コード例 #1
0
    def test_jwt_wrong_key(self):
        new_keypair = service.create_secret_key()
        msg = 'bad jwt here❌'

        with self.assertRaises(exceptions.InvalidSignatureError):
            verify_jwt = jwts.make_jwt({"badmsg": msg}, self.keypair)
            jwts.verify_jwt(verify_jwt, new_keypair)

        with self.assertRaises(exceptions.InvalidSignatureError):
            verify_jwt = jwts.make_jwt({"badmsg": msg}, new_keypair)
            jwts.verify_jwt(verify_jwt, self.keypair)
コード例 #2
0
ファイル: test_jwts.py プロジェクト: videlanicolas/python-sdk
    def test_jwt_wrong_key(self):
        new_keypair = service.create_secret_key()
        msg = 'bad jwt here❌'

        with self.assertRaises(exceptions.InvalidSignatureError):
            verify_jwt = jwts.make_jwt({"badmsg": msg}, self.keypair)
            jwts.verify_jwt(verify_jwt, new_keypair)

        with self.assertRaises(exceptions.InvalidSignatureError):
            verify_jwt = jwts.make_jwt({"badmsg": msg}, new_keypair)
            jwts.verify_jwt(verify_jwt, self.keypair)
コード例 #3
0
 def test_expired(self):
     now = int(time.time())
     logger.debug('now=%s', now)
     exp = now - (jwts.TOKEN_EXPIRATION_LEEWAY_SEC + 1)
     jwt = jwts.make_jwt({'message': 'hi', 'exp': exp}, self.keypair)
     (jwts.verify_jwt.when.called_with(jwt, self.keypair)
         .should.throw(exceptions.InvalidClaimsError))
コード例 #4
0
ファイル: test_jwts.py プロジェクト: videlanicolas/python-sdk
    def test_jwt_invalid_base64(self):
        jwt = jwts.make_jwt({'message': 'hi'}, self.keypair)
        header = 'a'
        bad_jwt = '.'.join([header] + jwt.split('.')[:2])

        with self.assertRaises(exceptions.InvalidFormatError):
            jwts.verify_jwt(bad_jwt, self.keypair)
コード例 #5
0
ファイル: test_jwts.py プロジェクト: videlanicolas/python-sdk
 def test_jwt_malformed_payload(self):
     jwt = jwts.make_jwt({'message': 'hi'}, self.keypair)
     header, payload, signature = jwt.split('.')
     payload = payload[:-8]
     bad_jwt = '.'.join([header, payload, signature])
     with self.assertRaises(Exception):
         jwts.verify_jwt(bad_jwt, self.keypair)
コード例 #6
0
ファイル: test_jwts.py プロジェクト: videlanicolas/python-sdk
 def test_jwt_malformed_header(self):
     jwt = jwts.make_jwt({'message': 'hi'}, self.keypair)
     good_header = json.dumps(jwts.MINIMAL_JWT_HEADER)
     header = utils.base64url_encode(good_header).decode('utf-8')[:-4]
     bad_jwt = '.'.join([header] + jwt.split('.')[:2])
     with self.assertRaises(exceptions.InvalidFormatError):
         jwts.verify_jwt(bad_jwt, self.keypair)
コード例 #7
0
    def test_extend_jws_signatures_from_jwt_single_key(self):
        jwt = jwts.make_jwt({'a': 1}, self.keypairs[0])
        jws = jwts.extend_jws_signatures(jwt, self.keypairs[1],
                                         self.keypairs[1].identity)

        verified_msg = jwts.verify_jws(jws, self.keypairs[:2])
        self.assertIsInstance(verified_msg, dict)
コード例 #8
0
    def test_jwt_bad_header_not_json(self):
        jwt = jwts.make_jwt({"message": "hi"}, self.keypair)
        plain_text = "woo-hoo! we just do what we want!!"
        bad_jwt = ".".join([utils.base64url_encode(plain_text).decode("utf-8")] + jwt.split(".")[1:])

