def test_rsa_sign_should_generate_correct_signature_value(self): algo = RSAAlgorithm(RSAAlgorithm.SHA256) jwt_message = force_bytes("Hello World!") expected_sig = base64.b64decode( force_bytes( "yS6zk9DBkuGTtcBzLUzSpo9gGJxJFOGvUqN01iLhWHrzBQ9ZEz3+Ae38AXp" "10RWwscp42ySC85Z6zoN67yGkLNWnfmCZSEv+xqELGEvBJvciOKsrhiObUl" "2mveSc1oeO/2ujkGDkkkJ2epn0YliacVjZF5+/uDmImUfAAj8lzjnHlzYix" "sn5jGz1H07jYYbi9diixN8IUhXeTafwFg02IcONhum29V40Wu6O5tAKWlJX" "fHJnNUzAEUOXS0WahHVb57D30pcgIji9z923q90p5c7E2cU8V+E1qe8NdCA" "APCDzZZ9zQ/dgcMVaBrGrgimrcLbPjueOKFgSO+SSjIElKA==" ) ) with open(key_path("testkey_rsa")) as keyfile: jwt_key = algo.prepare_key(keyfile.read()) with open(key_path("testkey_rsa.pub")) as keyfile: jwt_pub_key = algo.prepare_key(keyfile.read()) algo.sign(jwt_message, jwt_key) result = algo.verify(jwt_message, jwt_pub_key, expected_sig) assert result
def test_rsa_verify_should_return_true_for_test_vector(self): """ This test verifies that RSA PKCS v1.5 verification works with a known good signature and key. Reference: https://tools.ietf.org/html/rfc7520#section-4.1 """ signing_input = force_bytes( "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhb" "XBsZSJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb" "3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdS" "Bkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmU" "geW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4") signature = base64url_decode( force_bytes( "MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmKZop" "dHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4JIwmDLJ" "K3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4" "QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxUAhb6L2aXic" "1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_fcIe8u9ipH84ogor" "ee7vjbU5y18kDquDg")) algo = RSAAlgorithm(RSAAlgorithm.SHA256) key = algo.prepare_key(load_rsa_pub_key()) result = algo.verify(signing_input, key, signature) assert result
def test_ec_verify_should_return_true_for_test_vector(self): """ This test verifies that ECDSA verification works with a known good signature and key. Reference: https://tools.ietf.org/html/rfc7520#section-4.3 """ signing_input = force_bytes( "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhb" "XBsZSJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb" "3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdS" "Bkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmU" "geW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4") signature = base64url_decode( force_bytes( "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvbu9P" "lon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kvAD890j" "l8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2")) algo = ECAlgorithm(ECAlgorithm.SHA512) key = algo.prepare_key(load_ec_pub_key_p_521()) result = algo.verify(signing_input, key, signature) assert result
