def test_no_alg_and_alg_none_same(): payload = "Please take a moment to register today" _jws = JWS(payload, alg="none") # Create a JWS (signed JWT) _jwt0 = _jws.sign_compact([]) # The class instance that sets up the signing operation _jws = JWS(payload) # Create a JWS (signed JWT) _jwt1 = _jws.sign_compact([]) assert _jwt0 == _jwt1
def test_no_alg_and_alg_none_same(): payload = "Please take a moment to register today" _jws = JWS(payload, alg="none") # Create a JWS (signed JWT) _jwt0 = _jws.sign_compact([]) # The class instance that sets up the signing operation _jws = JWS(payload) # Create a JWS (signed JWT) _jwt1 = _jws.sign_compact([]) assert _jwt0 == _jwt1
def setUpClass(cls): cls.g_config = {} with open("../src/config/config.json") as j: cls.g_config = json.load(j) wkh = WellKnownHandler(cls.g_config["auth_server_url"], secure=False) cls.__TOKEN_ENDPOINT = wkh.get(TYPE_OIDC, KEY_OIDC_TOKEN_ENDPOINT) #Generate ID Token _rsakey = RSA.generate(2048) _private_key = _rsakey.exportKey() _public_key = _rsakey.publickey().exportKey() file_out = open("private.pem", "wb") file_out.write(_private_key) file_out.close() file_out = open("public.pem", "wb") file_out.write(_public_key) file_out.close() #Admin JWT _rsajwk = RSAKey(kid='RSA1', key=import_rsa_key(_private_key)) _payload = { "iss": cls.g_config["client_id"], "sub": cls.g_config["client_id"], "aud": cls.__TOKEN_ENDPOINT, "jti": datetime.datetime.today().strftime('%Y%m%d%s'), "exp": int(time.time())+3600, "isOperator": False } _jws = JWS(_payload, alg="RS256") cls.jwt_admin = _jws.sign_compact(keys=[_rsajwk]) #ROTest user JWT _payload = { "iss": cls.g_config["client_id"], "sub": "54d10251-6cb5-4aee-8e1f-f492f1105c94", "aud": cls.__TOKEN_ENDPOINT, "jti": datetime.datetime.today().strftime('%Y%m%d%s'), "exp": int(time.time())+3600, "isOperator": False } _jws = JWS(_payload, alg="RS256") cls.jwt_rotest = _jws.sign_compact(keys=[_rsajwk]) cls.scopes = 'public_access' cls.resourceName = "TestROChangePEP" cls.PEP_HOST = "http://localhost:5566"
def _get_request_token(method: str, path: str, body: str, jti: str, iss: str, aud: str): now = int(datetime.utcnow().timestamp()) claims = { 'jti': jti, 'iat': now, 'nbf': now, 'exp': now, 'iss': iss, 'aud': aud, 'request': { 'method': method, 'path': path } } if body is not None: claims['request']['body_hash_alg'] = 'S512' claims['request']['body_hash'] = sha512( body.encode('utf8')).hexdigest() if config.verbose: print("Request JWT Claims:") print(json.dumps(claims, indent=2)) print() jws = JWS(json.dumps(claims), alg="HS256") signed_content = jws.sign_compact(keys=sig_keys) return signed_content
def __init__(self): self.g_config = {} with open("../src/config/config.json") as j: self.g_config = json.load(j) wkh = WellKnownHandler(self.g_config["auth_server_url"], secure=False) self.__TOKEN_ENDPOINT = wkh.get(TYPE_OIDC, KEY_OIDC_TOKEN_ENDPOINT) #Generate ID Token _rsakey = RSA.generate(2048) _private_key = _rsakey.exportKey() _public_key = _rsakey.publickey().exportKey() file_out = open("private.pem", "wb") file_out.write(_private_key) file_out.close() file_out = open("public.pem", "wb") file_out.write(_public_key) file_out.close() _rsajwk = RSAKey(kid='RSA1', key=import_rsa_key(_private_key)) _payload = { "iss": self.g_config["client_id"], "sub": self.g_config["client_secret"], "aud": self.__TOKEN_ENDPOINT, "jti": datetime.datetime.today().strftime('%Y%m%d%s'), "exp": int(time.time())+3600 } _jws = JWS(_payload, alg="RS256") self.jwt = _jws.sign_compact(keys=[_rsajwk]) self.scopes = 'public_access' self.resourceName = "TestResourcePEP10" self.PEP_HOST = "http://localhost:5566" status, self.resourceID = self.createTestResource() print(self.jwt) print(self.resourceID)
def _get_jwt_signature(self, params): try: jws = JWS(params, alg=self.jwt_algorithm) return jws.sign_compact(keys=self.issuer_private_keys) except NoSuitableSigningKeys: raise NoIssuerKey( "An issuer key wasn't loaded. Please run set_issuer() first.")
