1#@!#!123s

: / lib / python3.6 / site-packages / josepy /
Filename : jwa_test.py
back
"""Tests for josepy.jwa."""
import unittest
from unittest import mock

from josepy import errors, test_util

RSA256_KEY = test_util.load_rsa_private_key('rsa256_key.pem')
RSA512_KEY = test_util.load_rsa_private_key('rsa512_key.pem')
RSA1024_KEY = test_util.load_rsa_private_key('rsa1024_key.pem')
EC_P256_KEY = test_util.load_ec_private_key('ec_p256_key.pem')
EC_P384_KEY = test_util.load_ec_private_key('ec_p384_key.pem')
EC_P521_KEY = test_util.load_ec_private_key('ec_p521_key.pem')


class JWASignatureTest(unittest.TestCase):
    """Tests for josepy.jwa.JWASignature."""

    def setUp(self):
        from josepy.jwa import JWASignature

        class MockSig(JWASignature):
            # pylint: disable=missing-docstring,too-few-public-methods
            # pylint: disable=abstract-class-not-used
            def sign(self, key, msg):
                raise NotImplementedError()  # pragma: no cover

            def verify(self, key, msg, sig):
                raise NotImplementedError()  # pragma: no cover

        # pylint: disable=invalid-name
        self.Sig1 = MockSig('Sig1')
        self.Sig2 = MockSig('Sig2')

    def test_eq(self):
        self.assertEqual(self.Sig1, self.Sig1)

    def test_ne(self):
        self.assertNotEqual(self.Sig1, self.Sig2)

    def test_ne_other_type(self):
        self.assertNotEqual(self.Sig1, 5)

    def test_repr(self):
        self.assertEqual('Sig1', repr(self.Sig1))
        self.assertEqual('Sig2', repr(self.Sig2))

    def test_to_partial_json(self):
        self.assertEqual(self.Sig1.to_partial_json(), 'Sig1')
        self.assertEqual(self.Sig2.to_partial_json(), 'Sig2')

    def test_from_json(self):
        from josepy.jwa import JWASignature
        from josepy.jwa import RS256
        self.assertIs(JWASignature.from_json('RS256'), RS256)


class JWAHSTest(unittest.TestCase):  # pylint: disable=too-few-public-methods

    def test_it(self):
        from josepy.jwa import HS256
        sig = (
            b"\xceR\xea\xcd\x94\xab\xcf\xfb\xe0\xacA.:\x1a'\x08i\xe2\xc4"
            b"\r\x85+\x0e\x85\xaeUZ\xd4\xb3\x97zO"
        )
        self.assertEqual(HS256.sign(b'some key', b'foo'), sig)
        self.assertIs(HS256.verify(b'some key', b'foo', sig), True)
        self.assertIs(HS256.verify(b'some key', b'foo', sig + b'!'), False)


class JWARSTest(unittest.TestCase):

    def test_sign_no_private_part(self):
        from josepy.jwa import RS256
        self.assertRaises(errors.Error, RS256.sign, RSA512_KEY.public_key(), b'foo')

    def test_sign_key_too_small(self):
        from josepy.jwa import RS256
        from josepy.jwa import PS256
        self.assertRaises(errors.Error, RS256.sign, RSA256_KEY, b'foo')
        self.assertRaises(errors.Error, PS256.sign, RSA256_KEY, b'foo')

    def test_rs(self):
        from josepy.jwa import RS256
        sig = (
            b'|\xc6\xb2\xa4\xab(\x87\x99\xfa*:\xea\xf8\xa0N&}\x9f\x0f\xc0O'
            b'\xc6t\xa3\xe6\xfa\xbb"\x15Y\x80Y\xe0\x81\xb8\x88)\xba\x0c\x9c'
            b'\xa4\x99\x1e\x19&\xd8\xc7\x99S\x97\xfc\x85\x0cOV\xe6\x07\x99'
            b'\xd2\xb9.>}\xfd'
        )
        self.assertEqual(RS256.sign(RSA512_KEY, b'foo'), sig)
        self.assertIs(RS256.verify(RSA512_KEY.public_key(), b'foo', sig), True)
        self.assertIs(RS256.verify(
            RSA512_KEY.public_key(), b'foo', sig + b'!'), False)

    def test_ps(self):
        from josepy.jwa import PS256
        sig = PS256.sign(RSA1024_KEY, b'foo')
        self.assertIs(PS256.verify(RSA1024_KEY.public_key(), b'foo', sig), True)
        self.assertIs(PS256.verify(
            RSA1024_KEY.public_key(), b'foo', sig + b'!'), False)

    def test_sign_new_api(self):
        from josepy.jwa import RS256
        key = mock.MagicMock()
        RS256.sign(key, "message")
        self.assertIs(key.sign.called, True)

    def test_sign_old_api(self):
        from josepy.jwa import RS256
        key = mock.MagicMock(spec=[u'signer'])
        signer = mock.MagicMock()
        key.signer.return_value = signer
        RS256.sign(key, "message")
        self.assertIs(key.signer.called, True)
        self.assertIs(signer.update.called, True)
        self.assertIs(signer.finalize.called, True)

