def test_non_json_header_is_parse_error(self): jwe_str = "ciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0." \ "UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7" \ "Zx0-kFm1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgN" \ "Z__deLKxGHZ7PcHALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRir" \ "b6Y5Cl_p-ko3YvkkysZIFNPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8" \ "OtvzlV7elprCbuPhcCdZ6XDP0_F8rkXds2vE4X-ncOIM8hAYHHi29NX0m" \ "cKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv-B3oWh2TbqmScqXMR4gp_A" \ "." \ "AxY8DCtDaGlsbGljb3RoZQ." \ "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY." \ "9hH0vgRfYgPnAHOd8stkvw" with pytest.raises(JWEParseError): jwe.decrypt(jwe_str, "key")
def decrypt_token(encrypted_token: str, key: str) -> Token: try: decrypted_token = jwe.decrypt(encrypted_token.encode('utf-8'), key).decode('utf-8') return Token(**json.loads(decrypted_token)) except (JOSEError, JWKError, JWEError): traceback.print_exc(file=sys.stderr) return None
def test_decrypt_oct_256_key_wrap(self, jwe_package): headers = jwe.get_unverified_header(jwe_package) if headers["alg"] not in ALGORITHMS.SUPPORTED: pytest.skip("alg {} not supported".format(headers["alg"])) if headers["enc"] not in ALGORITHMS.SUPPORTED: pytest.skip("enc {} not supported".format(headers["enc"])) key = OCT_256_BIT_KEY actual = jwe.decrypt(jwe_package, key) assert actual == b"Live long and prosper."
def verify_password_reset_token(token: str) -> Optional[Tuple[str, str]]: try: decoded_token = jwt.decode(token, settings.SECRET_KEY, algorithms=["HS256"]) decoded_password = jwe.decrypt(decoded_token["password"], settings.SECRET_KEY).decode("utf-8") return decoded_token["sub"], decoded_password except jwt.JWTError: return None
def test_encrypt_decrypt_aes_kw(self, alg, enc, zip): if alg == ALGORITHMS.A128KW: key = OCT_128_BIT_KEY elif alg == ALGORITHMS.A192KW: key = OCT_192_BIT_KEY elif alg == ALGORITHMS.A256KW: key = OCT_256_BIT_KEY else: pytest.fail(f"I don't know how to handle enc {alg}") expected = b"Live long and prosper." jwe_value = jwe.encrypt(expected[:], key, enc, alg, zip) actual = jwe.decrypt(jwe_value, key) assert actual == expected
def test_encrypt_decrypt_dir_kw(self, enc, zip): if enc == ALGORITHMS.A128GCM: key = OCT_128_BIT_KEY elif enc == ALGORITHMS.A192GCM: key = OCT_192_BIT_KEY elif enc in (ALGORITHMS.A128CBC_HS256, ALGORITHMS.A256GCM): key = OCT_256_BIT_KEY elif enc == ALGORITHMS.A192CBC_HS384: key = OCT_384_BIT_KEY elif enc == ALGORITHMS.A256CBC_HS512: key = OCT_512_BIT_KEY else: pytest.fail(f"I don't know how to handle enc {enc}") expected = b"Live long and prosper." jwe_value = jwe.encrypt(expected[:], key, enc, ALGORITHMS.DIR, zip) actual = jwe.decrypt(jwe_value, key) assert actual == expected
def test_encrypt_decrypt_rsa_kw(self, alg, enc, zip): expected = b"Live long and prosper." jwe_value = jwe.encrypt(expected[:], PUBLIC_KEY_PEM, enc, alg, zip) actual = jwe.decrypt(jwe_value, PRIVATE_KEY_PEM) assert actual == expected
def test_invalid_jwe_is_parse_error(self): with pytest.raises(JWEParseError): jwe.decrypt("invalid", "key")