        with self.assertRaises(exceptions.InvalidFormatError):
            jwts.verify_jwt(bad_jwt, self.keypair)
コード例 #9
0
 def test_jwt_bad_header_invalid_alg(self):
     jwt = jwts.make_jwt({"message": "hi"}, self.keypair)
     header = json.dumps({"typ": "JWT", "alg": "NONE"})
     header_str = utils.base64url_encode(header).decode("utf-8")
     bad_jwt = ".".join([header_str] + jwt.split(".")[1:])
     with self.assertRaises(exceptions.InvalidFormatError):
         jwts.verify_jwt(bad_jwt, self.keypair)
コード例 #10
0
    def test_use_before_in_future(self):
        now = int(time.time())
        logger.debug("now=%s", now)
        jwt = jwts.make_jwt({"message": "hi", "nbf": (now + (3 * 60))}, self.keypair)

        with self.assertRaises(exceptions.InvalidClaimsError):
            jwts.verify_jwt(jwt, self.keypair)
コード例 #11
0
 def test_jwt_malformed_payload(self):
     jwt = jwts.make_jwt({"message": "hi"}, self.keypair)
     header, payload, signature = jwt.split(".")
     payload = payload[:-8]
     bad_jwt = ".".join([header, payload, signature])
     with self.assertRaises(Exception):
         jwts.verify_jwt(bad_jwt, self.keypair)
コード例 #12
0
ファイル: test_jwts.py プロジェクト: videlanicolas/python-sdk
    def test_non_standard_nonce(self):
        nonce = '0022020-02-31T02:28:42ZCdv3Yv'
        claims_in = {'jti': nonce}

        jwt = jwts.make_jwt(claims_in, self.keypair)

        self.assertTrue(jwt)
コード例 #13
0
    def test_invalid_nonce(self):
        nonce = "002" + time.strftime("%Y-%m-%dT%H:%M:%SZ", time.gmtime()) + "123456"
        logger.debug("nonce=%s", nonce)
        jwt = jwts.make_jwt({"message": "hi", "jti": nonce}, self.keypair)

        with self.assertRaises(exceptions.InvalidClaimsError):
            jwts.verify_jwt(jwt, self.keypair)
コード例 #14
0
 def test_jwt_malformed_header(self):
     jwt = jwts.make_jwt({'message': 'hi'}, self.keypair)
     good_header = json.dumps(jwts.MINIMAL_JWT_HEADER)
     header = utils.base64url_encode(good_header).decode('utf-8')[:-4]
     bad_jwt = '.'.join([header] + jwt.split('.')[:2])
     with self.assertRaises(exceptions.InvalidFormatError):
         jwts.verify_jwt(bad_jwt, self.keypair)
コード例 #15
0
    def test_valid_nonce(self):
        nonce = '001' + time.strftime('%Y-%m-%dT%H:%M:%SZ',
                                      time.gmtime()) + '123456'
        logger.debug('nonce=%s', nonce)
        jwt = jwts.make_jwt({'message': 'hi', 'jti': nonce}, self.keypair)

        self.assertTrue(jwts.verify_jwt(jwt, self.keypair))
コード例 #16
0
    def test_jwt_invalid_base64(self):
        jwt = jwts.make_jwt({'message': 'hi'}, self.keypair)
        header = 'a'
        bad_jwt = '.'.join([header] + jwt.split('.')[:2])

        with self.assertRaises(exceptions.InvalidFormatError):
            jwts.verify_jwt(bad_jwt, self.keypair)
コード例 #17
0
 def test_jwt_malformed_payload(self):
     jwt = jwts.make_jwt({'message': 'hi'}, self.keypair)
     header, payload, signature = jwt.split('.')
     payload = payload[:-8]
     bad_jwt = '.'.join([header, payload, signature])
     with self.assertRaises(Exception):
         jwts.verify_jwt(bad_jwt, self.keypair)
コード例 #18
0
    def test_jwt_invalid_base64(self):
        jwt = jwts.make_jwt({"message": "hi"}, self.keypair)
        header = "a"
        bad_jwt = ".".join([header] + jwt.split(".")[:2])

        with self.assertRaises(exceptions.InvalidFormatError):
            jwts.verify_jwt(bad_jwt, self.keypair)
コード例 #19
0
    def test_extend_jws_signatures_from_jwt(self):
        jwt = jwts.make_jwt({"a": 1}, self.keypairs[0])
        jws = jwts.extend_jws_signatures(jwt, self.keypairs[1:],
                                         self.keypairs[0].identity)

