# Copyright (C) 2015 JWCrypto Project Contributors - see LICENSE file import unittest from jwcrypto import jwe from jwcrypto import jwk from jwcrypto import jws from jwcrypto.common import base64url_decode, base64url_encode from jwcrypto.common import json_decode, json_encode # Based on: RFC 7520 EC_Public_Key_3_1 = { "kty": "EC", "kid": "bilbo.baggins@hobbiton.example", "use": "sig", "crv": "P-521", "x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9" "A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt", "y": "[AWS-SECRET-REMOVED]C6pV5OhQHiraVy" "SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1"} EC_Private_Key_3_2 = { "kty": "EC", "kid": "bilbo.baggins@hobbiton.example", "use": "sig", "crv": "P-521", "x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9" "A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt", "y": "[AWS-SECRET-REMOVED]C6pV5OhQHiraVy" "SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1", "d": "AAhRON2r9cqXX1hg-RoI6R1tX5p2rUAYdmpHZoC1XNM56KtscrX6zb" "KipQrCW9CGZH3T4ubpnoTKLDYJ_fF3_rJt"} RSA_Public_Key_3_3 = { "kty": "RSA", "kid": "bilbo.baggins@hobbiton.example", "use": "sig", "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT" "-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqV" "wGU_NsYOYL-[AWS-SECRET-REMOVED]Z6Aj-" "oBHqFEHYpPe7Tpe-[AWS-SECRET-REMOVED]" "3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuC" "LqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5g" "HdrNP5zw", "e": "AQAB"} RSA_Private_Key_3_4 = { "kty": "RSA", "kid": "bilbo.baggins@hobbiton.example", "use": "sig", "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT" "-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqV" "wGU_NsYOYL-[AWS-SECRET-REMOVED]Z6Aj-" "oBHqFEHYpPe7Tpe-[AWS-SECRET-REMOVED]" "3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuC" "LqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5g" "HdrNP5zw", "e": "AQAB", "d": "bWUC9B-EFRIo8kpGfh0ZuyGPvMNKvYWNtB_ikiH9k20eT-O1q_I78e" "iZkpXxXQ0UTEs2LsNRS-8uJbvQ-A1irkwMSMkK1J3XTGgdrhCku9gRld" "Y7sNA_AKZGh-Q661_42rINLRCe8W-nZ34ui_qOfkLnK9QWDDqpaIsA-b" "[AWS-SECRET-REMOVED]BOBdkMXiuFhUq1BU" "6l-DqEiWxqg82sXt2h-LMnT3046AOYJoRioz75tSUQfGCshWTBnP5uDj" "d18kKhyv07lhfSJdrPdM5Plyl21hsFf4L_mHCuoFau7gdsPfHPxxjVOc" "OpBrQzwQ", "p": "3Slxg_DwTXJcb6095RoXygQCAZ5RnAvZlno1yhHtnUex_fp7AZ_9nR" "aO7HX_-[AWS-SECRET-REMOVED]Amr_WCsmG" "peNqQnev1T7IyEsnh8UMt-n5CafhkikzhEsrmndH6LxOrvRJlsPp6Zv8" "bUq0k", "q": "uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs6grT" "8bR_[AWS-SECRET-REMOVED]u2lmKvwqW7an" "V5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxHlSqAZ192zB3pVFJ0" "s7pFc", "dp": "B8PVvXkvJrj2L-GYQ7v3y9r6Kw5g9SahXBwsWUzp19TVlgI-YV85q" "1NIb1rxQtD-IsXXR3-TanevuRPRt5OBOdiMGQp8pbt26gljYfKU_E9xn" "-RULHz0-ed9E9gXLKD4VGngpz-PfQ_q29pk5xWHoJp009Qf1HvChixRX" "59ehik", "dq": "CLDmDGduhylc9o7r84rEUVn7pzQ6PF83Y-iBZx5NT-TpnOZKF1pEr" "[AWS-SECRET-REMOVED]og5iTbwQGIC3gnJK" "bi_7k_vJgGHwHxgPaX2PnvP-zyEkDERuf-ry4c_Z11Cq9AqC2yeL6kdK" "T1cYF8", "qi": "3PiqvXQN0zwMeE-sBvZgi289XP9XCQF3VWqPzMKnIgQp7_Tugo6-N" "ZBKCQsMf3HaEGBjTVJs_jcK8-TRXvaKe-7ZMaQj8VfBdYkssbu0NKDDh" "jJ-[AWS-SECRET-REMOVED]MF6xmujs4qMpP" "z8aaI4"} Symmetric_Key_MAC_3_5 = { "kty": "oct", "kid": "[HEROKU-API-KEY-REMOVED]", "use": "sig", "alg": "HS256", "k": "hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"} Symmetric_Key_Enc_3_6 = { "kty": "oct", "kid": "[HEROKU-API-KEY-REMOVED]", "use": "enc", "alg": "A256GCM", "k": "AAPapAv4LbFbiVawEjagUBluYqN5rhna-8nuldDvOx8"} Payload_plaintext_b64_4 = \ "[AWS-SECRET-REMOVED]cm9kbywgZ29pbmcgb3V0IH" + \ "[AWS-SECRET-REMOVED]9hZCwgYW5kIGlmIHlvdSBk" + \ "[AWS-SECRET-REMOVED]IG5vIGtub3dpbmcgd2hlcm" + \ "UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4" # 4.1 JWS_Protected_Header_4_1_2 = \ "[AWS-SECRET-REMOVED]Z2dpbnNAaG9iYml0b24uZX" + \ "hhbXBsZSJ9" JWS_Signature_4_1_2 = \ "MRjdkly7_-[AWS-SECRET-REMOVED]5NlKtainoFmK" + \ "[AWS-SECRET-REMOVED]nB-BDkoBwA78185hX-Es4J" + \ "IwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8w" + \ "[AWS-SECRET-REMOVED]uW3IS_de3xyIrDaLGdjluP" + \ "xUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_f" + \ "cIe8u9ipH84ogoree7vjbU5y18kDquDg" JWS_compact_4_1_3 = \ "%s.%s.%s" % (JWS_Protected_Header_4_1_2, Payload_plaintext_b64_4, JWS_Signature_4_1_2) JWS_general_4_1_3 = { "payload": Payload_plaintext_b64_4, "signatures": [{ "protected": JWS_Protected_Header_4_1_2, "signature": JWS_Signature_4_1_2}]} JWS_flattened_4_1_3 = { "payload": Payload_plaintext_b64_4, "protected": JWS_Protected_Header_4_1_2, "signature": JWS_Signature_4_1_2} # 4.2 JWS_Protected_Header_4_2_2 = \ "[AWS-SECRET-REMOVED]Z2dpbnNAaG9iYml0b24uZX" + \ "hhbXBsZSJ9" JWS_Signature_4_2_2 = \ "[AWS-SECRET-REMOVED]Oy42miAh2qyBzk1xEsnk2I" + \ "pN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXU" + \ "vdvWXzg-[AWS-SECRET-REMOVED]dNqiVJRmBqrYRX" + \ "e8P_[AWS-SECRET-REMOVED]2Xez2Mlp8cBE5awDzT" + \ "0qI0n6uiP1aCN_2_[AWS-SECRET-REMOVED]bH510a" + \ "6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw" JWS_compact_4_2_3 = \ "%s.%s.%s" % (JWS_Protected_Header_4_2_2, Payload_plaintext_b64_4, JWS_Signature_4_2_2) JWS_general_4_2_3 = { "payload": Payload_plaintext_b64_4, "signatures": [{ "protected": JWS_Protected_Header_4_2_2, "signature": JWS_Signature_4_2_2}]} JWS_flattened_4_2_3 = { "payload": Payload_plaintext_b64_4, "protected": JWS_Protected_Header_4_2_2, "signature": JWS_Signature_4_2_2} # 4.3 JWS_Protected_Header_4_3_2 = \ "[AWS-SECRET-REMOVED]Z2dpbnNAaG9iYml0b24uZX" + \ "hhbXBsZSJ9" JWS_Signature_4_3_2 = \ "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb" + \ "u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv" + \ "AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2" JWS_compact_4_3_3 = \ "%s.%s.