From 2805dad64fcca2560912bb66ea1a965367c60f0c Mon Sep 17 00:00:00 2001 From: Jimmy Zelinskie Date: Tue, 12 Apr 2016 17:59:22 -0400 Subject: [PATCH] test_endpoints: update to use JWT headers --- test/test_endpoints.py | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/test/test_endpoints.py b/test/test_endpoints.py index 8b80b08c6..e5c95151f 100644 --- a/test/test_endpoints.py +++ b/test/test_endpoints.py @@ -188,9 +188,6 @@ class WebEndpointTestCase(EndpointTestCase): self.getResponse('web.redirect_to_namespace', namespace='devtable', expected_code=302) self.getResponse('web.redirect_to_namespace', namespace='buynlarge', expected_code=302) - def test_jwk_set_uri(self): - self.getResponse('web.jwk_set_uri') - class KeyServerTestCase(EndpointTestCase): _test_jwt_payload = { @@ -199,7 +196,6 @@ class KeyServerTestCase(EndpointTestCase): 'exp': int(time.time()) + 60, 'iat': int(time.time()), 'nbf': int(time.time()), - 'kid': 'kid123', } def test_list_service_keys(self): @@ -232,7 +228,6 @@ class KeyServerTestCase(EndpointTestCase): private_key = RSA.generate(2048) jwk = RSAKey(key=private_key.publickey()).serialize() payload = self._test_jwt_payload - payload.pop('kid') token = jwt.encode(payload, private_key.exportKey('PEM'), 'RS256') # Publish a new key @@ -243,8 +238,7 @@ class KeyServerTestCase(EndpointTestCase): }, data=jwk, expected_code=202) # Rotate that new key - payload['kid'] = 'kid420' - token = jwt.encode(payload, private_key.exportKey('PEM'), 'RS256') + token = jwt.encode(payload, private_key.exportKey('PEM'), 'RS256', headers={'kid': 'kid420'}) self.putResponse('key_server.put_service_key', service='sample_service', kid='kid6969', headers={ 'Authorization': 'Bearer %s' % token, @@ -254,7 +248,7 @@ class KeyServerTestCase(EndpointTestCase): # Rotation should only work when signed by the previous key private_key = RSA.generate(2048) jwk = RSAKey(key=private_key.publickey()).serialize() - token = jwt.encode(payload, private_key.exportKey('PEM'), 'RS256') + token = jwt.encode(payload, private_key.exportKey('PEM'), 'RS256', headers={'kid': 'kid420'}) self.putResponse('key_server.put_service_key', service='sample_service', kid='kid6969', headers={ 'Authorization': 'Bearer %s' % token, @@ -272,7 +266,8 @@ class KeyServerTestCase(EndpointTestCase): model.service_keys.approve_service_key('kid123', 1, ServiceKeyApprovalType.SUPERUSER) # Mint a JWT with our test payload - token = jwt.encode(self._test_jwt_payload, private_key.exportKey('PEM'), 'RS256') + token = jwt.encode(self._test_jwt_payload, private_key.exportKey('PEM'), 'RS256', + headers={'kid': 'kid123'}) # Using the credentials of our approved key, delete our unapproved key self.deleteResponse('key_server.delete_service_key', @@ -280,9 +275,8 @@ class KeyServerTestCase(EndpointTestCase): expected_code=204, service='sample_service', kid='kid321') # Attempt to delete a key signed by a key from a different service - bad_payload = self._test_jwt_payload - bad_payload['kid'] = 'kid5' - bad_token = jwt.encode(self._test_jwt_payload, private_key.exportKey('PEM'), 'RS256') + bad_token = jwt.encode(self._test_jwt_payload, private_key.exportKey('PEM'), 'RS256', + headers={'kid': 'kid5'}) self.deleteResponse('key_server.delete_service_key', headers={'Authorization': 'Bearer %s' % bad_token}, expected_code=403, service='sample_service', kid='kid123')