Пример #1
0
    def test_authentication_tag_not_128_bits(self):
        encoder = Encoder(*self.encoder_args)
        jwe = encoder.encrypt_token(VALID_SIGNED_JWT.encode(),
                                    tag=os.urandom(10))

        self.assertInDecryptException(
            jwe.decode(), "'Authentication tag must be 16 bytes or longer")
Пример #2
0
def generate_token():
    encoder = Encoder()
    user = os.getenv('USER', 'UNKNOWN')
    payload = create_payload(user)
    token = encoder.encode(payload)
    encrypted_token = encoder.encrypt_token(token)
    return encrypted_token
Пример #3
0
    def test_authentication_tag_corrupted(self):
        encoder = Encoder()
        jwe = encoder.encrypt_token(VALID_SIGNED_JWT.encode(),
                                    tag=b'adssadsadsadsadasdasdasads')

        decoder = JWTDecryptor()
        with self.assertRaises(InvalidTokenException):
            decoder.decrypt_jwt_token(jwe.decode())
Пример #4
0
    def test_jwe_header_only_contains_alg_and_enc(self):
        jwe_protected_header = b'{"alg":"RSA-OAEP","enc":"A256GCM", "test":"test"}'
        encoder = Encoder(*self.encoder_args)
        jwe = encoder.encrypt_token(
            VALID_SIGNED_JWT.encode(),
            jwe_protected_header=encoder._base_64_encode(jwe_protected_header))  # pylint: disable=protected-access

        self.assertInDecryptException(jwe.decode(), "InvalidTag")
Пример #5
0
    def test_invalid_enc(self):
        jwe_protected_header = b'{"alg":"RSA-OAEP","enc":"A128GCM"}'
        encoder = Encoder(*self.encoder_args)
        jwe = encoder.encrypt_token(
            VALID_SIGNED_JWT.encode(),
            jwe_protected_header=encoder._base_64_encode(jwe_protected_header))  # pylint: disable=protected-access

        self.assertInDecryptException(jwe.decode(), "Invalid Encoding")
Пример #6
0
    def test_invalid_algorithm(self):
        jwe_protected_header = b'{"alg":"PBES2_HS256_A128KW","enc":"A256GCM"}'
        encoder = Encoder(*self.encoder_args)
        jwe = encoder.encrypt_token(
            VALID_SIGNED_JWT.encode(),
            jwe_protected_header=encoder._base_64_encode(jwe_protected_header))  # pylint: disable=protected-access

        self.assertInDecryptException(jwe.decode(), "Invalid Algorithm")
Пример #7
0
    def test_missing_algorithm(self):
        jwe_protected_header = b'{"enc":"A256GCM"}'
        encoder = Encoder(*self.encoder_args)
        jwe = encoder.encrypt_token(
            VALID_SIGNED_JWT.encode(),
            jwe_protected_header=encoder._base_64_encode(jwe_protected_header))  # pylint: disable=protected-access

        self.assertInDecryptException(jwe.decode(), "Missing Algorithm")
Пример #8
0
    def test_iv_not_96_bits(self):
        iv = os.urandom(45)

        encoder = Encoder(*self.encoder_args)
        encoder.iv = iv
        jwe = encoder.encrypt_token(VALID_SIGNED_JWT.encode())

        self.assertInDecryptException(jwe.decode(), "IV incorrect length")
Пример #9
0
    def test_cek_not_256_bits(self):
        cek = os.urandom(24)

        encoder = Encoder(*self.encoder_args)
        encoder.cek = cek
        jwe = encoder.encrypt_token(VALID_SIGNED_JWT.encode())

        self.assertInDecryptException(jwe.decode(), "CEK incorrect length")
Пример #10
0
def generate_token():
    from app.cryptography.jwt_encoder import Encoder
    encoder = Encoder()
    user = os.getenv('USER', 'UNKNOWN')
    payload = create_payload(user)
    token = encoder.encode(payload)
    encrypted_token = encoder.encrypt_token(token)
    return encrypted_token
Пример #11
0
 def test_fully_encrypted(self):
     encoder = Encoder()
     payload = self.create_payload()
     token = encoder.encode(payload)
     encrypted_token = encoder.encrypt_token(token)
     response = self.client.get('/session?token=' +
                                encrypted_token.decode())
     self.assertEqual(302, response.status_code)
Пример #12
0
def generate_token(payload):
    rrm_private_key = current_app.config['EQ_USER_AUTHENTICATION_RRM_PRIVATE_KEY']
    rrm_private_key_password = current_app.config['EQ_USER_AUTHENTICATION_RRM_PRIVATE_KEY_PASSWORD']
    sr_public_key = current_app.config['EQ_USER_AUTHENTICATION_SR_PUBLIC_KEY']
    encoder = Encoder(rrm_private_key, rrm_private_key_password, sr_public_key)
    token = encoder.encode(payload)
    encrypted_token = encoder.encrypt_token(token)
    return encrypted_token
Пример #13
0
 def test_fully_encrypted(self):
     encoder = Encoder(TEST_DO_NOT_USE_RRM_PRIVATE_KEY,
                       TEST_DO_NOT_USE_PASSWORD,
                       TEST_DO_NOT_USE_SR_PUBLIC_KEY)
     payload = self.create_payload()
     token = encoder.encode(payload)
     encrypted_token = encoder.encrypt_token(token)
     response = self.client.get('/session?token=' +
                                encrypted_token.decode())
     self.assertEqual(302, response.status_code)
Пример #14
0
    def test_authentication_tag_not_128_bits(self):
        encoder = Encoder()
        jwe = encoder.encrypt_token(VALID_SIGNED_JWT.encode(),
                                    tag=os.urandom(10))

