def test_key_update(self):
     first_cert = signing.crypto.get_certificate()
     first_receipt = signing.crypto.sign_jwt(stamp())
     # self.assert_(signing.crypto.verify_jwt(first_receipt))
     self.assert_(jwt.decode(first_receipt, signing.crypto.KEYSTORE.key.get_rsa()))
     # Generate a replacement key, BABY
     cmd = "--environment dev newcert --signing-key=%s " "--issuer=%s --keyid=dev-testing" % (
         ROOT_PRIV_PATH,
         ISSUER_URL,
     )
     run(cmd.split())
     # Fudge our last stat() time
     l = signing.crypto.KEYSTORE.last_stat
     p = signing.crypto.KEYSTORE.poll_interval + 5
     signing.crypto.KEYSTORE.last_stat = l - p
     # Sign first to force a stat() check
     second_receipt = signing.crypto.sign_jwt(stamp())
     second_cert = signing.crypto.get_certificate()
     # self.assert_(signing.crypto.verify_jwt(first_receipt))
     self.assert_(jwt.decode(second_receipt, signing.crypto.KEYSTORE.key.get_rsa()))
     c1 = jwt.decode(first_cert, verify=False)
     c2 = jwt.decode(second_cert, verify=False)
     self.assertNotEqual(c1["jwk"][0]["mod"], c2["jwk"][0]["mod"], msg="certificate unchanged")
示例#2
0
        sys.exit(1)

    # Load the private key
    try:
        priv = M2Crypto.RSA.load_key(keyfile)
    except Exception, e:
        print "Failed ot load private key:\n\t%s\n" % e
        sys.exit(1)

    # Buffer the file contents for later verification
    with open(certfile) as f:
        cert_data = f.read().encode("ascii")

    # Load but don't verify the JWK-in-a-JWT certificate.
    try:
        cert = jwt.decode(cert_data, verify=False)
    except Exception, e:
        print "Failed to decode JWT: %s" % e

    # Convert the JWK into a form usable by M2Crypto
    try:
        pub = M2Crypto.RSA.new_pub_key((conv(cert["jwk"][0]["exp"]), conv(cert["jwk"][0]["mod"])))
    except Exception, e:
        print "Failed to create RSA object from certificate's JWK: %s" % e
        sys.exit(1)

    # Fetch the issuer's public key from the URL provided by the key
    try:
        print "Fetching root pub key from %s" % cert["iss"]
        response = requests.get(cert["iss"])
        if response.status_code == 200:
 def test_0_sign_verify(self):
     cert = signing.crypto.get_certificate()
     receipt = signing.crypto.sign_jwt(stamp())
     # This should work but isn't.  Again.
     # self.assert_(signing.crypto.verify_jwt(receipt))
     self.assert_(jwt.decode(receipt, signing.crypto.KEYSTORE.key.get_rsa()))