def __init__(self, *args, **kwargs): super(AccessTokenSignerTest, self).__init__(*args, **kwargs) self.token = bytearray("test_token".encode()) self.signer = AccessTokenSigner() key_pair = self.signer.crypto.generate_key_pair() self.private_key = key_pair.private_key self.public_key = key_pair.public_key
def __emulate_server_jwt_response(self, token_context, token_ttl): data = {"username": "******"} builder = JwtGenerator(config.VIRGIL_APP_ID, self._app_private_key, config.VIRGIL_API_KEY_ID, token_ttl, AccessTokenSigner()) identity = self.some_hash(token_context.identity) return builder.generate_token(identity, data).to_string()
def getUserVirgilJWT(): try: if not g.user: print('ERROR: No user to get Virgil JWT for.') return "", constants.STATUS_BAD_REQUEST crypto = VirgilCrypto() api_id = os.environ['VIRGIL_API_ID'] api_key_id = os.environ['VIRGIL_API_KEY_ID'] api_private_key = os.environ['VIRGIL_API_PRIVATE_KEY_ID'] token_ttl = 20 # seconds imported_key = crypto.import_private_key( Utils.b64decode(api_private_key)).private_key # Instantiate token generator builder = JwtGenerator(api_id, imported_key, api_key_id, token_ttl, AccessTokenSigner()) token = builder.generate_token(str(g.user.id)).to_string() return jsonify({"token": token}), constants.STATUS_OK except Exception as err: print('Error getting the Virgil JWT: ' + str(err)) return "", constants.STATUS_SERVER_ERROR return "", constants.STATUS_SERVER_ERROR
def __init__(self): self.crypto = VirgilCrypto() self.api_key_base64 = "MC4CAQAwBQYDK2VwBCIEIF+gQkN4StqMMFJGWE1tKXcitkLqHqmrBz+OaQZKGZFR" self.app_id = "6af75f0dd9be50ebb77facad0f71eaf3" self.app_key_id = "3def16346c7b43bbaed5b4b9acb9ac8affa4" self.api_key = self.crypto.import_private_key(Utils.b64_decode(self.api_key_base64)) self.ttl = datetime.timedelta(hours=1).seconds self.access_token_signer = AccessTokenSigner() self.key_pair = self.crypto.generate_keys() self.server_crypto = VirgilCrypto() self.server_key_pair = self.server_crypto.generate_keys() self.server_private_key_data = self.server_crypto.export_private_key(self.server_key_pair.private_key, "test password") self.server_public_key_data = self.server_crypto.export_public_key(self.server_key_pair.public_key) self.server_private_key_str = Utils.b64encode(self.server_private_key_data) self.server_for_client_public = Utils.b64encode(self.server_public_key_data) self.server_exporter = PrivateKeyExporter(self.server_crypto) self.server_private_key_storage = PrivateKeyStorage(self.server_exporter) self.server_public_key_str = self.server_key_pair.public_key self.server_card_crypto = CardCrypto() self.server_your_backend_white_list = WhiteList() self.server_your_backend_white_list = VerifierCredentials(signer="Jonathan",public_key_base64 = self.server_public_key_str) self.verifier = VirgilCardVerifier(self.server_card_crypto, white_lists = [self.server_your_backend_white_list]) self.access_token_provider = CallbackJwtProvider(self.get_token_from_server("Alice")) self.card_manager = CardManager( self.server_card_crypto, self.access_token_provider, self.verifier )
def authenticated_query_to_server(self, token_context, token_ttl=9999): self.crypto = VirgilCrypto() self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIEtNPMUG9uR8YxukWw1gX3bkXjbsbOZoN54d2ZKSz09a" # self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIJvD17QhpJ1qFfIq3q8eqrZ0oBIf9GQ0T+6obQCmspnQ" #self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIF+gQkN4StqMMFJGWE1tKXcitkLqHqmrBz+OaQZKGZFR" #self.app_id = "6af75f0dd9be50ebb77facad0f71eaf3" self.app_id = "def16346c7b43bbaed5b4b9ac8affa4" # self.api_key_id = "3def16346c7b43bbaed5b4b9acb9ac8affa4" self.api_key_id = "309d53349835f34d5a03966d9de51877" self.app_key = self.crypto.import_private_key( Utils.b64decode(self.app_key_base64)) self.builder = JwtGenerator(self.app_id, self.app_key, self.api_key_id, token_ttl, AccessTokenSigner()) #self.identity = token_context.identity #return self.builder.generate_token(self.identity).to_string() #PLEASE MAKE TOKEN_CONTEXT AN ACTUAL JWT TOKEN #return self.builder.generate_token(token_context) try: self.identity = token_context.identity return self.builder.generate_token(self.identity).to_string() except: return self.builder.generate_token(token_context)
