def test_generate_compute_verify_mac(self): keyset_servicer = services.KeysetServicer() jwt_servicer = jwt_service.JwtServicer() template = jwt.jwt_hs256_template().SerializeToString() gen_request = testing_api_pb2.KeysetGenerateRequest(template=template) gen_response = keyset_servicer.Generate(gen_request, self._ctx) self.assertEqual(gen_response.WhichOneof('result'), 'keyset') keyset = gen_response.keyset comp_request = testing_api_pb2.JwtSignRequest(keyset=keyset) comp_request.raw_jwt.issuer.value = 'issuer' comp_request.raw_jwt.subject.value = 'subject' comp_request.raw_jwt.custom_claims['myclaim'].bool_value = True comp_request.raw_jwt.expiration.seconds = 1334 comp_request.raw_jwt.expiration.nanos = 123000000 comp_response = jwt_servicer.ComputeMacAndEncode(comp_request, self._ctx) self.assertEqual(comp_response.WhichOneof('result'), 'signed_compact_jwt') signed_compact_jwt = comp_response.signed_compact_jwt verify_request = testing_api_pb2.JwtVerifyRequest( keyset=keyset, signed_compact_jwt=signed_compact_jwt) verify_request.validator.expected_issuer.value = 'issuer' verify_request.validator.expected_subject.value = 'subject' verify_request.validator.now.seconds = 1234 verify_response = jwt_servicer.VerifyMacAndDecode(verify_request, self._ctx) self.assertEqual(verify_response.WhichOneof('result'), 'verified_jwt') self.assertEqual(verify_response.verified_jwt.issuer.value, 'issuer') self.assertEqual(verify_response.verified_jwt.subject.value, 'subject') self.assertEqual(verify_response.verified_jwt.expiration.seconds, 1334) self.assertEqual(verify_response.verified_jwt.expiration.nanos, 0)
def test_generate_compute_verify_signature(self): keyset_servicer = services.KeysetServicer() jwt_servicer = jwt_service.JwtServicer() template = jwt.jwt_es256_template().SerializeToString() gen_request = testing_api_pb2.KeysetGenerateRequest(template=template) gen_response = keyset_servicer.Generate(gen_request, self._ctx) self.assertEqual(gen_response.WhichOneof('result'), 'keyset') private_keyset = gen_response.keyset comp_request = testing_api_pb2.JwtSignRequest(keyset=private_keyset) comp_request.raw_jwt.issuer.value = 'issuer' comp_request.raw_jwt.subject.value = 'subject' comp_request.raw_jwt.custom_claims['myclaim'].bool_value = True comp_response = jwt_servicer.PublicKeySignAndEncode(comp_request, self._ctx) self.assertEqual(comp_response.WhichOneof('result'), 'signed_compact_jwt') signed_compact_jwt = comp_response.signed_compact_jwt pub_request = testing_api_pb2.KeysetPublicRequest( private_keyset=private_keyset) pub_response = keyset_servicer.Public(pub_request, self._ctx) self.assertEqual(pub_response.WhichOneof('result'), 'public_keyset') public_keyset = pub_response.public_keyset verify_request = testing_api_pb2.JwtVerifyRequest( keyset=public_keyset, signed_compact_jwt=signed_compact_jwt) verify_request.validator.expected_issuer.value = 'issuer' verify_request.validator.expected_subject.value = 'subject' verify_request.validator.allow_missing_expiration = True verify_response = jwt_servicer.PublicKeyVerifyAndDecode( verify_request, self._ctx) self.assertEqual(verify_response.WhichOneof('result'), 'verified_jwt') self.assertEqual(verify_response.verified_jwt.issuer.value, 'issuer')
def compute_mac_and_encode(self, raw_jwt: jwt.RawJwt) -> str: request = testing_api_pb2.JwtSignRequest( keyset=self._keyset, raw_jwt=raw_jwt_to_proto(raw_jwt)) response = self._stub.ComputeMacAndEncode(request) if response.err: raise tink.TinkError(response.err) return response.signed_compact_jwt
def sign_and_encode(self, raw_jwt: jwt.RawJwt) -> Text: request = testing_api_pb2.JwtSignRequest( keyset=self._keyset, raw_jwt=raw_jwt_to_proto(raw_jwt)) response = self._stub.PublicKeySignAndEncode(request) if response.err: raise tink.TinkError(response.err) return response.signed_compact_jwt
def test_generate_compute_verify_mac_without_expiration(self): keyset_servicer = services.KeysetServicer() jwt_servicer = jwt_service.JwtServicer() template = jwt.jwt_hs256_template().SerializeToString() gen_request = testing_api_pb2.KeysetGenerateRequest(template=template) gen_response = keyset_servicer.Generate(gen_request, self._ctx) self.assertEqual(gen_response.WhichOneof('result'), 'keyset') keyset = gen_response.keyset comp_request = testing_api_pb2.JwtSignRequest(keyset=keyset) comp_request.raw_jwt.issuer.value = 'issuer' comp_response = jwt_servicer.ComputeMacAndEncode( comp_request, self._ctx) self.assertEqual(comp_response.WhichOneof('result'), 'signed_compact_jwt') signed_compact_jwt = comp_response.signed_compact_jwt verify_request = testing_api_pb2.JwtVerifyRequest( keyset=keyset, signed_compact_jwt=signed_compact_jwt) verify_request.validator.expected_issuer.value = 'issuer' verify_request.validator.allow_missing_expiration = True verify_response = jwt_servicer.VerifyMacAndDecode( verify_request, self._ctx) print(verify_response.err) self.assertEqual(verify_response.WhichOneof('result'), 'verified_jwt') self.assertEqual(verify_response.verified_jwt.issuer.value, 'issuer')