def test_update_mark_inactive(): rsa_key = new_rsa_key() _jwks = {"keys": [rsa_key.serialize()]} fname = "tmp_jwks.json" with open(fname, "w") as fp: fp.write(json.dumps(_jwks)) kb = KeyBundle(source="file://{}".format(fname), fileformat="jwks") assert len(kb) == 1 # new set of keys rsa_key = new_rsa_key(alg="RS256") ec_key = new_ec_key(crv="P-256") _jwks = {"keys": [rsa_key.serialize(), ec_key.serialize()]} with open(fname, "w") as fp: fp.write(json.dumps(_jwks)) kb.update() # 2 active and 1 inactive assert len(kb) == 3 assert len(kb.active_keys()) == 2 assert len(kb.get("rsa")) == 1 assert len(kb.get("rsa", only_active=False)) == 2
def main(): """ Main function""" parser = argparse.ArgumentParser( description="JSON Web Key (JWK) Generator") parser.add_argument("--kty", dest="kty", metavar="type", help="Key type", required=True) parser.add_argument("--size", dest="keysize", type=int, metavar="size", help="Key size") parser.add_argument( "--crv", dest="crv", metavar="curve", help="EC curve", choices=NIST2SEC.keys(), default=DEFAULT_EC_CURVE, ) parser.add_argument( "--exp", dest="rsa_exp", type=int, metavar="exponent", help="RSA public key exponent (default {})".format(DEFAULT_RSA_EXP), default=DEFAULT_RSA_EXP, ) parser.add_argument("--kid", dest="kid", metavar="id", help="Key ID") args = parser.parse_args() if args.kty.upper() == "RSA": if args.keysize is None: args.keysize = DEFAULT_RSA_KEYSIZE jwk = new_rsa_key(public_exponent=args.rsa_exp, key_size=args.keysize, kid=args.kid) elif args.kty.upper() == "EC": if args.crv not in NIST2SEC: print("Unknown curve: {0}".format(args.crv), file=sys.stderr) exit(1) jwk = new_ec_key(crv=args.crv, kid=args.kid) elif args.kty.upper() == "SYM": if args.keysize is None: args.keysize = DEFAULT_SYM_KEYSIZE randomkey = os.urandom(args.keysize) jwk = SYMKey(key=randomkey, kid=args.kid) else: print("Unknown key type: {}".format(args.kty), file=sys.stderr) exit(1) jwk_dict = jwk.serialize(private=True) print(json.dumps(jwk_dict, sort_keys=True, indent=4)) print("SHA-256: " + jwk.thumbprint("SHA-256").decode(), file=sys.stderr)
def gen_keypair(): jwk = new_ec_key(crv="P-256") private_key_dict = jwk.serialize(private=True) public_key_dict = jwk.serialize(private=False) private_key = cosekey_from_jwk_dict(private_key_dict, private=True) public_key = cosekey_from_jwk_dict(public_key_dict, private=False) return private_key, public_key
def main(): """ Main function""" parser = argparse.ArgumentParser(description='JSON Web Key (JWK) Generator') parser.add_argument('--kty', dest='kty', metavar='type', help='Key type', required=True) parser.add_argument('--size', dest='keysize', type=int, metavar='size', help='Key size') parser.add_argument('--crv', dest='crv', metavar='curve', help='EC curve', choices=NIST2SEC.keys(), default=DEFAULT_EC_CURVE) parser.add_argument('--exp', dest='rsa_exp', type=int, metavar='exponent', help='RSA public key exponent (default {})'.format(DEFAULT_RSA_EXP), default=DEFAULT_RSA_EXP) parser.add_argument('--kid', dest='kid', metavar='id', help='Key ID') args = parser.parse_args() if args.kty.upper() == 'RSA': if args.keysize is None: args.keysize = DEFAULT_RSA_KEYSIZE jwk = new_rsa_key(public_exponent=args.rsa_exp, key_size=args.keysize, kid=args.kid) elif args.kty.upper() == 'EC': if args.crv not in NIST2SEC: print("Unknown curve: {0}".format(args.crv), file=sys.stderr) exit(1) jwk = new_ec_key(crv=args.crv, kid=args.kid) elif args.kty.upper() == 'SYM': if args.keysize is None: args.keysize = DEFAULT_SYM_KEYSIZE randomkey = os.urandom(args.keysize) jwk = SYMKey(key=randomkey, kid=args.kid) else: print("Unknown key type: {}".format(args.kty), file=sys.stderr) exit(1) jwk_dict = jwk.serialize(private=True) print(json.dumps(jwk_dict, sort_keys=True, indent=4)) print("SHA-256: " + jwk.thumbprint('SHA-256').decode(), file=sys.stderr)
