def test_update_mark_inactive(): rsa_key = new_rsa_key() _jwks = {"keys": [rsa_key.serialize()]} fname = "tmp_jwks.json" with open(fname, "w") as fp: fp.write(json.dumps(_jwks)) kb = KeyBundle(source="file://{}".format(fname), fileformat="jwks") assert len(kb) == 1 # new set of keys rsa_key = new_rsa_key(alg="RS256") ec_key = new_ec_key(crv="P-256") _jwks = {"keys": [rsa_key.serialize(), ec_key.serialize()]} with open(fname, "w") as fp: fp.write(json.dumps(_jwks)) kb.update() # 2 active and 1 inactive assert len(kb) == 3 assert len(kb.active_keys()) == 2 assert len(kb.get("rsa")) == 1 assert len(kb.get("rsa", only_active=False)) == 2
def test_update(): kc = KeyBundle([{"kty": "oct", "key": "highestsupersecret", "use": "sig"}]) assert len(kc.get("oct")) == 1 assert len(kc.get("rsa")) == 0 assert kc.remote is False assert kc.source is None kc.update() # Nothing should happen assert len(kc.get("oct")) == 1 assert len(kc.get("rsa")) == 0 assert kc.remote is False assert kc.source is None
def test_httpc_params_2(): httpc_params = {'timeout': 0} kb = KeyBundle(source='https://login.salesforce.com/id/keys', httpc=requests.request, httpc_params=httpc_params) # Will always fail to fetch the JWKS because the timeout cannot be set # to 0s assert not kb.update()
def test_update_2(): rsa_key = new_rsa_key() _jwks = {"keys": [rsa_key.serialize()]} fname = "tmp_jwks.json" with open(fname, "w") as fp: fp.write(json.dumps(_jwks)) kb = KeyBundle(source="file://{}".format(fname), fileformat="jwks") assert len(kb) == 1 # Added one more key ec_key = new_ec_key(crv="P-256", key_ops=["sign"]) _jwks = {"keys": [rsa_key.serialize(), ec_key.serialize()]} with open(fname, "w") as fp: fp.write(json.dumps(_jwks)) kb.update() assert len(kb) == 2
def test_jwks_url(): keys = KeyBundle(source="https://login.salesforce.com/id/keys") # Forces read from the network keys.update() assert len(keys)