def test_valid_keyset_1_sig(self):
jwks_json = """
{
"keys": [
{
"kty": "EC",
"use": "sig",
"alg": "ES256",
"kid": "54M7LspsUfvbirxoLfGeTQp8oCVducfvt0DEU8W4Wcc",
"crv": "P-256",
"x": "SM85B9i8alfba9WcWehUYY5WTn6lnRQ9ivlOGrIELzY",
"y": "I9Agmt_PyqNv3LLkcCBA3iNmi9dieDNrXHnQdplNvHI"
}
]
}
"""
jwks = json.loads(jwks_json)
(actual_is_valid, actual_issues) = validate_keyset(jwks)
actual_issue_types = [issue.type for issue in actual_issues]
expected_is_valid = True
expected_issue_types = []
self.assertEqual(actual_is_valid, expected_is_valid)
self.assertEqual(actual_issue_types, expected_issue_types)
def test_empty_keys_prop(self):
jwks_json = """
{
"keys": []
}
"""
jwks = json.loads(jwks_json)
(actual_is_valid, actual_issues) = validate_keyset(jwks)
actual_issue_types = [issue.type for issue in actual_issues]
expected_is_valid = False
expected_issue_types = [
IssueType.KEYS_PROPERTY_EMPTY
]
self.assertEqual(actual_is_valid, expected_is_valid)
self.assertEqual(actual_issue_types, expected_issue_types)
def test_keys_prop_missing(self):
jwks_json = """
{
"test": "value"
}
"""
jwks = json.loads(jwks_json)
(actual_is_valid, actual_issues) = validate_keyset(jwks)
actual_issue_types = [issue.type for issue in actual_issues]
expected_is_valid = False
expected_issue_types = [
IssueType.KEYS_PROPERTY_MISSING
]
self.assertEqual(actual_is_valid, expected_is_valid)
self.assertEqual(actual_issue_types, expected_issue_types)
def test_invalid_keyset_1_key_invalid(self):
jwks_json = """
{
"keys": [
{
"kty": "EC",
"use": "sig",
"alg": "ES256",
"kid": "54M7LspsUfvbirxoLfGeTQp8oCVducfvt0DEU8W4Wcc",
"crv": "P-256",
"x": "SM85B9i8alfba9WcWehUYY5WTn6lnRQ9ivlOGrIELzY",
"y": "I9Agmt_PyqNv3LLkcCBA3iNmi9dieDNrXHnQdplNvHI"
},
{
"kty": "EC",
"use": "sig",
"alg": "ES256",
"kid": "5iNYX3Im0lBD4B3tZTQRkDw1BsJROIrcnYOsb6qjAHM",
"crv": "P-256",
"x": "4Tisi9KVtl3YRZailW14pHCVGSBnkR8EXd1RUQ36egc",
"y": "hx8z_yr_yVaor-lZsVPeGKC8RT1Vk4iX-gxjZKF8MK0",
"d": "0OaOfIFXiSLKfYVM01_4DjhleNafW4JjjMc50Ge0GRk"
}
]
}
"""
jwks = json.loads(jwks_json)
(actual_is_valid, actual_issues) = validate_keyset(jwks)
expected_is_valid = False
expected_issues = [
Issue('Key with kid=5iNYX3Im0lBD4B3tZTQRkDw1BsJROIrcnYOsb6qjAHM contains private key material', IssueType.KEY_CONTAINS_PRIVATE_MATERIAL),
]
self.assertEqual(actual_is_valid, expected_is_valid)
self.assertEqual(actual_issues, expected_issues)
def test_valid_keyset_1_sig_1_only(self):
jwks_json = """
{
"keys": [
{
"kty": "EC",
"use": "sig",
"alg": "ES256",