def _get_jwt_signature(self, params): try: jws = JWS(params, alg=self.jwt_algorithm) return jws.sign_compact(keys=self.issuer_private_keys) except NoSuitableSigningKeys: raise NoIssuerKey( "An issuer key wasn't loaded. Please run set_issuer() first.")
def encode(self, payload: dict[str, Any]) -> str: """Represent the ID Token as a JSON Web Token (JWT).""" keys = self.get_jwt_keys() # If the provider does not have an RSA Key assigned, it was switched to Symmetric self.refresh_from_db() jws = JWS(payload, alg=self.jwt_alg) return jws.sign_compact(keys)
def setUpClass(cls): cls.g_config = {} with open("../src/config/config.json") as j: cls.g_config = json.load(j) wkh = WellKnownHandler(cls.g_config["auth_server_url"], secure=False) cls.__TOKEN_ENDPOINT = wkh.get(TYPE_OIDC, KEY_OIDC_TOKEN_ENDPOINT) _rsajwk = RSAKey(kid="RSA1", key=import_rsa_key_from_file("../src/private.pem")) _payload = { "iss": cls.g_config["client_id"], "sub": cls.g_config["client_id"], "aud": cls.__TOKEN_ENDPOINT, "user_name": "admin", "jti": datetime.datetime.today().strftime('%Y%m%d%s'), "exp": int(time.time()) + 3600, "isOperator": False } _jws = JWS(_payload, alg="RS256") cls.jwt = _jws.sign_compact(keys=[_rsajwk]) cls.scopes = 'protected_access' cls.PDP_HOST = "http://" + cls.g_config["host"] cls.PDP_PORT = cls.g_config["port"] cls.UID = cls.g_config["client_id"]
def test_hmac_256(): payload = b'Please take a moment to register today' keys = [SYMKey(key=jwkest.intarr2bin(HMAC_KEY))] _jws = JWS(payload, alg="HS256") _jwt = _jws.sign_compact(keys) info = JWS().verify_compact(_jwt, keys) assert info == payload.decode("utf-8")
def test_hmac_256(): payload = b'Please take a moment to register today' keys = [SYMKey(key=jwkest.intarr2bin(HMAC_KEY))] _jws = JWS(payload, alg="HS256") _jwt = _jws.sign_compact(keys) info = JWS().verify_compact(_jwt, keys) assert info == payload.decode("utf-8")
def store_signed_jwks(keyjar, sign_keyjar, path, alg, iss=''): _jwks = keyjar.export_jwks() _jws = JWS(_jwks, alg=alg) _jwt = _jws.sign_compact( sign_keyjar.get_signing_key(owner=iss, key_type=alg2keytype(alg))) fp = open(path, 'w') fp.write(_jwt) fp.close()
def make_request_object(request_args, jwk): keys = KEYS() jws = JWS(request_args) if jwk: keys.load_jwks(json.dumps(dict(keys=[jwk]))) return jws.sign_compact(keys)
def encode_id_token(payload, client): """ Represent the ID Token as a JSON Web Token (JWT). Return a hash. """ keys = get_client_alg_keys(client) _jws = JWS(payload, alg=client.jwt_alg) return _jws.sign_compact(keys)
def encode_id_token(cls, payload, client): """ Represent the ID Token as a JSON Web Token (JWT). Return a hash. """ keys = cls.get_client_alg_keys(client) _jws = JWS(payload, alg=client.jwt_alg) return _jws.sign_compact(keys)
def to_jwt(self, key=None, algorithm="", lev=0): """ Create a signed JWT representation of the class instance. :param key: The signing key :param algorithm: The signature algorithm to use :return: A signed JWT """ _jws = JWS(self.to_json(lev), alg=algorithm, typ='JWT') return _jws.sign_compact(key)
