diff options
Diffstat (limited to 'tests/test_algorithms.py')
-rw-r--r-- | tests/test_algorithms.py | 173 |
1 files changed, 144 insertions, 29 deletions
diff --git a/tests/test_algorithms.py b/tests/test_algorithms.py index 417f91d..b6a73fc 100644 --- a/tests/test_algorithms.py +++ b/tests/test_algorithms.py @@ -11,12 +11,7 @@ from .keys import load_ec_pub_key_p_521, load_hmac_key, load_rsa_pub_key from .utils import crypto_required, key_path if has_crypto: - from jwt.algorithms import ( - ECAlgorithm, - Ed25519Algorithm, - RSAAlgorithm, - RSAPSSAlgorithm, - ) + from jwt.algorithms import ECAlgorithm, OKPAlgorithm, RSAAlgorithm, RSAPSSAlgorithm class TestAlgorithms: @@ -667,12 +662,12 @@ class TestAlgorithmsRFC7520: @crypto_required -class TestEd25519Algorithms: +class TestOKPAlgorithms: hello_world_sig = b"Qxa47mk/azzUgmY2StAOguAd4P7YBLpyCfU3JdbaiWnXM4o4WibXwmIHvNYgN3frtE2fcyd8OYEaOiD/KiwkCg==" hello_world = b"Hello World!" - def test_ed25519_should_reject_non_string_key(self): - algo = Ed25519Algorithm() + def test_okp_ed25519_should_reject_non_string_key(self): + algo = OKPAlgorithm() with pytest.raises(TypeError): algo.prepare_key(None) @@ -683,14 +678,14 @@ class TestEd25519Algorithms: with open(key_path("testkey_ed25519.pub")) as keyfile: algo.prepare_key(keyfile.read()) - def test_ed25519_should_accept_unicode_key(self): - algo = Ed25519Algorithm() + def test_okp_ed25519_should_accept_unicode_key(self): + algo = OKPAlgorithm() with open(key_path("testkey_ed25519")) as ec_key: algo.prepare_key(ec_key.read()) - def test_ed25519_sign_should_generate_correct_signature_value(self): - algo = Ed25519Algorithm() + def test_okp_ed25519_sign_should_generate_correct_signature_value(self): + algo = OKPAlgorithm() jwt_message = self.hello_world @@ -706,8 +701,8 @@ class TestEd25519Algorithms: result = algo.verify(jwt_message, jwt_pub_key, expected_sig) assert result - def test_ed25519_verify_should_return_false_if_signature_invalid(self): - algo = Ed25519Algorithm() + def test_okp_ed25519_verify_should_return_false_if_signature_invalid(self): + algo = OKPAlgorithm() jwt_message = self.hello_world jwt_sig = base64.b64decode(self.hello_world_sig) @@ -720,8 +715,8 @@ class TestEd25519Algorithms: result = algo.verify(jwt_message, jwt_pub_key, jwt_sig) assert not result - def test_ed25519_verify_should_return_true_if_signature_valid(self): - algo = Ed25519Algorithm() + def test_okp_ed25519_verify_should_return_true_if_signature_valid(self): + algo = OKPAlgorithm() jwt_message = self.hello_world jwt_sig = base64.b64decode(self.hello_world_sig) @@ -732,8 +727,8 @@ class TestEd25519Algorithms: result = algo.verify(jwt_message, jwt_pub_key, jwt_sig) assert result - def test_ed25519_prepare_key_should_be_idempotent(self): - algo = Ed25519Algorithm() + def test_okp_ed25519_prepare_key_should_be_idempotent(self): + algo = OKPAlgorithm() with open(key_path("testkey_ed25519.pub")) as keyfile: jwt_pub_key_first = algo.prepare_key(keyfile.read()) @@ -741,8 +736,8 @@ class TestEd25519Algorithms: assert jwt_pub_key_first == jwt_pub_key_second - def test_ed25519_jwk_private_key_should_parse_and_verify(self): - algo = Ed25519Algorithm() + def test_okp_ed25519_jwk_private_key_should_parse_and_verify(self): + algo = OKPAlgorithm() with open(key_path("jwk_okp_key_Ed25519.json")) as keyfile: key = algo.from_jwk(keyfile.read()) @@ -750,8 +745,19 @@ class TestEd25519Algorithms: signature = algo.sign(b"Hello World!", key) assert algo.verify(b"Hello World!", key.public_key(), signature) - def test_ed25519_jwk_public_key_should_parse_and_verify(self): - algo = Ed25519Algorithm() + def test_okp_ed25519_jwk_private_key_should_parse_and_verify_with_private_key_as_is( + self, + ): + algo = OKPAlgorithm() + + with open(key_path("jwk_okp_key_Ed25519.json")) as keyfile: + key = algo.from_jwk(keyfile.read()) + + signature = algo.sign(b"Hello World!", key) + assert algo.verify(b"Hello World!", key, signature) + + def test_okp_ed25519_jwk_public_key_should_parse_and_verify(self): + algo = OKPAlgorithm() with open(key_path("jwk_okp_key_Ed25519.json")) as keyfile: priv_key = algo.from_jwk(keyfile.read()) @@ -762,8 +768,8 @@ class TestEd25519Algorithms: signature = algo.sign(b"Hello World!", priv_key) assert algo.verify(b"Hello