def __init__(self, *args, **kwargs):
super(AccessTokenSignerTest, self).__init__(*args, **kwargs)
self.token = bytearray("test_token".encode())
self.signer = AccessTokenSigner()
key_pair = self.signer.crypto.generate_key_pair()
self.private_key = key_pair.private_key
self.public_key = key_pair.public_key
def __emulate_server_jwt_response(self, token_context, token_ttl):
data = {"username": "******"}
builder = JwtGenerator(config.VIRGIL_APP_ID, self._app_private_key,
config.VIRGIL_API_KEY_ID, token_ttl,
AccessTokenSigner())
identity = self.some_hash(token_context.identity)
return builder.generate_token(identity, data).to_string()
def getUserVirgilJWT():
try:
if not g.user:
print('ERROR: No user to get Virgil JWT for.')
return "", constants.STATUS_BAD_REQUEST
crypto = VirgilCrypto()
api_id = os.environ['VIRGIL_API_ID']
api_key_id = os.environ['VIRGIL_API_KEY_ID']
api_private_key = os.environ['VIRGIL_API_PRIVATE_KEY_ID']
token_ttl = 20 # seconds
imported_key = crypto.import_private_key(
Utils.b64decode(api_private_key)).private_key
# Instantiate token generator
builder = JwtGenerator(api_id, imported_key, api_key_id, token_ttl,
AccessTokenSigner())
token = builder.generate_token(str(g.user.id)).to_string()
return jsonify({"token": token}), constants.STATUS_OK
except Exception as err:
print('Error getting the Virgil JWT: ' + str(err))
return "", constants.STATUS_SERVER_ERROR
return "", constants.STATUS_SERVER_ERROR
def __init__(self):
self.crypto = VirgilCrypto()
self.api_key_base64 = "MC4CAQAwBQYDK2VwBCIEIF+gQkN4StqMMFJGWE1tKXcitkLqHqmrBz+OaQZKGZFR"
self.app_id = "6af75f0dd9be50ebb77facad0f71eaf3"
self.app_key_id = "3def16346c7b43bbaed5b4b9acb9ac8affa4"
self.api_key = self.crypto.import_private_key(Utils.b64_decode(self.api_key_base64))
self.ttl = datetime.timedelta(hours=1).seconds
self.access_token_signer = AccessTokenSigner()
self.key_pair = self.crypto.generate_keys()
self.server_crypto = VirgilCrypto()
self.server_key_pair = self.server_crypto.generate_keys()
self.server_private_key_data = self.server_crypto.export_private_key(self.server_key_pair.private_key, "test password")
self.server_public_key_data = self.server_crypto.export_public_key(self.server_key_pair.public_key)
self.server_private_key_str = Utils.b64encode(self.server_private_key_data)
self.server_for_client_public = Utils.b64encode(self.server_public_key_data)
self.server_exporter = PrivateKeyExporter(self.server_crypto)
self.server_private_key_storage = PrivateKeyStorage(self.server_exporter)
self.server_public_key_str = self.server_key_pair.public_key
self.server_card_crypto = CardCrypto()
self.server_your_backend_white_list = WhiteList()
self.server_your_backend_white_list = VerifierCredentials(signer="Jonathan",public_key_base64 = self.server_public_key_str)
self.verifier = VirgilCardVerifier(self.server_card_crypto, white_lists = [self.server_your_backend_white_list])
self.access_token_provider = CallbackJwtProvider(self.get_token_from_server("Alice"))
self.card_manager = CardManager(
self.server_card_crypto,
self.access_token_provider,
self.verifier
)
def authenticated_query_to_server(self, token_context, token_ttl=9999):
self.crypto = VirgilCrypto()
self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIEtNPMUG9uR8YxukWw1gX3bkXjbsbOZoN54d2ZKSz09a"
# self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIJvD17QhpJ1qFfIq3q8eqrZ0oBIf9GQ0T+6obQCmspnQ"
#self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIF+gQkN4StqMMFJGWE1tKXcitkLqHqmrBz+OaQZKGZFR"
#self.app_id = "6af75f0dd9be50ebb77facad0f71eaf3"
self.app_id = "def16346c7b43bbaed5b4b9ac8affa4"
# self.api_key_id = "3def16346c7b43bbaed5b4b9acb9ac8affa4"
self.api_key_id = "309d53349835f34d5a03966d9de51877"
self.app_key = self.crypto.import_private_key(
Utils.b64decode(self.app_key_base64))
self.builder = JwtGenerator(self.app_id, self.app_key, self.api_key_id,
token_ttl, AccessTokenSigner())
#self.identity = token_context.identity
#return self.builder.generate_token(self.identity).to_string()
#PLEASE MAKE TOKEN_CONTEXT AN ACTUAL JWT TOKEN
#return self.builder.generate_token(token_context)
try:
self.identity = token_context.identity
return self.builder.generate_token(self.identity).to_string()
except:
return self.builder.generate_token(token_context)
def test_send_second_request_to_client_expired_token_retry_on_unauthorized(
self):
class FakeTokenProvider(object):
def __init__(self,
identity,
token_generator,
additional_token_generator=None):
self.identity = identity
self.token_generator = token_generator
self.additional_token_generator = additional_token_generator
def get_token(self, token_context):
if not token_context.force_reload and self.additional_token_generator:
token = self.additional_token_generator.generate_token(
identity)
return token
token = self.token_generator.generate_token(identity)
return token
expired_jwt_generator = JwtGenerator(config.VIRGIL_APP_ID,
self._app_private_key,
config.VIRGIL_API_KEY_ID, 1,
AccessTokenSigner())
jwt_generator = JwtGenerator(config.VIRGIL_APP_ID,
self._app_private_key,
config.VIRGIL_API_KEY_ID,
datetime.timedelta(minutes=10).seconds,
AccessTokenSigner())
identity = str(binascii.hexlify(os.urandom(20)).decode())
access_token_provider = FakeTokenProvider(identity, jwt_generator,
expired_jwt_generator)
validator = VirgilCardVerifier(CardCrypto())
card_manager = CardManager(card_crypto=CardCrypto(),
access_token_provider=access_token_provider,
card_verifier=validator,
sign_callback=self.sign_callback)
key_pair = self._crypto.generate_keys()
card = card_manager.publish_card(key_pair.private_key,
key_pair.public_key, identity)
self.assertIsNotNone(card)
searched_card = card_manager.search_card(identity)
self.assertEqual(len(searched_card), 1)
def test_expired_token(self):
token_generator = JwtGenerator(config.VIRGIL_APP_ID,
self._app_private_key,
config.VIRGIL_API_KEY_ID, 0,
AccessTokenSigner())
access_token_provider = self.FakeTokenProvider(token_generator)
card_manager = self._data_generator.generate_card_manager(
access_token_provider)
self.assertRaises(ClientException, card_manager.get_card,
self._data_generator.generate_card_id())
def test_verify_imported_token(self):
# STC-22
private_key = self._app_private_key
public_key = self._crypto.extract_public_key(private_key)
signer = AccessTokenSigner()
jwt = self._data_generator.generate_token(private_key, signer, 300)
exported_token = jwt.to_string()
imported_token = Jwt.from_string(exported_token)
verifier = JwtVerifier(signer, public_key, config.VIRGIL_API_KEY_ID)
self.assertTrue(verifier.verify_token(jwt))
self.assertTrue(verifier.verify_token(imported_token))
def test_get_invalid_card(self):
class FakeCardClient(object):
def __init__(self, raw_signed_model):
self._raw_signed_model = raw_signed_model
def publish_card(self, raw_signed_model, access_token):
return self._raw_signed_model
def get_card(self, card_id, access_token):
return self._raw_signed_model, False
def search_card(self, identity, access_token):
return [self._raw_signed_model]
validator = self.NegativeVerifier()
jwt_generator = JwtGenerator(config.VIRGIL_APP_ID,
self._app_private_key,
config.VIRGIL_API_KEY_ID,
datetime.timedelta(minutes=10).seconds,
AccessTokenSigner())
identity = Utils.b64encode(os.urandom(20))
token = jwt_generator.generate_token(identity)
access_token_provider = self.EchoTokenProvider(token)
key_pair = self._crypto.generate_keys()
virgil_key_pair = self._crypto.generate_keys()
additional_key_pair = self._crypto.generate_keys()
model = self._data_generator.generate_raw_signed_model(
key_pair, True, virgil_key_pair, additional_key_pair)
client = FakeCardClient(model)
card_id = self._data_generator.generate_card_id()
search_identity = Utils.b64encode(os.urandom(20))
manager = CardManager(CardCrypto(),
access_token_provider,
validator,
sign_callback=self.sign_callback)
manager._card_client = client
self.assertRaises(CardVerificationException, manager.import_card,
model.to_json())
self.assertRaises(CardVerificationException, manager.import_card,
model.to_string())
