Python spec_compliant_encrypt 예제들

예제 #1

 def test_encrypt_invalid_compression_error(self):
     try:
         jose.spec_compliant_encrypt(claims, rsa_pub_key,
                                     add_header={'zip':'BAD'})
         self.fail()
     except jose.Error:
         pass

예제 #2

파일: tests.py 프로젝트: LaunchKey/jose

 def test_encrypt_invalid_compression_error(self):
     try:
         jose.spec_compliant_encrypt(claims, rsa_pub_key,
                                     add_header={'zip':'BAD'})
         self.fail()
     except jose.Error:
         pass

예제 #3

파일: tests.py 프로젝트: LaunchKey/jose

    def test_jwe(self):
        bad_key = {'k': RSA.generate(2048).exportKey('PEM')}

        for (alg, jwk), enc in product(self.algs, self.encs):
            jwe = jose.spec_compliant_encrypt(claims, rsa_pub_key, enc=enc, alg=alg)

            # make sure the body can't be loaded as json (should be encrypted)
            try:
                json.loads(jose.b64decode_url(jwe.ciphertext))
                self.fail()
            except ValueError:
                pass

            token = jose.serialize_compact(jwe)

            jwt = jose.spec_compliant_decrypt(jose.deserialize_compact(token), rsa_priv_key)
            self.assertNotIn(jose._TEMP_VER_KEY, claims)

            self.assertEqual(jwt.claims, claims)

            # invalid key
            try:
                jose.spec_compliant_decrypt(jose.deserialize_compact(token), bad_key)
                self.fail()
            except jose.Error as e:
                self.assertEqual(e.message, 'Incorrect decryption.')

예제 #4

    def test_jwe_decrypt_compliant_not_before(self):
        # not valid for another hour.
        claim_not_before = int(time()) + 3600
        claims = {jose.CLAIM_NOT_BEFORE: claim_not_before}

        jwe = jose.spec_compliant_encrypt(claims, rsa_pub_key)

        legacy_patch = mock.patch.object(
            jose, 'legacy_decrypt', wraps=jose.legacy_decrypt
        )
        spec_patch = mock.patch.object(
            jose, 'spec_compliant_decrypt', wraps=jose.spec_compliant_decrypt
        )
        with legacy_patch as legacy_mock, spec_patch as spec_mock:
            with self.assertRaises(jose.NotYetValid) as not_valid_error:
                jose.decrypt(jwe, rsa_priv_key)

        # when the error is expiry, we should not fall back to legacy.
        self.assertEqual(legacy_mock.call_count, 1)
        self.assertEqual(spec_mock.call_count, 1)
        self.assertEqual(
            not_valid_error.exception.message,
            'Token not valid until {}'.format(
                jose._format_timestamp(claim_not_before)
            )
        )

예제 #5

파일: tests.py 프로젝트: ABaptista/jose

    def test_jwe_decrypt_compliant_expiry(self):
        expiry_seconds = 10
        claims = {jose.CLAIM_ISSUED_AT: int(time()) - 15}

        jwe = jose.spec_compliant_encrypt(claims, rsa_pub_key)

        legacy_patch = mock.patch.object(
            jose, 'legacy_decrypt', wraps=jose.legacy_decrypt
        )
        spec_patch = mock.patch.object(
            jose, 'spec_compliant_decrypt', wraps=jose.spec_compliant_decrypt
        )
        with legacy_patch as legacy_mock, spec_patch as spec_mock:
            with self.assertRaises(jose.Expired) as expiry_error:
                jose.decrypt(jwe, rsa_priv_key, expiry_seconds=expiry_seconds)

        expiration_time = claims[jose.CLAIM_ISSUED_AT] + expiry_seconds

        # when the error is expiry, we should not fall back to legacy.
        self.assertEqual(legacy_mock.call_count, 1)
        self.assertEqual(spec_mock.call_count, 1)
        self.assertEqual(
            expiry_error.exception.message,
            'Token expired at {}'.format(
                jose._format_timestamp(expiration_time)
            )
        )

예제 #6

 def test_jwe_ignores_expired_token_if_validate_claims_is_false(self):
     claims = {jose.CLAIM_EXPIRATION_TIME: int(time()) - 5}
     et = jose.serialize_compact(
         jose.spec_compliant_encrypt(claims, rsa_pub_key))
     jose.spec_compliant_decrypt(jose.deserialize_compact(et),
                                 rsa_priv_key,
                                 validate_claims=False)

예제 #7

    def test_jwe(self):
        bad_key = {'k': RSA.generate(2048).exportKey('PEM')}

        for (alg, jwk), enc in product(self.algs, self.encs):
            jwe = jose.spec_compliant_encrypt(claims, rsa_pub_key, enc=enc, alg=alg)

            # make sure the body can't be loaded as json (should be encrypted)
            try:
                json.loads(jose.b64decode_url(jwe.ciphertext))
                self.fail()
            except ValueError:
                pass

            token = jose.serialize_compact(jwe)

            jwt = jose.spec_compliant_decrypt(jose.deserialize_compact(token), rsa_priv_key)
            self.assertNotIn(jose._TEMP_VER_KEY, claims)

            self.assertEqual(jwt.claims, claims)

            # invalid key
            try:
                jose.spec_compliant_decrypt(jose.deserialize_compact(token), bad_key)
                self.fail()
            except jose.Error as e:
                self.assertEqual(e.message, 'Incorrect decryption.')