        verified_msg = jwts.verify_jws(jws, self.keypairs)
        self.assertIsInstance(verified_msg, dict)
コード例 #20
0
    def test_valid_nonce(self):
        nonce = '001' + time.strftime('%Y-%m-%dT%H:%M:%SZ',
                                      time.gmtime()) + '123456'
        logger.debug('nonce=%s', nonce)
        jwt = jwts.make_jwt({'message': 'hi', 'jti': nonce}, self.keypair)

        self.assertTrue(jwts.verify_jwt(jwt, self.keypair))
コード例 #21
0
ファイル: test_jwts.py プロジェクト: videlanicolas/python-sdk
    def test_expired_nonce(self):
        then = datetime.utcnow().replace(tzinfo=tz.tzutc()) + timedelta(hours=-24)
        nonce = nonces.make_nonce(then)
        logger.debug('nonce=%s', nonce)
        jwt = jwts.make_jwt({'message': 'hi', 'jti': nonce}, self.keypair)

        with self.assertRaises(exceptions.InvalidClaimsError):
            jwts.verify_jwt(jwt, self.keypair)
コード例 #22
0
 def test_jwt_bad_header_not_json(self):
     jwt = jwts.make_jwt({'message': 'hi'}, self.keypair)
     bad_jwt = '.'.join(
         [utils.base64url_encode('woo-hoo! we just do what we want!!').decode('utf-8')] +
         jwt.split('.')[1:]
     )
     (jwts.verify_jwt.when.called_with(bad_jwt, self.keypair)
         .should.throw(exceptions.InvalidFormatError))
コード例 #23
0
 def test_expired_nonce(self):
     now = int(time.time())
     then = now-(1*24*60*60)
     nonce = '001' + time.strftime('%Y-%m-%dT%H:%M:%SZ', time.gmtime(then)) + '123456'
     logger.debug('nonce=%s', nonce)
     jwt = jwts.make_jwt({'message': 'hi', 'jti': nonce}, self.keypair)
     (jwts.verify_jwt.when.called_with(jwt, self.keypair)
         .should.throw(exceptions.InvalidClaimsError))
コード例 #24
0
ファイル: test_jwts.py プロジェクト: videlanicolas/python-sdk
    def test_use_before_in_future(self):
        now = int(time.time())
        logger.debug('now=%s', now)
        jwt = jwts.make_jwt({'message': 'hi', 'nbf': (now + (3 * 60))},
                            self.keypair)

        with self.assertRaises(exceptions.InvalidClaimsError):
            jwts.verify_jwt(jwt, self.keypair)
コード例 #25
0
ファイル: test_jwts.py プロジェクト: videlanicolas/python-sdk
    def test_invalid_nonce(self):
        nonce = '999' + time.strftime('%Y-%m-%dT%H:%M:%SZ',
                                      time.gmtime()) + '123456'
        logger.debug('nonce=%s', nonce)
        jwt = jwts.make_jwt({'message': 'hi', 'jti': nonce}, self.keypair)

        with self.assertRaises(exceptions.InvalidClaimsError):
            jwts.verify_jwt(jwt, self.keypair)
コード例 #26
0
    def test_expired(self):
        now = int(time.time())
        logger.debug('now=%s', now)
        exp = now - (jwts.TOKEN_EXPIRATION_LEEWAY_SEC + 1)
        jwt = jwts.make_jwt({'message': 'hi', 'exp': exp}, self.keypair)

        with self.assertRaises(exceptions.InvalidClaimsError):
            jwts.verify_jwt(jwt, self.keypair)
コード例 #27
0
ファイル: test_jwts.py プロジェクト: videlanicolas/python-sdk
    def test_expired(self):
        now = int(time.time())
        logger.debug('now=%s', now)
        exp = now - (jwts.TOKEN_EXPIRATION_LEEWAY_SEC + 1)
        jwt = jwts.make_jwt({'message': 'hi', 'exp': exp}, self.keypair)

