def test_burned_nonce(self):
nonce = nonces.make_nonce()
nonce2 = nonces.make_nonce()
logger.debug('nonce=%s, nonce2=%s', nonce, nonce2)
self.assertTrue(nonces.verify_nonce(nonce))
self.assertTrue(nonces.burn_nonce(nonce))
self.assertFalse(nonces.verify_nonce(nonce))
self.assertTrue(nonces.verify_nonce(nonce2))
self.assertTrue(nonces.burn_nonce(nonce2))
self.assertFalse(nonces.verify_nonce(nonce2))
def test_uniquess_to_a_point(self):
seen = {}
for _ in range(10000):
nonce = nonces.make_nonce()
self.assertTrue(nonce not in seen)
seen[nonce] = True
def test_make_nonce(self):
nonce = nonces.make_nonce()
self.assertRegexpMatches(
nonce, r'^002'
r'[2-9][0-9]{3}-(0[1-9]|1[0-2])-(0[1-9]|[12][0-9]|3[01])'
r'T([01][0-9]|2[0-3])(:[0-5][0-9]){2}Z'
r'[A-Za-z0-9]{6}$')
def test_valid_nonce(self):
nonce = nonces.make_nonce()
logger.debug('nonce=%s', nonce)
self.assertTrue(nonces.verify_nonce(nonce))
self.assertTrue(nonces.burn_nonce(nonce))
self.assertTrue(nonces.verify_nonce(nonce))
def test_expired_nonce(self):
then = datetime.utcnow().replace(tzinfo=tz.tzutc()) + timedelta(hours=-24)
nonce = nonces.make_nonce(then)
logger.debug('nonce=%s', nonce)
jwt = jwts.make_jwt({'message': 'hi', 'jti': nonce}, self.keypair)
with self.assertRaises(exceptions.InvalidClaimsError):
jwts.verify_jwt(jwt, self.keypair)
def test_exp_and_nonce(self):
exp = int(time.time()) + 2 * 60
nonce = nonces.make_nonce()
claims_in = {'exp': exp, 'jti': nonce}
claims_out = self._create_and_verify_good_jwt(claims_in)
self.assertEqual(exp, claims_out['exp'])
self.assertEqual(nonce, claims_out['jti'])
def test_make_nonce_expired(self):
expiry = _make_datetime(delta_minutes=5)
nonce = nonces.make_nonce(expiry)
self.assertRegexpMatches(
nonce, r'^002'
r'[2-9][0-9]{3}-(0[1-9]|1[0-2])-(0[1-9]|[12][0-9]|3[01])'
r'T([01][0-9]|2[0-3])(:[0-5][0-9]){2}Z'
r'[A-Za-z0-9]{6}$')
self.assertEqual(_timestamp(expiry), nonce[3:-6])
def test_exp_not_from_v1_nonce(self):
now_ts = int(time.time())
now_dt = datetime.fromtimestamp(now_ts, tz.tzutc())
nonce = '001' + nonces.make_nonce(now_dt)[3:]
claims_in = {'jti': nonce}
claims_out = self._create_and_verify_good_jwt(claims_in)
self.assertNotEqual(now_ts, claims_out['exp'])
def test_exp_from_nonce(self):
exp = int(time.time()) + 2 * 60
exp_dt = datetime.fromtimestamp(exp, tz.tzutc())
nonce = nonces.make_nonce(exp_dt)
claims_in = {'jti': nonce}
claims_out = self._create_and_verify_good_jwt(claims_in)
self.assertEqual(exp, claims_out['exp'])
def test_exp_and_v1_nonce(self):
now = datetime.utcnow().replace(tzinfo=tz.tzutc())
nonce = '001' + nonces.make_nonce(now)[3:]
exp = int(time.time()) + 2 * 60 * 60
claims_in = {'exp': exp, 'jti': nonce}
claims_out = self._create_and_verify_good_jwt(claims_in)
self.assertEqual(exp, claims_out['exp'])
self.assertEqual(nonce, claims_out['jti'])
def setUp(self):
self.tmpdir = tempfile.mkdtemp()
os.environ['HOME'] = self.tmpdir
nonces.set_nonce_handlers(lambda _n: True, lambda _n: True)
self.claim_keys = ['a', 'b', 'c', 'héllo!', '😬']
self.raw_claims = {k: 0 for k in self.claim_keys}
self.standard_claims = {
'iss': str(uuid.uuid4()),
'jti': nonces.make_nonce(),
'nbf': 12345,
'exp': 12346,
}
self.dummy_jwe = {
'iv': '1234',
'ciphertext': 'hello',
'tag': '4567',
'recipients': [{}],
'unprotected': self.standard_claims,
}
def test_valid_nonce(self):
nonce = nonces.make_nonce()
logger.debug('nonce=%s', nonce)
jwt = jwts.make_jwt({'message': 'hi', 'jti': nonce}, self.keypair)
self.assertTrue(jwts.verify_jwt(jwt, self.keypair))
def test_just_burning(self):
nonce = nonces.make_nonce()
self.assertTrue(nonces.burn_nonce(nonce))
def test_almost_expired_nonce(self):
nbf = _make_datetime(delta_seconds=-3)
nonce = nonces.make_nonce()
logger.debug('nonce=%s, nbf=%s', nonce, nbf)
self.assertTrue(nonces.verify_nonce(nonce, nbf))