECKey(private_key, ALGORITHMS.ES256)
assert key._raw_to_der(RAW_SIGNATURE) == DER_SIGNATURE