def test_dj_usage(): key_string = open(full_path("./size2048.key"), 'r').read() key = RSA.importKey(key_string) payload = "Please take a moment to register today" keys = [RSAKey(key=key, kid=md5(key_string.encode('utf-8')).hexdigest())] _jws = JWS(payload, alg='RS256') sjwt = _jws.sign_compact(keys) _jwt = factory(sjwt) assert _jwt.jwt.headers['alg'] == 'RS256'
def test_dj_usage(): key_string = open(full_path("./size2048.key"), 'r').read() key = RSA.importKey(key_string) payload = "Please take a moment to register today" keys = [RSAKey(key=key, kid=md5(key_string.encode('utf-8')).hexdigest())] _jws = JWS(payload, alg='RS256') sjwt = _jws.sign_compact(keys) _jwt = factory(sjwt) assert _jwt.jwt.headers['alg'] == 'RS256'
def test_jws_1(): msg = {"iss": "joe", "exp": 1300819380, "http://example.com/is_root": True} jwk = SYMKey(key=jwkest.intarr2bin(HMAC_KEY)) _jws = JWS(msg, cty="JWT", alg="HS256", jwk=json.dumps(jwk.to_dict())) res = _jws.sign_compact() _jws2 = JWS(alg="HS256") _jws2.verify_compact(res) assert _jws2.msg == msg
def test_hmac_from_keyrep(): payload = "Please take a moment to register today" symkeys = [k for k in SIGKEYS if k.kty == "oct"] _jws = JWS(payload, alg="HS512") _jwt = _jws.sign_compact(symkeys) _rj = JWS() info = _rj.verify_compact(_jwt, symkeys) assert info == payload
def test_hmac_512(): payload = "Please take a moment to register today" keys = [SYMKey(key=b'My hollow echo', alg="HS512")] _jws = JWS(payload, alg="HS512") _jwt = _jws.sign_compact(keys) _rj = JWS() info = _rj.verify_compact(_jwt, keys) assert info == payload
def test_jws_1(): msg = {"iss": "joe", "exp": 1300819380, "http://example.com/is_root": True} key = SYMKey(key=jwkest.intarr2bin(HMAC_KEY)) _jws = JWS(msg, cty="JWT", alg="HS256", jwk=key.serialize()) res = _jws.sign_compact() _jws2 = JWS(alg="HS256") _jws2.verify_compact(res, keys=[key]) assert _jws2.msg == msg
def test_jws_1(): msg = {"iss": "joe", "exp": 1300819380, "http://example.com/is_root": True} key = SYMKey(key=jwkest.intarr2bin(HMAC_KEY)) _jws = JWS(msg, cty="JWT", alg="HS256", jwk=key.to_dict()) res = _jws.sign_compact() _jws2 = JWS(alg="HS256") _jws2.verify_compact(res, keys=[key]) assert _jws2.msg == msg
def test_hmac_512(): payload = "Please take a moment to register today" keys = [SYM_key(key="My hollow echo")] _jws = JWS(payload, alg="HS256") _jwt = _jws.sign_compact(keys) _rj = JWS() info = _rj.verify_compact(_jwt, keys) assert info == payload
def test_hmac_from_keyrep(): payload = "Please take a moment to register today" symkeys = [k for k in SIGKEYS if k.kty == "oct"] _jws = JWS(payload, alg="HS512") _jwt = _jws.sign_compact(symkeys) _rj = JWS() info = _rj.verify_compact(_jwt, symkeys) assert info == payload
def test_jws_1(): msg = {"iss": "joe", "exp": 1300819380, "http://example.com/is_root": True} jwk = SYMKey(key=jwkest.intarr2bin(HMAC_KEY)) jwk.serialize() _jws = JWS(msg, cty="JWT", alg="HS256", jwk=json.dumps(jwk.to_dict())) res = _jws.sign_compact() _jws2 = JWS() _jws2.verify_compact(res) assert _jws2.msg == msg
