def test_dump_jwk():
keylist0 = KEYS()
keylist0.wrap_add(import_rsa_key_from_cert_file(CERT))
jwk = keylist0.dump_jwks()
_wk = json.loads(jwk)
assert list(_wk.keys()) == ["keys"]
assert len(_wk["keys"]) == 1
assert _eq(list(_wk["keys"][0].keys()), ["kty", "e", "n"])
def test_keys():
keyl = KEYS()
keyl.load_dict(JWKS)
assert len(keyl) == 3
assert _eq(keyl.key_types(), ['RSA', 'oct', 'EC'])
assert len(keyl['rsa']) == 1
assert len(keyl['oct']) == 1
assert len(keyl['ec']) == 1
def test_loads_0():
keys = KEYS()
keys.load_dict(JWK)
assert len(keys) == 1
key = keys["rsa"][0]
assert key.kid == 'abc'
assert key.kty == 'RSA'
_ckey = import_rsa_key_from_cert_file(CERT)
pn = _ckey.public_numbers()
assert deser(key.n) == pn.n
assert deser(key.e) == pn.e
def test_load_jwk():
keylist0 = KEYS()
keylist0.wrap_add(import_rsa_key_from_cert_file(CERT))
jwk = keylist0.dump_jwks()
keylist1 = KEYS()
keylist1.load_jwks(jwk)
assert len(keylist1) == 1
key = keylist1["rsa"][0]
assert key.kty == 'RSA'
assert isinstance(key.key, rsa.RSAPublicKey)
def test_sign_2():
keyset = {"keys": [
{"alg": "RS512",
"kty": "RSA",
"d": "ckLyXxkbjC4szg8q8G0ERBZV"
"-9CszeOxpRtx1KM9BLl0Do3li_Km2vvFvfXJ7MxQpiZ18pBoCcyYQEU262ym8wI22JWMPrZe24HCNxLxqzr_JEuBhpKFxQF6EFTSvJEJD1FkoTuCTvN0zD7YHGaJQG6JzVEuFUY3ewxjH0FYNa_ppTnPP3LC-T9u_GX9Yqyuw1KOYoHSzhWSWQOeAgs4dH9-iAxN1wdZ6eH1jFWAs43svk_rhwdgyJMlihFtV9MAInBlfi_Zu8wRVhVl5urkJrLf0tGFnMbnzb6dYSlUXxEYClpY12W7kXW9aePDqkCwI4oZyxmOmgq4hunKGR1dAQ",
"e": "AQAB",
"use": "sig",
"kid": "af22448d-4c7b-464d-b63a-f5bd90f6d7d1",
"n": "o9g8DpUwBW6B1qmcm-TfEh4rNX7n1t38jdo4Gkl_cI3q"
"--7n0Blg0kN88LHZvyZjUB2NhBdFYNxMP8ucy0dOXvWGWzaPmGnq3DM__lN8P4WjD1cCTAVEYKawNBAmGKqrFj1SgpPNsSqiqK-ALM1w6mZ-QGimjOgwCyJy3l9lzZh5D8tKnS2t1pZgE0X5P7lZQWHYpHPqp4jKhETzrCpPGfv0Rl6nmmjp7NlRYBkWKf_HEKE333J6M039m2FbKgxrBg3zmYYpmHuMzVgxxb8LSiv5aqyeyJjxM-YDUAgNQBfKNhONqXyu9DqtSprNkw6sqmuxK0QUVrNYl3b03PgS5Q"
}]}
keys = KEYS()
keys.load_dict(keyset)
jws = JWS("payload", alg="RS512")
jws.sign_compact(keys=keys)
def _get_keys(self):
logger.debug("_get_keys(): self._dict.keys={0}".format(
self._dict.keys()))
if "jwk" in self:
return [self["jwk"]]
elif "jku" in self:
keys = KEYS()
keys.load_from_url(self["jku"])
return keys.as_dict()
elif "x5u" in self:
try:
return {"rsa": [load_x509_cert(self["x5u"], {})]}
except Exception:
# ca_chain = load_x509_cert_chain(self["x5u"])
pass
return {}
def test_jwt_pack_and_unpack_with_alg():
alice = JWT(own_keys=ALICE_KEYS, iss=ALICE)
payload = {'sub': 'sub'}
_jwt = alice.pack(payload=payload)
from cryptojwt.jwk import KEYS
alice_jwks = {
"keys": [{
"kty": "RSA",
"alg": "RS256",
"use": "sig",
"kid": "1",
"n": ALICE_PUB_KEYS[0].n,
"e": ALICE_PUB_KEYS[0].e
}]
}
alg_keys = KEYS()
alg_keys.load_dict(alice_jwks)
