def test_jwe_header_contains_kid(self): jwe_protected_header = bytes('{"alg":"RSA-OAEP","enc":"A256GCM"}', 'utf-8') encoder = Encoder(*self.encoder_args) jwe = encoder.encrypt_token(VALID_SIGNED_JWT.encode(), self.kid, jwe_protected_header=jwe_protected_header) self.assert_in_decrypt_exception(jwe.decode(), "Missing kid")
def test_invalid_enc(self): jwe_protected_header = bytes( '{"alg":"PBES2_HS256_A128KW","enc":"A128GCM","kid":"' + self.kid + '"}', 'utf-8') encoder = Encoder(*self.encoder_args) jwe = encoder.encrypt_token(VALID_SIGNED_JWT.encode(), self.kid, jwe_protected_header=jwe_protected_header) self.assert_in_decrypt_exception(jwe.decode(), "Algorithm not allowed")
def test_jwe_key_not_2048_bits(self): cek = os.urandom(32) encoder = Encoder(*self.encoder_args) encoder.cek = cek encrypted_key = encoder._encrypted_key(cek) # pylint: disable=protected-access encrypted_key = encrypted_key[0:-2] jwe = encoder.encrypt_token(VALID_SIGNED_JWT.encode(), self.kid, encrypted_key=encrypted_key) self.assert_in_decrypt_exception(jwe.decode(), "ValueError")
def test_cipher_text_corrupted(self): encoder = Encoder(*self.encoder_args) jwe = encoder.encrypt_token(VALID_SIGNED_JWT.encode(), self.kid) tokens = jwe.decode().split('.') jwe_protected_header = tokens[0] encrypted_key = tokens[1] encoded_iv = tokens[2] encoded_cipher_text = tokens[3] encoded_tag = tokens[4] corrupted_cipher = encoded_cipher_text[0:-1] reassembled = jwe_protected_header + "." + encrypted_key + "." + encoded_iv + "." + corrupted_cipher + "." + encoded_tag with pytest.raises(InvalidTokenException): JWEHelper.decrypt(reassembled, self.key_store, KEY_PURPOSE_AUTHENTICATION)