def test_pjwt_with_jwe_jwk(): keys = KEYS() keys.append(RSAKey(use="enc", key=rsa, kid="some-key-id")) jwe = JWE(alg="RSA-OAEP", enc="A256CBC-HS512") pj = PopJWT("https://server.example.com", "https://client.example.org", sub='12345678', jwe=jwe, keys=keys) jwk = { "kty": "oct", "alg": "HS256", "k": "ZoRSOrFzN_FzUA5XKMYoVHyzff5oRJxl-IXRtztJ6uE" } pjwt = pj.pack_jwe(jwk=jwk, kid='some-key-id') s = pjwt.to_json() de_pjwt = PJWT().from_json(s) assert _eq(de_pjwt.keys(), ['iss', 'aud', 'exp', 'cnf', 'sub', 'iat']) assert list(de_pjwt['cnf'].keys()) == ['jwe'] _jwe = de_pjwt['cnf']['jwe'] msg = jwe.decrypt(_jwe, keys.keys()) assert msg assert json.loads(msg.decode('utf8')) == jwk
def test_enc_hmac(): payload = { 'nonce': 'CYeHPyA6Kmr_jy5HDHXykznu2BpDLm8ngbIJvhBoupI,', 'sub': 'diana', 'iss': 'https://xenosmilus2.umdc.umu.se:8091/', 'acr': '2', 'exp': 1401176001, 'iat': 1401096801, 'aud': ['ApB7TBoKV1tV'] } _jwe = JWE(json.dumps(payload), alg="A128KW", enc="A128CBC-HS256") kb = KeyBundle(JWK1["keys"]) kj = KeyJar() kj.issuer_keys["abcdefgh"] = [kb] keys = kj.get_encrypt_key(owner="abcdefgh") _enctxt = _jwe.encrypt(keys, context="public") assert _enctxt # and now for decryption msg, state = _jwe.decrypt(_enctxt, keys) assert json.loads(msg) == payload
def test_pop_jwe(): jwk = {"kty": "oct", "alg": "HS256", "k": "ZoRSOrFzN_FzUA5XKMYoVHyzff5oRJxl-IXRtztJ6uE"} encryption_keys = [RSAKey(use="enc", key=rsa, kid="some-key-id")] jwe = JWE(json.dumps(jwk), alg="RSA-OAEP", enc="A256CBC-HS512") _jwe = jwe.encrypt(keys=encryption_keys, kid="some-key-id") jwt = { "iss": "https://server.example.com", "aud": "https://client.example.org", "exp": 1361398824, "cnf": { "jwe": _jwe } } pjwt = PJWT(**jwt) s = pjwt.to_json() de_pjwt = PJWT().from_json(s) assert _eq(de_pjwt.keys(), ['iss', 'aud', 'exp', 'cnf']) assert list(de_pjwt['cnf'].keys()) == ['jwe'] _jwe = de_pjwt['cnf']['jwe'] msg = jwe.decrypt(_jwe, encryption_keys) assert msg assert json.loads(msg.decode('utf8')) == jwk
def request_started_handler(self, sender, **extra): if request.content_type == u'application/jose': jwe = JWE() decrypted = jwe.decrypt(request.get_data(), self._keys) request._cached_data = decrypted cached_json = json.loads(decrypted) request._cached_json = (cached_json, cached_json)
def test_pjwt_with_jwe_jwk(): keys = KEYS() keys.append(RSAKey(use="enc", key=rsa, kid="some-key-id")) jwe = JWE(alg="RSA-OAEP", enc="A256CBC-HS512") pj = PopJWT( "https://server.example.com", "https://client.example.org", sub="12345678", jwe=jwe, keys=keys, ) jwk = { "kty": "oct", "alg": "HS256", "k": "ZoRSOrFzN_FzUA5XKMYoVHyzff5oRJxl-IXRtztJ6uE", } pjwt = pj.pack_jwe(jwk=jwk, kid="some-key-id") s = pjwt.to_json() de_pjwt = PJWT().from_json(s) assert _eq(de_pjwt.keys(), ["iss", "aud", "exp", "cnf", "sub", "iat"]) assert list(de_pjwt["cnf"].keys()) == ["jwe"] _jwe = de_pjwt["cnf"]["jwe"] msg = jwe.decrypt(_jwe, keys.keys()) assert msg assert json.loads(msg.decode("utf8")) == jwk
def test_encrypt_decrypt_rsa_cbc(): _key = RSAKey(key=rsa) _key._keytype = "private" _jwe0 = JWE(plain, alg="RSA1_5", enc="A128CBC-HS256") jwt = _jwe0.encrypt([_key]) _jwe1 = JWE() msg = _jwe1.decrypt(jwt, [_key]) assert msg == plain
def deconstruct_state(relay_state, keys, alg="A128KW", enc="A128CBC-HS256"): """ Deconstruct the SAML RelayState (received back from the IdP). :param relay_state: A JWS :param key: A decryption key (a SYMKey instance) :return: The payload of the JWS """ jwe = JWE(alg=alg, enc=enc) payload, success = jwe.decrypt(relay_state, keys) if success: return json.loads(payload) else: raise DecryptionFailed()
def test_enc_hmac(): payload = {'nonce': 'CYeHPyA6Kmr_jy5HDHXykznu2BpDLm8ngbIJvhBoupI,', 'sub': 'diana', 'iss': 'https://xenosmilus2.umdc.umu.se:8091/', 'acr': '2', 'exp': 1401176001, 'iat': 1401096801, 'aud': ['ApB7TBoKV1tV']} _jwe = JWE(json.dumps(payload), alg="A128KW", enc="A128CBC-HS256") kb = KeyBundle(JWK1["keys"]) kj = KeyJar() kj.issuer_keys["abcdefgh"] = [kb] keys = kj.get_encrypt_key(owner="abcdefgh") _enctxt = _jwe.encrypt(keys, context="public") assert _enctxt # and now for decryption msg, state = _jwe.decrypt(_enctxt, keys) assert json.loads(msg) == payload
