def test_signer_protected_headers():
payload = "Please take a moment to register today"
eck = ec.generate_private_key(ec.SECP256R1(), default_backend())
_key = ECKey().load_key(eck)
keys = [_key]
_jws = JWS(payload, alg="ES256")
protected = dict(header1=u"header1 is protected",
header2="header2 is protected too",
a=1)
_jwt = _jws.sign_compact(keys, protected=protected)
exp_protected = protected.copy()
exp_protected["alg"] = "ES256"
enc_header, enc_payload, sig = _jwt.split(".")
assert json.loads(b64d(
enc_header.encode("utf-8")).decode("utf-8")) == exp_protected
assert b64d(enc_payload.encode("utf-8")).decode("utf-8") == payload
_pub_key = ECKey().load_key(eck.public_key())
_rj = JWS(alg="ES256")
info = _rj.verify_compact(_jwt, [_pub_key])
assert info == payload
# Protected by default
protected["alg"] = "ES256"
assert _rj.protected_headers() == protected
def test_verify_json_flattened_syntax():
key = ECKey().load_key(P256())
protected_headers = {"foo": "bar"}
unprotected_headers = {"abc": "xyz"}
payload = "hello world"
_jwt = JWS(msg=payload, alg="ES256").sign_json(headers=[
(protected_headers, unprotected_headers)
],
keys=[key],
flatten=True)
vkeys = [ECKey().load_key(key.public_key())]
_jws = JWS()
assert _jws.verify_json(_jwt, keys=vkeys)
assert _jws.protected_headers() == {"alg": "ES256", "foo": "bar"}
def test_verify_json():
eck = ec.generate_private_key(ec.SECP256R1(), default_backend())
key = ECKey().load_key(eck)
payload = "hello world"
unprotected_headers = {"abc": "xyz"}
protected_headers = {"foo": "bar"}
_jwt = JWS(msg=payload, alg="ES256").sign_json(headers=[
(protected_headers, unprotected_headers)
],
keys=[key])
vkeys = [ECKey().load_key(eck.public_key())]
_jws = JWS()
assert _jws.verify_json(_jwt, keys=vkeys)
_protected = _jws.protected_headers()
assert set(_protected.keys()) == {"foo", "alg"}
assert _protected["foo"] == protected_headers["foo"]
# alg is always protected by default
assert _protected["alg"] == "ES256"