def test_signer_ps384(): payload = "Please take a moment to register today" keys = [RSAKey(key=import_rsa_key_from_file(KEY))] #keys[0]._keytype = "private" _jws = JWS(payload, alg="PS384") _jwt = _jws.sign_compact(keys) _rj = JWS() info = _rj.verify_compact(_jwt, keys) assert info == payload
def test_signer_es384(): payload = "Please take a moment to register today" _key = ECKey().load_key(P384) keys = [_key] _jws = JWS(payload, alg="ES384") _jwt = _jws.sign_compact(keys) _rj = JWS() info = _rj.verify_compact(_jwt, keys) assert info == payload
class JwtCreator: def __init__(self, map, alg, config): self.map = map self.jws = JWS(json.dumps(self.map), alg=alg) keys = [SYMKey(key=config['api_secret'], alg=alg)] self.keys = keys def sign_compact(self): self.signed = self.jws.sign_compact(keys=self.keys) return self.signed
def test_signer_ps384(): payload = "Please take a moment to register today" keys = [RSAKey(key=import_rsa_key_from_file(KEY))] #keys[0]._keytype = "private" _jws = JWS(payload, alg="PS384") _jwt = _jws.sign_compact(keys) _rj = JWS() info = _rj.verify_compact(_jwt, keys) assert info == payload
def test_rs512(): payload = "Please take a moment to register today" keys = [RSA_key(key=rsa_load(KEY))] keys[0]._keytype = "private" _jws = JWS(payload, alg="RS512") _jwt = _jws.sign_compact(keys) _rj = JWS() info = _rj.verify_compact(_jwt, keys) assert info == payload
def _to_jws(self, data: dict) -> str: """ Converts data to a jws :param data: Data to be converted to jws :return: a signed jwt """ algorithm = "RS256" _jws = JWS(json.dumps(data), alg=algorithm) return _jws.sign_compact([self.sign_key])
def encode_id_token(payload): """ Represent the ID Token as a JSON Web Token (JWT). Return a hash. """ key_string = get_rsa_key().encode('utf-8') keys = [ RSAKey(key=importKey(key_string), kid=md5(key_string).hexdigest()) ] _jws = JWS(payload, alg='RS256') return _jws.sign_compact(keys)
def test_signer_es384(): payload = "Please take a moment to register today" _key = ECKey().load_key(P384) keys = [_key] _jws = JWS(payload, alg="ES384") _jwt = _jws.sign_compact(keys) _rj = JWS() info = _rj.verify_compact(_jwt, keys) assert info == payload
def encode_id_token(payload): """ Represent the ID Token as a JSON Web Token (JWT). Return a hash. """ key_string = get_rsa_key().encode('utf-8') keys = [RSAKey(key=importKey(key_string), kid=md5(key_string).hexdigest())] _jws = JWS(payload, alg='RS256') return _jws.sign_compact(keys)
def test_1(): claimset = {"iss": "joe", "exp": 1300819380, "http://example.com/is_root": True} _jws = JWS(claimset, cty="JWT") _jwt = _jws.sign_compact() _jr = JWS() _msg = _jr.verify_compact(_jwt, allow_none=True) print(_jr) assert _jr.jwt.headers["alg"] == "none" assert _msg == claimset
def test_signer_es512(): payload = "Please take a moment to register today" _key = ECKey().load_key(P521) keys = [_key] #keys[0]._keytype = "private" _jws = JWS(payload, alg="ES512") _jwt = _jws.sign_compact(keys) _rj = JWS() info = _rj.verify_compact(_jwt, keys) assert info == payload