    def test_verify_new_api(self):
        from josepy.jwa import RS256
        key = mock.MagicMock()
        RS256.verify(key, "message", "signature")
        self.assertIs(key.verify.called, True)

    def test_verify_old_api(self):
        from josepy.jwa import RS256
        key = mock.MagicMock(spec=[u'verifier'])
        verifier = mock.MagicMock()
        key.verifier.return_value = verifier
        RS256.verify(key, "message", "signature")
        self.assertIs(key.verifier.called, True)
        self.assertIs(verifier.update.called, True)
        self.assertIs(verifier.verify.called, True)


class JWAECTest(unittest.TestCase):

    def test_sign_no_private_part(self):
        from josepy.jwa import ES256
        self.assertRaises(
            errors.Error, ES256.sign, EC_P256_KEY.public_key(), b'foo')

    def test_es256_sign_and_verify(self):
        from josepy.jwa import ES256
        message = b'foo'
        signature = ES256.sign(EC_P256_KEY, message)
        self.assertIs(ES256.verify(EC_P256_KEY.public_key(), message, signature), True)

    def test_es384_sign_and_verify(self):
        from josepy.jwa import ES384
        message = b'foo'
        signature = ES384.sign(EC_P384_KEY, message)
        self.assertIs(ES384.verify(EC_P384_KEY.public_key(), message, signature), True)

    def test_verify_with_wrong_jwa(self):
        from josepy.jwa import ES256, ES384
        message = b'foo'
        signature = ES256.sign(EC_P256_KEY, message)
        self.assertIs(ES384.verify(EC_P384_KEY.public_key(), message, signature), False)

    def test_verify_with_different_key(self):
        from josepy.jwa import ES256
        from cryptography.hazmat.primitives.asymmetric import ec
        from cryptography.hazmat.backends import default_backend

        message = b'foo'
        signature = ES256.sign(EC_P256_KEY, message)
        different_key = ec.generate_private_key(ec.SECP256R1, default_backend())
        self.assertIs(ES256.verify(different_key.public_key(), message, signature), False)

    def test_sign_new_api(self):
        from josepy.jwa import ES256
        from cryptography.hazmat.primitives.asymmetric.ec import SECP256R1
        key = mock.MagicMock(curve=SECP256R1())
        with mock.patch("josepy.jwa.decode_dss_signature") as decode_patch:
            decode_patch.return_value = (0, 0)
            ES256.sign(key, "message")
        self.assertIs(key.sign.called, True)

    def test_sign_old_api(self):
        from josepy.jwa import ES256
        from cryptography.hazmat.primitives.asymmetric.ec import SECP256R1
        key = mock.MagicMock(spec=[u'signer'], curve=SECP256R1())
        signer = mock.MagicMock()
        key.signer.return_value = signer
        with mock.patch("josepy.jwa.decode_dss_signature") as decode_patch:
            decode_patch.return_value = (0, 0)
            ES256.sign(key, "message")
        self.assertIs(key.signer.called, True)
        self.assertIs(signer.update.called, True)
        self.assertIs(signer.finalize.called, True)

    def test_verify_new_api(self):
        import math
        from josepy.jwa import ES256
        from cryptography.hazmat.primitives.asymmetric.ec import SECP256R1
        key = mock.MagicMock(key_size=256, curve=SECP256R1())
        ES256.verify(key, "message", b'\x00' * math.ceil(key.key_size / 8) * 2)
        self.assertIs(key.verify.called, True)

    def test_verify_old_api(self):
        import math
        from josepy.jwa import ES256
        from cryptography.hazmat.primitives.asymmetric.ec import SECP521R1
        key = mock.MagicMock(spec=[u'verifier'], key_size=521, curve=SECP521R1())
        verifier = mock.MagicMock()
        key.verifier.return_value = verifier
        ES256.verify(key, "message", b'\x00' * math.ceil(key.key_size / 8) * 2)
        self.assertIs(key.verifier.called, True)
        self.assertIs(verifier.update.called, True)
        self.assertIs(verifier.verify.called, True)

    def test_signature_size(self):
        from josepy.jwa import ES512
        from josepy.jwk import JWK
        key = JWK.from_json(
            {
                'd': 'Af9KP6DqLRbtit6NS_LRIaCP_-NdC5l5R2ugbILdfpv6dS9R4wUPNxiGw-vVWumA56Yo1oBnEm8ZdR4W-u1lPHw5',
                'x': 'AD4i4STyJ07iZJkHkpKEOuICpn6IHknzwAlrf-1w1a5dqOsRe30EECSN4vFxaeAmtdBSCKBwCq7h1q4bPgMrMUvF',
                'y': 'AHAlXxrabjcx_yBxGObnm_DkEQMJK1E69OHY3x3VxF5VXoKc93CG4GLoaPvphZQvZnt5EfExQoPktwOMIVhBHaFR',
                'crv': 'P-521',
                'kty': 'EC'
            })
        with mock.patch("josepy.jwa.decode_dss_signature") as decode_patch:
            decode_patch.return_value = (0, 0)
            sig = ES512.sign(key.key, b"test")
            self.assertEqual(len(sig), 2 * 66)


if __name__ == '__main__':
    unittest.main()  # pragma: no cover