def test_pjwt_with_jwe_jwk(): keys = KEYS() keys.append(RSAKey(use="enc", key=rsa, kid="some-key-id")) jwe = JWE(alg="RSA-OAEP", enc="A256CBC-HS512") pj = PopJWT("https://server.example.com", "https://client.example.org", sub='12345678', jwe=jwe, keys=keys) jwk = {"kty": "oct", "alg": "HS256", "k": "ZoRSOrFzN_FzUA5XKMYoVHyzff5oRJxl-IXRtztJ6uE"} pjwt = pj.pack_jwe(jwk=jwk, kid='some-key-id') s = pjwt.to_json() de_pjwt = PJWT().from_json(s) assert _eq(de_pjwt.keys(), ['iss', 'aud', 'exp', 'cnf', 'sub', 'iat']) assert list(de_pjwt['cnf'].keys()) == ['jwe'] _jwe = de_pjwt['cnf']['jwe'] msg = jwe.decrypt(_jwe, keys.keys()) assert msg assert json.loads(msg.decode('utf8')) == jwk
parser.add_argument("message", nargs="?", help="The message to encrypt") args = parser.parse_args() keys = {} if args.jwk_url: keys = assign(load_jwks_from_url(lrequest, args.jwk_url)) elif args.jwk_file: keys = load_jwks(open(args.jwk_file).read()) elif args.x509_url: keys = load_x509_cert(lrequest, args.x509_url) elif args.x509_file: keys = [import_rsa_key_from_file(args.x509_file)] elif args.rsa_file: key = rsa_load(args.rsa_file) rsa_key = RSAKey(key=key) rsa_key.serialize() keys = [rsa_key] else: print >> sys.stderr, "Needs encryption key" exit() if args.file: msg = open(args.file).read() msg = msg.strip("\n\r") else: msg = args.message jwe = JWE() print jwe.decrypt(msg, keys)
def decrypt(msg, keys): _jwe = JWE() return _jwe.decrypt(msg, keys)
def from_jwe(self, msg, keys): krs = keyitems2keyreps(keys) jwe = JWE() _res = jwe.decrypt(msg, krs) return self.from_json(_res[0])
keys = assign(load_jwks(open(args.jwk_file).read())) if args.mode == "private": print >> sys.stderr, "Missing private key to decrypt with" exit() elif args.x509_url: keys = assign(load_x509_cert(lrequest, args.x509_url)) if args.mode == "private": print >> sys.stderr, "Missing private key to decrypt with" exit() elif args.x509_file: keys = {"rsa": [import_rsa_key_from_file(args.x509_file)]} if args.mode == "private": print >> sys.stderr, "Missing private key to decrypt with" exit() elif args.rsa_file: keys = {"rsa": [rsa_load(args.rsa_file)]} else: print >> sys.stderr, "Needs encryption key" exit() if args.file: msg = open(args.file).read() msg = msg.strip("\n\r") else: msg = args.message krs = keyitems2keyreps(keys) jwe = JWE() print jwe.decrypt(msg, krs)
def request_started_handler(self, sender, **extra): if request.content_type == u'application/jose': jwe = JWE() decrypted = jwe.decrypt(request.body, self._keys)
if jwt['response']['body_hash'] != body_hash: raise Exception("Unexpected response body_hash") print("REQUEST:") print() method, url, headers, body, jti = _get_request_data() request = Request(method, url, headers, None, body) prepared = request.prepare() response = Session().send(prepared) print() print("RESPONSE:") print() if config.verbose: print(u"HTTP/1.1 {} {}".format(response.status_code, response.reason)) for header in response.headers.items(): print(u'{}: {}'.format(*header)) print(u'\n{}\n'.format(response.content.decode())) _verify_response(response) if response.headers.get('content-type') == 'application/jose': jwe = JWE() decrypted = jwe.decrypt(response.content, enc_keys) decoded = decrypted.decode() print("Decrypted Body:") print(decoded) elif not config.verbose: print(response.text)
parser.add_argument("message", nargs="?", help="The message to encrypt") args = parser.parse_args() keys = {} if args.jwk_url: keys = load_jwks_from_url(args.jwk_url) elif args.jwk_file: keys = load_jwks(open(args.jwk_file).read()) elif args.x509_url: keys = load_x509_cert(args.x509_url, {}) elif args.x509_file: keys = [import_rsa_key_from_file(args.x509_file)] elif args.rsa_file: key = rsa_load(args.rsa_file) rsa_key = RSAKey(key=key) rsa_key.serialize() keys = [rsa_key] else: print("Needs encryption key") exit() if args.file: msg = open(args.file).read() msg = msg.strip("\n\r") else: msg = args.message jwe = JWE() print(jwe.decrypt(msg, keys))
parser.add_argument("message", nargs="?", help="The message to encrypt") args = parser.parse_args() keys = {} if args.jwk_url: keys = assign(load_jwks_from_url(lrequest, args.jwk_url)) elif args.jwk_file: keys = load_jwks(open(args.jwk_file).read()) elif args.x509_url: keys = load_x509_cert(lrequest, args.x509_url) elif args.x509_file: keys = [import_rsa_key_from_file(args.x509_file)] elif args.rsa_file: key = rsa_load(args.rsa_file) rsa_key = RSAKey(key=key) rsa_key.serialize() keys = [rsa_key] else: print("Needs encryption key") exit() if args.file: msg = open(args.file).read() msg = msg.strip("\n\r") else: msg = args.message jwe = JWE() print(jwe.decrypt(msg, keys))