예제 #8

파일: tests.py 프로젝트: ABaptista/jose

    def test_jwe_decrypt_compliant_not_before(self):
        # not valid for another hour.
        claim_not_before = int(time()) + 3600
        claims = {jose.CLAIM_NOT_BEFORE: claim_not_before}

        jwe = jose.spec_compliant_encrypt(claims, rsa_pub_key)

        legacy_patch = mock.patch.object(
            jose, 'legacy_decrypt', wraps=jose.legacy_decrypt
        )
        spec_patch = mock.patch.object(
            jose, 'spec_compliant_decrypt', wraps=jose.spec_compliant_decrypt
        )
        with legacy_patch as legacy_mock, spec_patch as spec_mock:
            with self.assertRaises(jose.NotYetValid) as not_valid_error:
                jose.decrypt(jwe, rsa_priv_key)

        # when the error is expiry, we should not fall back to legacy.
        self.assertEqual(legacy_mock.call_count, 1)
        self.assertEqual(spec_mock.call_count, 1)
        self.assertEqual(
            not_valid_error.exception.message,
            'Token not valid until {}'.format(
                jose._format_timestamp(claim_not_before)
            )
        )

예제 #9

    def test_jwe_decrypt_compliant_expiry(self):
        expiry_seconds = 10
        claims = {jose.CLAIM_ISSUED_AT: int(time()) - 15}

        jwe = jose.spec_compliant_encrypt(claims, rsa_pub_key)

        legacy_patch = mock.patch.object(
            jose, 'legacy_decrypt', wraps=jose.legacy_decrypt
        )
        spec_patch = mock.patch.object(
            jose, 'spec_compliant_decrypt', wraps=jose.spec_compliant_decrypt
        )
        with legacy_patch as legacy_mock, spec_patch as spec_mock:
            with self.assertRaises(jose.Expired) as expiry_error:
                jose.decrypt(jwe, rsa_priv_key, expiry_seconds=expiry_seconds)

        expiration_time = claims[jose.CLAIM_ISSUED_AT] + expiry_seconds

        # when the error is expiry, we should not fall back to legacy.
        self.assertEqual(legacy_mock.call_count, 1)
        self.assertEqual(spec_mock.call_count, 1)
        self.assertEqual(
            expiry_error.exception.message,
            'Token expired at {}'.format(
                jose._format_timestamp(expiration_time)
            )
        )

예제 #10

    def test_jwe_no_error_with_iat_claim(self):
        claims = {jose.CLAIM_ISSUED_AT: int(time()) - 15}
        et = jose.serialize_compact(
            jose.spec_compliant_encrypt(claims, rsa_pub_key))

        jose.spec_compliant_decrypt(jose.deserialize_compact(et),
                                    rsa_priv_key,
                                    expiry_seconds=20)

예제 #11

    def test_jwe_add_header(self):
        add_header = {'foo': 'bar'}

        for (alg, jwk), enc in product(self.algs, self.encs):
            et = jose.serialize_compact(jose.spec_compliant_encrypt(claims, rsa_pub_key,
                add_header=add_header))
            jwt = jose.spec_compliant_decrypt(jose.deserialize_compact(et), rsa_priv_key)

            self.assertEqual(jwt.header['foo'], add_header['foo'])

예제 #12

파일: tests.py 프로젝트: LaunchKey/jose

    def test_jwe_add_header(self):
        add_header = {'foo': 'bar'}

        for (alg, jwk), enc in product(self.algs, self.encs):
            et = jose.serialize_compact(jose.spec_compliant_encrypt(claims, rsa_pub_key,
                add_header=add_header))
            jwt = jose.spec_compliant_decrypt(jose.deserialize_compact(et), rsa_priv_key)

            self.assertEqual(jwt.header['foo'], add_header['foo'])