        with self.assertRaises(exceptions.InvalidClaimsError):
            jwts.verify_jwt(jwt, self.keypair)
コード例 #28
0
    def test_extend_jws_signatures_from_jwt_single_key(self):
        jwt = jwts.make_jwt({'a': 1}, self.keypairs[0])
        jws = jwts.extend_jws_signatures(jwt,
                                         self.keypairs[1],
                                         self.keypairs[1].identity)

        verified_msg = jwts.verify_jws(jws, self.keypairs[:2])
        self.assertIsInstance(verified_msg, dict)
コード例 #29
0
    def test_extend_jws_signatures_from_jwt(self):
        jwt = jwts.make_jwt({"a": 1}, self.keypairs[0])
        jws = jwts.extend_jws_signatures(jwt,
                                         self.keypairs[1:],
                                         self.keypairs[0].identity)

        verified_msg = jwts.verify_jws(jws, self.keypairs)
        self.assertIsInstance(verified_msg, dict)
コード例 #30
0
    def test_invalid_nonce(self):
        nonce = '002' + time.strftime('%Y-%m-%dT%H:%M:%SZ',
                                      time.gmtime()) + '123456'
        logger.debug('nonce=%s', nonce)
        jwt = jwts.make_jwt({'message': 'hi', 'jti': nonce}, self.keypair)

        with self.assertRaises(exceptions.InvalidClaimsError):
            jwts.verify_jwt(jwt, self.keypair)
コード例 #31
0
    def test_jwt_bad_header_not_json(self):
        jwt = jwts.make_jwt({'message': 'hi'}, self.keypair)
        plain_text = 'woo-hoo! we just do what we want!!'
        bad_jwt = '.'.join(
            [utils.base64url_encode(plain_text).decode('utf-8')] +
            jwt.split('.')[1:])

        with self.assertRaises(exceptions.InvalidFormatError):
            jwts.verify_jwt(bad_jwt, self.keypair)
コード例 #32
0
 def test_jwt_bad_header_invalid_alg(self):
     jwt = jwts.make_jwt({'message': 'hi'}, self.keypair)
     header = json.dumps({
         'typ': 'JWT',
         'alg': 'NONE',
     })
     bad_jwt = '.'.join([utils.base64url_encode(header).decode('utf-8')] + jwt.split('.')[1:])
     (jwts.verify_jwt.when.called_with(bad_jwt, self.keypair)
         .should.throw(exceptions.InvalidFormatError))
コード例 #33
0
    def test_jwt_wrong_key(self):
        new_keypair = service.create_secret_key()
        msg = 'bad jwt here❌'

        jwts.verify_jwt.when.called_with(
            jwts.make_jwt(
                {'badmsg': msg},
                self.keypair
            ),
            new_keypair
        ).should.throw(exceptions.InvalidSignatureError)
        jwts.verify_jwt.when.called_with(
            jwts.make_jwt(
                {'badmsg': msg},
                new_keypair
            ),
            self.keypair
        ).should.throw(exceptions.InvalidSignatureError)
コード例 #34
0
    def setUp(self):
        mock_keypair = keychain.Keypair.from_secret_pem(key_bytes=TestSession.id_key_bytes)
        mock_keypair.identity = 'server'
        self.server_credentials = keychain.Credentials(mock_keypair.identity, mock_keypair)

        mock_oneid_keypair = keychain.Keypair.from_secret_pem(key_bytes=TestSession.oneid_key_bytes)
        mock_oneid_keypair.identity = 'oneID'
        self.oneid_credentials = keychain.Credentials(
            mock_oneid_keypair.identity, mock_oneid_keypair
        )

        mock_project_keypair = keychain.Keypair.from_secret_pem(
            key_bytes=TestSession.proj_key_bytes
        )
        mock_project_keypair.identity = 'proj'
        self.project_credentials = keychain.Credentials(
            mock_project_keypair.identity, mock_project_keypair
        )
        mock_resetA_keypair = keychain.Keypair.from_secret_pem(
            key_bytes=TestSession.reset_key_A_bytes
        )
        mock_resetA_keypair.identity = 'resetA-id'
        self.resetA_credentials = keychain.Credentials(
            mock_resetA_keypair.identity, mock_resetA_keypair
        )

