def test_signer_protected_headers(): payload = "Please take a moment to register today" eck = ec.generate_private_key(ec.SECP256R1(), default_backend()) _key = ECKey().load_key(eck) keys = [_key] _jws = JWS(payload, alg="ES256") protected = dict(header1=u"header1 is protected", header2="header2 is protected too", a=1) _jwt = _jws.sign_compact(keys, protected=protected) exp_protected = protected.copy() exp_protected["alg"] = "ES256" enc_header, enc_payload, sig = _jwt.split(".") assert json.loads(b64d( enc_header.encode("utf-8")).decode("utf-8")) == exp_protected assert b64d(enc_payload.encode("utf-8")).decode("utf-8") == payload _pub_key = ECKey().load_key(eck.public_key()) _rj = JWS(alg="ES256") info = _rj.verify_compact(_jwt, [_pub_key]) assert info == payload # Protected by default protected["alg"] = "ES256" assert _rj.protected_headers() == protected
def test_verify_json_flattened_syntax(): key = ECKey().load_key(P256()) protected_headers = {"foo": "bar"} unprotected_headers = {"abc": "xyz"} payload = "hello world" _jwt = JWS(msg=payload, alg="ES256").sign_json(headers=[ (protected_headers, unprotected_headers) ], keys=[key], flatten=True) vkeys = [ECKey().load_key(key.public_key())] _jws = JWS() assert _jws.verify_json(_jwt, keys=vkeys) assert _jws.protected_headers() == {"alg": "ES256", "foo": "bar"}
def test_verify_json(): eck = ec.generate_private_key(ec.SECP256R1(), default_backend()) key = ECKey().load_key(eck) payload = "hello world" unprotected_headers = {"abc": "xyz"} protected_headers = {"foo": "bar"} _jwt = JWS(msg=payload, alg="ES256").sign_json(headers=[ (protected_headers, unprotected_headers) ], keys=[key]) vkeys = [ECKey().load_key(eck.public_key())] _jws = JWS() assert _jws.verify_json(_jwt, keys=vkeys) _protected = _jws.protected_headers() assert set(_protected.keys()) == {"foo", "alg"} assert _protected["foo"] == protected_headers["foo"] # alg is always protected by default assert _protected["alg"] == "ES256"