Commit 2220d100 authored by Simo Sorce's avatar Simo Sorce Committed by Simo Sorce

Add support for RFC7797

Together with non encoded payloads this commit also adds sull support
for dealing with detached payloads on deserlization and serialization.

The payload must still be provided for any computation, but can be
removed before serialization and add after deserialization of a JWS with
detached payload.
Signed-off-by: 's avatarSimo Sorce <simo@redhat.com>

Fixes #4
parent 13421b48
This diff is collapsed.
......@@ -212,9 +212,15 @@ class JWT(object):
@header.setter
def header(self, h):
if isinstance(h, dict):
self._header = json_encode(h)
eh = json_encode(h)
else:
self._header = h
eh = h
h = json_decode(eh)
if h.get('b64') is False:
raise ValueError("b64 header is invalid."
"JWTs cannot use unencoded payloads")
self._header = eh
@property
def claims(self):
......
......@@ -1270,3 +1270,57 @@ class JWATests(unittest.TestCase):
self.assertEqual(inst.name, name)
else:
self.fail((name, cls))
# RFC 7797
rfc7797_e_header = '{"alg":"HS256"}'
rfc7797_u_header = '{"alg":"HS256","b64":false,"crit":["b64"]}'
rfc7797_payload = "$.02"
class TestUnencodedPayload(unittest.TestCase):
def test_regular(self):
result = \
'eyJhbGciOiJIUzI1NiJ9.JC4wMg.' + \
'5mvfOroL-g7HyqJoozehmsaqmvTYGEq5jTI1gVvoEoQ'
s = jws.JWS(rfc7797_payload)
s.add_signature(jwk.JWK(**SymmetricKeys['keys'][1]),
protected=rfc7797_e_header)
sig = s.serialize(compact=True)
self.assertEqual(sig, result)
def test_compat_unencoded(self):
result = \
'eyJhbGciOiJIUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..' + \
'A5dxf2s96_n5FLueVuW1Z_vh161FwXZC4YLPff6dmDY'
s = jws.JWS(rfc7797_payload)
s.add_signature(jwk.JWK(**SymmetricKeys['keys'][1]),
protected=rfc7797_u_header)
# check unencoded payload is in serialized form
sig = s.serialize()
self.assertEqual(json_decode(sig)['payload'], rfc7797_payload)
# check error raises if we try to get compact serialization
with self.assertRaises(jws.InvalidJWSOperation):
sig = s.serialize(compact=True)
# check compact serialization is allowed with detached payload
s.detach_payload()
sig = s.serialize(compact=True)
self.assertEqual(sig, result)
def test_misses_crit(self):
s = jws.JWS(rfc7797_payload)
with self.assertRaises(jws.InvalidJWSObject):
s.add_signature(jwk.JWK(**SymmetricKeys['keys'][1]),
protected={"alg": "HS256", "b64": False})
def test_mismatching_encoding(self):
s = jws.JWS(rfc7797_payload)
s.add_signature(jwk.JWK(**SymmetricKeys['keys'][0]),
protected=rfc7797_e_header)
with self.assertRaises(jws.InvalidJWSObject):
s.add_signature(jwk.JWK(**SymmetricKeys['keys'][1]),
protected=rfc7797_u_header)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment