本文整理汇总了Python中jwkest.jwk.KEYS属性的典型用法代码示例。如果您正苦于以下问题:Python jwk.KEYS属性的具体用法?Python jwk.KEYS怎么用?Python jwk.KEYS使用的例子?那么, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类jwkest.jwk
的用法示例。
在下文中一共展示了jwk.KEYS属性的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: setup
# 需要导入模块: from jwkest import jwk [as 别名]
# 或者: from jwkest.jwk import KEYS [as 别名]
def setup(self):
httpretty.enable()
self.key = RSAKey(kid='testkey').load(os.path.join(FIXTURE_ROOT, 'testkey.pem'))
def jwks(_request, _uri, headers): # noqa: E306
ks = KEYS()
ks.add(self.key.serialize())
return 200, headers, ks.dump_jwks()
httpretty.register_uri(
httpretty.GET, oidc_rp_settings.PROVIDER_JWKS_ENDPOINT, status=200, body=jwks)
httpretty.register_uri(
httpretty.POST, oidc_rp_settings.PROVIDER_TOKEN_ENDPOINT,
body=json.dumps({
'id_token': self.generate_jws(), 'access_token': 'accesstoken',
'refresh_token': 'refreshtoken', }),
content_type='text/json')
httpretty.register_uri(
httpretty.GET, oidc_rp_settings.PROVIDER_USERINFO_ENDPOINT,
body=json.dumps({'sub': '1234', 'email': 'test@example.com', }),
content_type='text/json')
yield
httpretty.disable()
示例2: test_authenticate_auth_token_with_bad_signature
# 需要导入模块: from jwkest import jwk [as 别名]
# 或者: from jwkest.jwk import KEYS [as 别名]
def test_authenticate_auth_token_with_bad_signature(self):
new_rsa_key = jwk.RSAKey(use=u"sig").load_key(PublicKey.RSA.generate(2048))
kid = IntegrationTest._rsa_key.kid
new_rsa_key.kid = kid
new_jwks = jwk.KEYS()
new_jwks._keys.append(new_rsa_key)
auth_token = token_utils.generate_auth_token(IntegrationTest._JWT_CLAIMS,
new_jwks._keys, alg=u"RS256",
kid=kid)
url = get_url(IntegrationTest._JWKS_PATH)
self._provider_ids[self._ISSUER] = self._PROVIDER_ID
self._configs[IntegrationTest._ISSUER] = suppliers.IssuerUriConfig(False,
url)
message = u"Signature verification failed"
with self.assertRaisesRegexp(suppliers.UnauthenticatedException, message):
self._authenticator.authenticate(auth_token, self._auth_info,
IntegrationTest._SERVICE_NAME)
示例3: test_get_jwt_claims_via_caching
# 需要导入模块: from jwkest import jwk [as 别名]
# 或者: from jwkest.jwk import KEYS [as 别名]
def test_get_jwt_claims_via_caching(self):
AuthenticatorTest._mock_timer.return_value = 10
auth_token = token_utils.generate_auth_token(self._jwt_claims,
self._jwks._keys)
# Populate the decoded result into cache.
self._authenticator.get_jwt_claims(auth_token)
# Reset the returned JWKS so the signature verification will fail next
# time.
self._jwks_supplier.supply.return_value = jwk.KEYS()
# Forword time by 10 seconds.
AuthenticatorTest._mock_timer.return_value += 10
# This call should succeed since the auth_token is cached.
self._authenticator.get_jwt_claims(auth_token)
