Skip to content

Commit 0dfb339

Browse files
authored
Merge pull request #49 from IdentityPython/issuer_test_cov
Improved code test coverage.
2 parents 02de6f2 + fc02c60 commit 0dfb339

File tree

2 files changed

+150
-25
lines changed

2 files changed

+150
-25
lines changed

src/cryptojwt/key_issuer.py

Lines changed: 3 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -152,23 +152,6 @@ def items(self):
152152
_res[kb.source] = [kb]
153153
return _res
154154

155-
def __str__(self):
156-
_res = {}
157-
for kb in self._bundles:
158-
key_list = []
159-
for key in kb.keys():
160-
if key.inactive_since:
161-
key_list.append(
162-
'*{}:{}:{}'.format(key.kty, key.use, key.kid))
163-
else:
164-
key_list.append(
165-
'{}:{}:{}'.format(key.kty, key.use, key.kid))
166-
if kb.source in _res:
167-
_res[kb.source] += ', ' + ', '.join(key_list)
168-
else:
169-
_res[kb.source] = ', '.join(key_list)
170-
return json.dumps(_res)
171-
172155
def load_keys(self, jwks_uri='', jwks=None):
173156
"""
174157
Fetch keys from another server
@@ -276,6 +259,7 @@ def get(self, key_use, key_type="", kid=None, alg='', **kwargs):
276259
:param key_use: A key useful for this usage (enc, dec, sig, ver)
277260
:param key_type: Type of key (rsa, ec, oct, ..)
278261
:param kid: A Key Identifier
262+
:param alg: Algorithm
279263
:return: A possibly empty list of keys
280264
"""
281265

@@ -319,8 +303,8 @@ def get(self, key_use, key_type="", kid=None, alg='', **kwargs):
319303
lst = [key for key in lst if not key.alg or key.alg == alg]
320304

321305
# if elliptic curve, have to check if I have a key of the right curve
322-
if key_type == "EC" and "alg" in kwargs:
323-
name = "P-{}".format(kwargs["alg"][2:]) # the type
306+
if key_type and key_type.upper() == "EC" and alg:
307+
name = "P-{}".format(alg[2:]) # the type
324308
_lst = []
325309
for key in lst:
326310
if name != key.crv:

tests/test_04_key_issuer.py

Lines changed: 147 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,10 @@
33
import time
44

55
import pytest
6+
import responses
67

78
from cryptojwt.exception import JWKESTException
9+
from cryptojwt.jwk.hmac import SYMKey
810
from cryptojwt.key_bundle import KeyBundle
911
from cryptojwt.key_bundle import keybundle_from_local_file
1012
from cryptojwt.key_issuer import KeyIssuer
@@ -232,7 +234,7 @@ def test_build_keyissuer_missing(tmpdir):
232234
assert key_issuer is None
233235

234236

235-
def test_build_RSA_keyjar_from_file(tmpdir):
237+
def test_build_RSA_keyissuer_from_file(tmpdir):
236238
keys = [
237239
{
238240
"type": "RSA", "key": RSA0,
@@ -244,7 +246,7 @@ def test_build_RSA_keyjar_from_file(tmpdir):
244246
assert len(key_issuer) == 2
245247

246248

247-
def test_build_EC_keyjar_missing(tmpdir):
249+
def test_build_EC_keyissuer_missing(tmpdir):
248250
keys = [
249251
{
250252
"type": "EC", "key": os.path.join(tmpdir.dirname, "missing_file"),
@@ -256,7 +258,7 @@ def test_build_EC_keyjar_missing(tmpdir):
256258
assert key_issuer is None
257259

258260

259-
def test_build_EC_keyjar_from_file(tmpdir):
261+
def test_build_EC_keyissuer_from_file(tmpdir):
260262
keys = [
261263
{
262264
"type": "EC", "key": EC0,
@@ -574,7 +576,7 @@ def test_init_key_issuer():
574576
assert len(_keyissuer) == 2
575577

576578

577-
def test_init_key_jar_dump_public():
579+
def test_init_key_issuer_dump_public():
578580
for _file in [PRIVATE_FILE, PUBLIC_FILE]:
579581
if os.path.isfile(_file):
580582
os.unlink(_file)
@@ -587,7 +589,7 @@ def test_init_key_jar_dump_public():
587589
_keyissuer2 = init_key_issuer(public_path=PUBLIC_FILE, key_defs=KEYSPEC)
588590
assert len(_keyissuer2) == 2
589591

590-
# verify that the 2 Key jars contains the same keys
592+
# verify that the 2 Key issuers contains the same keys
591593

592594

593595
def test_init_key_issuer_dump_private():
@@ -624,7 +626,7 @@ def test_init_key_issuer_update():
624626
assert len(rsa2) == 1
625627
assert rsa1[0] == rsa2[0]
626628

627-
# keyjar1 should only contain one EC key while keyjar2 should contain 2.
629+
# keyissuer1 should only contain one EC key while keyissuer2 should contain 2.
628630

629631
ec1 = _keyissuer_1.get('sig', 'EC')
630632
ec2 = _keyissuer_2.get('sig', 'EC', '')
@@ -665,6 +667,50 @@ def test_init_key_issuer_create_directories():
665667
assert len(_keyissuer.get('sig', 'EC')) == 1
666668