def test_rsapss_verify_should_return_true_for_test_vector(self): """ This test verifies that RSA-PSS verification works with a known good signature and key. Reference: https://tools.ietf.org/html/rfc7520#section-4.2 """ signing_input = force_bytes( "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhb" "XBsZSJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb" "3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdS" "Bkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmU" "geW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4") signature = base64url_decode( force_bytes( "cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2IpN6" "-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXUvdvWXz" "g-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p" "8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0qI0n6uiP1aC" "N_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a6GYmJUAfmWjwZ6o" "D4ifKo8DYM-X72Eaw")) algo = RSAPSSAlgorithm(RSAPSSAlgorithm.SHA384) key = algo.prepare_key(load_rsa_pub_key()) result = algo.verify(signing_input, key, signature) assert result
def pipe_insert_files(self, pipe, files, database=None, schema=None, request_id=None): database = database or self.database schema = schema or self.schema if self.private_key_password: cert = load_pem_private_key(force_bytes(self.private_key), password=force_bytes( self.private_key_password), backend=default_backend()) else: cert = load_pem_private_key(force_bytes(self.private_key), password=None, backend=default_backend()) now = time.time() auth_token = jwt.encode( { 'iss': '{0}.{1}'.format(self.account.upper(), self.user.upper()), 'exp': now + 3600, 'iat': now }, cert, algorithm='RS256') body = {'files': list(map(lambda f: {'path': f}, files))} uri = 'https://{account}.{region}.snowflakecomputing.com/v1/data/pipes/{database}.{schema}.{pipe}/insertFiles'.format( account=self.account, region=self.region, pipe=pipe, database=database, schema=schema) if request_id is None: request_id = str(uuid.uuid4()) params = {'requestId': request_id} headers = { 'Authorization': 'Bearer {0}'.format(auth_token.decode('UTF-8')), 'Accept': 'application/json', 'Content-Type': 'application/json' } self.log.debug('executing pipe: {0}'.format(uri)) self.log.debug('with headers {0}:'.format(headers)) self.log.debug('with body: {0}'.format(body)) resp = requests.post(uri, data=json.dumps(body), headers=headers, params=params) if resp.status_code != 200: raise Exception( '''failed to execute pipe, exited with error {0}'''.format( resp.text)) self.log.info('pipe response: {0}'.format(resp.json())) return resp.json()
def test_rsa_jwk_public_and_private_keys_should_parse_and_verify(self): algo = RSAAlgorithm(RSAAlgorithm.SHA256) with open(key_path("jwk_rsa_pub.json"), "r") as keyfile: pub_key = algo.from_jwk(keyfile.read()) with open(key_path("jwk_rsa_key.json"), "r") as keyfile: priv_key = algo.from_jwk(keyfile.read()) signature = algo.sign(force_bytes("Hello World!"), priv_key) assert algo.verify(force_bytes("Hello World!"), pub_key, signature)
def test_ec_verify_should_return_false_if_signature_wrong_length(self): algo = ECAlgorithm(ECAlgorithm.SHA256) message = force_bytes("Hello World!") sig = base64.b64decode(force_bytes("AC+m4Jf/xI3guAC6w0w3")) with open(key_path("testkey_ec.pub"), "r") as keyfile: pub_key = algo.prepare_key(keyfile.read()) result = algo.verify(message, pub_key, sig) assert not result
def test_ed25519_verify_should_return_false_if_signature_invalid(self): algo = Ed25519Algorithm() jwt_message = self.hello_world jwt_sig = base64.b64decode(force_bytes(self.hello_world_sig)) jwt_sig += force_bytes("123") # Signature is now invalid with open(key_path("testkey_ed25519.pub")) as keyfile: jwt_pub_key = algo.prepare_key(keyfile.read()) result = algo.verify(jwt_message, jwt_pub_key, jwt_sig) assert not result