# Forword time by 5 minutes.
AuthenticatorTest._mock_timer.return_value += 5 * 60
# This call should fail since the cache expires and it needs to re-decode
# the auth token with a different key set.
with self.assertRaises(suppliers.UnauthenticatedException):
self._authenticator.get_jwt_claims(auth_token)
示例4: test_supply_jwks
# 需要导入模块: from jwkest import jwk [as 别名]
# 或者: from jwkest.jwk import KEYS [as 别名]
def test_supply_jwks(self):
rsa_key = PublicKey.RSA.generate(2048)
jwks = jwk.KEYS()
jwks.wrap_add(rsa_key)
scheme = u"https"
issuer = u"issuer.com"
self._key_uri_supplier.supply.return_value = scheme + u"://" + issuer
@httmock.urlmatch(scheme=scheme, netloc=issuer)
def _mock_response_with_jwks(url, response): # pylint: disable=unused-argument
return jwks.dump_jwks()
with httmock.HTTMock(_mock_response_with_jwks):
actual_jwks = self._jwks_uri_supplier.supply(issuer)
self.assertEquals(1, len(actual_jwks))
actual_key = actual_jwks[0].key
self.assertEquals(rsa_key.n, actual_key.n)
self.assertEquals(rsa_key.e, actual_key.e)
示例5: get_jwk_key_pair
# 需要导入模块: from jwkest import jwk [as 别名]
# 或者: from jwkest.jwk import KEYS [as 别名]
def get_jwk_key_pair(self):
"""
Returns the asymmetric JWT signing keys required
"""
rsa_jwk = jwk.RSAKey(kid="opencraft", key=self.rsa_key)
# Serialize public JWT signing keys
public_keys = jwk.KEYS()
public_keys.append(rsa_jwk)
serialized_public_keys_json = public_keys.dump_jwks()
# Serialize private JWT signing keys
serialized_keypair = rsa_jwk.serialize(private=True)
serialized_keypair_json = json.dumps(serialized_keypair)
# Named tuple for storing public and private JWT key pair
jwk_key_pair = namedtuple('JWK_KEY_PAIR', ['public', 'private'])
jwk_key_pair.public = serialized_public_keys_json
jwk_key_pair.private = serialized_keypair_json
return jwk_key_pair
示例6: setUp
# 需要导入模块: from jwkest import jwk [as 别名]
# 或者: from jwkest.jwk import KEYS [as 别名]
def setUp(self):
super(OpenIdConnectTestMixin, self).setUp()
test_root = os.path.dirname(os.path.dirname(__file__))
self.key = RSAKey(kid='testkey').load(os.path.join(test_root, 'testkey.pem'))
HTTPretty.register_uri(HTTPretty.GET,
self.backend.OIDC_ENDPOINT + '/.well-known/openid-configuration',
status=200,
body=self.openid_config_body
)
oidc_config = json.loads(self.openid_config_body)
def jwks(_request, _uri, headers):
ks = KEYS()
ks.add(self.key.serialize())
return 200, headers, ks.dump_jwks()
HTTPretty.register_uri(HTTPretty.GET,
oidc_config.get('jwks_uri'),
status=200,
body=jwks)
示例7: setup
# 需要导入模块: from jwkest import jwk [as 别名]
# 或者: from jwkest.jwk import KEYS [as 别名]
def setup(self):
httpretty.enable()
self.key = RSAKey(kid='testkey').load(os.path.join(FIXTURE_ROOT, 'testkey.pem'))
def jwks(_request, _uri, headers): # noqa: E306
ks = KEYS()
ks.add(self.key.serialize())
return 200, headers, ks.dump_jwks()
httpretty.register_uri(
httpretty.GET, oidc_rp_settings.PROVIDER_JWKS_ENDPOINT, status=200, body=jwks)
yield
httpretty.disable()
示例8: _get_jwks_keys
# 需要导入模块: from jwkest import jwk [as 别名]
# 或者: from jwkest.jwk import KEYS [as 别名]
def _get_jwks_keys(shared_key):
""" Returns JWKS keys used to decrypt id_token values. """
# The OpenID Connect Provider (OP) uses RSA keys to sign/enrypt ID tokens and generate public
# keys allowing to decrypt them. These public keys are exposed through the 'jwks_uri' and should
# be used to decrypt the JWS - JSON Web Signature.
jwks_keys = KEYS()
jwks_keys.load_from_url(oidc_rp_settings.PROVIDER_JWKS_ENDPOINT)
# Adds the shared key (which can correspond to the client_secret) as an oct key so it can be
# used for HMAC signatures.
jwks_keys.add({'key': smart_bytes(shared_key), 'kty': 'oct'})
return jwks_keys
示例9: get_public_jwk
# 需要导入模块: from jwkest import jwk [as 别名]
# 或者: from jwkest.jwk import KEYS [as 别名]
def get_public_jwk(self):
"""
Export Public JWK
"""
public_keys = jwk.KEYS()
# Only append to keyset if a key exists
if self.key:
public_keys.append(self.key)
return json.loads(public_keys.dump_jwks())
示例10: setUp
# 需要导入模块: from jwkest import jwk [as 别名]
# 或者: from jwkest.jwk import KEYS [as 别名]
def setUp(self):
ec_jwk = jwk.ECKey(use=u"sig").load_key(ecc.P256)
ec_jwk.kid = self._ec_kid
rsa_key = jwk.RSAKey(use=u"sig").load_key(PublicKey.RSA.generate(1024))
rsa_key.kid = self._rsa_kid
jwks = jwk.KEYS()
jwks._keys.append(ec_jwk)
jwks._keys.append(rsa_key)
self._issuers_to_provider_ids = {}
self._jwks_supplier = mock.MagicMock()
self._authenticator = tokens.Authenticator(self._issuers_to_provider_ids,
self._jwks_supplier)
self._jwks = jwks
self._jwks_supplier.supply.return_value = self._jwks
self._method_info = mock.MagicMock()
self._service_name = u"service.name.com"
self._jwt_claims = {
u"aud": [u"first.com", u"second.com"],
u"email": u"someone@email.com",
u"exp": int(time.time()) + 10,
u"iss": u"https://issuer.com",
u"sub": u"subject-id"}
示例11: test_auth_token_cache_capacity
# 需要导入模块: from jwkest import jwk [as 别名]
# 或者: from jwkest.jwk import KEYS [as 别名]
def test_auth_token_cache_capacity(self):
authenticator = tokens.Authenticator({}, self._jwks_supplier, cache_capacity=2)
self._jwt_claims[u"email"] = u"1@email.com"
auth_token1 = token_utils.generate_auth_token(self._jwt_claims,
self._jwks._keys)
self._jwt_claims[u"email"] = u"2@email.com"
auth_token2 = token_utils.generate_auth_token(self._jwt_claims,
self._jwks._keys)
