def test_key_export(): kj = KeyJar() url = key_export( "http://example.com/keys/", "outbound", "secret", keyjar=kj, sig={ "alg": "rsa", "format": ["x509", "jwk"] }, ) assert url == "http://example.com/keys/outbound/jwks" # Now a jwks should reside in './keys/outbound/jwks' kb = KeyBundle(source="file://./keys/outbound/jwks") # One key assert len(kb) == 1 # more specifically one RSA key assert len(kb.get("RSA")) == 1 k = kb.get("RSA")[0] # For signing assert k.use == "sig"
def test_chain_1(): kc = KeyBundle([{"kty": "oct", "key": "supersecret", "use": "sig"}]) assert len(kc.get("oct")) == 1 assert len(kc.get("rsa")) == 0 assert kc.remote is False assert kc.source is None kc.update() # Nothing should happen assert len(kc.get("oct")) == 1 assert len(kc.get("rsa")) == 0 assert kc.remote is False assert kc.source is None
def test_update(self): kc = KeyBundle([{"kty": "oct", "key": "supersecret", "use": "sig"}]) assert len(kc.get("oct")) == 1 assert len(kc.get("rsa")) == 0 assert kc.remote is False assert kc.source is None kc.update() # Nothing should happen assert len(kc.get("oct")) == 1 assert len(kc.get("rsa")) == 0 assert kc.remote is False assert kc.source is None
def test_chain_1(): kc = KeyBundle({"hmac": "supersecret"}, usage="sig") assert len(kc.get("hmac")) == 1 assert len(kc.get("rsa")) == 0 assert kc.usage == ["sig"] assert kc.remote == False assert kc.source is None kc.update() # Nothing should happen assert len(kc.get("hmac")) == 1 assert len(kc.get("rsa")) == 0 assert kc.usage == ["sig"] assert kc.remote == False assert kc.source is None
def test_key_export(): kj = KeyJar() url = key_export("http://example.com/keys/", "outbound", "secret", keyjar=kj, sig={"alg": "rsa", "format": ["x509", "jwk"]}) assert url == "http://example.com/keys/outbound/jwks" # Now a jwks should reside in './keys/outbound/jwks' kb = KeyBundle(source='file://./keys/outbound/jwks') # One key assert len(kb) == 1 # more specifically one RSA key assert len(kb.get('RSA')) == 1 k = kb.get('RSA')[0] # For signing assert k.use == 'sig'
def test_chain_3(): kc = KeyBundle(source="file://../oc3/certs/server.crt", type="rsa", src_type="x509", usage=["sig", "enc"]) assert kc.usage == ["sig", "enc"] assert kc.remote == False assert kc.source == "../oc3/certs/server.crt" assert len(kc.get("hmac")) == 0 assert len(kc.get("rsa")) == 1 key = kc.get("rsa")[0] assert isinstance(key, M2Crypto.RSA.RSA) kc.update() assert kc.usage == ["sig", "enc"] assert kc.remote == False assert kc.source == "../oc3/certs/server.crt" assert len(kc.get("hmac")) == 0 assert len(kc.get("rsa")) == 1 key = kc.get("rsa")[0] assert isinstance(key, M2Crypto.RSA.RSA)
def test_chain_2(): kc = KeyBundle(source="file://../oc3/certs/mycert.key", type="rsa", usage=["ver", "sig"]) assert kc.usage == ["ver", "sig"] assert kc.remote == False assert kc.source == "../oc3/certs/mycert.key" assert len(kc.get("hmac")) == 0 assert len(kc.get("rsa")) == 1 key = kc.get("rsa")[0] assert isinstance(key, M2Crypto.RSA.RSA) kc.update() assert kc.usage == ["ver", "sig"] assert kc.remote == False assert kc.source == "../oc3/certs/mycert.key" assert len(kc.get("hmac")) == 0 assert len(kc.get("rsa")) == 1 key = kc.get("rsa")[0] assert isinstance(key, M2Crypto.RSA.RSA)
REGREQ = RegistrationRequest(contacts=["*****@*****.**"], redirect_uris=["http://example.org/jqauthz"], application_name="pacubar", client_id=CLIENT_ID, operation="register", application_type="web") RSREQ = RefreshSessionRequest(id_token="id_token", redirect_url="http://example.com/authz", state="state0") #key, type, usage, owner="." alg = "HS256" ktype = alg2keytype(alg) keys = KC_SYM_S.get(ktype) CSREQ = CheckSessionRequest( id_token=IDTOKEN.to_jwt(key=keys, algorithm="HS256")) ESREQ = EndSessionRequest(id_token=IDTOKEN.to_jwt(key=keys, algorithm="HS256"), redirect_url="http://example.org/jqauthz", state="state0") UINFO = Claims(name={"essential": True}, nickname=None, email={"essential": True}, email_verified={"essential": True}, picture=None) IDT2 = Claims(auth_time={ "essential": True,
UIREQ = UserInfoRequest(access_token="access_token") REGREQ = RegistrationRequest(contacts=["*****@*****.**"], redirect_uris=["http://example.org/jqauthz"], application_name="pacubar", client_id=CLIENT_ID, operation="register", application_type="web") RSREQ = RefreshSessionRequest(id_token="id_token", redirect_url="http://example.com/authz", state="state0") #key, type, usage, owner="." alg = "HS256" ktype = alg2keytype(alg) keys = KC_SYM_S.get(ktype) CSREQ = CheckSessionRequest(id_token=IDTOKEN.to_jwt(key=keys, algorithm="HS256")) ESREQ = EndSessionRequest(id_token=IDTOKEN.to_jwt(key=keys, algorithm="HS256"), redirect_url="http://example.org/jqauthz", state="state0") UINFO = Claims(name={"essential": True}, nickname=None, email={"essential": True}, email_verified={"essential": True}, picture=None) IDT2 = Claims(auth_time={"essential": True, "acr": {"values": ["urn:mace:incommon:iap:silver"]}})
from oic.utils.keyio import KeyBundle, key_eq __author__ = 'rolandh' jwk_url = ["https://connect.openid4.us/connect4us.jwk", # edmund "https://connect-op.heroku.com/jwk.json"] # nov x509_url = ["https://connect-op.heroku.com/cert.pem"] kc0 = KeyBundle(source=jwk_url[1], src_type="jwk", type="rsa", usage=["sig", "enc"]) kc1 = KeyBundle(source=x509_url[0], src_type="x509", type="rsa", usage=["sig", "enc"]) kc0.update() print kc0 kc1.update() print kc1 print key_eq(kc0.get("rsa")[0], kc1.get("rsa")[0])