def test_key_export():
kj = KeyJar()
url = key_export(
"http://example.com/keys/",
"outbound",
"secret",
keyjar=kj,
sig={
"alg": "rsa",
"format": ["x509", "jwk"]
},
)
assert url == "http://example.com/keys/outbound/jwks"
# Now a jwks should reside in './keys/outbound/jwks'
kb = KeyBundle(source="file://./keys/outbound/jwks")
# One key
assert len(kb) == 1
# more specifically one RSA key
assert len(kb.get("RSA")) == 1
k = kb.get("RSA")[0]
# For signing
assert k.use == "sig"
def test_chain_1():
kc = KeyBundle([{"kty": "oct", "key": "supersecret", "use": "sig"}])
assert len(kc.get("oct")) == 1
assert len(kc.get("rsa")) == 0
assert kc.remote is False
assert kc.source is None
kc.update() # Nothing should happen
assert len(kc.get("oct")) == 1
assert len(kc.get("rsa")) == 0
assert kc.remote is False
assert kc.source is None
def test_update(self):
kc = KeyBundle([{"kty": "oct", "key": "supersecret", "use": "sig"}])
assert len(kc.get("oct")) == 1
assert len(kc.get("rsa")) == 0
assert kc.remote is False
assert kc.source is None
kc.update() # Nothing should happen
assert len(kc.get("oct")) == 1
assert len(kc.get("rsa")) == 0
assert kc.remote is False
assert kc.source is None
def test_chain_1():
kc = KeyBundle({"hmac": "supersecret"}, usage="sig")
assert len(kc.get("hmac")) == 1
assert len(kc.get("rsa")) == 0
assert kc.usage == ["sig"]
assert kc.remote == False
assert kc.source is None
kc.update() # Nothing should happen
assert len(kc.get("hmac")) == 1
assert len(kc.get("rsa")) == 0
assert kc.usage == ["sig"]
assert kc.remote == False
assert kc.source is None
def test_key_export():
kj = KeyJar()
url = key_export("http://example.com/keys/", "outbound", "secret",
keyjar=kj, sig={"alg": "rsa", "format": ["x509", "jwk"]})
assert url == "http://example.com/keys/outbound/jwks"
# Now a jwks should reside in './keys/outbound/jwks'
kb = KeyBundle(source='file://./keys/outbound/jwks')
# One key
assert len(kb) == 1
# more specifically one RSA key
assert len(kb.get('RSA')) == 1
k = kb.get('RSA')[0]
# For signing
assert k.use == 'sig'
def test_chain_3():
kc = KeyBundle(source="file://../oc3/certs/server.crt", type="rsa",
src_type="x509", usage=["sig", "enc"])
assert kc.usage == ["sig", "enc"]
assert kc.remote == False
assert kc.source == "../oc3/certs/server.crt"
assert len(kc.get("hmac")) == 0
assert len(kc.get("rsa")) == 1
key = kc.get("rsa")[0]
assert isinstance(key, M2Crypto.RSA.RSA)
kc.update()
assert kc.usage == ["sig", "enc"]
assert kc.remote == False
assert kc.source == "../oc3/certs/server.crt"
assert len(kc.get("hmac")) == 0
assert len(kc.get("rsa")) == 1
key = kc.get("rsa")[0]
assert isinstance(key, M2Crypto.RSA.RSA)
def test_chain_2():
kc = KeyBundle(source="file://../oc3/certs/mycert.key", type="rsa",
usage=["ver", "sig"])
assert kc.usage == ["ver", "sig"]
assert kc.remote == False
assert kc.source == "../oc3/certs/mycert.key"
assert len(kc.get("hmac")) == 0
assert len(kc.get("rsa")) == 1
key = kc.get("rsa")[0]
assert isinstance(key, M2Crypto.RSA.RSA)
kc.update()
assert kc.usage == ["ver", "sig"]
assert kc.remote == False
assert kc.source == "../oc3/certs/mycert.key"
assert len(kc.get("hmac")) == 0
assert len(kc.get("rsa")) == 1
key = kc.get("rsa")[0]
assert isinstance(key, M2Crypto.RSA.RSA)
REGREQ = RegistrationRequest(contacts=["*****@*****.**"],
redirect_uris=["http://example.org/jqauthz"],
application_name="pacubar",
client_id=CLIENT_ID,
operation="register",
application_type="web")
RSREQ = RefreshSessionRequest(id_token="id_token",
redirect_url="http://example.com/authz",
state="state0")
#key, type, usage, owner="."
alg = "HS256"
ktype = alg2keytype(alg)
keys = KC_SYM_S.get(ktype)
CSREQ = CheckSessionRequest(
id_token=IDTOKEN.to_jwt(key=keys, algorithm="HS256"))
ESREQ = EndSessionRequest(id_token=IDTOKEN.to_jwt(key=keys, algorithm="HS256"),
redirect_url="http://example.org/jqauthz",
state="state0")
UINFO = Claims(name={"essential": True},
nickname=None,
email={"essential": True},
email_verified={"essential": True},
picture=None)
IDT2 = Claims(auth_time={
"essential": True,
UIREQ = UserInfoRequest(access_token="access_token")
REGREQ = RegistrationRequest(contacts=["*****@*****.**"],
redirect_uris=["http://example.org/jqauthz"],
application_name="pacubar", client_id=CLIENT_ID,
operation="register", application_type="web")
RSREQ = RefreshSessionRequest(id_token="id_token",
redirect_url="http://example.com/authz",
state="state0")
#key, type, usage, owner="."
alg = "HS256"
ktype = alg2keytype(alg)
keys = KC_SYM_S.get(ktype)
CSREQ = CheckSessionRequest(id_token=IDTOKEN.to_jwt(key=keys,
algorithm="HS256"))
ESREQ = EndSessionRequest(id_token=IDTOKEN.to_jwt(key=keys,
algorithm="HS256"),
redirect_url="http://example.org/jqauthz",
state="state0")
UINFO = Claims(name={"essential": True}, nickname=None,
email={"essential": True},
email_verified={"essential": True}, picture=None)
IDT2 = Claims(auth_time={"essential": True,
"acr": {"values": ["urn:mace:incommon:iap:silver"]}})
from oic.utils.keyio import KeyBundle, key_eq
__author__ = 'rolandh'
jwk_url = ["https://connect.openid4.us/connect4us.jwk", # edmund
"https://connect-op.heroku.com/jwk.json"] # nov
x509_url = ["https://connect-op.heroku.com/cert.pem"]
kc0 = KeyBundle(source=jwk_url[1], src_type="jwk", type="rsa", usage=["sig", "enc"])
kc1 = KeyBundle(source=x509_url[0], src_type="x509", type="rsa", usage=["sig", "enc"])
kc0.update()
print kc0
kc1.update()
print kc1
print key_eq(kc0.get("rsa")[0], kc1.get("rsa")[0])
