3
3
import time
4
4
5
5
import pytest
6
+ import responses
6
7
7
8
from cryptojwt .exception import JWKESTException
9
+ from cryptojwt .jwk .hmac import SYMKey
8
10
from cryptojwt .key_bundle import KeyBundle
9
11
from cryptojwt .key_bundle import keybundle_from_local_file
10
12
from cryptojwt .key_issuer import KeyIssuer
@@ -232,7 +234,7 @@ def test_build_keyissuer_missing(tmpdir):
232
234
assert key_issuer is None
233
235
234
236
235
- def test_build_RSA_keyjar_from_file (tmpdir ):
237
+ def test_build_RSA_keyissuer_from_file (tmpdir ):
236
238
keys = [
237
239
{
238
240
"type" : "RSA" , "key" : RSA0 ,
@@ -244,7 +246,7 @@ def test_build_RSA_keyjar_from_file(tmpdir):
244
246
assert len (key_issuer ) == 2
245
247
246
248
247
- def test_build_EC_keyjar_missing (tmpdir ):
249
+ def test_build_EC_keyissuer_missing (tmpdir ):
248
250
keys = [
249
251
{
250
252
"type" : "EC" , "key" : os .path .join (tmpdir .dirname , "missing_file" ),
@@ -256,7 +258,7 @@ def test_build_EC_keyjar_missing(tmpdir):
256
258
assert key_issuer is None
257
259
258
260
259
- def test_build_EC_keyjar_from_file (tmpdir ):
261
+ def test_build_EC_keyissuer_from_file (tmpdir ):
260
262
keys = [
261
263
{
262
264
"type" : "EC" , "key" : EC0 ,
@@ -574,7 +576,7 @@ def test_init_key_issuer():
574
576
assert len (_keyissuer ) == 2
575
577
576
578
577
- def test_init_key_jar_dump_public ():
579
+ def test_init_key_issuer_dump_public ():
578
580
for _file in [PRIVATE_FILE , PUBLIC_FILE ]:
579
581
if os .path .isfile (_file ):
580
582
os .unlink (_file )
@@ -587,7 +589,7 @@ def test_init_key_jar_dump_public():
587
589
_keyissuer2 = init_key_issuer (public_path = PUBLIC_FILE , key_defs = KEYSPEC )
588
590
assert len (_keyissuer2 ) == 2
589
591
590
- # verify that the 2 Key jars contains the same keys
592
+ # verify that the 2 Key issuers contains the same keys
591
593
592
594
593
595
def test_init_key_issuer_dump_private ():
@@ -624,7 +626,7 @@ def test_init_key_issuer_update():
624
626
assert len (rsa2 ) == 1
625
627
assert rsa1 [0 ] == rsa2 [0 ]
626
628
627
- # keyjar1 should only contain one EC key while keyjar2 should contain 2.
629
+ # keyissuer1 should only contain one EC key while keyissuer2 should contain 2.
628
630
629
631
ec1 = _keyissuer_1 .get ('sig' , 'EC' )
630
632
ec2 = _keyissuer_2 .get ('sig' , 'EC' , '' )
@@ -665,6 +667,50 @@ def test_init_key_issuer_create_directories():
665
667
assert len (_keyissuer .get ('sig' , 'EC' )) == 1
666
668
667
669
670
+ OIDC_PUB_KEYS = {
671
+ 'key_defs' : KEYSPEC ,
672
+ 'public_path' : '{}/public/jwks.json' .format (BASEDIR ),
673
+ 'read_only' : False
674
+ }
675
+
676
+
677
+ def test_init_key_issuer_public_key_only ():
678
+ # make sure the directories are gone
679
+ for _dir in ['public' ]:
680
+ if os .path .isdir ("{}/{}" .format (BASEDIR , _dir )):
681
+ shutil .rmtree ("{}/{}" .format (BASEDIR , _dir ))
682
+
683
+ _keyissuer = init_key_issuer (** OIDC_PUB_KEYS )
684
+ assert len (_keyissuer .get ('sig' , 'RSA' )) == 1
685
+ assert len (_keyissuer .get ('sig' , 'EC' )) == 1
686
+
687
+ _keyissuer2 = init_key_issuer (** OIDC_PUB_KEYS )
688
+ assert len (_keyissuer2 .get ('sig' , 'RSA' )) == 1
689
+ assert len (_keyissuer2 .get ('sig' , 'EC' )) == 1
690
+
691
+
692
+ OIDC_PUB_KEYS2 = {
693
+ 'key_defs' : KEYSPEC_3 ,
694
+ 'public_path' : '{}/public/jwks.json' .format (BASEDIR ),
695
+ 'read_only' : False
696
+ }
697
+
698
+
699
+ def test_init_key_issuer_public_key_only_with_diff ():
700
+ # make sure the directories are gone
701
+ for _dir in ['public' ]:
702
+ if os .path .isdir ("{}/{}" .format (BASEDIR , _dir )):
703
+ shutil .rmtree ("{}/{}" .format (BASEDIR , _dir ))
704
+
705
+ _keyissuer = init_key_issuer (** OIDC_PUB_KEYS )