self.assertRaises(CardVerificationException, manager.get_card, card_id)
self.assertRaises(CardVerificationException, manager.publish_card,
model)
self.assertRaises(CardVerificationException, manager.search_card,
search_identity)
self.assertRaises(CardVerificationException, manager.import_card,
model)
class AccessTokenSignerTest(unittest.TestCase):
def __init__(self, *args, **kwargs):
super(AccessTokenSignerTest, self).__init__(*args, **kwargs)
self.token = bytearray("test_token".encode())
self.signer = AccessTokenSigner()
key_pair = self.signer.crypto.generate_key_pair()
self.private_key = key_pair.private_key
self.public_key = key_pair.public_key
def test_generate_token_signature(self):
self.assertIsNotNone(
self.signer.generate_token_signature(self.token, self.private_key))
def test_generate_token_signature_empty_token(self):
self.assertRaises(ValueError, self.signer.generate_token_signature,
None, self.private_key)
def test_generate_token_signature_empty_key(self):
self.assertRaises(ValueError, self.signer.generate_token_signature,
self.token, None)
def test_verify_token_signature(self):
signature = self.signer.generate_token_signature(
self.token, self.private_key)
self.assertTrue(
self.signer.verify_token_signature(signature, self.token,
self.public_key))
def test_verify_token_signature_wrong_signature(self):
signature = self.signer.generate_token_signature(
self.token, self.private_key)
self.assertRaises(VirgilCryptoFoundationError,
self.signer.verify_token_signature, signature[:-2],
self.token, self.public_key)
wrong_key_pair = self.signer.crypto.generate_key_pair()
self.assertFalse(
self.signer.verify_token_signature(signature, self.token,
wrong_key_pair.public_key))
def test_verify_token_signature_empty_token(self):
signature = self.signer.generate_token_signature(
self.token, self.private_key)
self.assertRaises(ValueError, self.signer.verify_token_signature,
signature, None, self.public_key)
def test_verify_token_signature_empty_key(self):
signature = self.signer.generate_token_signature(
self.token, self.private_key)
self.assertRaises(ValueError, self.signer.verify_token_signature,
signature, self.token, None)
def test_verify_created_in_another_sdk(self):
# STC-22
token_base64 = self._compatibility_data["STC-22.jwt"]
public_key_base64 = self._compatibility_data[
"STC-22.api_public_key_base64"]
key_id_base64 = self._compatibility_data["STC-22.api_key_id"]
jwt = Jwt.from_string(token_base64)
exported_token = jwt.to_string()
signer = AccessTokenSigner()
verifier = JwtVerifier(
signer,
self._crypto.import_public_key(
Utils.strtobytes(Utils.b64decode(public_key_base64))),
key_id_base64)
self.assertEqual(exported_token, token_base64)
self.assertTrue(verifier.verify_token(jwt))
def test_gets_card_with_different_id(self):
class PositiveVerifier(object):
def verify_card(self):
return True
class FakeCardClient(object):
def __init__(self, raw_signed_model):
self._raw_signed_model = raw_signed_model
def get_card(self, card_id, access_token):
return self._raw_signed_model, False
validator = PositiveVerifier()
key_pair = self._crypto.generate_keys()
raw_card_content = RawCardContent(identity="test",
public_key=key_pair.public_key,
created_at=Utils.to_timestamp(
datetime.datetime.now()),
version="5.0")
model = RawSignedModel(raw_card_content.content_snapshot)
signer = ModelSigner(CardCrypto())
signer.self_sign(model,
key_pair.private_key,
extra_fields={"info": "some_additional_info"})
jwt_generator = JwtGenerator(config.VIRGIL_APP_ID,
self._app_private_key,
config.VIRGIL_API_KEY_ID,
datetime.timedelta(minutes=10).seconds,
AccessTokenSigner())
identity = Utils.b64encode(os.urandom(20))
token = jwt_generator.generate_token(identity)
access_token_provider = self.EchoTokenProvider(token)
card_id = self._data_generator.generate_app_id()
manager = CardManager(
card_crypto=CardCrypto(),
access_token_provider=access_token_provider,
card_verifier=validator,
)
manager.card_client = FakeCardClient(model)
self.assertRaises(CardVerificationException, manager.get_card, card_id)