예제 #13

파일: tests.py 프로젝트: LaunchKey/jose

    def test_decrypt_invalid_compression_error(self):
        with mock.patch.dict(jose.COMPRESSION,
                             {'BAD': jose.COMPRESSION['DEF']}):
            jwe = jose.spec_compliant_encrypt(claims, rsa_pub_key,
                                              add_header={'zip': 'BAD'})

        try:
            jose.spec_compliant_decrypt(jwe, rsa_priv_key)
            self.fail()
        except jose.Error as e:
            self.assertEqual(
                e.message, 'Unsupported compression algorithm: BAD')

예제 #14

    def test_decrypt_invalid_compression_error(self):
        with mock.patch.dict(jose.COMPRESSION,
                             {'BAD': jose.COMPRESSION['DEF']}):
            jwe = jose.spec_compliant_encrypt(claims, rsa_pub_key,
                                              add_header={'zip': 'BAD'})

        try:
            jose.spec_compliant_decrypt(jwe, rsa_priv_key)
            self.fail()
        except jose.Error as e:
            self.assertEqual(
                e.message, 'Unsupported compression algorithm: BAD')

예제 #15

    def test_jwe_compression(self):
        local_claims = copy(claims)

        for v in xrange(1000):
            local_claims['dummy_' + str(v)] = '0' * 100

        jwe = jose.serialize_compact(
            jose.spec_compliant_encrypt(local_claims, rsa_pub_key))
        _, _, _, uncompressed_ciphertext, _ = jwe.split('.')

        jwe = jose.serialize_compact(
            jose.spec_compliant_encrypt(local_claims,
                                        rsa_pub_key,
                                        add_header={'zip': 'DEF'}))
        _, _, _, compressed_ciphertext, _ = jwe.split('.')

        self.assertTrue(
            len(compressed_ciphertext) < len(uncompressed_ciphertext))

        jwt = jose.spec_compliant_decrypt(jose.deserialize_compact(jwe),
                                          rsa_priv_key)
        self.assertEqual(jwt.claims, local_claims)

예제 #16

파일: tests.py 프로젝트: LaunchKey/jose

    def test_jwe_compression(self):
        local_claims = copy(claims)

        for v in xrange(1000):
            local_claims['dummy_' + str(v)] = '0' * 100

        jwe = jose.serialize_compact(
            jose.spec_compliant_encrypt(local_claims, rsa_pub_key)
        )
        _, _, _, uncompressed_ciphertext, _ = jwe.split('.')

        jwe = jose.serialize_compact(
            jose.spec_compliant_encrypt(local_claims, rsa_pub_key,
                                        add_header={'zip': 'DEF'})
        )
        _, _, _, compressed_ciphertext, _ = jwe.split('.')

        self.assertTrue(len(compressed_ciphertext) <
                len(uncompressed_ciphertext))

        jwt = jose.spec_compliant_decrypt(jose.deserialize_compact(jwe),
                                          rsa_priv_key)
        self.assertEqual(jwt.claims, local_claims)

예제 #17

    def test_jwe_not_yet_valid_error_with_nbf_claim(self):
        claims = {jose.CLAIM_NOT_BEFORE: int(time()) + 5}
        et = jose.serialize_compact(
            jose.spec_compliant_encrypt(claims, rsa_pub_key))

        try:
            jose.spec_compliant_decrypt(jose.deserialize_compact(et),
                                        rsa_priv_key)
            self.fail()  # expecting not valid yet
        except jose.NotYetValid as e:
            pass

        self.assertEqual(
            e.args[0], 'Token not valid until {}'.format(
                jose._format_timestamp(claims[jose.CLAIM_NOT_BEFORE])))

예제 #18

    def test_jwe_expired_error_with_exp_claim(self):
        claims = {jose.CLAIM_EXPIRATION_TIME: int(time()) - 5}
        et = jose.serialize_compact(
            jose.spec_compliant_encrypt(claims, rsa_pub_key))

        try:
            jose.spec_compliant_decrypt(jose.deserialize_compact(et),
                                        rsa_priv_key)
            self.fail()  # expecting expired token
        except jose.Expired as e:
            pass

        self.assertEqual(
            e.args[0], 'Token expired at {}'.format(
                jose._format_timestamp(claims[jose.CLAIM_EXPIRATION_TIME])))

예제 #19

파일: tests.py 프로젝트: LaunchKey/jose

    def test_jwe_not_yet_valid_error_with_nbf_claim(self):
        claims = {jose.CLAIM_NOT_BEFORE: int(time()) + 5}
        et = jose.serialize_compact(jose.spec_compliant_encrypt(claims, rsa_pub_key))

        try:
            jose.spec_compliant_decrypt(jose.deserialize_compact(et), rsa_priv_key)
            self.fail()  # expecting not valid yet
        except jose.NotYetValid as e:
            pass

        self.assertEquals(
            e.args[0],
            'Token not valid until {}'.format(
                jose._format_timestamp(claims[jose.CLAIM_NOT_BEFORE])
            )
        )