def test_ec_verify_should_return_true_if_signature_valid(self): algo = ECAlgorithm(ECAlgorithm.SHA256) jwt_message = force_bytes('Hello World!') jwt_sig = base64.b64decode(force_bytes( 'AC+m4Jf/xI3guAC6w0w37t5zRpSCF6F4udEz5LiMiTIjCS4vcVe6dDOxK+M' 'mvkF8PxJuvqxP2CO3TR3okDPCl/NjATTO1jE+qBZ966CRQSSzcCM+tzcHzw' 'LZS5kbvKu0Acd/K6Ol2/W3B1NeV5F/gjvZn/jOwaLgWEUYsg0o4XVrAg65')) with open(key_path('testkey_ec.pub'), 'r') as keyfile: jwt_pub_key = algo.prepare_key(keyfile.read()) result = algo.verify(jwt_message, jwt_pub_key, jwt_sig) assert result
def test_ec_verify_should_return_false_if_signature_invalid(self): algo = ECAlgorithm(ECAlgorithm.SHA256) message = force_bytes('Hello World!') # Mess up the signature by replacing a known byte sig = base64.b64decode(force_bytes( 'AC+m4Jf/xI3guAC6w0w37t5zRpSCF6F4udEz5LiMiTIjCS4vcVe6dDOxK+M' 'mvkF8PxJuvqxP2CO3TR3okDPCl/NjATTO1jE+qBZ966CRQSSzcCM+tzcHzw' 'LZS5kbvKu0Acd/K6Ol2/W3B1NeV5F/gjvZn/jOwaLgWEUYsg0o4XVrAg65'.replace('r', 's'))) with open(key_path('testkey_ec.pub'), 'r') as keyfile: pub_key = algo.prepare_key(keyfile.read()) result = algo.verify(message, pub_key, sig) assert not result
def test_ec_verify_should_return_true_if_signature_valid(self): algo = ECAlgorithm(ECAlgorithm.SHA256) jwt_message = force_bytes("Hello World!") jwt_sig = base64.b64decode( force_bytes( "AC+m4Jf/xI3guAC6w0w37t5zRpSCF6F4udEz5LiMiTIjCS4vcVe6dDOxK+M" "mvkF8PxJuvqxP2CO3TR3okDPCl/NjATTO1jE+qBZ966CRQSSzcCM+tzcHzw" "LZS5kbvKu0Acd/K6Ol2/W3B1NeV5F/gjvZn/jOwaLgWEUYsg0o4XVrAg65")) with open(key_path("testkey_ec.pub")) as keyfile: jwt_pub_key = algo.prepare_key(keyfile.read()) result = algo.verify(jwt_message, jwt_pub_key, jwt_sig) assert result
def test_rsa_verify_should_return_true_if_signature_valid(self): algo = RSAAlgorithm(RSAAlgorithm.SHA256) jwt_message = force_bytes('Hello World!') jwt_sig = base64.b64decode(force_bytes( 'yS6zk9DBkuGTtcBzLUzSpo9gGJxJFOGvUqN01iLhWHrzBQ9ZEz3+Ae38AXp' '10RWwscp42ySC85Z6zoN67yGkLNWnfmCZSEv+xqELGEvBJvciOKsrhiObUl' '2mveSc1oeO/2ujkGDkkkJ2epn0YliacVjZF5+/uDmImUfAAj8lzjnHlzYix' 'sn5jGz1H07jYYbi9diixN8IUhXeTafwFg02IcONhum29V40Wu6O5tAKWlJX' 'fHJnNUzAEUOXS0WahHVb57D30pcgIji9z923q90p5c7E2cU8V+E1qe8NdCA' 'APCDzZZ9zQ/dgcMVaBrGrgimrcLbPjueOKFgSO+SSjIElKA==')) with open(key_path('testkey_rsa.pub'), 'r') as keyfile: jwt_pub_key = algo.prepare_key(keyfile.read()) result = algo.verify(jwt_message, jwt_pub_key, jwt_sig) assert result
def test_encode_decode_with_ecdsa_sha512(self, jws, payload): # PEM-formatted EC key with open('tests/keys/testkey_ec', 'r') as ec_priv_file: priv_eckey = load_pem_private_key(force_bytes(ec_priv_file.read()), password=None, backend=default_backend()) jws_message = jws.encode(payload, priv_eckey, algorithm='ES521') with open('tests/keys/testkey_ec.pub', 'r') as ec_pub_file: pub_eckey = load_pem_public_key(force_bytes(ec_pub_file.read()), backend=default_backend()) jws.decode(jws_message, pub_eckey) # string-formatted key with open('tests/keys/testkey_ec', 'r') as ec_priv_file: priv_eckey = ec_priv_file.read() jws_message = jws.encode(payload, priv_eckey, algorithm='ES521') with open('tests/keys/testkey_ec.pub', 'r') as ec_pub_file: pub_eckey = ec_pub_file.read() jws.decode(jws_message, pub_eckey)