def test_get_key(): ec_key = new_ec_key("P-256") asym_private_key = ECKey(priv_key=ec_key.priv_key) asym_public_key = ECKey(pub_key=asym_private_key.pub_key) key = SYMKey(key="mekmitasdigoatfo", kid="xyzzy") assert asym_private_key.private_key() assert asym_private_key.public_key() assert asym_public_key.private_key() is None assert asym_private_key.public_key() assert key.key
def __init__(self, issuer: str, ttl: int = 300, authz_rules: [] = AUTHZ_RULES) -> None: token_key = new_ec_key(crv="P-256") self.token_signer = TokenSigner() self.token_signer.set_signing_key(token_key) self.token_signer.set_issuer(issuer) self.token_signer.set_valid_for(300) token_public_key_dict = token_key.serialize(private=False) token_public_key_dict["pid"] = issuer jwks = {"keys": [token_public_key_dict]} self.token_verifier = TokenVerifier.create_from_jwks_dict(jwks) self.authz_verifier = AuthZVerifier(authz_rules)
def test_update_2(): rsa_key = new_rsa_key() _jwks = {"keys": [rsa_key.serialize()]} fname = "tmp_jwks.json" with open(fname, "w") as fp: fp.write(json.dumps(_jwks)) kb = KeyBundle(source="file://{}".format(fname), fileformat="jwks") assert len(kb) == 1 # Added one more key ec_key = new_ec_key(crv="P-256", key_ops=["sign"]) _jwks = {"keys": [rsa_key.serialize(), ec_key.serialize()]} with open(fname, "w") as fp: fp.write(json.dumps(_jwks)) kb.update() assert len(kb) == 2
def test_verify_header(): _dpop = DPoPProof() assert _dpop.verify_header(DPOP_HEADER) assert set(_dpop.keys()) == {'typ', 'alg', 'jwk', 'jti', 'htm', 'htu', 'iat'} assert _dpop.verify() is None _dpop_dict = _dpop.to_dict() _dpop2 = DPoPProof().from_dict(_dpop_dict) assert isinstance(_dpop2.key, ECKey) ec_key = new_ec_key(crv="P-256") _dpop2.key = ec_key _dpop2["jwk"] = ec_key.to_dict() _header = _dpop2.create_header() _dpop3 = DPoPProof() assert _dpop3.verify_header(_header) # should have the same content as _dpop only the key is different assert _dpop["htm"] == _dpop3["htm"]
import os from cryptojwt.jwk.ec import new_ec_key from cryptojwt.jwk.hmac import SYMKey from cryptojwt.jwk.rsa import new_rsa_key from cryptojwt.jwk.wrap import unwrap_key from cryptojwt.jwk.wrap import wrap_key __author__ = "jschlyter" WRAPPING_KEYS = [ SYMKey(use="enc", key=os.urandom(32)), new_ec_key(crv="P-256"), new_ec_key(crv="P-384"), new_rsa_key(size=2048), new_rsa_key(size=4096), ] SECRET_KEYS = [ SYMKey(use="enc", key=os.urandom(32)), new_ec_key(crv="P-256"), new_rsa_key(size=2048), ] def test_wrap_default(): for wrapping_key in WRAPPING_KEYS: for key in SECRET_KEYS: wrapped_key = wrap_key(key, wrapping_key) unwrapped_key = unwrap_key(wrapped_key, [wrapping_key]) assert key == unwrapped_key
def test_cmp_eq_ec(): ec_key = new_ec_key("P-256") _key1 = ECKey(priv_key=ec_key.priv_key) _key2 = ECKey(priv_key=ec_key.priv_key) assert _key1 == _key2
def test_cmp_neq_ec(): ec_key = new_ec_key("P-256") _key1 = ECKey(priv_key=ec_key.priv_key) _key2 = ECKey(**ECKEY) assert _key1 != _key2
def test_create_eckey(): ec = new_ec_key("P-256") exp_key = ec.serialize() assert _eq(list(exp_key.keys()), ["y", "x", "crv", "kty", "kid"])
def test_new_ec_key(): ec_key = new_ec_key("P-256") assert isinstance(ec_key, ECKey) assert ec_key.key_len() == 256
def test_new_ec_key(): ec_key = new_ec_key("P-256") assert isinstance(ec_key, ECKey)