def test_EC_jwk(self):
key = {
"kty":
"EC",
"kid":
"*****@*****.**",
"use":
"sig",
"crv":
"P-521",
"x":
"AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
"y":
"AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVySsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1",
"d":
"AAhRON2r9cqXX1hg-RoI6R1tX5p2rUAYdmpHZoC1XNM56KtscrX6zbKipQrCW9CGZH3T4ubpnoTKLDYJ_fF3_rJt",
}
assert not ECKey(key, ALGORITHMS.ES512).is_public()
del key['d']
# We are now dealing with a public key.
assert ECKey(key, ALGORITHMS.ES512).is_public()
del key['x']
# This key is missing a required parameter.
with pytest.raises(JWKError):
ECKey(key, ALGORITHMS.ES512)
def to_str(self, private_key=False):
key = ECKey(self.jwk, ALGORITHMS.ES256)
if private_key:
pem_str = key.to_pem().strip()
else:
pem_str = key.public_key().to_pem().strip()
return pem_str
def test_to_pem(self):
key = ECKey(private_key, ALGORITHMS.ES256)
assert not key.is_public()
assert key.to_pem().strip() == private_key.strip().encode('utf-8')
public_pem = key.public_key().to_pem()
assert ECKey(public_pem, ALGORITHMS.ES256).is_public()
def test_verify(self):
key = ECKey(private_key, ALGORITHMS.ES256)
msg = b'test'
signature = key.sign(msg)
public_key = key.public_key()
assert bool(public_key.verify(msg, signature))
assert not bool(public_key.verify(msg, b'not a signature'))
def test_verify(self):
key = ECKey(private_key, ALGORITHMS.ES256)
msg = b'test'
signature = key.sign(msg)
public_key = key.public_key()
assert bool(public_key.verify(msg, signature))
assert not bool(public_key.verify(msg, b'not a signature'))
def generate_ecdsa_key(kid=6, jwkey=None, pem_priv=None, pem_pub=None):
"""
Creates a key using ECDSA algorithm
:param kid: Customer key ID. Key ID to define key slot number in
the key storage. Key ID must be in range 6-10
:param jwkey: Filename of the key in JWK format to create.
If None, JWK file will not be created
:param pem_priv: Filename of the private key in PEM format to
create. If None, PEM file will not be created
:param pem_pub: Filename of the public key in PEM format to
create. If None, PEM file will not be created
:return:
"""
private_key = ec.generate_private_key(ec.SECP256R1(), default_backend())
public_key = private_key.public_key()
key_json = {
'alg':
'ES256',
'kty':
'EC',
'crv':
'P-256',
'use':
'sig',
'kid':
str(kid),
'x':
long_to_base64(public_key.public_numbers().x, size=32).decode('utf-8'),
'y':
long_to_base64(public_key.public_numbers().y, size=32).decode('utf-8'),
'd':
long_to_base64(private_key.private_numbers().private_value,
size=32).decode('utf-8'),
}
key_str = json.dumps(key_json, indent=4)
if jwkey:
os.makedirs(os.path.dirname(jwkey), exist_ok=True)
with open(jwkey, 'w') as fp:
fp.write(key_str)
logger.info(f'Created key in {jwkey}')
key = ECKey(key_json, ALGORITHMS.ES256)
if pem_priv:
os.makedirs(os.path.dirname(pem_priv), exist_ok=True)
with open(pem_priv, 'wb') as fp:
fp.write(key.to_pem().strip())
if pem_pub:
os.makedirs(os.path.dirname(pem_pub), exist_ok=True)
with open(pem_pub, 'wb') as fp:
fp.write(key.public_key().to_pem().strip())
return key_str
def test_invalid_hash_alg(self):
with pytest.raises(JWKError):
key = HMACKey(hmac_key, 'RS512')
with pytest.raises(JWKError):
key = RSAKey(rsa_key, 'HS512')
with pytest.raises(JWKError):
key = ECKey(ec_key, 'RS512') # noqa: F841
def test_invalid_jwk(self):
with pytest.raises(JWKError):
key = HMACKey(rsa_key, 'HS256')
with pytest.raises(JWKError):
key = RSAKey(hmac_key, 'RS256')
with pytest.raises(JWKError):
key = ECKey(rsa_key, 'ES256') # noqa: F841
def test_to_pem(self):
key = ECKey(private_key, ALGORITHMS.ES256)
assert not key.is_public()
assert key.to_pem().strip() == private_key.strip().encode('utf-8')
public_pem = key.public_key().to_pem()
assert ECKey(public_pem, ALGORITHMS.ES256).is_public()
def test_get_public_key(self):
key = ECKey(private_key, ALGORITHMS.ES256)
pubkey = key.public_key()
pubkey2 = pubkey.public_key()
assert pubkey == pubkey2
def test_to_dict(self):
key = ECKey(private_key, ALGORITHMS.ES256)
self.assert_parameters(key.to_dict(), private=True)
self.assert_parameters(key.public_key().to_dict(), private=False)
def test_construct_EC_from_jwk(self):
key = ECKey(ec_key, algorithm='ES512')
assert isinstance(key, jwk.Key)
def test_key_from_ecdsa():
key = ecdsa.SigningKey.from_pem(private_key)
assert not ECKey(key, ALGORITHMS.ES256).is_public()
def test_to_dict(self):
key = ECKey(private_key, ALGORITHMS.ES256)
self.assert_parameters(key.to_dict(), private=True)
self.assert_parameters(key.public_key().to_dict(), private=False)
def test_invalid_algorithm(self):
with pytest.raises(JWKError):
ECKey(private_key, "nonexistent")
with pytest.raises(JWKError):
ECKey({"kty": "bla"}, ALGORITHMS.ES256)
def test_invalid_algorithm(self):
with pytest.raises(JWKError):
ECKey(private_key, 'nonexistent')
with pytest.raises(JWKError):
ECKey({'kty': 'bla'}, ALGORITHMS.ES256)
def test_object(self):
key = object()
with pytest.raises(JOSEError):
ECKey(key, ALGORITHMS.ES256)
def test_string_secret(self):
key = 'secret'
with pytest.raises(JOSEError):
ECKey(key, ALGORITHMS.ES256)
def test_get_public_key(self):
key = ECKey(private_key, ALGORITHMS.ES256)
pubkey = key.public_key()
pubkey2 = pubkey.public_key()
assert pubkey == pubkey2
def test_key_from_pem(self):
assert not ECKey(private_key, ALGORITHMS.ES256).is_public()