def test_signer_es512(): payload = "Please take a moment to register today" _key = ECKey().load_key(P521) keys = [_key] #keys[0]._keytype = "private" _jws = JWS(payload, alg="ES512") _jwt = _jws.sign_compact(keys) _rj = JWS() info = _rj.verify_compact(_jwt, keys) assert info == payload
def test_signer_es256_verbose(): payload = "Please take a moment to register today" _key = ECKey().load_key(P256) keys = [_key] _jws = JWS(payload, alg="ES256") _jwt = _jws.sign_compact(keys) _rj = JWS() info = _rj.verify_compact_verbose(_jwt, keys) assert info['msg'] == payload assert info['key'] == _key
def test_signer_ps512(): payload = "Please take a moment to register today" # Key has to be big enough > 512+512+2 keys = [RSAKey(key=import_rsa_key_from_file(full_path("./size2048.key")))] #keys[0]._keytype = "private" _jws = JWS(payload, alg="PS512") _jwt = _jws.sign_compact(keys) _rj = factory(_jwt) info = _rj.verify_compact(_jwt, keys) assert info == payload
def encode_id_token(payload): """ Represent the ID Token as a JSON Web Token (JWT). Return a hash. """ keys = [ RSAKey(key=importKey(get_rsa_key())) ] _jws = JWS(payload, alg='RS256') _jwt = _jws.sign_compact(keys) return _jwt.decode('utf-8')
def test_signer_es256_verbose(): payload = "Please take a moment to register today" _key = ECKey().load_key(P256) keys = [_key] _jws = JWS(payload, alg="ES256") _jwt = _jws.sign_compact(keys) _rj = JWS() info = _rj.verify_compact_verbose(_jwt, keys) assert info['msg'] == payload assert info['key'] == _key
def test_signer_ps512(): payload = "Please take a moment to register today" # Key has to be big enough > 512+512+2 keys = [RSAKey(key=import_rsa_key_from_file(full_path("./size2048.key")))] #keys[0]._keytype = "private" _jws = JWS(payload, alg="PS521") _jwt = _jws.sign_compact(keys) _rj = JWS() info = _rj.verify_compact(_jwt, keys) assert info == payload
def to_jwt(self, key=None, algorithm="", lev=0): """ Create a signed JWT representation of the class instance :param key: The signing key :param algorithm: The signature algorithm to use :return: A signed JWT """ _jws = JWS(self.to_json(lev), alg=algorithm) return _jws.sign_compact(key)
def setUpClass(cls): cls.g_config = {} with open("../src/config/config.json") as j: cls.g_config = json.load(j) wkh = WellKnownHandler(cls.g_config["auth_server_url"], secure=False) cls.__TOKEN_ENDPOINT = wkh.get(TYPE_OIDC, KEY_OIDC_TOKEN_ENDPOINT) _rsajwk = RSAKey( kid="RSA1", key=import_rsa_key_from_file("../src/config/private.pem")) _payload = { "iss": cls.g_config["client_id"], "sub": cls.g_config["client_id"], "aud": cls.__TOKEN_ENDPOINT, "user_name": "admin", "jti": datetime.datetime.today().strftime('%Y%m%d%s'), "exp": int(time.time()) + 3600, "isOperator": False } _jws = JWS(_payload, alg="RS256") _payload_ownership = { "iss": cls.g_config["client_id"], "sub": "54d10251-6cb5-4aee-8e1f-f492f1105c94", "aud": cls.__TOKEN_ENDPOINT, "user_name": "admin", "jti": datetime.datetime.today().strftime('%Y%m%d%s'), "exp": int(time.time()) + 3600, "isOperator": False } _jws_ownership = JWS(_payload_ownership, alg="RS256") cls.jwt = _jws.sign_compact(keys=[_rsajwk]) cls.jwt_rotest = _jws_ownership.sign_compact(keys=[_rsajwk]) #cls.scopes = 'public_access' cls.scopes = 'protected_access' cls.resourceName = "TestResourcePEP" cls.PEP_HOST = "http://localhost:5566" cls.PEP_RES_HOST = "http://localhost:5576"