def test_rsa_verify_should_return_true_if_signature_valid(self): algo = RSAAlgorithm(RSAAlgorithm.SHA256) jwt_message = force_bytes('Hello World!') jwt_sig = base64.b64decode( force_bytes( 'yS6zk9DBkuGTtcBzLUzSpo9gGJxJFOGvUqN01iLhWHrzBQ9ZEz3+Ae38AXp' '10RWwscp42ySC85Z6zoN67yGkLNWnfmCZSEv+xqELGEvBJvciOKsrhiObUl' '2mveSc1oeO/2ujkGDkkkJ2epn0YliacVjZF5+/uDmImUfAAj8lzjnHlzYix' 'sn5jGz1H07jYYbi9diixN8IUhXeTafwFg02IcONhum29V40Wu6O5tAKWlJX' 'fHJnNUzAEUOXS0WahHVb57D30pcgIji9z923q90p5c7E2cU8V+E1qe8NdCA' 'APCDzZZ9zQ/dgcMVaBrGrgimrcLbPjueOKFgSO+SSjIElKA==')) with open(key_path('testkey_rsa.pub'), 'r') as keyfile: jwt_pub_key = algo.prepare_key(keyfile.read()) result = algo.verify(jwt_message, jwt_pub_key, jwt_sig) assert result
def test_ec_jwk_public_and_private_keys_should_parse_and_verify(self): tests = { "P-256": ECAlgorithm.SHA256, "P-384": ECAlgorithm.SHA384, "P-521": ECAlgorithm.SHA512, } for (curve, hash) in tests.items(): algo = ECAlgorithm(hash) with open(key_path("jwk_ec_pub_{}.json".format(curve)), "r") as keyfile: pub_key = algo.from_jwk(keyfile.read()) with open(key_path("jwk_ec_key_{}.json".format(curve)), "r") as keyfile: priv_key = algo.from_jwk(keyfile.read()) signature = algo.sign(force_bytes("Hello World!"), priv_key) assert algo.verify(force_bytes("Hello World!"), pub_key, signature)
def test_ec_sign_should_generate_correct_signature_value(self): algo = ECAlgorithm(ECAlgorithm.SHA256) jwt_message = force_bytes('Hello World!') expected_sig = base64.b64decode( force_bytes( 'AC+m4Jf/xI3guAC6w0w37t5zRpSCF6F4udEz5LiMiTIjCS4vcVe6dDOxK+M' 'mvkF8PxJuvqxP2CO3TR3okDPCl/NjATTO1jE+qBZ966CRQSSzcCM+tzcHzw' 'LZS5kbvKu0Acd/K6Ol2/W3B1NeV5F/gjvZn/jOwaLgWEUYsg0o4XVrAg65')) with open(key_path('testkey_ec'), 'r') as keyfile: jwt_key = algo.prepare_key(keyfile.read()) with open(key_path('testkey_ec.pub'), 'r') as keyfile: jwt_pub_key = algo.prepare_key(keyfile.read()) algo.sign(jwt_message, jwt_key) result = algo.verify(jwt_message, jwt_pub_key, expected_sig) assert result
def test_encode_decode_with_rsa_sha512(self, jws, payload): # PEM-formatted RSA key with open('tests/keys/testkey_rsa', 'r') as rsa_priv_file: priv_rsakey = load_pem_private_key(force_bytes(rsa_priv_file.read()), password=None, backend=default_backend()) jws_message = jws.encode(payload, priv_rsakey, algorithm='RS512') with open('tests/keys/testkey_rsa.pub', 'r') as rsa_pub_file: pub_rsakey = load_ssh_public_key(force_bytes(rsa_pub_file.read()), backend=default_backend()) jws.decode(jws_message, pub_rsakey) # string-formatted key with open('tests/keys/testkey_rsa', 'r') as rsa_priv_file: priv_rsakey = rsa_priv_file.read() jws_message = jws.encode(payload, priv_rsakey, algorithm='RS512') with open('tests/keys/testkey_rsa.pub', 'r') as rsa_pub_file: pub_rsakey = rsa_pub_file.read() jws.decode(jws_message, pub_rsakey)
