def test_get_key():
ec_key = generate_private_key(NIST2SEC['P-256'], default_backend())
asym_private_key = ECKey(priv_key=ec_key)
asym_public_key = ECKey(pub_key=asym_private_key.pub_key)
key = SYMKey(key='mekmitasdigoatfo', kid='xyzzy')
assert asym_private_key.private_key()
assert asym_private_key.public_key()
assert asym_public_key.private_key() is None
assert asym_private_key.public_key()
assert key.key
def test_get_key():
ec_key = new_ec_key("P-256")
asym_private_key = ECKey(priv_key=ec_key.priv_key)
asym_public_key = ECKey(pub_key=asym_private_key.pub_key)
key = SYMKey(key="mekmitasdigoatfo", kid="xyzzy")
assert asym_private_key.private_key()
assert asym_private_key.public_key()
assert asym_public_key.private_key() is None
assert asym_private_key.public_key()
assert key.key
def test_verify_json_missing_key():
ec_key = ECKey().load_key(P256())
sym_key = SYMKey(key=b"My hollow echo chamber", alg="HS384")
protected_headers_1 = {"foo": "bar", "alg": "ES256"}
unprotected_headers_1 = {"abc": "xyz"}
protected_headers_2 = {"foo": "bar", "alg": "HS384"}
unprotected_headers_2 = {"abc": "zeb"}
payload = "hello world"
_jwt = JWS(msg=payload).sign_json(
headers=[
(protected_headers_1, unprotected_headers_1),
(protected_headers_2, unprotected_headers_2),
],
keys=[ec_key, sym_key],
)
# Only the EC key
vkeys = [ECKey().load_key(ec_key.public_key())]
with pytest.raises(NoSuitableSigningKeys):
JWS().verify_json(_jwt, keys=vkeys)
assert JWS().verify_json(_jwt, keys=vkeys, at_least_one=True)
# Only the SYM key
with pytest.raises(NoSuitableSigningKeys):
JWS().verify_json(_jwt, keys=[sym_key])
assert JWS().verify_json(_jwt, keys=[sym_key], at_least_one=True)
# With both
assert JWS().verify_json(_jwt, keys=[vkeys[0], sym_key])
def test_verify_json_flattened_syntax():
key = ECKey().load_key(P256())
protected_headers = {"foo": "bar"}
unprotected_headers = {"abc": "xyz"}
payload = "hello world"
_jwt = JWS(msg=payload, alg="ES256").sign_json(headers=[
(protected_headers, unprotected_headers)
],
keys=[key],
flatten=True)
vkeys = [ECKey().load_key(key.public_key())]
assert JWS().verify_json(_jwt, keys=vkeys)