def _to_jws(self, data): """ Converts data to a jws :type data: Any :rtype: str :param data: Data to be converted to jws :return: a jws """ algorithm = "RS256" _jws = JWS(json.dumps(data), alg=algorithm) return _jws.sign_compact([self.sign_key])
def to_jwt(self, key=None, algorithm="", lev=0, lifetime=0): """ Create a signed JWT representation of the class instance :param key: The signing key :param algorithm: The signature algorithm to use :param lev: :param lifetime: The lifetime of the JWS :return: A signed JWT """ _jws = JWS(self.to_json(lev), alg=algorithm) return _jws.sign_compact(key)
def test_1(): claimset = {"iss": "joe", "exp": 1300819380, "http://example.com/is_root": True} _jws = JWS(claimset, cty="JWT") _jwt = _jws.sign_compact() _jr = JWS() _msg = _jr.verify_compact(_jwt, allow_none=True) print(_jr) assert _jr.jwt.headers["alg"] == 'none' assert _msg == claimset
def _to_jws(self, data): """ Converts data to a jws :type data: Any :rtype: str :param data: Data to be converted to jws :return: a jws """ algorithm = "RS256" _jws = JWS(json.dumps(data), alg=algorithm) return _jws.sign_compact([self.sign_key])
def test_signing(): kb = keybundle_from_local_file("file://jwk.json", "jwk", ["ver", "sig"]) assert len(kb) == 1 kj = KeyJar() kj.issuer_keys[""] = [kb] keys = kj.get_signing_key() payload = "Please take a moment to register today" _jws = JWS(payload, alg="RS512") try: _jwt = _jws.sign_compact(keys) assert False except (NoSuitableSigningKeys, WrongTypeOfKey): assert True
def test_signer_ps256_fail(): payload = "Please take a moment to register today" keys = [RSAKey(key=import_rsa_key_from_file(KEY))] #keys[0]._keytype = "private" _jws = JWS(payload, alg="PS256") _jwt = _jws.sign_compact(keys)[:-1] + "a" _rj = JWS() try: _rj.verify_compact(_jwt, keys) except jwkest.BadSignature: pass else: assert False
def test_signer_ps256_fail(): payload = "Please take a moment to register today" keys = [RSAKey(key=import_rsa_key_from_file(KEY))] #keys[0]._keytype = "private" _jws = JWS(payload, alg="PS256") _jwt = _jws.sign_compact(keys)[:-5] + 'abcde' _rj = JWS() try: _rj.verify_compact(_jwt, keys) except jwkest.BadSignature: pass else: assert False
def store_signed_jwks_uri(self): """ :return: """ file_name = 'static/signed_jwks' _jwks = self.keyjar.export_jwks() _jws = JWS(_jwks) _jwt = _jws.sign_compact( self.federation_entity.keyjar.get_signing_key()) fp = open(file_name, 'w') fp.write(_jwt) fp.close() return ''.join([self.baseurl, file_name])
