def test_ec_prepare_key_should_be_idempotent(self): algo = ECAlgorithm(ECAlgorithm.SHA256) with open(key_path('testkey_ec.pub'), 'r') as keyfile: jwt_pub_key_first = algo.prepare_key(keyfile.read()) jwt_pub_key_second = algo.prepare_key(jwt_pub_key_first) self.assertEqual(jwt_pub_key_first, jwt_pub_key_second)
def test_ec_prepare_key_should_be_idempotent(self): algo = ECAlgorithm(ECAlgorithm.SHA256) with open(key_path("testkey_ec.pub")) as keyfile: jwt_pub_key_first = algo.prepare_key(keyfile.read()) jwt_pub_key_second = algo.prepare_key(jwt_pub_key_first) assert jwt_pub_key_first == jwt_pub_key_second
def test_ec_prepare_key_should_be_idempotent(self): algo = ECAlgorithm(ECAlgorithm.SHA256) with open(key_path('testkey_ec.pub'), 'r') as keyfile: jwt_pub_key_first = algo.prepare_key(keyfile.read()) jwt_pub_key_second = algo.prepare_key(jwt_pub_key_first) assert jwt_pub_key_first == jwt_pub_key_second
def include_package(config): """Pyramid package include""" # add translations config.add_translation_dirs('pyams_auth_jwt:locales') # add configuration directives config.add_request_method(create_jwt_token, 'create_jwt_token') config.add_request_method(get_jwt_claims, 'jwt_claims', reify=True) # add route predicate config.add_view_predicate('jwt_object', JWTTokenObjectPredicate) # register new REST API routes config.add_route( REST_TOKEN_ROUTE, config.registry.settings.get('pyams.jwt.rest_token_route', '/api/auth/jwt/token')) config.add_route( REST_VERIFY_ROUTE, config.registry.settings.get('pyams.jwt.rest_verify_route', '/api/auth/jwt/verify')) # update JWT algorithms try: import pycrypto # pylint: disable=import-outside-toplevel,unused-import except ImportError: pass else: from jwt.contrib.algorithms.pycrypto import RSAAlgorithm # pylint: disable=import-outside-toplevel jwt.unregister_algorithm('RS256') jwt.register_algorithm('RS256', RSAAlgorithm(RSAAlgorithm.SHA256)) jwt.unregister_algorithm('RS512') jwt.register_algorithm('RS512', RSAAlgorithm(RSAAlgorithm.SHA512)) try: import ecdsa # pylint: disable=import-outside-toplevel,unused-import except ImportError: pass else: from jwt.contrib.algorithms.py_ecdsa import ECAlgorithm # pylint: disable=import-outside-toplevel jwt.unregister_algorithm('ES256') jwt.register_algorithm('ES256', ECAlgorithm(ECAlgorithm.SHA256)) jwt.unregister_algorithm('ES512') jwt.register_algorithm('ES512', ECAlgorithm(ECAlgorithm.SHA512)) try: import pyams_zmi # pylint: disable=import-outside-toplevel,unused-import config.scan() except ImportError: config.scan(ignore='pyams_auth_jwt.zmi')
def test_ec_verify_should_return_true_if_signature_valid(self): algo = ECAlgorithm(ECAlgorithm.SHA256) jwt_message = ensure_bytes('Hello World!') jwt_sig = base64.b64decode(ensure_bytes( 'AC+m4Jf/xI3guAC6w0w37t5zRpSCF6F4udEz5LiMiTIjCS4vcVe6dDOxK+M' 'mvkF8PxJuvqxP2CO3TR3okDPCl/NjATTO1jE+qBZ966CRQSSzcCM+tzcHzw' 'LZS5kbvKu0Acd/K6Ol2/W3B1NeV5F/gjvZn/jOwaLgWEUYsg0o4XVrAg65')) with open(key_path('testkey_ec.pub'), 'r') as keyfile: jwt_pub_key = algo.prepare_key(keyfile.read()) result = algo.verify(jwt_message, jwt_pub_key, jwt_sig) assert result
def test_ec_verify_should_return_true_if_signature_valid(self): algo = ECAlgorithm(ECAlgorithm.SHA256) jwt_message = ensure_bytes('Hello World!') jwt_sig = base64.b64decode(ensure_bytes( 'MIGIAkIB9vYz+inBL8aOTA4auYz/zVuig7TT1bQgKROIQX9YpViHkFa4DT5' '5FuFKn9XzVlk90p6ldEj42DC9YecXHbC2t+cCQgCicY+8f3f/KCNtWK7cif' '6vdsVwm6Lrjs0Ag6ZqCf+olN11hVt1qKBC4lXppqB1gNWEmNQaiz1z2QRyc' 'zJ8hSJmbw==')) with open(key_path('testkey_ec.pub'), 'r') as keyfile: jwt_pub_key = algo.prepare_key(keyfile.read()) result = algo.verify(jwt_message, jwt_pub_key, jwt_sig) self.assertTrue(result)
def test_ec_verify_should_return_true_if_signature_valid(self): algo = ECAlgorithm(ECAlgorithm.SHA256) jwt_message = force_bytes("Hello World!") jwt_sig = base64.b64decode( force_bytes( "AC+m4Jf/xI3guAC6w0w37t5zRpSCF6F4udEz5LiMiTIjCS4vcVe6dDOxK+M" "mvkF8PxJuvqxP2CO3TR3okDPCl/NjATTO1jE+qBZ966CRQSSzcCM+tzcHzw" "LZS5kbvKu0Acd/K6Ol2/W3B1NeV5F/gjvZn/jOwaLgWEUYsg0o4XVrAg65")) with open(key_path("testkey_ec.pub")) as keyfile: jwt_pub_key = algo.prepare_key(keyfile.read()) result = algo.verify(jwt_message, jwt_pub_key, jwt_sig) assert result