667669

670+
OIDC_PUB_KEYS = {
671+
'key_defs': KEYSPEC,
672+
'public_path': '{}/public/jwks.json'.format(BASEDIR),
673+
'read_only': False
674+
}
675+
676+
677+
def test_init_key_issuer_public_key_only():
678+
# make sure the directories are gone
679+
for _dir in ['public']:
680+
if os.path.isdir("{}/{}".format(BASEDIR, _dir)):
681+
shutil.rmtree("{}/{}".format(BASEDIR, _dir))
682+
683+
_keyissuer = init_key_issuer(**OIDC_PUB_KEYS)
684+
assert len(_keyissuer.get('sig', 'RSA')) == 1
685+
assert len(_keyissuer.get('sig', 'EC')) == 1
686+
687+
_keyissuer2 = init_key_issuer(**OIDC_PUB_KEYS)
688+
assert len(_keyissuer2.get('sig', 'RSA')) == 1
689+
assert len(_keyissuer2.get('sig', 'EC')) == 1
690+
691+
692+
OIDC_PUB_KEYS2 = {
693+
'key_defs': KEYSPEC_3,
694+
'public_path': '{}/public/jwks.json'.format(BASEDIR),
695+
'read_only': False
696+
}
697+
698+
699+
def test_init_key_issuer_public_key_only_with_diff():
700+
# make sure the directories are gone
701+
for _dir in ['public']:
702+
if os.path.isdir("{}/{}".format(BASEDIR, _dir)):
703+
shutil.rmtree("{}/{}".format(BASEDIR, _dir))
704+
705+
_keyissuer = init_key_issuer(**OIDC_PUB_KEYS)
706+
assert len(_keyissuer.get('sig', 'RSA')) == 1
707+
assert len(_keyissuer.get('sig', 'EC')) == 1
708+
709+
_keyissuer2 = init_key_issuer(**OIDC_PUB_KEYS2)
710+
assert len(_keyissuer2.get('sig', 'RSA')) == 1
711+
assert len(_keyissuer2.get('sig', 'EC')) == 3
712+
713+
668714
def test_dump():
669715
issuer = KeyIssuer()
670716
issuer.add_kb(KeyBundle(JWK2['keys']))
@@ -681,3 +727,98 @@ def test_contains():
681727
issuer.add_kb(KeyBundle(JWK1['keys']))
682728
for k in issuer.all_keys():
683729
assert k in issuer
730+
731+
732+
def test_missing_url():
733+
issuer = KeyIssuer()
734+
with pytest.raises(KeyError):
735+
issuer.add_url('')
736+
737+
738+
def test_localhost_url():
739+
issuer = KeyIssuer(httpc_params={'verify': True})
740+
url = 'http://localhost/jwks.json'
741+
with responses.RequestsMock() as rsps:
742+
rsps.add(method="GET", url=url, json=JWK2, status=200)
743+
issuer.add_url(url)
744+
745+
kb = issuer.find(url)
746+
assert len(kb) == 1
747+
assert kb[0].httpc_params == {'verify': False}
748+
749+
750+
def test_add_url():
751+
issuer = KeyIssuer(httpc_params={'verify': True})
752+
url = 'http://localhost/jwks.json'
753+
with responses.RequestsMock() as rsps:
754+
rsps.add(method="GET", url=url, json=JWK2, status=200)
755+
issuer.add(url)
756+
757+
kb = issuer.find(url)
758+
assert len(kb) == 1
759+
assert kb[0].source == url
760+
761+
762+
def test_add_symmetric():
763+
issuer = KeyIssuer()
764+
issuer.add('LongRamblingKeyThatShouldBeLongEnough')
765+
kb = issuer.find(None)
766+
assert len(kb) == 1
767+
assert kb[0].keys()[0].kty == 'oct'
768+
769+
770+
def test_not_in():
771+
issuer = KeyIssuer()
772+
_jwk = SYMKey(key='LongRamblingKeyThatShouldBeLongEnough')
773+
assert _jwk not in issuer
774+
775+
776+
def test_str():
777+
issuer = KeyIssuer(name='foo')
778+
issuer.add('LongRamblingKeyThatShouldBeLongEnough')
779+
assert str(issuer).startswith('<KeyIssuer "foo" oct::')
780+
781+
782+
def test_items():
783+
issuer = KeyIssuer(name='foo')
784+
url = 'http://localhost/jwks.json'
785+
with responses.RequestsMock() as rsps:
786+
rsps.add(method="GET", url=url, json=JWK2, status=200)
787+
issuer.add(url)
788+
789+
issuer.add('LongRamblingKeyThatShouldBeLongEnough')
790+
791+
items = issuer.items()
792+
assert set(items.keys()) == {None, url}
793+
assert items[None][0].keys()[0].kty == 'oct'
794+
assert len(items[url][0].keys()) == 4
795+
796+
797+
def test_load_keys_uri():
798+
issuer = KeyIssuer(httpc_params={'verify': True})
799+
url = 'http://localhost/jwks.json'
800+
with responses.RequestsMock() as rsps:
801+
rsps.add(method="GET", url=url, json=JWK2, status=200)
802+
issuer.load_keys(jwks_uri=url)
803+
804+
kb = issuer.find(url)
805+
assert len(kb) == 1
806+
assert kb[0].source == url
807+
808+
809+
def test_load_keys():
810+
issuer = KeyIssuer(httpc_params={'verify': True})
811+
issuer.load_keys(jwks=JWK2)
812+
813+
items = issuer.items()
814+
assert len(items[None][0].keys()) == 4
815+
816+
817+
def test_ec_alg():
818+
kb = KeyBundle(source=os.path.join(BASE_PATH, 'ec-p256.json'), keyusage='sig')
819+
issuer = KeyIssuer()
820+
issuer.add_kb(kb)
821+
k = issuer.get(key_use='sig', key_type='ec', alg='P-384')
822+
assert k == []
823+
k = issuer.get(key_use='sig', key_type='ec', alg='P-256')
824+
assert len(k) == 1

0 commit comments

Comments
 (0)