bob = JWT(rec_keys={ALICE: alg_keys})
info = bob.unpack(_jwt)
assert set(info.keys()) == {'iat', 'iss', 'sub', 'kid', 'aud'}
def test_loads_1():
jwk = {
"keys": [{
'kty': 'RSA',
'use': 'foo',
'e': 'AQAB',
"n":
'wf-wiusGhA-gleZYQAOPQlNUIucPiqXdPVyieDqQbXXOPBe3nuggtVzeq7pVFH1dZz4dY2Q2LA5DaegvP8kRvoSB_87ds3dy3Rfym_GUSc5B0l1TgEobcyaep8jguRoHto6GWHfCfKqoUYZq4N8vh4LLMQwLR6zi6Jtu82nB5k8',
'kid': "1"
}, {
'kty': 'RSA',
'use': 'bar',
'e': 'AQAB',
"n":
'wf-wiusGhA-gleZYQAOPQlNUIucPiqXdPVyieDqQbXXOPBe3nuggtVzeq7pVFH1dZz4dY2Q2LA5DaegvP8kRvoSB_87ds3dy3Rfym_GUSc5B0l1TgEobcyaep8jguRoHto6GWHfCfKqoUYZq4N8vh4LLMQwLR6zi6Jtu82nB5k8',
'kid': "2"
}]
}
keys = KEYS()
keys.load_dict(jwk)
assert len(keys) == 2
assert _eq(keys.kids(), ['1', '2'])
def test_pick_wrong_alg():
keys = KEYS()
keys.load_dict(JWKS0)
_jws = JWS("foobar", alg="RS256", kid="rsa1") # should be RSA256
_keys = _jws.pick_keys(keys, use="sig")
assert len(_keys) == 0
def test_pick_use():
keys = KEYS()
keys.load_dict(JWK2)
_jws = JWS("foobar", alg="RS256", kid="MnC_VZcATfM5pOYiJHMba9goEKY")
_keys = _jws.pick_keys(keys, use="sig")
assert len(_keys) == 1
"issuer": "https://login.microsoftonline.com/9188040d-6c67-4c5b"
"-b112-36a304b66dad/v2.0/",
"kid": "dEtpjbEvbhfgwUI-bdK5xAU_9UQ",
"kty": "RSA",
"n":
"x7HNcD9ZxTFRaAgZ7-gdYLkgQua3zvQseqBJIt8Uq3MimInMZoE9QGQeSML7qZPlowb5BUakdLI70ayM4vN36--0ht8-oCHhl8YjGFQkU-Iv2yahWHEP-1EK6eOEYu6INQP9Lk0HMk3QViLwshwb-KXVD02jdmX2HNdYJdPyc0c",
"use": "sig",
"x5c": [
"MIICWzCCAcSgAwIBAgIJAL3MzqqEFMYjMA0GCSqGSIb3DQEBBQUAMCkxJzAlBgNVBAMTHkxpdmUgSUQgU1RTIFNpZ25pbmcgUHVibGljIEtleTAeFw0xMzExMTExOTA1MDJaFw0xOTExMTAxOTA1MDJaMCkxJzAlBgNVBAMTHkxpdmUgSUQgU1RTIFNpZ25pbmcgUHVibGljIEtleTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAx7HNcD9ZxTFRaAgZ7+gdYLkgQua3zvQseqBJIt8Uq3MimInMZoE9QGQeSML7qZPlowb5BUakdLI70ayM4vN36++0ht8+oCHhl8YjGFQkU+Iv2yahWHEP+1EK6eOEYu6INQP9Lk0HMk3QViLwshwb+KXVD02jdmX2HNdYJdPyc0cCAwEAAaOBijCBhzAdBgNVHQ4EFgQULR0aj9AtiNMgqIY8ZyXZGsHcJ5gwWQYDVR0jBFIwUIAULR0aj9AtiNMgqIY8ZyXZGsHcJ5ihLaQrMCkxJzAlBgNVBAMTHkxpdmUgSUQgU1RTIFNpZ25pbmcgUHVibGljIEtleYIJAL3MzqqEFMYjMAsGA1UdDwQEAwIBxjANBgkqhkiG9w0BAQUFAAOBgQBshrsF9yls4ArxOKqXdQPDgHrbynZL8m1iinLI4TeSfmTCDevXVBJrQ6SgDkihl3aCj74IEte2MWN78sHvLLTWTAkiQSlGf1Zb0durw+OvlunQ2AKbK79Qv0Q+wwGuK+oymWc3GSdP1wZqk9dhrQxb3FtdU2tMke01QTut6wr7ig=="
],
"x5t": "dEtpjbEvbhfgwUI-bdK5xAU_9UQ"
}
]
}
SIGKEYS = KEYS()
SIGKEYS.load_dict(JWKS)
def P256():
return ec.generate_private_key(ec.SECP256R1(), default_backend())
def test_1():
claimset = {"iss": "joe",
"exp": 1300819380,
"http://example.com/is_root": True}
_jws = JWS(claimset, cty="JWT")
_jwt = _jws.sign_compact()
_jr = JWS()
def test_thumbprint():
keyl = KEYS()
keyl.load_dict(JWKS)
for key in keyl:
txt = key.thumbprint('SHA-256')
assert txt in EXPECTED