def test_signer_es512(): payload = "Please take a moment to register today" _key = ECKey(crv="P-521", x="AekpBQ8ST8a8VcfVOTNl353vSrDCLLJXmPk06wTjxrrjcBpXp5EOnYG_NjFZ6OvLFV1jSfS9tsz4qUxcWceqwQGk", y="ADSmRA43Z1DSNx_RvcLI87cdL07l6jQyyBXMoxVg_l2Th-x3S1WDhjDly79ajL4Kkd0AZMaZmh9ubmf63e3kyMj2", d="AY5pb7A0UFiB3RELSD64fTLOSV_jazdF7fLYyuTw8lOfRhWg6Y6rUrPAxerEzgdRhajnu0ferB0d53vM9mE15j2C") keys = [_key] #keys[0]._keytype = "private" _jws = JWS(payload, alg="ES512") _jwt = _jws.sign_compact(keys) _rj = JWS() info = _rj.verify_compact(_jwt, keys) assert info == payload
def test_signing(): # Signing is only possible if key is a private RSA key kb = keybundle_from_local_file("rsa.key", "rsa", ["ver", "sig"]) assert len(kb) == 2 kj = KeyJar() kj.issuer_keys[""] = [kb] keys = kj.get_signing_key() payload = "Please take a moment to register today" _jws = JWS(payload, alg="RS512") try: _jwt = _jws.sign_compact(keys) assert True except (NoSuitableSigningKeys, WrongTypeOfKey): assert False
def encode(self, payload): """Encode the provided payload.""" keys = KEYS() if self.asymmetric: keys.add(RSAKey(key=RSA.importKey(settings.JWT_PRIVATE_SIGNING_KEY))) algorithm = 'RS512' else: key = self.secret if self.secret else self.jwt_auth['JWT_SECRET_KEY'] keys.add({'key': key, 'kty': 'oct'}) algorithm = self.jwt_auth['JWT_ALGORITHM'] data = json.dumps(payload) jws = JWS(data, alg=algorithm) return jws.sign_compact(keys=keys)
def test_1(): claimset = {"iss": "joe", "exp": 1300819380, "http://example.com/is_root": True} _jws = JWS(claimset, cty="JWT") _jwt = _jws.sign_compact() _jr = JWS() _jr.verify_compact(_jwt) print _jr assert _jr.alg == u'none' assert _jr.msg == {"iss": "joe", "exp": 1300819380, "http://example.com/is_root": True}
def sign(msg, key, alg="", msgtype=None): """ :param msg: The message to sign :param key: The signing key :param alg: Which signing algorithm to use, this information may appear in the headers dictionary :param msgtype: The type of payload :return: A JWS """ _jws = JWS(msg, alg=alg) if msgtype: _jws["typ"] = msgtype return _jws.sign_compact(key)
def fxa_preverify_token(user, expiry): """ Takes a user and a timedelta and generates a preverify token for FxA OAuth. See https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#preverifytoken for details. """ msg = { 'exp': get_token_expiry(expiry), 'aud': settings.FXA_AUTH_DOMAIN, 'sub': user.email, 'typ': 'mozilla/fxa/preVerifyToken/v1', } jws = JWS(msg, cty='JWT', alg='RS256', kid=PREVERIFY_KEY.kid, jku=absolutify(reverse('fxa-preverify-key'))) return jws.sign_compact([PREVERIFY_KEY])
def encode(self, payload): """Encode the provided payload.""" keys = jwk.KEYS() if self.asymmetric: serialized_keypair = json.loads(self.jwt_auth['JWT_PRIVATE_SIGNING_JWK']) keys.add(serialized_keypair) algorithm = self.jwt_auth['JWT_SIGNING_ALGORITHM'] else: key = self.secret if self.secret else self.jwt_auth['JWT_SECRET_KEY'] keys.add({'key': key, 'kty': 'oct'}) algorithm = self.jwt_auth['JWT_ALGORITHM'] data = json.dumps(payload) jws = JWS(data, alg=algorithm) return jws.sign_compact(keys=keys)