test_endpoints: update to use JWT headers
This commit is contained in:
Jimmy Zelinskie
Jimmy Zelinskie
parent
d0bd70fb36
commit
2805dad64f
1 changed files with 6 additions and 12 deletions
|
|
@ -188,9 +188,6 @@ class WebEndpointTestCase(EndpointTestCase):
|
|||
self.getResponse('web.redirect_to_namespace', namespace='devtable', expected_code=302)
|
||||
self.getResponse('web.redirect_to_namespace', namespace='buynlarge', expected_code=302)
|
||||
|
||||
def test_jwk_set_uri(self):
|
||||
self.getResponse('web.jwk_set_uri')
|
||||
|
||||
|
||||
class KeyServerTestCase(EndpointTestCase):
|
||||
_test_jwt_payload = {
|
||||
|
|
@ -199,7 +196,6 @@ class KeyServerTestCase(EndpointTestCase):
|
|||
'exp': int(time.time()) + 60,
|
||||
'iat': int(time.time()),
|
||||
'nbf': int(time.time()),
|
||||
'kid': 'kid123',
|
||||
}
|
||||
|
||||
def test_list_service_keys(self):
|
||||
|
|
@ -232,7 +228,6 @@ class KeyServerTestCase(EndpointTestCase):
|
|||
private_key = RSA.generate(2048)
|
||||
jwk = RSAKey(key=private_key.publickey()).serialize()
|
||||
payload = self._test_jwt_payload
|
||||
payload.pop('kid')
|
||||
token = jwt.encode(payload, private_key.exportKey('PEM'), 'RS256')
|
||||
|
||||
# Publish a new key
|
||||
|
|
@ -243,8 +238,7 @@ class KeyServerTestCase(EndpointTestCase):
|
|||
}, data=jwk, expected_code=202)
|
||||
|
||||
# Rotate that new key
|
||||
payload['kid'] = 'kid420'
|
||||
token = jwt.encode(payload, private_key.exportKey('PEM'), 'RS256')
|
||||
token = jwt.encode(payload, private_key.exportKey('PEM'), 'RS256', headers={'kid': 'kid420'})
|
||||
self.putResponse('key_server.put_service_key', service='sample_service', kid='kid6969',
|
||||
headers={
|
||||
'Authorization': 'Bearer %s' % token,
|
||||
|
|
@ -254,7 +248,7 @@ class KeyServerTestCase(EndpointTestCase):
|
|||
# Rotation should only work when signed by the previous key
|
||||
private_key = RSA.generate(2048)
|
||||
jwk = RSAKey(key=private_key.publickey()).serialize()
|
||||
token = jwt.encode(payload, private_key.exportKey('PEM'), 'RS256')
|
||||
token = jwt.encode(payload, private_key.exportKey('PEM'), 'RS256', headers={'kid': 'kid420'})
|
||||
self.putResponse('key_server.put_service_key', service='sample_service', kid='kid6969',
|
||||
headers={
|
||||
'Authorization': 'Bearer %s' % token,
|
||||
|
|
@ -272,7 +266,8 @@ class KeyServerTestCase(EndpointTestCase):
|
|||
model.service_keys.approve_service_key('kid123', 1, ServiceKeyApprovalType.SUPERUSER)
|
||||
|
||||
# Mint a JWT with our test payload
|
||||
token = jwt.encode(self._test_jwt_payload, private_key.exportKey('PEM'), 'RS256')
|
||||
token = jwt.encode(self._test_jwt_payload, private_key.exportKey('PEM'), 'RS256',
|
||||
headers={'kid': 'kid123'})
|
||||
|
||||
# Using the credentials of our approved key, delete our unapproved key
|
||||
self.deleteResponse('key_server.delete_service_key',
|
||||
|
|
@ -280,9 +275,8 @@ class KeyServerTestCase(EndpointTestCase):
|
|||
expected_code=204, service='sample_service', kid='kid321')
|
||||
|
||||
# Attempt to delete a key signed by a key from a different service
|
||||
bad_payload = self._test_jwt_payload
|
||||
bad_payload['kid'] = 'kid5'
|
||||
bad_token = jwt.encode(self._test_jwt_payload, private_key.exportKey('PEM'), 'RS256')
|
||||
bad_token = jwt.encode(self._test_jwt_payload, private_key.exportKey('PEM'), 'RS256',
|
||||
headers={'kid': 'kid5'})
|
||||
self.deleteResponse('key_server.delete_service_key',
|
||||
headers={'Authorization': 'Bearer %s' % bad_token},
|
||||
expected_code=403, service='sample_service', kid='kid123')
|
||||
|
|
|
|||
Reference in a new issue