def test_send_second_request_to_client_expired_token_retry_on_unauthorized( self): class FakeTokenProvider(object): def __init__(self, identity, token_generator, additional_token_generator=None): self.identity = identity self.token_generator = token_generator self.additional_token_generator = additional_token_generator def get_token(self, token_context): if not token_context.force_reload and self.additional_token_generator: token = self.additional_token_generator.generate_token( identity) return token token = self.token_generator.generate_token(identity) return token expired_jwt_generator = JwtGenerator(config.VIRGIL_APP_ID, self._app_private_key, config.VIRGIL_API_KEY_ID, 1, AccessTokenSigner()) jwt_generator = JwtGenerator(config.VIRGIL_APP_ID, self._app_private_key, config.VIRGIL_API_KEY_ID, datetime.timedelta(minutes=10).seconds, AccessTokenSigner()) identity = str(binascii.hexlify(os.urandom(20)).decode()) access_token_provider = FakeTokenProvider(identity, jwt_generator, expired_jwt_generator) validator = VirgilCardVerifier(CardCrypto()) card_manager = CardManager(card_crypto=CardCrypto(), access_token_provider=access_token_provider, card_verifier=validator, sign_callback=self.sign_callback) key_pair = self._crypto.generate_keys() card = card_manager.publish_card(key_pair.private_key, key_pair.public_key, identity) self.assertIsNotNone(card) searched_card = card_manager.search_card(identity) self.assertEqual(len(searched_card), 1)
def test_expired_token(self): token_generator = JwtGenerator(config.VIRGIL_APP_ID, self._app_private_key, config.VIRGIL_API_KEY_ID, 0, AccessTokenSigner()) access_token_provider = self.FakeTokenProvider(token_generator) card_manager = self._data_generator.generate_card_manager( access_token_provider) self.assertRaises(ClientException, card_manager.get_card, self._data_generator.generate_card_id())
def test_verify_imported_token(self): # STC-22 private_key = self._app_private_key public_key = self._crypto.extract_public_key(private_key) signer = AccessTokenSigner() jwt = self._data_generator.generate_token(private_key, signer, 300) exported_token = jwt.to_string() imported_token = Jwt.from_string(exported_token) verifier = JwtVerifier(signer, public_key, config.VIRGIL_API_KEY_ID) self.assertTrue(verifier.verify_token(jwt)) self.assertTrue(verifier.verify_token(imported_token))
def test_get_invalid_card(self): class FakeCardClient(object): def __init__(self, raw_signed_model): self._raw_signed_model = raw_signed_model def publish_card(self, raw_signed_model, access_token): return self._raw_signed_model def get_card(self, card_id, access_token): return self._raw_signed_model, False def search_card(self, identity, access_token): return [self._raw_signed_model] validator = self.NegativeVerifier() jwt_generator = JwtGenerator(config.VIRGIL_APP_ID, self._app_private_key, config.VIRGIL_API_KEY_ID, datetime.timedelta(minutes=10).seconds, AccessTokenSigner()) identity = Utils.b64encode(os.urandom(20)) token = jwt_generator.generate_token(identity) access_token_provider = self.EchoTokenProvider(token) key_pair = self._crypto.generate_keys() virgil_key_pair = self._crypto.generate_keys() additional_key_pair = self._crypto.generate_keys() model = self._data_generator.generate_raw_signed_model( key_pair, True, virgil_key_pair, additional_key_pair) client = FakeCardClient(model) card_id = self._data_generator.generate_card_id() search_identity = Utils.b64encode(os.urandom(20)) manager = CardManager(CardCrypto(), access_token_provider, validator, sign_callback=self.sign_callback) manager._card_client = client self.assertRaises(CardVerificationException, manager.import_card, model.to_json()) self.assertRaises(CardVerificationException, manager.import_card, model.to_string()) self.assertRaises(CardVerificationException, manager.get_card, card_id) self.assertRaises(CardVerificationException, manager.publish_card, model) self.assertRaises(CardVerificationException, manager.search_card, search_identity) self.assertRaises(CardVerificationException, manager.import_card, model)