def test_rsa_pss_verify_should_return_false_if_signature_invalid(self): algo = RSAPSSAlgorithm(RSAPSSAlgorithm.SHA256) jwt_message = force_bytes('Hello World!') jwt_sig = base64.b64decode(force_bytes( 'ywKAUGRIDC//6X+tjvZA96yEtMqpOrSppCNfYI7NKyon3P7doud5v65oWNu' 'vQsz0fzPGfF7mQFGo9Cm9Vn0nljm4G6PtqZRbz5fXNQBH9k10gq34AtM02c' '/cveqACQ8gF3zxWh6qr9jVqIpeMEaEBIkvqG954E0HT9s9ybHShgHX9mlWk' '186/LopP4xe5c/hxOQjwhv6yDlTiwJFiqjNCvj0GyBKsc4iECLGIIO+4mC4' 'daOCWqbpZDuLb1imKpmm8Nsm56kAxijMLZnpCcnPgyb7CqG+B93W9GHglA5' 'drUeR1gRtO7vqbZMsCAQ4bpjXxwbYyjQlEVuMl73UL6sOWg==')) jwt_sig += force_bytes('123') # Signature is now invalid with open(key_path('testkey_rsa.pub'), 'r') as keyfile: jwt_pub_key = algo.prepare_key(keyfile.read()) result = algo.verify(jwt_message, jwt_pub_key, jwt_sig) assert not result
def test_encode_decode_with_rsa_sha512(self, jws, payload): # PEM-formatted RSA key with open("tests/keys/testkey_rsa.priv", "r") as rsa_priv_file: priv_rsakey = load_pem_private_key( force_bytes(rsa_priv_file.read()), password=None, ) jws_message = jws.encode(payload, priv_rsakey, algorithm="RS512") with open("tests/keys/testkey_rsa.pub", "r") as rsa_pub_file: pub_rsakey = load_ssh_public_key(force_bytes(rsa_pub_file.read())) jws.decode(jws_message, pub_rsakey, algorithms=["RS512"]) # string-formatted key with open("tests/keys/testkey_rsa.priv", "r") as rsa_priv_file: priv_rsakey = rsa_priv_file.read() jws_message = jws.encode(payload, priv_rsakey, algorithm="RS512") with open("tests/keys/testkey_rsa.pub", "r") as rsa_pub_file: pub_rsakey = rsa_pub_file.read() jws.decode(jws_message, pub_rsakey, algorithms=["RS512"])
def test_rsa_verify_should_return_false_if_signature_invalid(self): algo = RSAAlgorithm(RSAAlgorithm.SHA256) message = force_bytes("Hello World!") sig = base64.b64decode( force_bytes( "yS6zk9DBkuGTtcBzLUzSpo9gGJxJFOGvUqN01iLhWHrzBQ9ZEz3+Ae38AXp" "10RWwscp42ySC85Z6zoN67yGkLNWnfmCZSEv+xqELGEvBJvciOKsrhiObUl" "2mveSc1oeO/2ujkGDkkkJ2epn0YliacVjZF5+/uDmImUfAAj8lzjnHlzYix" "sn5jGz1H07jYYbi9diixN8IUhXeTafwFg02IcONhum29V40Wu6O5tAKWlJX" "fHJnNUzAEUOXS0WahHVb57D30pcgIji9z923q90p5c7E2cU8V+E1qe8NdCA" "APCDzZZ9zQ/dgcMVaBrGrgimrcLbPjueOKFgSO+SSjIElKA==")) sig += force_bytes("123") # Signature is now invalid with open(key_path("testkey_rsa.pub"), "r") as keyfile: pub_key = algo.prepare_key(keyfile.read()) result = algo.verify(message, pub_key, sig) assert not result
def test_encode_decode_with_ecdsa_sha512(self, jws, payload): # PEM-formatted EC key with open("tests/keys/testkey_ec.priv", "r") as ec_priv_file: priv_eckey = load_pem_private_key( force_bytes(ec_priv_file.read()), password=None, ) jws_message = jws.encode(payload, priv_eckey, algorithm="ES512") with open("tests/keys/testkey_ec.pub", "r") as ec_pub_file: pub_eckey = load_pem_public_key(force_bytes(ec_pub_file.read())) jws.decode(jws_message, pub_eckey, algorithms=["ES512"]) # string-formatted key with open("tests/keys/testkey_ec.priv", "r") as ec_priv_file: priv_eckey = ec_priv_file.read() jws_message = jws.encode(payload, priv_eckey, algorithm="ES512") with open("tests/keys/testkey_ec.pub", "r") as ec_pub_file: pub_eckey = ec_pub_file.read() jws.decode(jws_message, pub_eckey, algorithms=["ES512"])
def test_hmac_verify_should_return_true_for_test_vector(self): """ This test verifies that HMAC verification works with a known good signature and key. Reference: https://tools.ietf.org/html/rfc7520#section-4.4 """ signing_input = force_bytes( "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LWVlZ" "jMxNGJjNzAzNyJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ" "29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIG" "lmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmc" "gd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4") signature = base64url_decode( force_bytes("s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0")) algo = HMACAlgorithm(HMACAlgorithm.SHA256) key = algo.prepare_key(load_hmac_key()) result = algo.verify(signing_input, key, signature) assert result
