当前位置: 首页>>代码示例>>Python>>正文


Python jws.JWS属性代码示例

本文整理汇总了Python中jwkest.jws.JWS属性的典型用法代码示例。如果您正苦于以下问题:Python jws.JWS属性的具体用法?Python jws.JWS怎么用?Python jws.JWS使用的例子?那么, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在jwkest.jws的用法示例。


在下文中一共展示了jws.JWS属性的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: _get_keyset

# 需要导入模块: from jwkest import jws [as 别名]
# 或者: from jwkest.jws import JWS [as 别名]
def _get_keyset(self, kid=None):
        """
        Get keyset from available sources.

        If using a RSA key, forcefully set the key id
        to match the one from the JWT token.
        """
        keyset = []

        if self.keyset_url:
            # TODO: Improve support for keyset handling, handle errors.
            keyset.extend(load_jwks_from_url(self.keyset_url))

        if self.public_key and kid:
            # Fill in key id of stored key.
            # This is needed because if the JWS is signed with a
            # key with a kid, pyjwkest doesn't match them with
            # keys without kid (kid=None) and fails verification
            self.public_key.kid = kid

            # Add to keyset
            keyset.append(self.public_key)

        return keyset 
开发者ID:edx,项目名称:xblock-lti-consumer,代码行数:26,代码来源:key_handlers.py

示例2: encode_and_sign

# 需要导入模块: from jwkest import jws [as 别名]
# 或者: from jwkest.jws import JWS [as 别名]
def encode_and_sign(self, message, expiration=None):
        """
        Encode and sign JSON with RSA key
        """
        if not self.key:
            raise exceptions.RsaKeyNotSet()

        _message = copy.deepcopy(message)

        # Set iat and exp if expiration is set
        if expiration:
            _message.update({
                "iat": int(round(time.time())),
                "exp": int(round(time.time()) + expiration),
            })

        # The class instance that sets up the signing operation
        # An RS 256 key is required for LTI 1.3
        _jws = JWS(_message, alg="RS256", cty="JWT")

        # Encode and sign LTI message
        return _jws.sign_compact([self.key]) 
开发者ID:edx,项目名称:xblock-lti-consumer,代码行数:24,代码来源:key_handlers.py

示例3: _consent_registration

# 需要导入模块: from jwkest import jws [as 别名]
# 或者: from jwkest.jws import JWS [as 别名]
def _consent_registration(self, consent_args):
        """
        Register a request at the consent service

        :type consent_args: dict
        :rtype: str

        :param consent_args: All necessary parameters for the consent request
        :return: Ticket received from the consent service
        """
        jws = JWS(json.dumps(consent_args), alg=self.signing_key.alg).sign_compact([self.signing_key])
        request = "{}/creq/{}".format(self.api_url, jws)
        res = requests.get(request)

        if res.status_code != 200:
            raise UnexpectedResponseError("Consent service error: %s %s", res.status_code, res.text)

        return res.text 
开发者ID:IdentityPython,项目名称:SATOSA,代码行数:20,代码来源:consent.py

示例4: test_existing_account_linking_with_known_known_uuid

# 需要导入模块: from jwkest import jws [as 别名]
# 或者: from jwkest.jws import JWS [as 别名]
def test_existing_account_linking_with_known_known_uuid(self, account_linking_config, internal_response, context):
        uuid = "uuid"
        data = {
            "idp": internal_response.auth_info.issuer,
            "id": internal_response.subject_id,
            "redirect_endpoint": self.account_linking.base_url + "/account_linking/handle_account_linking"
        }
        key = RSAKey(key=rsa_load(account_linking_config["sign_key"]), use="sig", alg="RS256")
        jws = JWS(json.dumps(data), alg=key.alg).sign_compact([key])
        responses.add(
            responses.GET,
            "%s/get_id?jwt=%s" % (account_linking_config["api_url"], jws),
            status=200,
            body=uuid,
            content_type="text/html",
            match_querystring=True
        )

        self.account_linking.process(context, internal_response)
        assert internal_response.subject_id == uuid 
开发者ID:IdentityPython,项目名称:SATOSA,代码行数:22,代码来源:test_account_linking.py