"kid": "54M7LspsUfvbirxoLfGeTQp8oCVducfvt0DEU8W4Wcc",
"crv": "P-256",
"x": "SM85B9i8alfba9WcWehUYY5WTn6lnRQ9ivlOGrIELzY",
"y": "I9Agmt_PyqNv3LLkcCBA3iNmi9dieDNrXHnQdplNvHI"
},
{
"kty": "EC",
"use": "enc",
"alg": "ECDH-ES",
"kid": "UoGD6QXSfg5glPtfg9sgKQzmUkUtCYb9Df2oidXXkeA",
"crv": "P-256",
"x": "ULq4jmu0kzCgJRSUuR2hvKGJfXZmX0ckGIRpYYdvbQw",
"y": "wNv2WCwH3if340DrtfpO9netZt_Cr9Po4FcYkNWFxf0"
}
]
}
"""
jwks = json.loads(jwks_json)
(actual_is_valid, actual_issues) = validate_keyset(jwks)
expected_is_valid = True
expected_issues = [
Issue('Key with kid=UoGD6QXSfg5glPtfg9sgKQzmUkUtCYb9Df2oidXXkeA has an incorrect key use. It should be \"sig\"', IssueType.KEY_USE_IS_INCORRECT),
Issue('Key with kid=UoGD6QXSfg5glPtfg9sgKQzmUkUtCYb9Df2oidXXkeA has an incorrect key alg. It should be \"ES256\"', IssueType.KEY_ALG_IS_INCORRECT),
]
self.assertEqual(actual_is_valid, expected_is_valid)
self.assertEqual(actual_issues, expected_issues)
def test_invalid_keyset_kid_missing(self):
jwks_json = """
{
"keys": [
{
"kty": "EC",
"use": "sig",
"alg": "ES256",
"kid": "54M7LspsUfvbirxoLfGeTQp8oCVducfvt0DEU8W4Wcc",
"crv": "P-256",
"x": "SM85B9i8alfba9WcWehUYY5WTn6lnRQ9ivlOGrIELzY",
"y": "I9Agmt_PyqNv3LLkcCBA3iNmi9dieDNrXHnQdplNvHI"
},
{
"kty": "EC",
"use": "sig",
"alg": "ES256",
"crv": "P-256",
"x": "4Tisi9KVtl3YRZailW14pHCVGSBnkR8EXd1RUQ36egc",
"y": "hx8z_yr_yVaor-lZsVPeGKC8RT1Vk4iX-gxjZKF8MK0"
}
]
}
"""
jwks = json.loads(jwks_json)
(actual_is_valid, actual_issues) = validate_keyset(jwks)
expected_is_valid = False
expected_issues = [
Issue('kid is missing', IssueType.KID_IS_MISSING)
]
self.assertEqual(actual_is_valid, expected_is_valid)
self.assertEqual(actual_issues, expected_issues)
def test_valid_keyset_2_sig(self):
jwks_json = """
{
"keys": [
{
"kty": "EC",
"use": "sig",
"alg": "ES256",
"kid": "54M7LspsUfvbirxoLfGeTQp8oCVducfvt0DEU8W4Wcc",
"crv": "P-256",
"x": "SM85B9i8alfba9WcWehUYY5WTn6lnRQ9ivlOGrIELzY",
"y": "I9Agmt_PyqNv3LLkcCBA3iNmi9dieDNrXHnQdplNvHI"
},
{
"kty": "EC",
"use": "sig",
"alg": "ES256",
"kid": "5iNYX3Im0lBD4B3tZTQRkDw1BsJROIrcnYOsb6qjAHM",
"crv": "P-256",
"x": "4Tisi9KVtl3YRZailW14pHCVGSBnkR8EXd1RUQ36egc",
"y": "hx8z_yr_yVaor-lZsVPeGKC8RT1Vk4iX-gxjZKF8MK0"
}
]
}
"""
jwks = json.loads(jwks_json)
(actual_is_valid, actual_issues) = validate_keyset(jwks)
actual_issue_types = [issue.type for issue in actual_issues]
expected_is_valid = True
expected_issue_types = []
self.assertEqual(actual_is_valid, expected_is_valid)
self.assertEqual(actual_issue_types, expected_issue_types)