def pipe_insert_report(self, pipe, database=None, schema=None): database = database or self.database schema = schema or self.schema if self.private_key_password: cert = load_pem_private_key(force_bytes(self.private_key), password=force_bytes( self.private_key_password), backend=default_backend()) else: cert = load_pem_private_key(force_bytes(self.private_key), password=None, backend=default_backend()) now = time.time() auth_token = jwt.encode( { 'iss': '{0}.{1}'.format(self.account.upper(), self.user.upper()), 'exp': now + 3600, 'iat': now }, cert, algorithm='RS256') uri = 'https://{account}.{region}.snowflakecomputing.com/v1/data/pipes/{database}.{schema}.{pipe}/insertReport'.format( account=self.account, region=self.region, pipe=pipe, database=database, schema=schema) headers = { 'Authorization': 'Bearer {0}'.format(auth_token.decode('UTF-8')), 'Accept': 'application/json', 'Content-Type': 'application/json' } self.log.debug('executing pipe: {0}'.format(uri)) self.log.debug('with headers {0}:'.format(headers)) resp = requests.get(uri, headers=headers) self.log.info('pipe response: {0}'.format(resp.json())) return resp.json()
def test_rsa_pss_sign_then_verify_should_return_true(self): algo = RSAPSSAlgorithm(RSAPSSAlgorithm.SHA256) message = force_bytes("Hello World!") with open(key_path("testkey_rsa.priv"), "r") as keyfile: priv_key = algo.prepare_key(keyfile.read()) sig = algo.sign(message, priv_key) with open(key_path("testkey_rsa.pub"), "r") as keyfile: pub_key = algo.prepare_key(keyfile.read()) result = algo.verify(message, pub_key, sig) assert result
def send_activation_email(req, user): current_site = get_current_site(req) message = render_to_string( 'registration/account_activation_email.html', { 'user': user, 'domain': current_site.domain, 'uid': urlsafe_base64_encode(force_bytes(str( user.pk))).decode("utf-8"), 'token': account_activation_token.make_token(user), }) send_mail('Please confirm your email address', message, settings.EMAIL_HOST_USER, [user.email]) return 'Activation link email sent to user successfully'
def test_ed25519_sign_should_generate_correct_signature_value(self): algo = Ed25519Algorithm() jwt_message = self.hello_world expected_sig = base64.b64decode(force_bytes(self.hello_world_sig)) with open(key_path("testkey_ed25519")) as keyfile: jwt_key = algo.prepare_key(keyfile.read()) with open(key_path("testkey_ed25519.pub")) as keyfile: jwt_pub_key = algo.prepare_key(keyfile.read()) algo.sign(jwt_message, jwt_key) result = algo.verify(jwt_message, jwt_pub_key, expected_sig) assert result
def decode(token, keyfile, algo=None): """解析token token: token字符串 keyfile: 公钥 algo: 加密算法,默认RS256 可用: RS256 RS384 RS512 ES256 ES384 ES521 ES512 PS256 PS384 PS512 """ if not token.strip(): raise jwt.InvalidTokenError("empty token") if algo is None: algo = default_algo try: algo = ALGOMAP[algo] except: raise jwt.InvalidAlgorithmError(algo) key = algo.prepare_key(open(keyfile).read()) print "6666666666666666666", key token_info = jwt.decode(force_bytes(token), key=key, verify=True) return token_info
