def test_build_keyissuer_usage():
keys = [
{
"type": "RSA",
"use": ["enc", "sig"]
},
{
"type": "EC",
"crv": "P-256",
"use": ["sig"]
},
{
"type": "oct",
"use": ["enc"]
},
{
"type": "oct",
"use": ["enc"]
},
]
key_issuer = build_keyissuer(keys)
jwks_sig = key_issuer.export_jwks(usage="sig")
jwks_enc = key_issuer.export_jwks(usage="enc")
assert len(jwks_sig.get("keys")) == 2 # A total of 2 keys with use=sig
assert len(jwks_enc.get("keys")) == 3 # A total of 3 keys with use=enc
def test_build_EC_keyissuer_missing(tmpdir):
keys = [{
"type": "EC",
"key": os.path.join(tmpdir.dirname, "missing_file"),
"use": ["enc", "sig"],
}]
key_issuer = build_keyissuer(keys)
assert key_issuer is None
def test_remove_after():
# initial key_issuer
key_issuer = build_keyissuer(KEYDEFS)
_old = [k.kid for k in key_issuer.all_keys() if k.kid]
assert len(_old) == 2
key_issuer.remove_after = 1
# rotate_keys = create new keys + make the old as inactive
key_issuer = key_issuer.rotate_keys(KEYDEFS)
key_issuer.remove_outdated(time.time() + 3600)
_interm = [k.kid for k in key_issuer.all_keys() if k.kid]
assert len(_interm) == 2
# The remainder are the new keys
_new = [k.kid for k in key_issuer.all_keys() if k.kid]
assert len(_new) == 2
# should not be any overlap between old and new
assert set(_new).intersection(set(_old)) == set()
def test_build_keyissuer():
keys = [
{
"type": "RSA",
"use": ["enc", "sig"]
},
{
"type": "EC",
"crv": "P-256",
"use": ["sig"]
},
]
key_issuer = build_keyissuer(keys)
jwks = key_issuer.export_jwks()
for key in jwks["keys"]:
assert "d" not in key # the JWKS shouldn't contain the private part
# of the keys
assert len(key_issuer) == 3 # 3 keys
assert len(key_issuer.get("sig")) == 2 # 2 for signing
assert len(key_issuer.get("enc")) == 1 # 1 for encryption
def test_build_EC_keyissuer_from_file(tmpdir):
keys = [{"type": "EC", "key": EC0, "use": ["enc", "sig"]}]
key_issuer = build_keyissuer(keys)
assert len(key_issuer) == 2