def test_do_remote(self):
expected_kid = "test key"
url = "https://example.com/signed_jwks"
signing_key = RSAKey(key=RSA.generate(1024), alg="RS256")
jws = create_signed_jwks(signing_key, expected_kid)
responses.add(responses.GET, url, body=jws, status=200, content_type="application/jose")
kb = SignedKeyBundle(verification_key=signing_key, source=url)
assert kb.do_remote()
assert kb.keys()[0].kid == expected_kid
def test_do_remote_reject_malformed_jwks(self):
url = "https://example.com/signed_jwks"
signing_key = RSAKey(key=RSA.generate(1024), alg="RS256")
jws = JWS("foobar", alg=signing_key.alg).sign_compact(keys=[signing_key])
responses.add(responses.GET, url, body=jws, status=200, content_type="application/jose")
kb = SignedKeyBundle(verification_key=signing_key, source=url)
with pytest.raises(UpdateFailed) as exc:
kb.do_remote()
assert "malformed" in str(exc.value)
def test_do_remote_reject_jwks_signed_with_unknown_key(self):
url = "https://example.com/signed_jwks"
signing_key = RSAKey(key=RSA.generate(1024), alg="RS256")
other_key = RSAKey(key=RSA.generate(1024), alg="RS256")
jws = create_signed_jwks(signing_key)
responses.add(responses.GET, url, body=jws, status=200, content_type="application/jose")
kb = SignedKeyBundle(verification_key=other_key, source=url)
with pytest.raises(UpdateFailed) as exc:
kb.do_remote()
assert "signature" in str(exc.value)
def test_do_remote_handles_connection_error(self):
url = "https://example.com/signed_jwks"
responses.add(responses.GET, url, body=requests.ConnectionError("Error"))
kb = SignedKeyBundle(verification_key=None, source=url)
with pytest.raises(UpdateFailed) as exc:
kb.do_remote()