        mock_resetB_keypair = keychain.Keypair.from_secret_pem(
            key_bytes=TestSession.reset_key_B_bytes
        )
        mock_resetB_keypair.identity = 'resetB-id'
        self.resetB_credentials = keychain.Credentials(
            mock_resetB_keypair.identity, mock_resetB_keypair
        )

        mock_resetC_keypair = keychain.Keypair.from_secret_pem(
            key_bytes=TestSession.reset_key_C_bytes
        )
        mock_resetC_keypair.identity = 'resetC-id'
        self.resetC_credentials = keychain.Credentials(
            mock_resetC_keypair.identity, mock_resetC_keypair
        )

        self.oneid_response = jwts.make_jwt({'a': 1}, mock_oneid_keypair)  # TODO: JWS with both

        self.fake_config = {
            'GLOBAL': {
                'base_url': 'https://myservice',
            },
            'test_service': {
                'test_method': {
                    'endpoint': '/my/endpoint',
                    'method': 'GET',
                    'arguments': {},
                },
            },
        }
コード例 #35
0
    def test_expired_nonce(self):
        now = int(time.time())
        then = now-(1*24*60*60)
        nonce = '001' + time.strftime('%Y-%m-%dT%H:%M:%SZ',
                                      time.gmtime(then)) + '123456'
        logger.debug('nonce=%s', nonce)
        jwt = jwts.make_jwt({'message': 'hi', 'jti': nonce}, self.keypair)

        with self.assertRaises(exceptions.InvalidClaimsError):
            jwts.verify_jwt(jwt, self.keypair)
コード例 #36
0
 def test_jwt_bad_header_invalid_alg(self):
     jwt = jwts.make_jwt({'message': 'hi'}, self.keypair)
     header = json.dumps({
         'typ': 'JWT',
         'alg': 'NONE',
     })
     header_str = utils.base64url_encode(header).decode('utf-8')
     bad_jwt = '.'.join([header_str] + jwt.split('.')[1:])
     with self.assertRaises(exceptions.InvalidFormatError):
         jwts.verify_jwt(bad_jwt, self.keypair)
コード例 #37
0
    def test_jwt_wrong_type(self):
        with self.assertRaises(Exception):
            jwts.make_jwt(123, self.keypair)

        with self.assertRaises(Exception):
            jwts.make_jwt(123.456, self.keypair)

        with self.assertRaises(Exception):
            jwts.make_jwt(['a', 'b'], self.keypair)

        with self.assertRaises(Exception):
            jwts.make_jwt(lambda a: a, self.keypair)
コード例 #38
0
 def test_verify_message_no_device_creds(self, mock_request):
     message = jwts.make_jwt({'c': 3}, self.id_credentials.keypair)
     sess = session.ServerSession(
         identity_credentials=self.alt_credentials,
         oneid_credentials=self.oneid_credentials,
         project_credentials=self.project_credentials,
         config=self.fake_config,
     )
     with self.assertRaises(AttributeError):
         sess.verify_message(message, None)
コード例 #39
0
    def test_jwt_bad_header_not_json(self):
        jwt = jwts.make_jwt({'message': 'hi'}, self.keypair)
        plain_text = 'woo-hoo! we just do what we want!!'
        bad_jwt = '.'.join(
            [utils.base64url_encode(plain_text).decode('utf-8')] +
            jwt.split('.')[1:]
        )

        with self.assertRaises(exceptions.InvalidFormatError):
            jwts.verify_jwt(bad_jwt, self.keypair)
コード例 #40
0
 def test_verify_message_failed_cosign(self, mock_request):
     message = jwts.make_jwt({'c': 3}, self.id_credentials.keypair)
     sess = session.ServerSession(
         identity_credentials=self.alt_credentials,
         oneid_credentials=self.oneid_credentials,
         project_credentials=self.project_credentials,
         config=self.fake_config,
     )
     with self.assertRaises(exceptions.InvalidAuthentication):
         sess.verify_message(message, self.id_credentials)
コード例 #41
0
ファイル: test_jwts.py プロジェクト: videlanicolas/python-sdk
 def test_jwt_bad_header_invalid_alg(self):
     jwt = jwts.make_jwt({'message': 'hi'}, self.keypair)
     header = json.dumps({
         'typ': 'JWT',
         'alg': 'NONE',
     })
     header_str = utils.base64url_encode(header).decode('utf-8')
     bad_jwt = '.'.join([header_str] + jwt.split('.')[1:])
     with self.assertRaises(exceptions.InvalidFormatError):
         jwts.verify_jwt(bad_jwt, self.keypair)
コード例 #42
0
    def test_extend_jws_signatures_from_jwt_no_kid(self):
        keypair = service.create_secret_key()
        kid = str(uuid.uuid4())

