def test_valid_keyset_1_sig(self): jwks_json = """ { "keys": [ { "kty": "EC", "use": "sig", "alg": "ES256", "kid": "54M7LspsUfvbirxoLfGeTQp8oCVducfvt0DEU8W4Wcc", "crv": "P-256", "x": "SM85B9i8alfba9WcWehUYY5WTn6lnRQ9ivlOGrIELzY", "y": "I9Agmt_PyqNv3LLkcCBA3iNmi9dieDNrXHnQdplNvHI" } ] } """ jwks = json.loads(jwks_json) (actual_is_valid, actual_issues) = validate_keyset(jwks) actual_issue_types = [issue.type for issue in actual_issues] expected_is_valid = True expected_issue_types = [] self.assertEqual(actual_is_valid, expected_is_valid) self.assertEqual(actual_issue_types, expected_issue_types)
def test_empty_keys_prop(self): jwks_json = """ { "keys": [] } """ jwks = json.loads(jwks_json) (actual_is_valid, actual_issues) = validate_keyset(jwks) actual_issue_types = [issue.type for issue in actual_issues] expected_is_valid = False expected_issue_types = [ IssueType.KEYS_PROPERTY_EMPTY ] self.assertEqual(actual_is_valid, expected_is_valid) self.assertEqual(actual_issue_types, expected_issue_types)
def test_keys_prop_missing(self): jwks_json = """ { "test": "value" } """ jwks = json.loads(jwks_json) (actual_is_valid, actual_issues) = validate_keyset(jwks) actual_issue_types = [issue.type for issue in actual_issues] expected_is_valid = False expected_issue_types = [ IssueType.KEYS_PROPERTY_MISSING ] self.assertEqual(actual_is_valid, expected_is_valid) self.assertEqual(actual_issue_types, expected_issue_types)
def test_invalid_keyset_1_key_invalid(self): jwks_json = """ { "keys": [ { "kty": "EC", "use": "sig", "alg": "ES256", "kid": "54M7LspsUfvbirxoLfGeTQp8oCVducfvt0DEU8W4Wcc", "crv": "P-256", "x": "SM85B9i8alfba9WcWehUYY5WTn6lnRQ9ivlOGrIELzY", "y": "I9Agmt_PyqNv3LLkcCBA3iNmi9dieDNrXHnQdplNvHI" }, { "kty": "EC", "use": "sig", "alg": "ES256", "kid": "5iNYX3Im0lBD4B3tZTQRkDw1BsJROIrcnYOsb6qjAHM", "crv": "P-256", "x": "4Tisi9KVtl3YRZailW14pHCVGSBnkR8EXd1RUQ36egc", "y": "hx8z_yr_yVaor-lZsVPeGKC8RT1Vk4iX-gxjZKF8MK0", "d": "0OaOfIFXiSLKfYVM01_4DjhleNafW4JjjMc50Ge0GRk" } ] } """ jwks = json.loads(jwks_json) (actual_is_valid, actual_issues) = validate_keyset(jwks) expected_is_valid = False expected_issues = [ Issue('Key with kid=5iNYX3Im0lBD4B3tZTQRkDw1BsJROIrcnYOsb6qjAHM contains private key material', IssueType.KEY_CONTAINS_PRIVATE_MATERIAL), ] self.assertEqual(actual_is_valid, expected_is_valid) self.assertEqual(actual_issues, expected_issues)
def test_valid_keyset_1_sig_1_only(self): jwks_json = """ { "keys": [ { "kty": "EC", "use": "sig", "alg": "ES256", "kid": "54M7LspsUfvbirxoLfGeTQp8oCVducfvt0DEU8W4Wcc", "crv": "P-256", "x": "SM85B9i8alfba9WcWehUYY5WTn6lnRQ9ivlOGrIELzY", "y": "I9Agmt_PyqNv3LLkcCBA3iNmi9dieDNrXHnQdplNvHI" }, { "kty": "EC", "use": "enc", "alg": "ECDH-ES", "kid": "UoGD6QXSfg5glPtfg9sgKQzmUkUtCYb9Df2oidXXkeA", "crv": "P-256", "x": "ULq4jmu0kzCgJRSUuR2hvKGJfXZmX0ckGIRpYYdvbQw", "y": "wNv2WCwH3if340DrtfpO9netZt_Cr9Po4FcYkNWFxf0" } ] } """ jwks = json.loads(jwks_json) (actual_is_valid, actual_issues) = validate_keyset(jwks) expected_is_valid = True expected_issues = [ Issue('Key with kid=UoGD6QXSfg5glPtfg9sgKQzmUkUtCYb9Df2oidXXkeA has an incorrect key use. It should be \"sig\"', IssueType.KEY_USE_IS_INCORRECT), Issue('Key with kid=UoGD6QXSfg5glPtfg9sgKQzmUkUtCYb9Df2oidXXkeA has an incorrect key alg. It should be \"ES256\"', IssueType.KEY_ALG_IS_INCORRECT), ] self.assertEqual(actual_is_valid, expected_is_valid) self.assertEqual(actual_issues, expected_issues)
def test_invalid_keyset_kid_missing(self): jwks_json = """ { "keys": [ { "kty": "EC", "use": "sig", "alg": "ES256", "kid": "54M7LspsUfvbirxoLfGeTQp8oCVducfvt0DEU8W4Wcc", "crv": "P-256", "x": "SM85B9i8alfba9WcWehUYY5WTn6lnRQ9ivlOGrIELzY", "y": "I9Agmt_PyqNv3LLkcCBA3iNmi9dieDNrXHnQdplNvHI" }, { "kty": "EC", "use": "sig", "alg": "ES256", "crv": "P-256", "x": "4Tisi9KVtl3YRZailW14pHCVGSBnkR8EXd1RUQ36egc", "y": "hx8z_yr_yVaor-lZsVPeGKC8RT1Vk4iX-gxjZKF8MK0" } ] } """ jwks = json.loads(jwks_json) (actual_is_valid, actual_issues) = validate_keyset(jwks) expected_is_valid = False expected_issues = [ Issue('kid is missing', IssueType.KID_IS_MISSING) ] self.assertEqual(actual_is_valid, expected_is_valid) self.assertEqual(actual_issues, expected_issues)
def test_valid_keyset_2_sig(self): jwks_json = """ { "keys": [ { "kty": "EC", "use": "sig", "alg": "ES256", "kid": "54M7LspsUfvbirxoLfGeTQp8oCVducfvt0DEU8W4Wcc", "crv": "P-256", "x": "SM85B9i8alfba9WcWehUYY5WTn6lnRQ9ivlOGrIELzY", "y": "I9Agmt_PyqNv3LLkcCBA3iNmi9dieDNrXHnQdplNvHI" }, { "kty": "EC", "use": "sig", "alg": "ES256", "kid": "5iNYX3Im0lBD4B3tZTQRkDw1BsJROIrcnYOsb6qjAHM", "crv": "P-256", "x": "4Tisi9KVtl3YRZailW14pHCVGSBnkR8EXd1RUQ36egc", "y": "hx8z_yr_yVaor-lZsVPeGKC8RT1Vk4iX-gxjZKF8MK0" } ] } """ jwks = json.loads(jwks_json) (actual_is_valid, actual_issues) = validate_keyset(jwks) actual_issue_types = [issue.type for issue in actual_issues] expected_is_valid = True expected_issue_types = [] self.assertEqual(actual_is_valid, expected_is_valid) self.assertEqual(actual_issue_types, expected_issue_types)