예제 #1
0
파일: jws_test.py 프로젝트: yunjoopark/jws
    def test_jws_verifier_with_kid(self):
        # Sign
        priv_key1 = jws.CleartextJwkSetReader.from_json(
            self.test_json_ecdsa_priv_key_kid1)
        signer1 = jws.JwsPublicKeySign(priv_key1)
        signed_token_kid1 = signer1.sign(self.test_header_es256_kid1,
                                         self.test_payload)
        priv_key2 = jws.CleartextJwkSetReader.from_json(
            self.test_json_ecdsa_priv_key_kid2)
        signer2 = jws.JwsPublicKeySign(priv_key2)
        signed_token_kid2 = signer2.sign(self.test_header_es256_kid2,
                                         self.test_payload)

        # Verify
        pub_key = jws.CleartextJwkSetReader.from_json(
            self.test_json_ecdsa_pub_key_kid1)
        verifier = jws.JwsPublicKeyVerify(pub_key)
        try:
            verifier.verify(signed_token_kid1)
        except SecurityException:
            self.fail('Valid token, should not throw exception')
        for modified_token in _modify_token(signed_token_kid1):
            self.assertRaises(SecurityException, verifier.verify,
                              modified_token)
        # The signature is valid but the kids don't match.
        self.assertRaises(SecurityException, verifier.verify,
                          signed_token_kid2)
예제 #2
0
파일: jwt.py 프로젝트: yunjoopark/jws
    def __init__(self,
                 jwk_set,
                 issuer=None,
                 subject=None,
                 audiences=None,
                 clock_skew_tolerance=0):
        """Constructor for JwtPublicKeyVerify.

    Args:
      jwk_set: a JwkSet.
      issuer: string, the issuer claim as defined at
        https://tools.ietf.org/html/rfc7519#section-4.1.1.
      subject: string, the subject claim as defined at
        https://tools.ietf.org/html/rfc7519#section-4.1.2.
      audiences: list of string, the audiences claim as defined at
        https://tools.ietf.org/html/rfc7519#section-4.1.3.
      clock_skew_tolerance: integer, the clock skew that the verifier tolerates.

    Raises:
      UnsupportedAlgorithm: if the algorihtm is not defined at
      https://tools.ietf.org/html/rfc7518#section-3.1 or if jwk is not Rsa or
      Ecdsa key.
    """
        self.verifier = jws.JwsPublicKeyVerify(jwk_set)
        self.issuer = issuer
        self.subject = subject
        self.audiences = audiences
        self.clock_skew_tolerance = clock_skew_tolerance
예제 #3
0
파일: jws_test.py 프로젝트: yunjoopark/jws
    def test_jws_ec_from_cryptography_key(self):
        # Sign the token.
        priv_key = load_pem_private_key(
            self.test_pem_ec_p256_priv_key.encode('utf-8'),
            None,
            backend=backends.default_backend())
        jwk_priv_key = jws.CleartextJwkSetReader.from_cryptography_key(
            priv_key, 'ES256')
        signer = jws.JwsPublicKeySign(jwk_priv_key)
        signed_token = signer.sign(self.test_header_es256, self.test_payload)

        # Verify the token.
        # The real use case is that cryptography supports extracting public key from
        # certificate, but we simulate it here by reading it from PEM.
        pub_key = load_pem_public_key(
            self.test_pem_ec_p256_pub_key.encode('utf-8'),
            backend=backends.default_backend())
        jwk_pub_key = jws.CleartextJwkSetReader.from_cryptography_key(
            pub_key, 'ES256')
        verifier = jws.JwsPublicKeyVerify(jwk_pub_key)
        try:
            verifier.verify(signed_token)
        except SecurityException:
            self.fail('Valid token, should not throw exception')
        for modified_token in _modify_token(signed_token):
            self.assertRaises(SecurityException, verifier.verify,
                              modified_token)
예제 #4
0
파일: jws_test.py 프로젝트: yunjoopark/jws
    def test_jws_rsa_signer_and_verifier(self):
        algs = ['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512']
        for alg in algs:
            json_priv_key = json.loads(self.json_rsa_priv_key)
            json_priv_key['alg'] = alg
            json_priv_key = json.dumps(json_priv_key)
            json_pub_key = json.loads(self.json_rsa_pub_key)
            json_pub_key['alg'] = alg
            json_pub_key = json.dumps(json_pub_key)
            json_header_rsa = dict(self.test_header_rsa)
            json_header_rsa['alg'] = alg

            # Sign
            priv_key = jws.CleartextJwkSetReader.from_json(json_priv_key)
            signer = jws.JwsPublicKeySign(priv_key)
            signed_token = signer.sign(json_header_rsa, self.test_payload)