        jwt = jwts.make_jwt({'a': 1}, keypair)
        jws = jwts.extend_jws_signatures(jwt, self.keypairs, kid)

        keypair.identity = kid
        keypairs = self.keypairs + [keypair]
        jwts.verify_jws(jws, keypairs).should.be.a(dict)
コード例 #43
0
ファイル: test_jwts.py プロジェクト: videlanicolas/python-sdk
    def test_jwt_wrong_type(self):
        with self.assertRaises(Exception):
            jwts.make_jwt(123, self.keypair)

        with self.assertRaises(Exception):
            jwts.make_jwt(123.456, self.keypair)

        with self.assertRaises(Exception):
            jwts.make_jwt(['a', 'b'], self.keypair)

        with self.assertRaises(Exception):
            jwts.make_jwt(lambda a: a, self.keypair)
コード例 #44
0
ファイル: test_jwts.py プロジェクト: videlanicolas/python-sdk
    def test_extend_jws_signatures_from_jwt_no_kid(self):
        keypair = service.create_secret_key()
        kid = str(uuid.uuid4())

        jwt = jwts.make_jwt({'a': 1}, keypair)
        jws = jwts.extend_jws_signatures(jwt, self.keypairs, kid)

        keypair.identity = kid
        keypairs = self.keypairs + [keypair]
        verified_msg = jwts.verify_jws(jws, keypairs)
        self.assertIsInstance(verified_msg, dict)
コード例 #45
0
    def test_not_quite_expired_then_expired(self):
        now = int(time.time())
        logger.debug('pre-sleep now=%s', now)
        exp = (now - jwts.TOKEN_EXPIRATION_LEEWAY_SEC) + 2
        jwt = jwts.make_jwt({'message': 'hi', 'exp': exp}, self.keypair)
        jwts.verify_jwt(jwt, self.keypair).should.be.true

        time.sleep(jwts.TOKEN_EXPIRATION_LEEWAY_SEC + 4)
        logger.debug('post-sleep now=%s', int(time.time()))
        (jwts.verify_jwt.when.called_with(jwt, self.keypair)
            .should.throw(exceptions.InvalidClaimsError))
コード例 #46
0
    def test_extend_jws_signatures_from_jwt_no_kid(self):
        keypair = service.create_secret_key()
        kid = str(uuid.uuid4())

        jwt = jwts.make_jwt({'a': 1}, keypair)
        jws = jwts.extend_jws_signatures(jwt, self.keypairs, kid)

        keypair.identity = kid
        keypairs = self.keypairs + [keypair]
        verified_msg = jwts.verify_jws(jws, keypairs)
        self.assertIsInstance(verified_msg, dict)
コード例 #47
0
 def test_verify_message_jwt(self, mock_request):
     message = jwts.make_jwt({'c': 3}, self.id_credentials.keypair)
     sess = session.ServerSession(
         identity_credentials=self.alt_credentials,
         oneid_credentials=self.oneid_credentials,
         project_credentials=self.project_credentials,
         config=self.fake_config,
     )
     claims = sess.verify_message(message, self.id_credentials)
     self.assertIsInstance(claims, dict)
     self.assertIn("c", claims)
     self.assertEqual(claims.get("c"), 3)
コード例 #48
0
    def _create_and_verify_good_jwt(self, claims, keypair=None):
        keypair = keypair or self.keypair
        jwt = jwts.make_jwt(claims, keypair)
        claims1 = jwts.verify_jwt(jwt, keypair)
        claims2 = jwts.verify_jwt(jwt)