World!", pub_key, signature) - def test_ed25519_jwk_fails_on_invalid_json(self): - algo = Ed25519Algorithm() + def test_okp_ed25519_jwk_fails_on_invalid_json(self): + algo = OKPAlgorithm() with open(key_path("jwk_okp_pub_Ed25519.json")) as keyfile: valid_pub = json.loads(keyfile.read()) @@ -790,6 +796,12 @@ class TestEd25519Algorithms: with pytest.raises(InvalidKeyError): algo.from_jwk(v) + # Invalid crv, "Ed448" + v = valid_pub.copy() + v["crv"] = "Ed448" + with pytest.raises(InvalidKeyError): + algo.from_jwk(v) + # Missing x v = valid_pub.copy() del v["x"] @@ -808,8 +820,8 @@ class TestEd25519Algorithms: with pytest.raises(InvalidKeyError): algo.from_jwk(v) - def test_ed25519_to_jwk_works_with_from_jwk(self): - algo = Ed25519Algorithm() + def test_okp_ed25519_to_jwk_works_with_from_jwk(self): + algo = OKPAlgorithm() with open(key_path("jwk_okp_key_Ed25519.json")) as keyfile: priv_key_1 = algo.from_jwk(keyfile.read()) @@ -827,8 +839,111 @@ class TestEd25519Algorithms: assert algo.verify(b"Hello World!", pub_key_2, signature_1) assert algo.verify(b"Hello World!", pub_key_2, signature_2) - def test_ed25519_to_jwk_raises_exception_on_invalid_key(self): - algo = Ed25519Algorithm() + def test_okp_to_jwk_raises_exception_on_invalid_key(self): + algo = OKPAlgorithm() with pytest.raises(InvalidKeyError): algo.to_jwk({"not": "a valid key"}) + + def test_okp_ed448_jwk_private_key_should_parse_and_verify(self): + algo = OKPAlgorithm() + + with open(key_path("jwk_okp_key_Ed448.json")) as keyfile: + key = algo.from_jwk(keyfile.read()) + + signature = algo.sign(b"Hello World!", key) + assert algo.verify(b"Hello World!", key.public_key(), signature) + + def test_okp_ed448_jwk_private_key_should_parse_and_verify_with_private_key_as_is( + self, + ): + algo = OKPAlgorithm() + + with open(key_path("jwk_okp_key_Ed448.json")) as keyfile: + key = algo.from_jwk(keyfile.read()) + + signature = algo.sign(b"Hello World!", key) + assert algo.verify(b"Hello World!", key, signature) + + def test_okp_ed448_jwk_public_key_should_parse_and_verify(self): + algo = OKPAlgorithm() + + with open(key_path("jwk_okp_key_Ed448.json")) as keyfile: + priv_key = algo.from_jwk(keyfile.read()) + + with open(key_path("jwk_okp_pub_Ed448.json")) as keyfile: + pub_key = algo.from_jwk(keyfile.read()) + + signature = algo.sign(b"Hello World!", priv_key) + assert algo.verify(b"Hello World!", pub_key, signature) + + def test_okp_ed448_jwk_fails_on_invalid_json(self): + algo = OKPAlgorithm() + + with open(key_path("jwk_okp_pub_Ed448.json")) as keyfile: + valid_pub = json.loads(keyfile.read()) + with open(key_path("jwk_okp_key_Ed448.json")) as keyfile: + valid_key = json.loads(keyfile.read()) + + # Invalid instance type + with pytest.raises(InvalidKeyError): + algo.from_jwk(123) + + # Invalid JSON + with pytest.raises(InvalidKeyError): + algo.from_jwk("<this isn't json>") + + # Invalid kty, not "OKP" + v = valid_pub.copy() + v["kty"] = "oct" + with pytest.raises(InvalidKeyError): + algo.from_jwk(v) + + # Invalid crv, not "Ed448" + v = valid_pub.copy() + v["crv"] = "P-256" + with pytest.raises(InvalidKeyError): + algo.from_jwk(v) + + # Invalid crv, "Ed25519" + v = valid_pub.copy() + v["crv"] = "Ed25519" + with pytest.raises(InvalidKeyError): + algo.from_jwk(v) + + # Missing x + v = valid_pub.copy() + del v["x"] + with pytest.raises(InvalidKeyError): + algo.from_jwk(v) + + # Invalid x + v = valid_pub.copy() + v["x"] = "123" + with pytest.raises(InvalidKeyError): + algo.from_jwk(v) + + # Invalid d + v = valid_key.copy() + v["d"] = "123" + with pytest.raises(InvalidKeyError): + algo.from_jwk(v) + + def test_okp_ed448_to_jwk_works_with_from_jwk(self): + algo = OKPAlgorithm() + + with open(key_path("jwk_okp_key_Ed448.json")) as keyfile: + priv_key_1 = algo.from_jwk(keyfile.read()) + + with open(key_path("jwk_okp_pub_Ed448.json")) as keyfile: + pub_key_1 = algo.from_jwk(keyfile.read()) + + pub = algo.to_jwk(pub_key_1) + pub_key_2 = algo.from_jwk(pub) + pri = algo.to_jwk(priv_key_1) + priv_key_2 = algo.from_jwk(pri) + + signature_1 = algo.sign(b"Hello World!", priv_key_1) + signature_2 = algo.sign(b"Hello World!", priv_key_2) + assert algo.verify(b"Hello World!", pub_key_2, signature_1) + assert algo.verify(b"Hello World!", pub_key_2, signature_2) |