certbot/acme/tests/jws_test.py

"""Tests for acme.jws."""
import unittest

import josepy as jose

import test_util

KEY = jose.JWKRSA.load(test_util.load_vector('rsa512_key.pem'))


class HeaderTest(unittest.TestCase):
    """Tests for acme.jws.Header."""

    good_nonce = jose.encode_b64jose(b'foo')
    wrong_nonce = u'F'
    # Following just makes sure wrong_nonce is wrong
    try:
        jose.b64decode(wrong_nonce)
    except (ValueError, TypeError):
        assert True
    else:
        assert False  # pragma: no cover

    def test_nonce_decoder(self):
        from acme.jws import Header
        nonce_field = Header._fields['nonce']

        self.assertRaises(
            jose.DeserializationError, nonce_field.decode, self.wrong_nonce)
        self.assertEqual(b'foo', nonce_field.decode(self.good_nonce))


class JWSTest(unittest.TestCase):
    """Tests for acme.jws.JWS."""

    def setUp(self):
        self.privkey = KEY
        self.pubkey = self.privkey.public_key()
        self.nonce = jose.b64encode(b'Nonce')
        self.url = 'hi'
        self.kid = 'baaaaa'

    def test_kid_serialize(self):
        from acme.jws import JWS
        jws = JWS.sign(payload=b'foo', key=self.privkey,
                       alg=jose.RS256, nonce=self.nonce,
                       url=self.url, kid=self.kid)
        self.assertEqual(jws.signature.combined.nonce, self.nonce)
        self.assertEqual(jws.signature.combined.url, self.url)
        self.assertEqual(jws.signature.combined.kid, self.kid)
        self.assertEqual(jws.signature.combined.jwk, None)
        # TODO: check that nonce is in protected header

        self.assertEqual(jws, JWS.from_json(jws.to_json()))

    def test_jwk_serialize(self):
        from acme.jws import JWS
        jws = JWS.sign(payload=b'foo', key=self.privkey,
                       alg=jose.RS256, nonce=self.nonce,
                       url=self.url)
        self.assertEqual(jws.signature.combined.kid, None)
        self.assertEqual(jws.signature.combined.jwk, self.pubkey)


if __name__ == '__main__':
    unittest.main()  # pragma: no cover
Add an anti-replay nonce facility (fixes: #488). 2015-06-11 06:11:49 -04:00			`"""Tests for acme.jws."""`
			`import unittest`

Use josepy instead of acme.jose. (#5203) 2017-12-11 14:25:09 -05:00			`import josepy as jose`

Refactor tests out of packaged module for acme plugin (#7600) * Move acme tests to tests/ directory outside of acme module * Fix call to messages_test in client_test * Move test_util.py and testdata/ into tests/ * Update manifest to package tests * Exclude pycache and .py[cod] 2019-11-26 18:25:41 -05:00			`import test_util`
Add an anti-replay nonce facility (fixes: #488). 2015-06-11 06:11:49 -04:00
Unified vector loading in acme. 2015-07-10 08:26:51 -04:00			`KEY = jose.JWKRSA.load(test_util.load_vector('rsa512_key.pem'))`
Add an anti-replay nonce facility (fixes: #488). 2015-06-11 06:11:49 -04:00

			`class HeaderTest(unittest.TestCase):`
			`"""Tests for acme.jws.Header."""`

Support for py3.3+ in acme 2015-07-12 07:26:05 -04:00			`good_nonce = jose.encode_b64jose(b'foo')`
			`wrong_nonce = u'F'`
Add an anti-replay nonce facility (fixes: #488). 2015-06-11 06:11:49 -04:00			`# Following just makes sure wrong_nonce is wrong`
			`try:`
			`jose.b64decode(wrong_nonce)`
			`except (ValueError, TypeError):`
			`assert True`
			`else:`
			`assert False # pragma: no cover`

			`def test_nonce_decoder(self):`
			`from acme.jws import Header`
			`nonce_field = Header._fields['nonce']`

