コード例 #1
0
    def test_jwe(self):
        bad_key = {'k': RSA.generate(2048).exportKey('PEM')}

        for (alg, jwk), enc in product(self.algs, self.encs):
            jwe = jose.encrypt(claims, rsa_pub_key, enc=enc, alg=alg)

            # make sure the body can't be loaded as json (should be encrypted)
            try:
                json.loads(jose.b64decode_url(jwe.ciphertext))
                self.fail()
            except ValueError:
                pass

            token = jose.serialize_compact(jwe)

            jwt = jose.decrypt(jose.deserialize_compact(token), rsa_priv_key)
            self.assertNotIn(jose._TEMP_VER_KEY, claims)

            self.assertEqual(jwt.claims, claims)

            # invalid key
            try:
                jose.decrypt(jose.deserialize_compact(token), bad_key)
                self.fail()
            except jose.Error as e:
                self.assertEqual(e.message, 'Incorrect decryption.')
コード例 #2
0
ファイル: tests.py プロジェクト: jaimeperez/jose
    def test_jwe(self):
        bad_key = {'k': RSA.generate(2048).exportKey('PEM')}

        for (alg, jwk), enc in product(self.algs, self.encs):
            jwe = jose.encrypt(claims, rsa_pub_key, enc=enc, alg=alg)

            # make sure the body can't be loaded as json (should be encrypted)
            try:
                json.loads(jose.b64decode_url(jwe.ciphertext))
                self.fail()
            except ValueError:
                pass

            token = jose.serialize_compact(jwe)

            jwt = jose.decrypt(jose.deserialize_compact(token), rsa_priv_key)
            self.assertNotIn(jose._TEMP_VER_KEY, claims)

            self.assertEqual(jwt.claims, claims)

            # invalid key
            try:
                jose.decrypt(jose.deserialize_compact(token), bad_key)
                self.fail()
            except jose.Error as e:
                self.assertEqual(e.message, 'Incorrect decryption.')
コード例 #3
0
ファイル: tests.py プロジェクト: wendtr/jose
    def test_jwe_direct_encryption(self):
        symmetric_key = "tisasymmetrickey"

        jwe = jose.encrypt(claims, "", alg = "dir",enc="A128CBC-HS256",
                        dir_key = symmetric_key)

        # make sure the body can't be loaded as json (should be encrypted)
        try:
            json.loads(jose.b64decode_url(jwe.ciphertext))
            self.fail()
        except ValueError:
            pass
        token = jose.serialize_compact(jwe)
		
        jwt = jose.decrypt(jose.deserialize_compact(token),"",
                           dir_key = symmetric_key)
        self.assertNotIn(jose._TEMP_VER_KEY, claims)
		
        self.assertEqual(jwt.claims, claims)
		
		# invalid key
        badkey = "1234123412341234"
        try:
            jose.decrypt(jose.deserialize_compact(token), '', dir_key=badkey)
            self.fail()
        except jose.Error as e:
            self.assertEqual(e.message, 'Mismatched authentication tags')
コード例 #4
0
    def authorization_request(self, id, name, server_nonce, responses):
        auth_req = {"type":"authorizationRequest",
                    "sessionID":id,
                    "nonce":server_nonce}

        auth_req["signature"] = crypto_util.create_sig(
            name + jose.b64decode_url(server_nonce), self.key_file)

        auth_req["responses"] = responses
        return auth_req
コード例 #5
0
ファイル: client.py プロジェクト: rsumnerz/certbot
    def authorization_request(self, id, name, server_nonce, responses):
        auth_req = {
            "type": "authorizationRequest",
            "sessionID": id,
            "nonce": server_nonce
        }

        auth_req["signature"] = crypto_util.create_sig(
            name + jose.b64decode_url(server_nonce), self.key_file)

        auth_req["responses"] = responses
        return auth_req
コード例 #6
0
    def perform(self, quiet=False):
        """
        Sets up and reloads Apache server to handle SNI challenges

        listSNITuple:  List of tuples with form (addr, r, nonce)
                       addr (string), r (base64 string), nonce (hex string)
        key:           string - File path to key
        configurator:  Configurator obj
        """
        # Save any changes to the configuration as a precaution
        # About to make temporary changes to the config
        self.configurator.save()

        addresses = []
        default_addr = "*:443"
        for tup in self.listSNITuple:
            vhost = self.configurator.choose_virtual_host(tup[0])
            if vhost is None:
                print "No vhost exists with servername or alias of:", tup[0]
                print "No _default_:443 vhost exists"
                print "Please specify servernames in the Apache config"
                return None

            if not self.configurator.make_server_sni_ready(vhost, default_addr):
                return None

            for a in vhost.addrs:
                if "_default_" in a:
                    addresses.append([default_addr])
                    break
            else:
                addresses.append(vhost.addrs)

        # Generate S
        s = Random.get_random_bytes(S_SIZE)
        # Create all of the challenge certs
        for tup in self.listSNITuple:
            # Need to decode from base64
            r = jose.b64decode_url(tup[1])
            ext = self.generateExtension(r, s)
            self.createChallengeCert(tup[0], ext, tup[2], self.key)

        self.modifyApacheConfig(self.configurator.user_config_file, addresses)
        # Save reversible changes and restart the server
        self.configurator.save("SNI Challenge", True)
        self.configurator.restart(quiet)

        self.s = jose.b64encode_url(s)
        return self.s
コード例 #7
0
 def test_b64encode_url_ascii(self):
     istr = 'eric idle'
     encoded = jose.b64encode_url(istr)
     self.assertEqual(jose.b64decode_url(encoded), istr)
コード例 #8
0
 def test_b64encode_url_utf8(self):
     istr = 'eric idle'.encode('utf8')
     encoded = jose.b64encode_url(istr)
     self.assertEqual(jose.b64decode_url(encoded), istr)
コード例 #9
0
ファイル: tests.py プロジェクト: jaimeperez/jose
 def test_b64encode_url_ascii(self):
     istr = 'eric idle'
     encoded = jose.b64encode_url(istr)
     self.assertEqual(jose.b64decode_url(encoded), istr)
コード例 #10
0
ファイル: tests.py プロジェクト: jaimeperez/jose
 def test_b64encode_url_utf8(self):
     istr = 'eric idle'.encode('utf8')
     encoded = jose.b64encode_url(istr)
     self.assertEqual(jose.b64decode_url(encoded), istr)
コード例 #11
0
def b64_cert_to_pem(b64_der_cert):
    x = M2Crypto.X509.load_cert_der_string(jose.b64decode_url(b64_der_cert))
    return x.as_pem()
コード例 #12
0
ファイル: crypto_util.py プロジェクト: rsumnerz/certbot
def b64_cert_to_pem(b64_der_cert):
    x = M2Crypto.X509.load_cert_der_string(jose.b64decode_url(b64_der_cert))
    return x.as_pem()