        claims1.should.be.truthy
        claims2.should.be.truthy

        for claim in claims:
            claims1.should.have.key(claim).equal_to(claims[claim])
            claims2.should.have.key(claim).equal_to(claims[claim])
コード例 #49
0
ファイル: test_jwts.py プロジェクト: videlanicolas/python-sdk
    def test_not_quite_expired_then_expired(self):
        now = int(time.time())
        logger.debug('pre-sleep now=%s', now)
        exp = now + 2
        jwt = jwts.make_jwt({'message': 'hi', 'exp': exp}, self.keypair)

        self.assertTrue(jwts.verify_jwt(jwt, self.keypair))

        time.sleep(jwts.TOKEN_EXPIRATION_LEEWAY_SEC + 4)
        logger.debug('post-sleep now=%s', int(time.time()))

        with self.assertRaises(exceptions.InvalidClaimsError):
            jwts.verify_jwt(jwt, self.keypair)
コード例 #50
0
    def setUp(self):
        # self.tmpdir = tempfile.mkdtemp()
        # os.environ['HOME'] = self.tmpdir
        # nonces.set_nonce_handlers(lambda _n: True, lambda _n: True)

        self.claim_keys = ['a', 'b', 'c', 'héllo!', '😬']
        self.raw_claims = {k: 0 for k in self.claim_keys}

        self.keypair = service.create_secret_key()
        self.keypair.identity = str(uuid.uuid4())

        self.jws = jwts.make_jws(self.raw_claims, self.keypair)
        self.jwt = jwts.make_jwt(self.raw_claims, self.keypair)
コード例 #51
0
    def test_not_quite_expired_then_expired(self):
        now = int(time.time())
        logger.debug('pre-sleep now=%s', now)
        exp = (now - jwts.TOKEN_EXPIRATION_LEEWAY_SEC) + 2
        jwt = jwts.make_jwt({'message': 'hi', 'exp': exp}, self.keypair)

        self.assertTrue(jwts.verify_jwt(jwt, self.keypair))

        time.sleep(jwts.TOKEN_EXPIRATION_LEEWAY_SEC + 4)
        logger.debug('post-sleep now=%s', int(time.time()))

        with self.assertRaises(exceptions.InvalidClaimsError):
            jwts.verify_jwt(jwt, self.keypair)
コード例 #52
0
 def test_verify_message_failed_cosign(self, mock_request):
     message = jwts.make_jwt(
         {'c': 3},
         self.id_credentials.keypair
     )
     sess = session.ServerSession(
         identity_credentials=self.alt_credentials,
         oneid_credentials=self.oneid_credentials,
         project_credentials=self.project_credentials,
         config=self.fake_config,
     )
     with self.assertRaises(exceptions.InvalidAuthentication):
         sess.verify_message(message, self.id_credentials)
コード例 #53
0
    def setUp(self):
        mock_keypair = keychain.Keypair.from_secret_pem(
            key_bytes=TestSession.id_key_bytes)
        mock_keypair.identity = 'server'
        self.server_credentials = keychain.Credentials(mock_keypair.identity,
                                                       mock_keypair)

        mock_oneid_keypair = keychain.Keypair.from_secret_pem(
            key_bytes=TestSession.oneid_key_bytes)
        mock_oneid_keypair.identity = 'oneID'
        self.oneid_credentials = keychain.Credentials(
            mock_oneid_keypair.identity, mock_oneid_keypair)

        mock_project_keypair = keychain.Keypair.from_secret_pem(
            key_bytes=TestSession.proj_key_bytes)
        mock_project_keypair.identity = 'proj'
        self.project_credentials = keychain.Credentials(
            mock_project_keypair.identity, mock_project_keypair)
        mock_resetA_keypair = keychain.Keypair.from_secret_pem(
            key_bytes=TestSession.reset_key_A_bytes)
        mock_resetA_keypair.identity = 'resetA-id'
        self.resetA_credentials = keychain.Credentials(
            mock_resetA_keypair.identity, mock_resetA_keypair)

        mock_resetB_keypair = keychain.Keypair.from_secret_pem(
            key_bytes=TestSession.reset_key_B_bytes)
        mock_resetB_keypair.identity = 'resetB-id'
        self.resetB_credentials = keychain.Credentials(
            mock_resetB_keypair.identity, mock_resetB_keypair)