示例5: test_authorization_code

# 需要导入模块: from jwkest import jws [as 别名]
# 或者: from jwkest.jws import JWS [as 别名]
def test_authorization_code(self):
        """
        We MUST validate the signature of the ID Token according to JWS
        using the algorithm specified in the alg Header Parameter of
        the JOSE Header.
        """
        SIGKEYS = self._get_keys()
        code = self._create_code()

        post_data = self._auth_code_post_data(code=code.code)

        response = self._post_request(post_data)
        response_dic = json.loads(response.content.decode('utf-8'))

        id_token = JWS().verify_compact(response_dic['id_token'].encode('utf-8'), SIGKEYS)

        token = Token.objects.get(user=self.user)
        self.assertEqual(response_dic['access_token'], token.access_token)
        self.assertEqual(response_dic['refresh_token'], token.refresh_token)
        self.assertEqual(response_dic['token_type'], 'bearer')
        self.assertEqual(response_dic['expires_in'], 720)
        self.assertEqual(id_token['sub'], str(self.user.id))
        self.assertEqual(id_token['aud'], self.client.client_id) 
开发者ID:juanifioren,项目名称:django-oidc-provider,代码行数:25,代码来源:test_token_endpoint.py

示例6: test_idtoken_sign_validation

# 需要导入模块: from jwkest import jws [as 别名]
# 或者: from jwkest.jws import JWS [as 别名]
def test_idtoken_sign_validation(self):
        """
        We MUST validate the signature of the ID Token according to JWS
        using the algorithm specified in the alg Header Parameter of
        the JOSE Header.
        """
        SIGKEYS = self._get_keys()
        RSAKEYS = [k for k in SIGKEYS if k.kty == 'RSA']

        code = self._create_code()

        post_data = self._auth_code_post_data(code=code.code)

        response = self._post_request(post_data)
        response_dic = json.loads(response.content.decode('utf-8'))

        JWS().verify_compact(response_dic['id_token'].encode('utf-8'), RSAKEYS) 
开发者ID:juanifioren,项目名称:django-oidc-provider,代码行数:19,代码来源:test_token_endpoint.py

示例7: create_jwt

# 需要导入模块: from jwkest import jws [as 别名]
# 或者: from jwkest.jws import JWS [as 别名]
def create_jwt(self, user):
        """
        Creates a signed (JWS) ID token.

        Returns:
            str: JWS
        """
        key = SYMKey(key=self.site.siteconfiguration.oauth_settings['SOCIAL_AUTH_EDX_OAUTH2_SECRET'])
        now = datetime.datetime.utcnow()
        expiration_datetime = now + datetime.timedelta(seconds=3600)
        issue_datetime = now
        payload = {
            'iss': self.site.siteconfiguration.lms_url_root,
            'administrator': False,
            'iat': timegm(issue_datetime.utctimetuple()),
            'sub': str(uuid.uuid4()),
            'preferred_username': user.username,
            'aud': self.site.siteconfiguration.oauth_settings['SOCIAL_AUTH_EDX_OAUTH2_KEY'],
            'exp': timegm(expiration_datetime.utctimetuple()),
        }
        access_token = JWS(payload, jwk=key, alg='HS512').sign_compact()
        return access_token 
开发者ID:edx,项目名称:ecommerce,代码行数:24,代码来源:test_strategies.py

示例8: generate_jws

# 需要导入模块: from jwkest import jws [as 别名]
# 或者: from jwkest.jws import JWS [as 别名]
def generate_jws(self, **kwargs):
        return JWS(self.generate_jws_dict(**kwargs), jwk=self.key, alg='RS256').sign_compact() 
开发者ID:impak-finance,项目名称:django-oidc-rp,代码行数:4,代码来源:test_backends.py

示例9: test_cannot_validate_an_id_token_with_multiple_audiences_but_no_authorized_party

# 需要导入模块: from jwkest import jws [as 别名]
# 或者: from jwkest.jws import JWS [as 别名]
def test_cannot_validate_an_id_token_with_multiple_audiences_but_no_authorized_party(self):
        jws_dict = self.generate_jws_dict()
        jws_dict['aud'] = [oidc_rp_settings.CLIENT_ID, '2']
        jws_dict.pop('azp')
        jws = JWS(jws_dict, jwk=self.key, alg='RS256').sign_compact()
        with pytest.raises(SuspiciousOperation):
            validate_and_return_id_token(jws) 
开发者ID:impak-finance,项目名称:django-oidc-rp,代码行数:9,代码来源:test_utils.py

示例10: _get_jwks_keys

# 需要导入模块: from jwkest import jws [as 别名]
# 或者: from jwkest.jws import JWS [as 别名]
def _get_jwks_keys(shared_key):
    """ Returns JWKS keys used to decrypt id_token values. """
    # The OpenID Connect Provider (OP) uses RSA keys to sign/enrypt ID tokens and generate public
    # keys allowing to decrypt them. These public keys are exposed through the 'jwks_uri' and should
    # be used to decrypt the JWS - JSON Web Signature.
    jwks_keys = KEYS()
    jwks_keys.load_from_url(oidc_rp_settings.PROVIDER_JWKS_ENDPOINT)
    # Adds the shared key (which can correspond to the client_secret) as an oct key so it can be
    # used for HMAC signatures.
    jwks_keys.add({'key': smart_bytes(shared_key), 'kty': 'oct'})
    return jwks_keys 
开发者ID:impak-finance,项目名称:django-oidc-rp,代码行数:13,代码来源:utils.py

示例11: validate_and_decode

# 需要导入模块: from jwkest import jws [as 别名]
# 或者: from jwkest.jws import JWS [as 别名]
def validate_and_decode(self, token):
        """
        Check if a message sent by the tool is valid.