        decoder = JWTDecryptor()
        with self.assertRaises(InvalidTokenException) as ite:
            decoder.decrypt_jwt_token(jwe.decode())
        self.assertIn("'Authentication tag must be 16 bytes or longer",
                      ite.exception.value)
Пример #15
0
    def test_iv_not_96_bits(self):
        iv = os.urandom(45)

        encoder = Encoder()
        encoder.iv = iv
        jwe = encoder.encrypt_token(VALID_SIGNED_JWT.encode())

        decoder = JWTDecryptor()
        with self.assertRaises(InvalidTokenException) as ite:
            decoder.decrypt_jwt_token(jwe.decode())
            self.assertIn("IV incorrect length", ite.exception.value)
Пример #16
0
    def test_cek_not_256_bits(self):
        cek = os.urandom(24)

        encoder = Encoder()
        encoder.cek = cek
        jwe = encoder.encrypt_token(VALID_SIGNED_JWT.encode())

        decoder = JWTDecryptor()
        with self.assertRaises(InvalidTokenException) as ite:
            decoder.decrypt_jwt_token(jwe.decode())
        self.assertIn("CEK incorrect length", ite.exception.value)
Пример #17
0
    def test_jwe_key_not_2048_bits(self):
        cek = os.urandom(32)

        encoder = Encoder(*self.encoder_args)
        encoder.cek = cek
        encrypted_key = encoder._encrypted_key(cek)  # pylint: disable=protected-access
        encrypted_key = encrypted_key[0:len(encrypted_key) - 2]
        jwe = encoder.encrypt_token(VALID_SIGNED_JWT.encode(),
                                    encrypted_key=encrypted_key)

        self.assertInDecryptException(jwe.decode(), "ValueError")
Пример #18
0
    def test_jwe_header_only_contains_alg_and_enc(self):
        jwe_protected_header = b'{"alg":"RSA-OAEP","enc":"A256GCM", "test":"test"}'
        encoder = Encoder()
        jwe = encoder.encrypt_token(
            VALID_SIGNED_JWT.encode(),
            jwe_protected_header=encoder._base_64_encode(jwe_protected_header))  # pylint: disable=protected-access

        decoder = JWTDecryptor()
        with self.assertRaises(InvalidTokenException) as ite:
            decoder.decrypt_jwt_token(jwe.decode())
        self.assertIn("InvalidTag", ite.exception.value)
Пример #19
0
    def test_invalid_algorithm(self):
        jwe_protected_header = b'{"alg":"PBES2_HS256_A128KW","enc":"A256GCM"}'
        encoder = Encoder()
        jwe = encoder.encrypt_token(
            VALID_SIGNED_JWT.encode(),
            jwe_protected_header=encoder._base_64_encode(jwe_protected_header))  # pylint: disable=protected-access

        decoder = JWTDecryptor()
        with self.assertRaises(InvalidTokenException) as ite:
            decoder.decrypt_jwt_token(jwe.decode())
        self.assertIn("Invalid Algorithm", ite.exception.value)
Пример #20
0
    def test_enc_missing(self):
        jwe_protected_header = b'{"alg":"RSA-OAEP"}'

        encoder = Encoder()
        jwe = encoder.encrypt_token(
            VALID_SIGNED_JWT.encode(),
            jwe_protected_header=encoder._base_64_encode(jwe_protected_header))  # pylint: disable=protected-access

        decoder = JWTDecryptor()
        with self.assertRaises(InvalidTokenException) as ite:
            decoder.decrypt_jwt_token(jwe.decode())
        self.assertIn("Missing Encoding", ite.exception.value)
Пример #21
0
    def test_jwe_key_not_2048_bits(self):
        cek = os.urandom(32)

        encoder = Encoder()
        encoder.cek = cek
        encrypted_key = encoder._encrypted_key(cek)  # pylint: disable=protected-access
        encrypted_key = encrypted_key[0:len(encrypted_key) - 2]
        jwe = encoder.encrypt_token(VALID_SIGNED_JWT.encode(),
                                    encrypted_key=encrypted_key)

        decoder = JWTDecryptor()
        with self.assertRaises(InvalidTokenException) as ite:
            decoder.decrypt_jwt_token(jwe.decode())
        self.assertIn("ValueError", ite.exception.value)
Пример #22
0
    def test_cipher_text_corrupted(self):
        encoder = Encoder()
        jwe = encoder.encrypt_token(VALID_SIGNED_JWT.encode())

        tokens = jwe.decode().split('.')
        jwe_protected_header = tokens[0]
        encrypted_key = tokens[1]
        encoded_iv = tokens[2]
        encoded_cipher_text = tokens[3]
        encoded_tag = tokens[4]

        corrupted_cipher = encoded_cipher_text[0:len(encoded_cipher_text) - 1]
        reassembled = jwe_protected_header + "." + encrypted_key + "." + encoded_iv + "." + corrupted_cipher + "." + encoded_tag

        decoder = JWTDecryptor()
        with self.assertRaises(InvalidTokenException):
            decoder.decrypt_jwt_token(reassembled)
Пример #23
0
def generate_token(payload):
    encoder = Encoder()
    token = encoder.encode(payload)
    encrypted_token = encoder.encrypt_token(token)
    return encrypted_token