Support for py3.3+ in acme 2015-07-12 07:26:05 -04:00			`self.assertRaises(`
			`jose.DeserializationError, nonce_field.decode, self.wrong_nonce)`
			`self.assertEqual(b'foo', nonce_field.decode(self.good_nonce))`
Add an anti-replay nonce facility (fixes: #488). 2015-06-11 06:11:49 -04:00

			`class JWSTest(unittest.TestCase):`
			`"""Tests for acme.jws.JWS."""`

			`def setUp(self):`
Unified vector loading in acme. 2015-07-10 08:26:51 -04:00			`self.privkey = KEY`
acme: drop PyCrypto and use cryptography instead. - Use cryptography in acme.jose.jwa/jwk. - Change Crypto.Random to os.urandom, c.f. https://cryptography.io/en/latest/random-numbers/?highlight=urandom 2015-07-05 09:11:33 -04:00			`self.pubkey = self.privkey.public_key()`
Support for py3.3+ in acme 2015-07-12 07:26:05 -04:00			`self.nonce = jose.b64encode(b'Nonce')`
Add url and kid to jws. (#4340) * Add url and kid to jws. This will be required in order to implement the latest ACME spec, which uses these protected header fields. * Add comments and fix lint. * Enforce mutual exclusivity of jwk and kid. 2017-04-21 21:49:57 -04:00			`self.url = 'hi'`
			`self.kid = 'baaaaa'`
Add an anti-replay nonce facility (fixes: #488). 2015-06-11 06:11:49 -04:00
Add url and kid to jws. (#4340) * Add url and kid to jws. This will be required in order to implement the latest ACME spec, which uses these protected header fields. * Add comments and fix lint. * Enforce mutual exclusivity of jwk and kid. 2017-04-21 21:49:57 -04:00			`def test_kid_serialize(self):`
Add an anti-replay nonce facility (fixes: #488). 2015-06-11 06:11:49 -04:00			`from acme.jws import JWS`
Support for py3.3+ in acme 2015-07-12 07:26:05 -04:00			`jws = JWS.sign(payload=b'foo', key=self.privkey,`
Add url and kid to jws. (#4340) * Add url and kid to jws. This will be required in order to implement the latest ACME spec, which uses these protected header fields. * Add comments and fix lint. * Enforce mutual exclusivity of jwk and kid. 2017-04-21 21:49:57 -04:00			`alg=jose.RS256, nonce=self.nonce,`
			`url=self.url, kid=self.kid)`
Support for py3.3+ in acme 2015-07-12 07:26:05 -04:00			`self.assertEqual(jws.signature.combined.nonce, self.nonce)`
Add url and kid to jws. (#4340) * Add url and kid to jws. This will be required in order to implement the latest ACME spec, which uses these protected header fields. * Add comments and fix lint. * Enforce mutual exclusivity of jwk and kid. 2017-04-21 21:49:57 -04:00			`self.assertEqual(jws.signature.combined.url, self.url)`
			`self.assertEqual(jws.signature.combined.kid, self.kid)`
			`self.assertEqual(jws.signature.combined.jwk, None)`
Support for py3.3+ in acme 2015-07-12 07:26:05 -04:00			`# TODO: check that nonce is in protected header`

			`self.assertEqual(jws, JWS.from_json(jws.to_json()))`
Add an anti-replay nonce facility (fixes: #488). 2015-06-11 06:11:49 -04:00
Add url and kid to jws. (#4340) * Add url and kid to jws. This will be required in order to implement the latest ACME spec, which uses these protected header fields. * Add comments and fix lint. * Enforce mutual exclusivity of jwk and kid. 2017-04-21 21:49:57 -04:00			`def test_jwk_serialize(self):`
			`from acme.jws import JWS`
			`jws = JWS.sign(payload=b'foo', key=self.privkey,`
			`alg=jose.RS256, nonce=self.nonce,`
			`url=self.url)`
			`self.assertEqual(jws.signature.combined.kid, None)`
			`self.assertEqual(jws.signature.combined.jwk, self.pubkey)`

Add an anti-replay nonce facility (fixes: #488). 2015-06-11 06:11:49 -04:00
			`if __name__ == '__main__':`
			`unittest.main() # pragma: no cover`