def test_instantiate(self):
key = JsonWebKey(self.oct_secret_json)
self.assertDictContainsSubset(self.oct_secret_json, key.dump(False))
self.assertRaises(InvalidKey, JsonWebKey, {})
self.assertRaises(UnsupportedAlgorithm, JsonWebKey, {"kty": ""})
self.assertRaises(UnsupportedAlgorithm, JsonWebKey,
{"kty": "tutstuts"})
def verify(cls, signature: bytes, data: bytes, key: JsonWebKey):
cls.validate_key(key)
try:
# Incorrect padding of the encoded signature.
raw_signature = base64url_decode(signature)
except binascii.Error:
raise InvalidSignature
key.verify(raw_signature, data, cls.__hash_name__)
def setUpClass(cls):
oct_secret = load_json("oct")
rsa_private, rsa_public = load_json("rsa")
ec_private, ec_public = load_json("ec")
cls.oct_secret = JsonWebKey(oct_secret)
cls.rsa_private = JsonWebKey(rsa_private)
cls.rsa_public = JsonWebKey(rsa_public)
cls.ec_private = JsonWebKey(ec_private)
cls.ec_public = JsonWebKey(ec_public)
cls.data = b"This is a super secret message."
def test_dump(self):
k0 = JsonWebKey.parse(load_pem("rsa")[1],
"RSA",
True,
use="sig",
kid="key0")
k1 = JsonWebKey.parse(load_pem("ec")[1],
"EC",
True,
use="sig",
kid="key1")
jwks = JsonWebKeySet([k0, k1])
self.assertDictEqual(jwks.dump(), {"keys": [k0.dump(), k1.dump()]})
def test_generate(self):
key = JsonWebKey.generate("RSA", 2048, use="sig", kid="key_id")
data = key.dump()
self.assertEqual(data.get("kty"), "RSA")
self.assertEqual(data.get("use"), "sig")
self.assertEqual(data.get("kid"), "key_id")
def test_get_key(self):
k0 = JsonWebKey.parse(load_pem("ec")[0],
"EC",
False,
use="sig",
kid="key0")
k1 = JsonWebKey.parse(load_pem("rsa")[0],
"RSA",
False,
use="sig",
kid="key1")
jwks = JsonWebKeySet([k0, k1])
self.assertEqual(jwks.get_key("key0"), k0)
self.assertIsNone(jwks.get_key("idontknow"))
def test_serialize(self):
key = JsonWebKey(load_json("oct"))
jws = JsonWebSignature(b"Super important message.", {"alg": "HS256"})
token = (b"eyJhbGciOiAiSFMyNTYifQ."
b"U3VwZXIgaW1wb3J0YW50IG1lc3NhZ2Uu."
b"hcKC9ON7r55CL1bekT5KlYN37Dwx_3yGNlhexf89-1Y")
self.assertEqual(jws.serialize(key), token)
def test_instantiate(self):
k0 = JsonWebKey.parse(load_pem("ec")[1],
"EC",
True,
use="sig",
kid="key0")
k1 = JsonWebKey.parse(load_pem("rsa")[1],
"RSA",
True,
use="sig",
kid="key1")
k2 = JsonWebKey.generate("RSA", 2048)
jwks0 = JsonWebKeySet([k0, k1])
self.assertListEqual(jwks0.keys, [k0, k1])
self.assertRaises(InvalidKeySet, JsonWebKeySet, [k0, k1, k2])
k30 = JsonWebKey.generate("EC", "P-256", kid="key2")
k31 = JsonWebKey.generate("RSA", 2048, kid="key2")
self.assertRaises(InvalidKeySet, JsonWebKeySet, [k30, k31])
def test_deserialize(self):
key = JsonWebKey(load_json("oct"))
token = (
b"eyJ0eXAiOiAiSldUIiwgImFsZyI6ICJIUzI1NiJ9."
b"eyJzdWIiOiAic29tZS1yYW5kb20tdXVpZCIsICJpYXQiOiAxNjUyMzAxNDc4fQ."
b"PZd5gLOfNTv3x8Qci1DM7hxjY91bUhmfnOQgojhFv6I")
expected_header = {"typ": "JWT", "alg": "HS256"}
expected_payload = b'{"sub": "some-random-uuid", "iat": 1652301478}'
deserialized = JsonWebSignature.deserialize(token, key, "HS256")
self.assertEqual(deserialized.header, expected_header)
self.assertEqual(deserialized.payload, expected_payload)
def test_parse(self):
private_key = JsonWebKey.parse(self.ec_private_pem,
"EC",
False,
use="sig")
public_key = JsonWebKey.parse(self.ec_public_pem,
"EC",
True,
use="sig",
kid="key_id")
self.assertDictEqual(private_key.dump(False),
dict(**self.ec_private_json, use="sig"))
self.assertDictEqual(
public_key.dump(),
dict(**self.ec_public_json, use="sig", kid="key_id"))
self.assertRaises(
UnsupportedAlgorithm,
JsonWebKey.parse,
self.rsa_private_pem,
"tutstuts",
False,
)
self.assertRaises(
UnsupportedParsingMethod,
JsonWebKey.parse,
self.rsa_public_pem,
"RSA",
True,
format="BaP(QUiEi'X",
)
self.assertRaises(InvalidKey, JsonWebKey.parse, self.ec_public_pem,
"RSA", True)
from typing import Optional, Union
from psion.jose.jwk import JsonWebKey
from psion.jose.jwt import JsonWebToken
from psion.oauth2.adapter import BaseAdapter
from psion.webtools import FullDict, secret_token
from example.models.clients import Client
from example.models.tokens import AuthorizationCode, RefreshToken
from example.models.users import User
SECRET_KEY = JsonWebKey.parse(
b"super_secret_key_that_no_one_will_be_able_to_guess",
"oct",
False,
format="der",
kid="secret_key_id",
)
class Adapter(BaseAdapter):
async def find_user(self, user_id: str) -> User:
return await User.get_or_none(id=user_id)
async def find_client(self, client_id: str) -> Client:
return await Client.get_or_none(id=client_id)
async def save_authorization_code(
self, code: str, data: dict, client: Client, user: User
) -> None:
def sign(cls, data: bytes, key: JsonWebKey) -> bytes:
cls.validate_key(key)
signature = key.sign(data,
cls.__hash_name__,
rsa_padding=cls.__padding__)
return base64url_encode(signature)
def test_dump(self):
data = dict(**self.ec_public_json, use="sig", kid="some_id")
key = JsonWebKey(data)
self.assertDictEqual(key.dump(), data)
def get_client_public_key(self, key_id: str) -> JsonWebKey:
if self.jwks is None:
return None
return JsonWebKey(self.jwks)