def test_update_mark_inactive():
rsa_key = new_rsa_key()
_jwks = {"keys": [rsa_key.serialize()]}
fname = "tmp_jwks.json"
with open(fname, "w") as fp:
fp.write(json.dumps(_jwks))
kb = KeyBundle(source="file://{}".format(fname), fileformat="jwks")
assert len(kb) == 1
# new set of keys
rsa_key = new_rsa_key(alg="RS256")
ec_key = new_ec_key(crv="P-256")
_jwks = {"keys": [rsa_key.serialize(), ec_key.serialize()]}
with open(fname, "w") as fp:
fp.write(json.dumps(_jwks))
kb.update()
# 2 active and 1 inactive
assert len(kb) == 3
assert len(kb.active_keys()) == 2
assert len(kb.get("rsa")) == 1
assert len(kb.get("rsa", only_active=False)) == 2
def test_update():
kc = KeyBundle([{"kty": "oct", "key": "highestsupersecret", "use": "sig"}])
assert len(kc.get("oct")) == 1
assert len(kc.get("rsa")) == 0
assert kc.remote is False
assert kc.source is None
kc.update() # Nothing should happen
assert len(kc.get("oct")) == 1
assert len(kc.get("rsa")) == 0
assert kc.remote is False
assert kc.source is None
def test_httpc_params_2():
httpc_params = {'timeout': 0}
kb = KeyBundle(source='https://login.salesforce.com/id/keys',
httpc=requests.request,
httpc_params=httpc_params)
# Will always fail to fetch the JWKS because the timeout cannot be set
# to 0s
assert not kb.update()
def test_update_2():
rsa_key = new_rsa_key()
_jwks = {"keys": [rsa_key.serialize()]}
fname = "tmp_jwks.json"
with open(fname, "w") as fp:
fp.write(json.dumps(_jwks))
kb = KeyBundle(source="file://{}".format(fname), fileformat="jwks")
assert len(kb) == 1
# Added one more key
ec_key = new_ec_key(crv="P-256", key_ops=["sign"])
_jwks = {"keys": [rsa_key.serialize(), ec_key.serialize()]}
with open(fname, "w") as fp:
fp.write(json.dumps(_jwks))
kb.update()
assert len(kb) == 2
def test_jwks_url():
keys = KeyBundle(source="https://login.salesforce.com/id/keys")
# Forces read from the network
keys.update()
assert len(keys)