def test_ec_verify_should_return_true_if_signature_valid(self): algo = ECAlgorithm(ECAlgorithm.SHA256) jwt_message = ensure_bytes('Hello World!') jwt_sig = base64.b64decode( ensure_bytes( 'MIGIAkIB9vYz+inBL8aOTA4auYz/zVuig7TT1bQgKROIQX9YpViHkFa4DT5' '5FuFKn9XzVlk90p6ldEj42DC9YecXHbC2t+cCQgCicY+8f3f/KCNtWK7cif' '6vdsVwm6Lrjs0Ag6ZqCf+olN11hVt1qKBC4lXppqB1gNWEmNQaiz1z2QRyc' 'zJ8hSJmbw==')) with open(key_path('testkey_ec.pub'), 'r') as keyfile: jwt_pub_key = algo.prepare_key(keyfile.read()) result = algo.verify(jwt_message, jwt_pub_key, jwt_sig) assert result
def test_ec_verify_should_return_false_if_signature_invalid(self): algo = ECAlgorithm(ECAlgorithm.SHA256) jwt_message = force_bytes('Hello World!') jwt_sig = base64.b64decode( force_bytes( 'AC+m4Jf/xI3guAC6w0w37t5zRpSCF6F4udEz5LiMiTIjCS4vcVe6dDOxK+M' 'mvkF8PxJuvqxP2CO3TR3okDPCl/NjATTO1jE+qBZ966CRQSSzcCM+tzcHzw' 'LZS5kbvKu0Acd/K6Ol2/W3B1NeV5F/gjvZn/jOwaLgWEUYsg0o4XVrAg65')) jwt_sig += force_bytes('123') # Signature is now invalid with open(key_path('testkey_ec.pub'), 'r') as keyfile: jwt_pub_key = algo.prepare_key(keyfile.read()) result = algo.verify(jwt_message, jwt_pub_key, jwt_sig) assert not result
def test_ec_sign_should_generate_correct_signature_value(self): algo = ECAlgorithm(ECAlgorithm.SHA256) jwt_message = force_bytes('Hello World!') expected_sig = base64.b64decode( force_bytes( 'AC+m4Jf/xI3guAC6w0w37t5zRpSCF6F4udEz5LiMiTIjCS4vcVe6dDOxK+M' 'mvkF8PxJuvqxP2CO3TR3okDPCl/NjATTO1jE+qBZ966CRQSSzcCM+tzcHzw' 'LZS5kbvKu0Acd/K6Ol2/W3B1NeV5F/gjvZn/jOwaLgWEUYsg0o4XVrAg65')) with open(key_path('testkey_ec'), 'r') as keyfile: jwt_key = algo.prepare_key(keyfile.read()) with open(key_path('testkey_ec.pub'), 'r') as keyfile: jwt_pub_key = algo.prepare_key(keyfile.read()) algo.sign(jwt_message, jwt_key) result = algo.verify(jwt_message, jwt_pub_key, expected_sig) assert result
def test_ec_should_accept_unicode_key(self): algo = ECAlgorithm(ECAlgorithm.SHA256) with open(key_path('testkey_ec'), 'r') as ec_key: algo.prepare_key(ensure_unicode(ec_key.read()))
def test_ec_should_reject_non_string_key(self): algo = ECAlgorithm(ECAlgorithm.SHA256) with pytest.raises(TypeError): algo.prepare_key(None)
import urllib import datetime import jwt try: from jwt.contrib.algorithms.py_ecdsa import ECAlgorithm jwt.register_algorithm('ES256', ECAlgorithm( ECAlgorithm.SHA256)) # Legacy encryption for Google app Engine except BaseException: pass # Cpython supported by this system from models import Secret class JWTError(Exception): pass def get_token_from_header(headers): auth = headers.get('Authorization', '') try: standard, token = auth.split(' ') except: standard = token = None if standard != 'Bearer': raise JWTError('Authorization header must be "Bearer {Token}"') return token def verify_jwt(headers): token = get_token_from_header(headers)
def test_ec_should_accept_unicode_key(self): algo = ECAlgorithm(ECAlgorithm.SHA256) with open(key_path("testkey_ec")) as ec_key: algo.prepare_key(force_unicode(ec_key.read()))
import TCLconfigs import boto3 # JWT stuff # TODO: find a way to include native cryptography library # Need to include cryptography wheels in the Lambda layer # Right now I am just falling back to python library (slow) import jwt import requests from TCLconfigs.logger import Logger from jwt.contrib.algorithms.py_ecdsa import ECAlgorithm # The public key corresponding to the private key used to encode the token PUBLIC_KEY = TCLconfigs.public_key jwt.unregister_algorithm('ES256') jwt.register_algorithm('ES256', ECAlgorithm(ECAlgorithm.SHA256)) # Configure logger logger = Logger().get_logger() # dynamodb dynamodb = boto3.resource('dynamodb') table = dynamodb.Table(TCLconfigs.dynamo_table_names('user_info')) # def build_iam_policy(principal_id, effect, resource, context): # """ # 构建权限策略 # :param principal_id: 这里使用ssoId # :param effect: Allow or Deny # :param resource: 需要访问的函数资源 methodArn # :param context: 传递到下一个函数的数据(ssoId、lang、appId、expired) # """