            # Verify
            pub_key = jws.CleartextJwkSetReader.from_json(json_pub_key)
            verifier = jws.JwsPublicKeyVerify(pub_key)
            try:
                verifier.verify(signed_token)
            except SecurityException:
                self.fail('Valid token, should not throw exception')
            for modified_token in _modify_token(signed_token):
                self.assertRaises(SecurityException, verifier.verify,
                                  modified_token)
예제 #5
0
파일: jws_test.py 프로젝트: yunjoopark/jws
    def test_jws_ecdsa_verifier_with_rfc_es512(self):
        # Verify
        pub_key = jws.CleartextJwkSetReader.from_json(self.es512_ecdsa_pub_key)
        verifier = jws.JwsPublicKeyVerify(pub_key)

        try:
            verified_payload = verifier.verify(self.es512_ecdsa_token)
            self.assertEqual(b'Payload', verified_payload)
        except SecurityException:
            self.fail('Valid token, should not throw exception')
        for modified_token in _modify_token(self.es512_ecdsa_token):
            self.assertRaises(SecurityException, verifier.verify,
                              modified_token)
예제 #6
0
파일: jws_test.py 프로젝트: yunjoopark/jws
    def test_jws_rsa_verifier_with_rfc(self):
        # Set up phase: parse the key and initialize the verifier.
        keys = jws.CleartextJwkSetReader.from_json(self.json_rsa_pub_key)
        verifier = jws.JwsPublicKeyVerify(keys)

        # Use phase
        try:
            verified_payload = verifier.verify(self.rsa_token)
            self.assertEqual(
                '{"iss":"joe",\r\n "exp":1300819380,\r\n "http://example.com/is_root":true}'
                .encode('utf-8'), verified_payload)
        except SecurityException:
            self.fail('Valid token, should not throw exception')
        for modified_token in _modify_token(self.rsa_token):
            self.assertRaises(SecurityException, verifier.verify,
                              modified_token)
예제 #7
0
파일: jws_test.py 프로젝트: yunjoopark/jws
    def test_jws_verifier_with_multiple_keys(self):
        # Set up phase: parse the keys and initialize the verifier.
        keys = jws.CleartextJwkSetReader.from_json(self.json_pub_keys)
        verifier = jws.JwsPublicKeyVerify(keys)

        # Use phase
        try:
            verifier.verify(self.rsa_token)
            verifier.verify(self.es256_ecdsa_token)
        except SecurityException:
            self.fail('Valid token, should not throw exception')
        for modified_token in _modify_token(self.rsa_token):
            self.assertRaises(SecurityException, verifier.verify,
                              modified_token)
        for modified_token in _modify_token(self.es256_ecdsa_token):
            self.assertRaises(SecurityException, verifier.verify,
                              modified_token)
예제 #8
0
파일: jws_test.py 프로젝트: yunjoopark/jws
    def test_jws_ecdsa_signer_verifier_es256(self):
        # Sign
        priv_key = jws.CleartextJwkSetReader.from_json(
            self.es256_ecdsa_priv_key)
        signer = jws.JwsPublicKeySign(priv_key)
        signed_token = signer.sign(self.test_header_es256, self.test_payload)

        # Verify
        pub_key = jws.CleartextJwkSetReader.from_json(self.es256_ecdsa_pub_key)
        verifier = jws.JwsPublicKeyVerify(pub_key)
        try:
            verifier.verify(signed_token)
        except SecurityException:
            self.fail('Valid token, should not throw exception')
        for modified_token in _modify_token(signed_token):
            self.assertRaises(SecurityException, verifier.verify,
                              modified_token)
예제 #9
0
파일: jws_test.py 프로젝트: yunjoopark/jws
    def test_jws_ec_from_pem_key(self):
        # Sign the token
        rsa_priv_key = jws.CleartextJwkSetReader.from_pem(
            self.test_pem_ec_p256_priv_key.encode('utf-8'), 'ES256')
        signer = jws.JwsPublicKeySign(rsa_priv_key)
        signed_token = signer.sign(self.test_header_es256, self.test_payload)

        # Verify the token
        rsa_pub_key = jws.CleartextJwkSetReader.from_pem(
            self.test_pem_ec_p256_pub_key.encode('utf-8'), 'ES256')
        verifier = jws.JwsPublicKeyVerify(rsa_pub_key)
        try:
            verifier.verify(signed_token)
        except SecurityException:
            self.fail('Valid token, should not throw exception')
        for modified_token in _modify_token(signed_token):
            self.assertRaises(SecurityException, verifier.verify,
                              modified_token)