예제 #20

파일: tests.py 프로젝트: LaunchKey/jose

    def test_jwe_expired_error_with_exp_claim(self):
        claims = {jose.CLAIM_EXPIRATION_TIME: int(time()) - 5}
        et = jose.serialize_compact(jose.spec_compliant_encrypt(claims, rsa_pub_key))

        try:
            jose.spec_compliant_decrypt(jose.deserialize_compact(et), rsa_priv_key)
            self.fail()  # expecting expired token
        except jose.Expired as e:
            pass

        self.assertEquals(
            e.args[0],
            'Token expired at {}'.format(
                jose._format_timestamp(claims[jose.CLAIM_EXPIRATION_TIME])
            )
        )

예제 #21

    def test_jwe_expired_error_with_iat_claim(self):
        expiry_seconds = 10
        claims = {jose.CLAIM_ISSUED_AT: int(time()) - 15}
        et = jose.serialize_compact(
            jose.spec_compliant_encrypt(claims, rsa_pub_key))

        try:
            jose.spec_compliant_decrypt(jose.deserialize_compact(et),
                                        rsa_priv_key,
                                        expiry_seconds=expiry_seconds)
            self.fail()  # expecting expired token
        except jose.Expired as e:
            pass

        expiration_time = claims[jose.CLAIM_ISSUED_AT] + expiry_seconds
        self.assertEqual(
            e.args[0], 'Token expired at {}'.format(
                jose._format_timestamp(expiration_time)))

예제 #22

파일: tests.py 프로젝트: LaunchKey/jose

    def test_jwe_expired_error_with_iat_claim(self):
        expiry_seconds = 10
        claims = {jose.CLAIM_ISSUED_AT: int(time()) - 15}
        et = jose.serialize_compact(jose.spec_compliant_encrypt(claims, rsa_pub_key))

        try:
            jose.spec_compliant_decrypt(jose.deserialize_compact(et), rsa_priv_key,
                expiry_seconds=expiry_seconds)
            self.fail()  # expecting expired token
        except jose.Expired as e:
            pass

        expiration_time = claims[jose.CLAIM_ISSUED_AT] + expiry_seconds
        self.assertEquals(
            e.args[0],
            'Token expired at {}'.format(
                jose._format_timestamp(expiration_time)
            )
        )

예제 #23

파일: tests.py 프로젝트: LaunchKey/jose

 def test_jwe_no_error_with_nbf_claim(self):
     claims = {jose.CLAIM_NOT_BEFORE: int(time()) - 5}
     et = jose.serialize_compact(jose.spec_compliant_encrypt(claims, rsa_pub_key))
     jose.spec_compliant_decrypt(jose.deserialize_compact(et), rsa_priv_key)

예제 #24

파일: tests.py 프로젝트: LaunchKey/jose

 def test_jwe_ignores_expired_token_if_validate_claims_is_false(self):
     claims = {jose.CLAIM_EXPIRATION_TIME: int(time()) - 5}
     et = jose.serialize_compact(jose.spec_compliant_encrypt(claims, rsa_pub_key))
     jose.spec_compliant_decrypt(jose.deserialize_compact(et), rsa_priv_key,
         validate_claims=False)

예제 #25

 def test_jwe_no_error_with_nbf_claim(self):
     claims = {jose.CLAIM_NOT_BEFORE: int(time()) - 5}
     et = jose.serialize_compact(jose.spec_compliant_encrypt(claims, rsa_pub_key))
     jose.spec_compliant_decrypt(jose.deserialize_compact(et), rsa_priv_key)

예제 #26

 def test_jwe_no_error_with_exp_claim(self):
     claims = {jose.CLAIM_EXPIRATION_TIME: int(time()) + 5}
     et = jose.serialize_compact(jose.spec_compliant_encrypt(claims, rsa_pub_key))
     jose.spec_compliant_decrypt(jose.deserialize_compact(et), rsa_priv_key)

예제 #27

파일: tests.py 프로젝트: LaunchKey/jose

 def test_jwe_no_error_with_exp_claim(self):
     claims = {jose.CLAIM_EXPIRATION_TIME: int(time()) + 5}
     et = jose.serialize_compact(jose.spec_compliant_encrypt(claims, rsa_pub_key))
     jose.spec_compliant_decrypt(jose.deserialize_compact(et), rsa_priv_key)

예제 #28

파일: tests.py 프로젝트: LaunchKey/jose

    def test_jwe_no_error_with_iat_claim(self):
        claims = {jose.CLAIM_ISSUED_AT: int(time()) - 15}
        et = jose.serialize_compact(jose.spec_compliant_encrypt(claims, rsa_pub_key))

        jose.spec_compliant_decrypt(jose.deserialize_compact(et), rsa_priv_key,
            expiry_seconds=20)