706
+ assert len (_keyissuer .get ('sig' , 'RSA' )) == 1
707
+ assert len (_keyissuer .get ('sig' , 'EC' )) == 1
708
+
709
+ _keyissuer2 = init_key_issuer (** OIDC_PUB_KEYS2 )
710
+ assert len (_keyissuer2 .get ('sig' , 'RSA' )) == 1
711
+ assert len (_keyissuer2 .get ('sig' , 'EC' )) == 3
712
+
713
+
668
714
def test_dump ():
669
715
issuer = KeyIssuer ()
670
716
issuer .add_kb (KeyBundle (JWK2 ['keys' ]))
@@ -681,3 +727,98 @@ def test_contains():
681
727
issuer .add_kb (KeyBundle (JWK1 ['keys' ]))
682
728
for k in issuer .all_keys ():
683
729
assert k in issuer
730
+
731
+
732
+ def test_missing_url ():
733
+ issuer = KeyIssuer ()
734
+ with pytest .raises (KeyError ):
735
+ issuer .add_url ('' )
736
+
737
+
738
+ def test_localhost_url ():
739
+ issuer = KeyIssuer (httpc_params = {'verify' : True })
740
+ url = 'http://localhost/jwks.json'
741
+ with responses .RequestsMock () as rsps :
742
+ rsps .add (method = "GET" , url = url , json = JWK2 , status = 200 )
743
+ issuer .add_url (url )
744
+
745
+ kb = issuer .find (url )
746
+ assert len (kb ) == 1
747
+ assert kb [0 ].httpc_params == {'verify' : False }
748
+
749
+
750
+ def test_add_url ():
751
+ issuer = KeyIssuer (httpc_params = {'verify' : True })
752
+ url = 'http://localhost/jwks.json'
753
+ with responses .RequestsMock () as rsps :
754
+ rsps .add (method = "GET" , url = url , json = JWK2 , status = 200 )
755
+ issuer .add (url )
756
+
757
+ kb = issuer .find (url )
758
+ assert len (kb ) == 1
759
+ assert kb [0 ].source == url
760
+
761
+
762
+ def test_add_symmetric ():
763
+ issuer = KeyIssuer ()
764
+ issuer .add ('LongRamblingKeyThatShouldBeLongEnough' )
765
+ kb = issuer .find (None )
766
+ assert len (kb ) == 1
767
+ assert kb [0 ].keys ()[0 ].kty == 'oct'
768
+
769
+
770
+ def test_not_in ():
771
+ issuer = KeyIssuer ()
772
+ _jwk = SYMKey (key = 'LongRamblingKeyThatShouldBeLongEnough' )
773
+ assert _jwk not in issuer
774
+
775
+
776
+ def test_str ():
777
+ issuer = KeyIssuer (name = 'foo' )
778
+ issuer .add ('LongRamblingKeyThatShouldBeLongEnough' )
779
+ assert str (issuer ).startswith ('<KeyIssuer "foo" oct::' )
780
+
781
+
782
+ def test_items ():
783
+ issuer = KeyIssuer (name = 'foo' )
784
+ url = 'http://localhost/jwks.json'
785
+ with responses .RequestsMock () as rsps :
786
+ rsps .add (method = "GET" , url = url , json = JWK2 , status = 200 )
787
+ issuer .add (url )
788
+
789
+ issuer .add ('LongRamblingKeyThatShouldBeLongEnough' )
790
+
791
+ items = issuer .items ()
792
+ assert set (items .keys ()) == {None , url }
793
+ assert items [None ][0 ].keys ()[0 ].kty == 'oct'
794
+ assert len (items [url ][0 ].keys ()) == 4
795
+
796
+
797
+ def test_load_keys_uri ():
798
+ issuer = KeyIssuer (httpc_params = {'verify' : True })
799
+ url = 'http://localhost/jwks.json'
800
+ with responses .RequestsMock () as rsps :
801
+ rsps .add (method = "GET" , url = url , json = JWK2 , status = 200 )
802
+ issuer .load_keys (jwks_uri = url )
803
+
804
+ kb = issuer .find (url )
805
+ assert len (kb ) == 1
806
+ assert kb [0 ].source == url
807
+
808
+
809
+ def test_load_keys ():
810
+ issuer = KeyIssuer (httpc_params = {'verify' : True })
811
+ issuer .load_keys (jwks = JWK2 )
812
+
813
+ items = issuer .items ()
814
+ assert len (items [None ][0 ].keys ()) == 4
815
+
816
+
817
+ def test_ec_alg ():
818
+ kb = KeyBundle (source = os .path .join (BASE_PATH , 'ec-p256.json' ), keyusage = 'sig' )
819
+ issuer = KeyIssuer ()
820
+ issuer .add_kb (kb )
821
+ k = issuer .get (key_use = 'sig' , key_type = 'ec' , alg = 'P-384' )
822
+ assert k == []
823
+ k = issuer .get (key_use = 'sig' , key_type = 'ec' , alg = 'P-256' )
824
+ assert len (k ) == 1
0 commit comments