working on tests

Author: rohe

LICENSE.txt

@@ -0,0 +1,13 @@
+Copyright (C) 2017 Roland Hedberg, Sweden
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

src/cryptojwt/exception.py

@@ -69,3 +69,7 @@ class HeaderError(JWKESTException):
 
 class UnSupported(JWKESTException):
     pass
+
+
+class MissingValue(JWKESTException):
+    pass

src/cryptojwt/jwt.py

@@ -5,6 +5,7 @@
 
 from cryptojwt import jwe
 from cryptojwt import jws
+from cryptojwt.exception import MissingValue
 from cryptojwt.jwe import JWE
 from cryptojwt.jws import JWS
 from cryptojwt.jws import NoSuitableSigningKeys
@@ -57,11 +58,24 @@ def get_jwt_keys(jwt, keys, use):
     try:
         _kid = jwt.headers['kid']
     except KeyError:
-        _kid = ''
+        _kid = ''  # Unknown
 
-    # Pick issuers keys
+    # pick issuer keys
+    if use == 'sig':
+        payload = json.loads(jwt.part[1])
+        try:
+            _keys = keys[payload['iss']]
+        except KeyError:  # No issuer, not kosher
+            raise MissingValue('iss')
+        if not _kid:
+            try:
+                _kid = payload['kid']
+            except KeyError:
+                _kid = ''  # Unknown
+    else:
+        _keys = keys
 
-    return pick_key(keys, use, key_type=_key_type, kid=_kid)
+    return pick_key(_keys, use, key_type=_key_type, kid=_kid)
 
 
 class JWT(object):
@@ -150,7 +164,7 @@ def pack(self, payload=None, kid='', owner='', recv='', **kwargs):
         if payload is not None:
             _args.update(payload)
 
-        _jws = JWS(json.dumps(payload), alg=self.sign_alg)
+        _jws = JWS(json.dumps(_args), alg=self.sign_alg)
         _sjwt = _jws.sign_compact([_key])
         #_jws = _jwt.to_jwt([_key], self.sign_alg)
         if _encrypt:

tests/test_5_jwt.py

@@ -18,15 +18,15 @@ def full_path(local_file):
 k1 = import_private_rsa_key_from_file(full_path('rsa.key'))
 k2 = import_private_rsa_key_from_file(full_path('size2048.key'))
 
-ALICE_KEYS = [RSAKey(use='sig').load_key(k1),
-              RSAKey(use='enc').load_key(k2)]
-ALICE_PUB_KEYS = [RSAKey(use='sig').load_key(k1.public_key()),
-                  RSAKey(use='enc').load_key(k2.public_key())]
+ALICE_KEYS = [RSAKey(use='sig', kid='1').load_key(k1),
+              RSAKey(use='enc', kid='2').load_key(k2)]
+ALICE_PUB_KEYS = [RSAKey(use='sig', kid='1').load_key(k1.public_key()),
+                  RSAKey(use='enc', kid='2').load_key(k2.public_key())]
 
 k3 = import_private_rsa_key_from_file(full_path('server.key'))
 
-BOB_KEYS = [RSAKey(use='enc').load_key(k3)]
-BOB_PUB_KEYS = [RSAKey(use='enc').load_key(k3.public_key())]
+BOB_KEYS = [RSAKey(use='enc', kid='3').load_key(k3)]
+BOB_PUB_KEYS = [RSAKey(use='enc', kid='3').load_key(k3.public_key())]
 
 
 def _eq(l1, l2):
@@ -45,32 +45,32 @@ def test_jwt_pack_and_unpack():
     payload = {'sub': 'sub'}
     _jwt = alice.pack(payload=payload)
 
-    bob = JWT(own_keys=BOB_KEYS, iss=BOB, rec_keys={ALICE: ALICE_KEYS})
+    bob = JWT(own_keys=BOB_KEYS, iss=BOB, rec_keys={ALICE: ALICE_PUB_KEYS})
     info = bob.unpack(_jwt)
 
-    assert set(info.keys()) == {'jti', 'iat', 'iss', 'sub', 'kid'}
+    assert set(info.keys()) == {'iat', 'iss', 'sub', 'kid'}
 
 
 def test_jwt_pack_and_unpack_with_lifetime():
     alice = JWT(own_keys=ALICE_KEYS, iss=ALICE, lifetime=600)
     payload = {'sub': 'sub'}
     _jwt = alice.pack(payload=payload)
 
-    bob = JWT(own_keys=BOB_KEYS, iss=BOB, rec_keys={ALICE: ALICE_KEYS})
+    bob = JWT(own_keys=BOB_KEYS, iss=BOB, rec_keys={ALICE: ALICE_PUB_KEYS})
     info = bob.unpack(_jwt)
 
-    assert set(info.keys()) == {'jti', 'iat', 'iss', 'sub', 'kid', 'exp'}
+    assert set(info.keys()) == {'iat', 'iss', 'sub', 'kid', 'exp'}
 
 
 def test_jwt_pack_encrypt():
     alice = JWT(own_keys=ALICE_KEYS, iss=ALICE, rec_keys={BOB: BOB_PUB_KEYS})
     payload = {'sub': 'sub', 'aud': BOB}
     _jwt = alice.pack(payload=payload, encrypt=True, recv=BOB)
 
-    bob = JWT(own_keys=BOB_KEYS, iss=BOB, rec_keys={ALICE: ALICE_KEYS})
+    bob = JWT(own_keys=BOB_KEYS, iss=BOB, rec_keys={ALICE: ALICE_PUB_KEYS})
     info = bob.unpack(_jwt)
 
-    assert set(info.keys()) == {'jti', 'iat', 'iss', 'sub', 'kid', 'aud'}
+    assert set(info.keys()) == {'iat', 'iss', 'sub', 'kid', 'aud'}
 
 
 def test_jwt_pack_unpack_sym():