def test_update():
kc = KeyBundle([{"kty": "oct", "key": "supersecret", "use": "sig"}])
assert len(kc.get("oct")) == 1
assert len(kc.get("rsa")) == 0
assert kc.remote is False
assert kc.source is None
kc.update() # Nothing should happen
assert len(kc.get("oct")) == 1
assert len(kc.get("rsa")) == 0
assert kc.remote is False
assert kc.source is None
def test_remove_sym():
a = {"kty": "oct", "key": "supersecret", "use": "sig"}
b = {"kty": "oct", "key": "secret", "use": "enc"}
kb = KeyBundle([a, b])
assert len(kb) == 2
keys = kb.get('oct')
kb.remove(keys[0])
assert len(kb) == 1
def test_with_2_sym_key():
a = {"kty": "oct", "key": "supersecret", "use": "sig"}
b = {"kty": "oct", "key": "secret", "use": "enc"}
kb = KeyBundle([a, b])
assert len(kb.get("oct")) == 2
assert len(kb) == 2
assert kb.get_key_with_kid('kid') is None
assert kb.kids() == []
def test_remove_key_sym():
a = {"kty": "oct", "key": "supersecret", "use": "sig"}
b = {"kty": "oct", "key": "secret", "use": "enc"}
kb = KeyBundle([a, b])
assert len(kb) == 2
keys = kb.get('oct')
kb.remove(keys[0])
assert len(kb) == 1
# This should not work
kb.remove_keys_by_type('rsa')
# should still be one
assert len(kb) == 1
def test_key_export():
kj = KeyJar()
url = key_export("http://example.com/keys/",
"outbound",
"secret",
keyjar=kj,
sig={
"alg": "rsa",
"format": ["x509", "jwks"]
})
assert url == "http://example.com/keys/outbound/jwks"
# Now a jwks should reside in './keys/outbound/jwks'
kb = KeyBundle(source='file://./keys/outbound/jwks')
# One key
assert len(kb) == 1
# more specifically one RSA key
assert len(kb.get('RSA')) == 1
k = kb.get('RSA')[0]
# For signing
assert k.use == 'sig'
def test_dump_jwks():
kb1 = rsa_init({
'use': ['enc', 'sig'],
'size': 1024,
'name': 'rsa',
'path': 'keys'
})
a = {"kty": "oct", "key": "supersecret", "use": "sig"}
b = {"kty": "oct", "key": "secret", "use": "enc"}
kb2 = KeyBundle([a, b])
dump_jwks([kb1, kb2], 'jwks_combo')
# Now read it
nkb = KeyBundle(source='file://jwks_combo', fileformat='jwks')
assert len(nkb) == 2
# both RSA keys
assert len(nkb.get('rsa')) == 2
def test_construct(self, client):
_key = rsa_load(os.path.join(BASE_PATH, "data/keys/rsa.key"))
kc_rsa = KeyBundle([{
"key": _key,
"kty": "RSA",
"use": "ver"
}, {
"key": _key,
"kty": "RSA",
"use": "sig"
}])
client.client_info.keyjar[""] = kc_rsa
client.client_info.provider_info = {
'issuer': 'https://example.com/',
'token_endpoint': "https://example.com/token"
}
client.service['accesstoken'].endpoint = "https://example.com/token"
request = AccessTokenRequest()
pkj = PrivateKeyJWT()
http_args = pkj.construct(request,
cli_info=client.client_info,
algorithm="RS256",
authn_endpoint='token')
assert http_args == {}
cas = request["client_assertion"]
pub_kb = KeyBundle([{
"key": _key.public_key(),
"kty": "RSA",
"use": "ver"
}, {
"key": _key.public_key(),
"kty": "RSA",
"use": "sig"
}])
jso = JWT(rec_keys={client.client_id: pub_kb.get('RSA')}).unpack(cas)
assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
#assert _jwt.headers == {'alg': 'RS256'}
assert jso['aud'] == [
client.client_info.provider_info['token_endpoint']
]
def test_construct_client_assertion(self, client):
_key = rsa_load(os.path.join(BASE_PATH, "data/keys/rsa.key"))
kc_rsa = KeyBundle([{
"key": _key,
"kty": "RSA",
"use": "ver"
}, {
"key": _key,
"kty": "RSA",
"use": "sig"
}])
request = AccessTokenRequest()
pkj = PrivateKeyJWT()
_ca = assertion_jwt(client.client_id, kc_rsa.get('RSA'),
"https://example.com/token", 'RS256')
http_args = pkj.construct(request, client_assertion=_ca)
assert http_args == {}
assert request['client_assertion'] == _ca
assert request['client_assertion_type'] == JWT_BEARER
def test_with_sym_key():
kc = KeyBundle({"kty": "oct", "key": "supersecret", "use": "sig"})
assert len(kc.get("oct")) == 1
assert len(kc.get("rsa")) == 0
assert kc.remote is False
assert kc.source is None