class AccessTokenSignerTest(unittest.TestCase): def __init__(self, *args, **kwargs): super(AccessTokenSignerTest, self).__init__(*args, **kwargs) self.token = bytearray("test_token".encode()) self.signer = AccessTokenSigner() key_pair = self.signer.crypto.generate_key_pair() self.private_key = key_pair.private_key self.public_key = key_pair.public_key def test_generate_token_signature(self): self.assertIsNotNone( self.signer.generate_token_signature(self.token, self.private_key)) def test_generate_token_signature_empty_token(self): self.assertRaises(ValueError, self.signer.generate_token_signature, None, self.private_key) def test_generate_token_signature_empty_key(self): self.assertRaises(ValueError, self.signer.generate_token_signature, self.token, None) def test_verify_token_signature(self): signature = self.signer.generate_token_signature( self.token, self.private_key) self.assertTrue( self.signer.verify_token_signature(signature, self.token, self.public_key)) def test_verify_token_signature_wrong_signature(self): signature = self.signer.generate_token_signature( self.token, self.private_key) self.assertRaises(VirgilCryptoFoundationError, self.signer.verify_token_signature, signature[:-2], self.token, self.public_key) wrong_key_pair = self.signer.crypto.generate_key_pair() self.assertFalse( self.signer.verify_token_signature(signature, self.token, wrong_key_pair.public_key)) def test_verify_token_signature_empty_token(self): signature = self.signer.generate_token_signature( self.token, self.private_key) self.assertRaises(ValueError, self.signer.verify_token_signature, signature, None, self.public_key) def test_verify_token_signature_empty_key(self): signature = self.signer.generate_token_signature( self.token, self.private_key) self.assertRaises(ValueError, self.signer.verify_token_signature, signature, self.token, None)
def test_verify_created_in_another_sdk(self): # STC-22 token_base64 = self._compatibility_data["STC-22.jwt"] public_key_base64 = self._compatibility_data[ "STC-22.api_public_key_base64"] key_id_base64 = self._compatibility_data["STC-22.api_key_id"] jwt = Jwt.from_string(token_base64) exported_token = jwt.to_string() signer = AccessTokenSigner() verifier = JwtVerifier( signer, self._crypto.import_public_key( Utils.strtobytes(Utils.b64decode(public_key_base64))), key_id_base64) self.assertEqual(exported_token, token_base64) self.assertTrue(verifier.verify_token(jwt))
def test_gets_card_with_different_id(self): class PositiveVerifier(object): def verify_card(self): return True class FakeCardClient(object): def __init__(self, raw_signed_model): self._raw_signed_model = raw_signed_model def get_card(self, card_id, access_token): return self._raw_signed_model, False validator = PositiveVerifier() key_pair = self._crypto.generate_keys() raw_card_content = RawCardContent(identity="test", public_key=key_pair.public_key, created_at=Utils.to_timestamp( datetime.datetime.now()), version="5.0") model = RawSignedModel(raw_card_content.content_snapshot) signer = ModelSigner(CardCrypto()) signer.self_sign(model, key_pair.private_key, extra_fields={"info": "some_additional_info"}) jwt_generator = JwtGenerator(config.VIRGIL_APP_ID, self._app_private_key, config.VIRGIL_API_KEY_ID, datetime.timedelta(minutes=10).seconds, AccessTokenSigner()) identity = Utils.b64encode(os.urandom(20)) token = jwt_generator.generate_token(identity) access_token_provider = self.EchoTokenProvider(token) card_id = self._data_generator.generate_app_id() manager = CardManager( card_crypto=CardCrypto(), access_token_provider=access_token_provider, card_verifier=validator, ) manager.card_client = FakeCardClient(model) self.assertRaises(CardVerificationException, manager.get_card, card_id)