def test_sign_verify(): bundle = JWKSBundle(ISS, SIGN_KEYS) bundle['https://www.swamid.se'] = KEYJAR['https://www.swamid.se'] bundle['https://www.sunet.se'] = KEYJAR['https://www.sunet.se'] bundle['https://www.feide.no'] = KEYJAR['https://www.feide.no'] _jws = bundle.create_signed_bundle() bundle2 = JWKSBundle(ISS2) verify_keys = SIGN_KEYS.copy() verify_keys.issuer_keys[ISS] = verify_keys.issuer_keys[''] bundle2.upload_signed_bundle(_jws, verify_keys) assert set(bundle.keys()) == set(bundle2.keys()) for iss, kj in bundle.items(): assert bundle2[iss] == kj
# Get the necessary information about the JWKS bundle info = {} for path in ['bundle', 'bundle/signer', 'bundle/sigkey']: _url = "{}/{}".format(tool_url, path) resp = requests.request('GET', _url, verify=False) info[path] = resp.text # Create a KeyJar instance that contains the key that the bundle was signed with kj = KeyJar() kj.import_jwks(json.loads(info['bundle/sigkey']), info['bundle/signer']) # Create a JWKSBundle instance and load it with the keys in the bundle # I got from the tool jb = JWKSBundle('') jb.upload_signed_bundle(info['bundle'], kj) # This is for the federation entity to use when signing something # like the keys at jwks_uri. _kj = build_keyjar(KEY_DEFS)[1] SIGNERS = [ 'https://swamid.sunet.se', 'https://edugain.com', 'https://www.feide.no' ] # A dictionary of web based signers sig = {} for iss in SIGNERS: qp = urlencode({'signer': iss, 'context': 'registration'}) url = '{}/sign?{}'.format(tool_url, qp) sig[iss] = WebSigningService(iss, url, jb.bundle[iss])