# Populate the decoded result into cache.
authenticator.get_jwt_claims(auth_token1)
authenticator.get_jwt_claims(auth_token2)
# Reset the returned JWKS so the signature verification will fail next
# time.
new_ec_jwk = jwk.ECKey(use=u"sig").load_key(ecc.P256)
new_ec_jwk.kid = self._ec_kid
new_jwks = jwk.KEYS()
new_jwks._keys.append(new_ec_jwk)
self._jwks_supplier.supply.return_value = new_jwks
# Verify the following calls still succeed since the auth tokens are
# cached.
authenticator.get_jwt_claims(auth_token1)
authenticator.get_jwt_claims(auth_token2)
# Populate a third auth token into the cache.
self._jwt_claims[u"email"] = u"3@email.com"
auth_token3 = token_utils.generate_auth_token(self._jwt_claims,
new_jwks._keys)
authenticator.get_jwt_claims(auth_token3)
# Make sure the first auth token is evicted from the cache since the cache
# is full.
with self.assertRaises(suppliers.UnauthenticatedException):
authenticator.get_jwt_claims(auth_token1)
示例12: test_supply_cached_jwks
# 需要导入模块: from jwkest import jwk [as 别名]
# 或者: from jwkest.jwk import KEYS [as 别名]
def test_supply_cached_jwks(self):
JwksSupplierTest._mock_timer.return_value = 10
rsa_key = PublicKey.RSA.generate(2048)
jwks = jwk.KEYS()
jwks.wrap_add(rsa_key)
scheme = u"https"
issuer = u"issuer.com"
self._key_uri_supplier.supply.return_value = scheme + u"://" + issuer
@httmock.urlmatch(scheme=scheme, netloc=issuer)
def _mock_response_with_jwks(url, response): # pylint: disable=unused-argument
return jwks.dump_jwks()
with httmock.HTTMock(_mock_response_with_jwks):
self.assertEqual(1, len(self._jwks_uri_supplier.supply(issuer)))
# Add an additional key to the JWKS to be returned by the HTTP request.
jwks.wrap_add(PublicKey.RSA.generate(2048))
# Forward the clock by 1 second. The JWKS should remain cached.
JwksSupplierTest._mock_timer.return_value += 1
self._jwks_uri_supplier.supply(issuer)
self.assertEqual(1, len(self._jwks_uri_supplier.supply(issuer)))
# Forward the clock by 5 minutes. The cache entry should have expired so
# the returned JWKS should be the updated one with two keys.
JwksSupplierTest._mock_timer.return_value += 5 * 60
self._jwks_uri_supplier.supply(issuer)
self.assertEqual(2, len(self._jwks_uri_supplier.supply(issuer)))
示例13: _get_keys
# 需要导入模块: from jwkest import jwk [as 别名]
# 或者: from jwkest.jwk import KEYS [as 别名]
def _get_keys(self):
"""
Get public key from discovery.
"""
request = self.factory.get(reverse('oidc_provider:jwks'))
response = JwksView.as_view()(request)
jwks_dic = json.loads(response.content.decode('utf-8'))
SIGKEYS = KEYS()
SIGKEYS.load_dict(jwks_dic)
return SIGKEYS
示例14: __missing__
# 需要导入模块: from jwkest import jwk [as 别名]
# 或者: from jwkest.jwk import KEYS [as 别名]
def __missing__(self, kid):
"""
Loads the public key for this handler from the OIDC service.
Raises PublicKeyLoadException on failure.
"""
keys_url = self._login_service._oidc_config()["jwks_uri"]
# Load the keys.
try:
keys = KEYS()
keys.load_from_url(
keys_url, verify=not self._login_service.config.get("DEBUGGING", False)
)
except Exception as ex:
logger.exception("Exception loading public key")
raise PublicKeyLoadException(str(ex))
# Find the matching key.
keys_found = keys.by_kid(kid)
if len(keys_found) == 0:
raise PublicKeyLoadException("Public key %s not found" % kid)
rsa_keys = [key for key in keys_found if key.kty == "RSA"]
if len(rsa_keys) == 0:
raise PublicKeyLoadException("No RSA form of public key %s not found" % kid)
matching_key = rsa_keys[0]
matching_key.deserialize()
# Reload the key so that we can give a key *instance* to PyJWT to work around its weird parsing
# issues.
final_key = load_der_public_key(
matching_key.key.exportKey("DER"), backend=default_backend()
)
self[kid] = final_key
return final_key
示例15: jwks
# 需要导入模块: from jwkest import jwk [as 别名]
# 或者: from jwkest.jwk import KEYS [as 别名]
def jwks(self):
keys = KEYS()
keys.load_jwks(self.jwks_data())
return keys