test_endpoints: update to use JWT headers

test/test_endpoints.py

@@ -188,9 +188,6 @@ class WebEndpointTestCase(EndpointTestCase):
     self.getResponse('web.redirect_to_namespace', namespace='devtable', expected_code=302)
     self.getResponse('web.redirect_to_namespace', namespace='buynlarge', expected_code=302)
 
-  def test_jwk_set_uri(self):
-    self.getResponse('web.jwk_set_uri')
-
 
 class KeyServerTestCase(EndpointTestCase):
   _test_jwt_payload = {
@@ -199,7 +196,6 @@ class KeyServerTestCase(EndpointTestCase):
     'exp': int(time.time()) + 60,
     'iat': int(time.time()),
     'nbf': int(time.time()),
-    'kid': 'kid123',
   }
 
   def test_list_service_keys(self):
@@ -232,7 +228,6 @@ class KeyServerTestCase(EndpointTestCase):
     private_key = RSA.generate(2048)
     jwk = RSAKey(key=private_key.publickey()).serialize()
     payload = self._test_jwt_payload
-    payload.pop('kid')
     token = jwt.encode(payload, private_key.exportKey('PEM'), 'RS256')
 
     # Publish a new key
@@ -243,8 +238,7 @@ class KeyServerTestCase(EndpointTestCase):
                      }, data=jwk, expected_code=202)
 
     # Rotate that new key
-    payload['kid'] = 'kid420'
+    token = jwt.encode(payload, private_key.exportKey('PEM'), 'RS256', headers={'kid': 'kid420'})
-    token = jwt.encode(payload, private_key.exportKey('PEM'), 'RS256')
     self.putResponse('key_server.put_service_key', service='sample_service', kid='kid6969',
                      headers={
                        'Authorization': 'Bearer %s' % token,
@@ -254,7 +248,7 @@ class KeyServerTestCase(EndpointTestCase):
     # Rotation should only work when signed by the previous key
     private_key = RSA.generate(2048)
     jwk = RSAKey(key=private_key.publickey()).serialize()
-    token = jwt.encode(payload, private_key.exportKey('PEM'), 'RS256')
+    token = jwt.encode(payload, private_key.exportKey('PEM'), 'RS256', headers={'kid': 'kid420'})
     self.putResponse('key_server.put_service_key', service='sample_service', kid='kid6969',
                      headers={
                        'Authorization': 'Bearer %s' % token,
@@ -272,7 +266,8 @@ class KeyServerTestCase(EndpointTestCase):
     model.service_keys.approve_service_key('kid123', 1, ServiceKeyApprovalType.SUPERUSER)
 
     # Mint a JWT with our test payload
-    token = jwt.encode(self._test_jwt_payload, private_key.exportKey('PEM'), 'RS256')
+    token = jwt.encode(self._test_jwt_payload, private_key.exportKey('PEM'), 'RS256',
+                       headers={'kid': 'kid123'})
 
     # Using the credentials of our approved key, delete our unapproved key
     self.deleteResponse('key_server.delete_service_key',
@@ -280,9 +275,8 @@ class KeyServerTestCase(EndpointTestCase):
                         expected_code=204, service='sample_service', kid='kid321')
 
     # Attempt to delete a key signed by a key from a different service
-    bad_payload = self._test_jwt_payload
+    bad_token = jwt.encode(self._test_jwt_payload, private_key.exportKey('PEM'), 'RS256',
-    bad_payload['kid'] = 'kid5'
+                           headers={'kid': 'kid5'})
-    bad_token = jwt.encode(self._test_jwt_payload, private_key.exportKey('PEM'), 'RS256')
     self.deleteResponse('key_server.delete_service_key',
                         headers={'Authorization': 'Bearer %s' % bad_token},
                         expected_code=403, service='sample_service', kid='kid123')