def test_update_mark_inactive():
rsa_key = new_rsa_key()
_jwks = {"keys": [rsa_key.serialize()]}
fname = "tmp_jwks.json"
with open(fname, "w") as fp:
fp.write(json.dumps(_jwks))
kb = KeyBundle(source="file://{}".format(fname), fileformat="jwks")
assert len(kb) == 1
# new set of keys
rsa_key = new_rsa_key(alg="RS256")
ec_key = new_ec_key(crv="P-256")
_jwks = {"keys": [rsa_key.serialize(), ec_key.serialize()]}
with open(fname, "w") as fp:
fp.write(json.dumps(_jwks))
kb.update()
# 2 active and 1 inactive
assert len(kb) == 3
assert len(kb.active_keys()) == 2
assert len(kb.get("rsa")) == 1
assert len(kb.get("rsa", only_active=False)) == 2
def test_export_inactive():
desc = {"kty": "oct", "key": "highestsupersecret", "use": "sig"}
kb = KeyBundle([desc])
assert len(kb.keys()) == 1
for k in kb.keys():
kb.mark_as_inactive(k.kid)
desc = {"kty": "oct", "key": "highestsupersecret", "use": "enc"}
kb.do_keys([desc])
res = kb.dump()
assert set(res.keys()) == {
"cache_time",
"fileformat",
"httpc_params",
"imp_jwks",
"keys",
"last_updated",
"last_remote",
"last_local",
"remote",
"local",
"time_out",
}
kb2 = KeyBundle().load(res)
assert len(kb2.keys()) == 2
assert len(kb2.active_keys()) == 1
def test_export_inactive():
desc = {"kty": "oct", "key": "highestsupersecret", "use": "sig"}
kb = KeyBundle([desc])
assert len(kb.keys()) == 1
for k in kb.keys():
kb.mark_as_inactive(k.kid)
desc = {"kty": "oct", "key": "highestsupersecret", "use": "enc"}
kb.add_jwk_dicts([desc])
res = kb.dump()
assert set(res.keys()) == {
"cache_time",
"etag",
"fileformat",
"httpc_params",
"ignore_errors_until",
"ignore_errors_period",
"ignore_invalid_keys",
"imp_jwks",
"keys",
"keytype",
"keyusage",
"last_updated",
"last_remote",
"last_local",
"remote",
"local",
"source",
"time_out",
}
kb2 = KeyBundle().load(res)
assert len(kb2.keys()) == 2
assert len(kb2.active_keys()) == 1
def test_mark_as_inactive():
desc = {"kty": "oct", "key": "highestsupersecret", "use": "sig"}
kb = KeyBundle([desc])
assert len(kb.keys()) == 1
for k in kb.keys():
kb.mark_as_inactive(k.kid)
desc = {"kty": "oct", "key": "highestsupersecret", "use": "enc"}
kb.do_keys([desc])
assert len(kb.keys()) == 2
assert len(kb.active_keys()) == 1
def test_remote_not_modified():
source = "https://example.com/keys.json"
headers = {
"Date": "Fri, 15 Mar 2019 10:14:25 GMT",
"Last-Modified": "Fri, 1 Jan 1970 00:00:00 GMT",
}
headers = {}
# Mock response
httpc_params = {"timeout": (2, 2)} # connect, read timeouts in seconds
kb = KeyBundle(source=source,
httpc=requests.request,
httpc_params=httpc_params)
with responses.RequestsMock() as rsps:
rsps.add(method="GET",
url=source,
json=JWKS_DICT,
status=200,
headers=headers)
assert kb.do_remote()
assert kb.last_remote == headers.get("Last-Modified")
timeout1 = kb.time_out
with responses.RequestsMock() as rsps:
rsps.add(method="GET", url=source, status=304, headers=headers)
assert not kb.do_remote()
assert kb.last_remote == headers.get("Last-Modified")
timeout2 = kb.time_out
assert timeout1 != timeout2
exp = kb.dump()
kb2 = KeyBundle().load(exp)
assert kb2.source == source
assert len(kb2.keys()) == 3
assert len(kb2.active_keys()) == 3
assert len(kb2.get("rsa")) == 1
assert len(kb2.get("oct")) == 1
assert len(kb2.get("ec")) == 1
assert kb2.httpc_params == {"timeout": (2, 2)}
assert kb2.imp_jwks
assert kb2.last_updated