        From https://www.imsglobal.org/spec/security/v1p0/#using-oauth-2-0-client-credentials-grant:

        The authorization server decodes the JWT and MUST validate the values for the
        iss, sub, exp, aud and jti claims.
        """
        try:
            # Get KID from JWT header
            jwt = JWT().unpack(token)

            # Verify message signature
            message = JWS().verify_compact(
                token,
                keys=self._get_keyset(
                    jwt.headers.get('kid')
                )
            )

            # If message is valid, check expiration from JWT
            if 'exp' in message and message['exp'] < time.time():
                raise exceptions.TokenSignatureExpired()

            # TODO: Validate other JWT claims

            # Else returns decoded message
            return message

        except NoSuitableSigningKeys:
            raise exceptions.NoSuitableKeys()
        except BadSyntax:
            raise exceptions.MalformedJwtToken()
        except WrongNumberOfParts:
            raise exceptions.MalformedJwtToken() 
开发者ID:edx,项目名称:xblock-lti-consumer,代码行数:38,代码来源:key_handlers.py

示例12: _decode_token

# 需要导入模块: from jwkest import jws [as 别名]
# 或者: from jwkest.jws import JWS [as 别名]
def _decode_token(self, token):
        """
        Checks for a valid signarute and decodes JWT signed LTI message

        This also tests the public keyset function.
        """
        public_keyset = self.lti_consumer.get_public_keyset()
        key_set = load_jwks(json.dumps(public_keyset))

        return JWS().verify_compact(token, keys=key_set) 
开发者ID:edx,项目名称:xblock-lti-consumer,代码行数:12,代码来源:test_consumer.py

示例13: _decode_token

# 需要导入模块: from jwkest import jws [as 别名]
# 或者: from jwkest.jws import JWS [as 别名]
def _decode_token(self, token):
        """
        Checks for a valid signarute and decodes JWT signed LTI message

        This also touches the public keyset method.
        """
        public_keyset = self.key_handler.get_public_jwk()
        key_set = load_jwks(json.dumps(public_keyset))

        return JWS().verify_compact(token, keys=key_set) 
开发者ID:edx,项目名称:xblock-lti-consumer,代码行数:12,代码来源:test_key_handlers.py

示例14: get_jwt_claims

# 需要导入模块: from jwkest import jws [as 别名]
# 或者: from jwkest.jws import JWS [as 别名]
def get_jwt_claims(self, auth_token):
        """Decodes the auth_token into JWT claims represented as a JSON object.

        This method first tries to look up the cache and returns the result
        immediately in case of a cache hit. When cache misses, the method tries to
        decode the given auth token, verify its signature, and check the existence
        of required JWT claims. When successful, the decoded JWT claims are loaded
        into the cache and then returned.

        Args:
          auth_token: the auth token to be decoded.

        Returns:
          The decoded JWT claims.

        Raises:
          UnauthenticatedException: When the signature verification fails, or when
            required claims are missing.
        """

        def _decode_and_verify():
            jwt_claims = jwt.JWT().unpack(auth_token).payload()
            _verify_required_claims_exist(jwt_claims)

            issuer = jwt_claims[u"iss"]
            keys = self._jwks_supplier.supply(issuer)
            try:
                return jws.JWS().verify_compact(auth_token, keys)
            except (jwkest.BadSignature, jws.NoSuitableSigningKeys,
                    jws.SignerAlgError) as exception:
                raise suppliers.UnauthenticatedException(u"Signature verification failed",
                                                         exception)

        return self._cache.get_or_create(auth_token, _decode_and_verify) 
开发者ID:cloudendpoints,项目名称:endpoints-management-python,代码行数:36,代码来源:tokens.py

示例15: generate_auth_token

# 需要导入模块: from jwkest import jws [as 别名]
# 或者: from jwkest.jws import JWS [as 别名]
def generate_auth_token(payload, keys, alg=u"ES256", kid=None):
    json_web_signature = jws.JWS(json.dumps(payload), alg=alg, kid=kid)
    return json_web_signature.sign_compact(keys=keys) 
开发者ID:cloudendpoints,项目名称:endpoints-management-python,代码行数:5,代码来源:token_utils.py


注:本文中的jwkest.jws.JWS属性示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。