def test_custom_json_encoder(self, jws, payload): class CustomJSONEncoder(json.JSONEncoder): def default(self, o): if isinstance(o, Decimal): return 'it worked' return super(CustomJSONEncoder, self).default(o) data = {'some_decimal': Decimal('2.2')} with pytest.raises(TypeError): jws.encode(payload, 'secret', headers=data) token = jws.encode(payload, 'secret', headers=data, json_encoder=CustomJSONEncoder) header = force_bytes(force_unicode(token).split('.')[0]) header = json.loads(force_unicode(base64url_decode(header))) assert 'some_decimal' in header assert header['some_decimal'] == 'it worked'
def test_custom_json_encoder(self, jws, payload): class CustomJSONEncoder(json.JSONEncoder): def default(self, o): if isinstance(o, Decimal): return "it worked" return super(CustomJSONEncoder, self).default(o) data = {"some_decimal": Decimal("2.2")} with pytest.raises(TypeError): jws.encode(payload, "secret", headers=data) token = jws.encode(payload, "secret", headers=data, json_encoder=CustomJSONEncoder) header = force_bytes(force_unicode(token).split(".")[0]) header = json.loads(force_unicode(base64url_decode(header))) assert "some_decimal" in header assert header["some_decimal"] == "it worked"
def test_custom_json_encoder(self, jws, payload): class CustomJSONEncoder(json.JSONEncoder): def default(self, o): if isinstance(o, Decimal): return 'it worked' return super(CustomJSONEncoder, self).default(o) data = { 'some_decimal': Decimal('2.2') } with pytest.raises(TypeError): jws.encode(payload, 'secret', headers=data) token = jws.encode(payload, 'secret', headers=data, json_encoder=CustomJSONEncoder) header = force_bytes(force_unicode(token).split('.')[0]) header = json.loads(force_unicode(base64url_decode(header))) assert 'some_decimal' in header assert header['some_decimal'] == 'it worked'
def payload(): """ Creates a sample jws claimset for use as a payload during tests """ return force_bytes('hello world')
def payload(): """ Creates a sample jws claimset for use as a payload during tests """ return force_bytes("hello world")
def test_constant_time_compare_returns_true_if_same(self): assert constant_time_compare( force_bytes('abc'), force_bytes('abc') )
def test_constant_time_compare_returns_false_if_totally_different(self): assert not constant_time_compare( force_bytes('abcd'), force_bytes('efgh') )
def test_constant_time_compare_returns_false_if_diff_lengths(self): assert not constant_time_compare( force_bytes('abc'), force_bytes('abcd') )
def decode_value(val): decoded = base64url_decode(force_bytes(val)) return int_from_bytes(decoded, 'big')
def decode_value(val): decoded = base64url_decode(force_bytes(val)) return int_from_bytes(decoded, "big")
def load_hmac_key(): with open(os.path.join(BASE_PATH, "jwk_hmac.json")) as infile: keyobj = json.load(infile) return base64url_decode(force_bytes(keyobj["k"]))
def test_force_bytes_raises_error_on_invalid_object(): with pytest.raises(TypeError): force_bytes({})
def load_hmac_key(): with open(os.path.join(BASE_PATH, 'jwk_hmac.json'), 'r') as infile: keyobj = json.load(infile) return base64url_decode(force_bytes(keyobj['k']))