def test_sample_readme_cwt_with_pop_cose_key(self): with open(key_path("private_key_ed25519.pem")) as key_file: private_key = COSEKey.from_pem(key_file.read(), kid="issuer-01") with open(key_path("public_key_es256.pem")) as key_file: pop_key = COSEKey.from_pem(key_file.read()) token = cwt.encode( { 1: "coaps://as.example", # iss 2: "dajiaji", # sub 7: b"123", # cti 8: { # cnf 1: pop_key.to_dict(), }, }, private_key, ) with open(key_path("public_key_ed25519.pem")) as key_file: public_key = COSEKey.from_pem(key_file.read(), kid="issuer-01") decoded = cwt.decode(token, public_key) assert 8 in decoded and isinstance(decoded[8], dict) assert 1 in decoded[8] and isinstance(decoded[8][1], dict) extracted = COSEKey.new(decoded[8][1]) assert extracted.kty == 2 # EC2 assert extracted.crv == 1 # P-256
def test_sample_rfc8392_a4(self): key = COSEKey.new( { -1: bytes.fromhex("403697de87af64611c1d32a05dab0fe1fcb715a86ab435f1ec99192d79569388"), 1: 4, # Symmetric 2: bytes.fromhex("53796d6d6574726963323536"), 3: 4, # HMAC256/64 } ) token = cwt.encode( { 1: "coap://as.example.com", 2: "erikw", 3: "coap://light.example.com", 4: 1444064944, 5: 1443944944, 6: 1443944944, 7: bytes.fromhex("0b71"), }, key, tagged=True, ) assert token == bytes.fromhex(SAMPLE_CWT_RFC8392_A4) decoded = cwt.decode(token, keys=key, no_verify=True) assert 1 in decoded and decoded[1] == "coap://as.example.com"
def test_sample_readme_cwt_with_pop_jwk(self): # issuer: with open(key_path("private_key_ed25519.pem")) as key_file: private_key = COSEKey.from_pem(key_file.read(), kid="issuer-01") token = cwt.encode( { "iss": "coaps://as.example", "sub": "dajiaji", "cti": "123", "cnf": { "jwk": { "kty": "OKP", "use": "sig", "crv": "Ed25519", "kid": "01", "x": "2E6dX83gqD_D0eAmqnaHe1TC1xuld6iAKXfw2OVATr0", "alg": "EdDSA", }, }, }, private_key, ) # presenter: msg = b"could-you-sign-this-message?" # Provided by recipient. pop_key_private = COSEKey.from_jwk( { "kty": "OKP", "d": "L8JS08VsFZoZxGa9JvzYmCWOwg7zaKcei3KZmYsj7dc", "use": "sig", "crv": "Ed25519", "kid": "01", "x": "2E6dX83gqD_D0eAmqnaHe1TC1xuld6iAKXfw2OVATr0", "alg": "EdDSA", } ) sig = pop_key_private.sign(msg) # recipient: with open(key_path("public_key_ed25519.pem")) as key_file: public_key = COSEKey.from_pem(key_file.read(), kid="issuer-01") decoded = cwt.decode(token, public_key) assert 8 in decoded and isinstance(decoded[8], dict) assert 1 in decoded[8] and isinstance(decoded[8][1], dict) c = Claims.new(decoded) extracted = COSEKey.new(c.cnf) try: extracted.verify(msg, sig) except Exception: pytest.fail("verify should not fail.")
def test_key_builder_new_with_invalid_args(self, invalid, msg): with pytest.raises(ValueError) as err: COSEKey.new(invalid) pytest.fail("new should fail.") assert msg in str(err.value)
def test_key_builder_new_with_valid_args(self, cose_key): try: COSEKey.new(cose_key) except Exception: pytest.fail("new should not fail.")