def test_bad_nonce(self):
        private, public = generate_key_pair()

        t = token.sign('guido', private, generate_nonce=lambda username, iat: 1)
        token_data = token.verify(t, public, validate_nonce=lambda username, iat, nonce: nonce == 1)
        self.assertTrue(token_data)

        t = token.sign('guido', private, generate_nonce=lambda username, iat: 1)
        token_data = token.verify(t, public, validate_nonce=lambda username, iat, nonce: nonce == 2)
        self.assertFalse(token_data)

        t = token.sign('guido', private, generate_nonce=lambda username, iat: 2)
        token_data = token.verify(t, public, validate_nonce=lambda username, iat, nonce: nonce == 1)
        self.assertFalse(token_data)
예제 #2
0
    def test_bad_iat(self):
        private, public = generate_key_pair()

        t = token.sign('guido', private, iat=time.time())
        token_data = token.verify(t, public)
        self.assertTrue(token_data)

        # IAT tolerance exists to account for clock drift between disparate systems.
        tolerance = token.TIMESTAMP_TOLERANCE + 1

        t = token.sign('guido', private, iat=time.time() - tolerance)
        token_data = token.verify(t, public)
        self.assertFalse(token_data)

        t = token.sign('guido', private, iat=time.time() + tolerance)
        token_data = token.verify(t, public)
        self.assertFalse(token_data)
    def test_bad_iat(self):
        private, public = generate_key_pair()

        t = token.sign('guido', private, iat=time.time())
        token_data = token.verify(t, public)
        self.assertTrue(token_data)

        # IAT tolerance exists to account for clock drift between disparate systems.
        tolerance = token.TIMESTAMP_TOLERANCE + 1

        t = token.sign('guido', private, iat=time.time() - tolerance)
        token_data = token.verify(t, public)
        self.assertFalse(token_data)

        t = token.sign('guido', private, iat=time.time() + tolerance)
        token_data = token.verify(t, public)
        self.assertFalse(token_data)
    def test_bad_keys(self):
        private1, public1 = generate_key_pair()
        private2, public2 = generate_key_pair()

        t = token.sign('guido', private1)
        token_data = token.verify(t, public1)
        self.assertTrue(token_data)

        t = token.sign('guido', private2)
        token_data = token.verify(t, public2)
        self.assertTrue(token_data)

        t = token.sign('guido', private1)
        token_data = token.verify(t, public2)
        self.assertFalse(token_data)

        t = token.sign('guido', private2)
        token_data = token.verify(t, public1)
        self.assertFalse(token_data)
예제 #5
0
    def test_bad_keys(self):
        private1, public1 = generate_key_pair()
        private2, public2 = generate_key_pair()

        t = token.sign('guido', private1)
        token_data = token.verify(t, public1)
        self.assertTrue(token_data)

        t = token.sign('guido', private2)
        token_data = token.verify(t, public2)
        self.assertTrue(token_data)

        t = token.sign('guido', private1)
        token_data = token.verify(t, public2)
        self.assertFalse(token_data)

        t = token.sign('guido', private2)
        token_data = token.verify(t, public1)
        self.assertFalse(token_data)
def create_auth_header(username, key=None, key_file="~/.ssh/id_rsa", key_password=None):
    """Create an HTTP Authorization header using a private key file

    username - The username to authenticate as on the remote system
    key - Optional. A private key as either a string or an instance of
          cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey
    key_file - Path to a file containing the user's private key. Defaults
               to ~/.ssh/id_rsa. Should be in PEM format.
    key_password - Password to decrypt key_file. Should be a bytes object
    """
    if not key:
        key = load_private_key(key_file, key_password)
    claim = token.sign(username, key)
    return "%s %s" % (AUTH_METHOD, claim.decode(ENCODING))
예제 #7
0
    def test_bad_nonce(self):
        private, public = generate_key_pair()

        t = token.sign('guido',
                       private,
                       generate_nonce=lambda username, iat: 1)
        token_data = token.verify(
            t, public, validate_nonce=lambda username, iat, nonce: nonce == 1)
        self.assertTrue(token_data)

        t = token.sign('guido',
                       private,
                       generate_nonce=lambda username, iat: 1)
        token_data = token.verify(
            t, public, validate_nonce=lambda username, iat, nonce: nonce == 2)
        self.assertFalse(token_data)

        t = token.sign('guido',
                       private,
                       generate_nonce=lambda username, iat: 2)
        token_data = token.verify(
            t, public, validate_nonce=lambda username, iat, nonce: nonce == 1)
        self.assertFalse(token_data)
def create_auth_header(username,
                       key=None,
                       key_file="~/.ssh/id_rsa",
                       key_password=None):
    """Create an HTTP Authorization header using a private key file

    username - The username to authenticate as on the remote system
    key - Optional. A private key as either a string or an instance of
          cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey
    key_file - Path to a file containing the user's private key. Defaults
               to ~/.ssh/id_rsa. Should be in PEM format.
    key_password - Password to decrypt key_file. Should be a bytes object
    """
    if not key:
        key = load_private_key(key_file, key_password)
    claim = token.sign(username, key)
    return "%s %s" % (AUTH_METHOD, claim.decode(ENCODING))
 def test_roundtrip(self):
     private, public = generate_key_pair()
     t = token.sign('guido', private)
     token_data = token.verify(t, public)
     self.assertTrue(token_data)
     self.assertEqual(token_data.get('username'), 'guido')
 def test_get_claimed_username(self):
     private, public = generate_key_pair()
     t = token.sign('guido', private)
     self.assertEqual(token.get_claimed_username(t), 'guido')
예제 #11
0
 def test_get_claimed_username(self):
     private, public = generate_key_pair()
     t = token.sign('guido', private)
     self.assertEqual(token.get_claimed_username(t), 'guido')
예제 #12
0
 def test_roundtrip(self):
     private, public = generate_key_pair()
     t = token.sign('guido', private)
     token_data = token.verify(t, public)
     self.assertTrue(token_data)
     self.assertEqual(token_data.get('username'), 'guido')