        mock_resetC_keypair = keychain.Keypair.from_secret_pem(
            key_bytes=TestSession.reset_key_C_bytes)
        mock_resetC_keypair.identity = 'resetC-id'
        self.resetC_credentials = keychain.Credentials(
            mock_resetC_keypair.identity, mock_resetC_keypair)

        self.oneid_response = jwts.make_jwt({'a': 1}, mock_oneid_keypair)
        # TODO: JWS with both

        self.fake_config = {
            'GLOBAL': {
                'base_url': 'https://myservice',
            },
            'test_service': {
                'test_method': {
                    'endpoint': '/my/endpoint',
                    'method': 'GET',
                    'arguments': {},
                },
            },
        }
コード例 #54
0
ファイル: test_jwts.py プロジェクト: videlanicolas/python-sdk
    def _create_and_verify_good_jwt(self, claims, keypair=None):
        keypair = keypair or self.keypair
        jwt = jwts.make_jwt(claims, keypair)
        claims1 = jwts.verify_jwt(jwt, keypair)
        claims2 = jwts.verify_jwt(jwt)

        self.assertTrue(claims1)
        self.assertEqual(claims1, claims2)

        for claim in claims:
            self.assertIn(claim, claims1)
            self.assertEqual(claims1.get(claim), claims[claim])

        return claims1
コード例 #55
0
 def test_verify_message_from_device_key_only(self, mock_request):
     message = jwts.make_jwt({'c': 3}, self.id_credentials.keypair)
     sess = session.ServerSession(
         identity_credentials=self.
         alt_credentials,  # id_cred needed for device/oneid
         oneid_credentials=self.oneid_credentials,
         project_credentials=self.project_credentials,
         config=self.fake_config,
     )
     claims = sess.verify_message(message,
                                  self.id_credentials,
                                  get_oneid_cosignature=False)
     self.assertIsInstance(claims, dict)
     self.assertIn("c", claims)
     self.assertEqual(claims.get("c"), 3)
コード例 #56
0
    def test_add_signature_to_jwt(self):
        claims = {
            'a': 1,
        }
        sess = session.DeviceSession(self.id_credentials)

        jwt = jwts.make_jwt(claims, self.alt_credentials.keypair)
        jws = sess.add_signature(jwt)

        claims = jwts.verify_jws(
            jws, [self.alt_credentials.keypair, self.id_credentials.keypair])

        self.assertIsInstance(claims, dict)
        self.assertIn("a", claims)
        self.assertEqual(claims.get("a"), 1)
コード例 #57
0
ファイル: test_jwts.py プロジェクト: videlanicolas/python-sdk
    def test_jwt_verify_with_mult_sigs(self):
        jwt = jwts.make_jwt({'a': 1}, self.keypairs[0])

        with self.assertRaises(Exception):
            jwts.verify_jws(jwt, self.keypairs[:2])
コード例 #58
0
ファイル: test_jwts.py プロジェクト: videlanicolas/python-sdk
 def test_get_jws_key_ids_from_jwt(self):
     jwt = jwts.make_jwt({'a': 1}, self.keypairs[0])
     kids = [{'kid': self.keypairs[0].identity, 'kids': [], 'sidxs': []}]
     msg_ids = jwts.get_jws_key_ids(jwt)
     self.assertEqual(msg_ids, kids)
コード例 #59
0
ファイル: test_jwts.py プロジェクト: videlanicolas/python-sdk
 def test_verify_jws_from_jwt(self):
     jwt = jwts.make_jwt({'a': 1}, self.keypairs[0])
     verified_msg = jwts.verify_jws(jwt, self.keypairs[0])
     self.assertIsInstance(verified_msg, dict)
コード例 #60
0
ファイル: test_jwts.py プロジェクト: videlanicolas/python-sdk
    def test_valid_nonce(self):
        nonce = nonces.make_nonce()
        logger.debug('nonce=%s', nonce)
        jwt = jwts.make_jwt({'message': 'hi', 'jti': nonce}, self.keypair)

        self.assertTrue(jwts.verify_jwt(jwt, self.keypair))