%s" % (JWS_Protected_Header_4_3_2, Payload_plaintext_b64_4, JWS_Signature_4_3_2) JWS_general_4_3_3 = { "payload": Payload_plaintext_b64_4, "signatures": [{ "protected": JWS_Protected_Header_4_3_2, "signature": JWS_Signature_4_3_2}]} JWS_flattened_4_3_3 = { "payload": Payload_plaintext_b64_4, "protected": JWS_Protected_Header_4_3_2, "signature": JWS_Signature_4_3_2} # 4.4 JWS_Protected_Header_4_4_2 = \ "[AWS-SECRET-REMOVED]LTRkOWItNDcxYi1iZmQ2LW" + \ "VlZjMxNGJjNzAzNyJ9" JWS_Signature_4_4_2 = "[AWS-SECRET-REMOVED]7p0" JWS_compact_4_4_3 = \ "%s.%s.%s" % (JWS_Protected_Header_4_4_2, Payload_plaintext_b64_4, JWS_Signature_4_4_2) JWS_general_4_4_3 = { "payload": Payload_plaintext_b64_4, "signatures": [{ "protected": JWS_Protected_Header_4_4_2, "signature": JWS_Signature_4_4_2}]} JWS_flattened_4_4_3 = { "payload": Payload_plaintext_b64_4, "protected": JWS_Protected_Header_4_4_2, "signature": JWS_Signature_4_4_2} # 4.5 - TBD, see Issue #4 # 4.6 JWS_Protected_Header_4_6_2 = "eyJhbGciOiJIUzI1NiJ9" JWS_Unprotected_Header_4_6_2 = {"kid": "[HEROKU-API-KEY-REMOVED]"} JWS_Signature_4_6_2 = "[AWS-SECRET-REMOVED]r20" JWS_general_4_6_3 = { "payload": Payload_plaintext_b64_4, "signatures": [{ "protected": JWS_Protected_Header_4_6_2, "header": JWS_Unprotected_Header_4_6_2, "signature": JWS_Signature_4_6_2}]} JWS_flattened_4_6_3 = { "payload": Payload_plaintext_b64_4, "protected": JWS_Protected_Header_4_6_2, "header": JWS_Unprotected_Header_4_6_2, "signature": JWS_Signature_4_6_2} # 4.7 JWS_Unprotected_Header_4_7_2 = {"alg": "HS256", "kid": "[HEROKU-API-KEY-REMOVED]"} JWS_Signature_4_7_2 = "[AWS-SECRET-REMOVED]Zuk" JWS_general_4_7_3 = { "payload": Payload_plaintext_b64_4, "signatures": [{ "header": JWS_Unprotected_Header_4_7_2, "signature": JWS_Signature_4_7_2}]} JWS_flattened_4_7_3 = { "payload": Payload_plaintext_b64_4, "header": JWS_Unprotected_Header_4_7_2, "signature": JWS_Signature_4_7_2} # 4.8 JWS_Protected_Header_4_8_2 = "eyJhbGciOiJSUzI1NiJ9" JWS_Unprotected_Header_4_8_2 = {"kid": "bilbo.baggins@hobbiton.example"} JWS_Signature_4_8_2 = \ "MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5NvyG53uoimic1tcMdSg-qpt" + \ "rzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFcryNFiHkSw129EghGpwkpxaTn_THJTC" + \ "glNbADko1MZBCdwzJxwqZc-1RlpO2HibUYyXSwO97BSe0_evZKdjvvKSgsIqjy" + \ "tKSeAMbhMBdMma622_[AWS-SECRET-REMOVED]PUqB" + \ "BCXbYoQJwt7mxPftHmNlGoOSMxR_3thmXTCm4US-xiNOyhbm8afKK64jU6_TPt" + \ "QHiJeQJxz9G3Tx-083B745_AfYOnlC9w" JWS_Unprotected_Header_4_8_3 = {"alg": "ES512", "kid": "bilbo.baggins@hobbiton.example"} JWS_Signature_4_8_3 = \ "ARcVLnaJJaUWG8fG-[AWS-SECRET-REMOVED]kn9Yb" + \ "[AWS-SECRET-REMOVED]cI3Jkl2U5IX3utNhODH6v7" + \ "[AWS-SECRET-REMOVED]gV3q7ZYhm5eD" JWS_Protected_Header_4_8_4 = \ "[AWS-SECRET-REMOVED]LTRkOWItNDcxYi1iZmQ2LW" + \ "VlZjMxNGJjNzAzNyJ9" JWS_Signature_4_8_4 = "[AWS-SECRET-REMOVED]7p0" JWS_general_4_8_5 = { "payload": Payload_plaintext_b64_4, "signatures": [ {"protected": JWS_Protected_Header_4_8_2, "header": JWS_Unprotected_Header_4_8_2, "signature": JWS_Signature_4_8_2}, {"header": JWS_Unprotected_Header_4_8_3, "signature": JWS_Signature_4_8_3}, {"protected": JWS_Protected_Header_4_8_4, "signature": JWS_Signature_4_8_4}]} class Cookbook08JWSTests(unittest.TestCase): def test_4_1_signing(self): plaintext = base64url_decode(Payload_plaintext_b64_4) protected = \ base64url_decode(JWS_Protected_Header_4_1_2).decode('utf-8') pub_key = jwk.JWK(**RSA_Public_Key_3_3) pri_key = jwk.JWK(**RSA_Private_Key_3_4) s = jws.JWS(payload=plaintext) s.add_signature(pri_key, None, protected) self.assertEqual(JWS_compact_4_1_3, s.serialize(compact=True)) s.deserialize(json_encode(JWS_general_4_1_3), pub_key) s.deserialize(json_encode(JWS_flattened_4_1_3), pub_key) def test_4_2_signing(self): plaintext = base64url_decode(Payload_plaintext_b64_4) protected = \ base64url_decode(JWS_Protected_Header_4_2_2).decode('utf-8') pub_key = jwk.JWK(**RSA_Public_Key_3_3) pri_key = jwk.JWK(**RSA_Private_Key_3_4) s = jws.JWS(payload=plaintext) s.add_signature(pri_key, None, protected) # Can't compare signature with reference because RSASSA-PSS uses # random nonces every time a signature is generated. sig = s.serialize() s.deserialize(sig, pub_key) # Just deserialize each example form s.deserialize(JWS_compact_4_2_3, pub_key) s.deserialize(json_encode(JWS_general_4_2_3), pub_key) s.deserialize(json_encode(JWS_flattened_4_2_3), pub_key) def test_4_3_signing(self): plaintext = base64url_decode(Payload_plaintext_b64_4) protected = \ base64url_decode(JWS_Protected_Header_4_3_2).decode('utf-8') pub_key = jwk.JWK(**EC_Public_Key_3_1) pri_key = jwk.JWK(**EC_Private_Key_3_2) s = jws.JWS(payload=plaintext) s.add_signature(pri_key, None, protected) # Can't compare signature with reference because ECDSA uses # random nonces every time a signature is generated. sig = s.serialize() s.deserialize(sig, pub_key) # Just deserialize each example form s.deserialize(JWS_compact_4_3_3, pub_key) s.deserialize(json_encode(JWS_general_4_3_3), pub_key) s.deserialize(json_encode(JWS_flattened_4_3_3), pub_key) def test_4_4_signing(self): plaintext = base64url_decode(Payload_plaintext_b64_4) protected = \ base64url_decode(JWS_Protected_Header_4_4_2).decode('utf-8') key = jwk.JWK(**Symmetric_Key_MAC_3_5) s = jws.JWS(payload=plaintext) s.add_signature(key, None, protected) sig = s.serialize(compact=True) s.deserialize(sig, key) self.assertEqual(sig, JWS_compact_4_4_3) # Just deserialize each example form s.deserialize(JWS_compact_4_4_3, key) s.deserialize(json_encode(JWS_general_4_4_3), key) s.deserialize(json_encode(JWS_flattened_4_4_3), key) def test_4_6_signing(self): plaintext = base64url_decode(Payload_plaintext_b64_4) protected = \ base64url_decode(JWS_Protected_Header_4_6_2).decode('utf-8') header = json_encode(JWS_Unprotected_Header_4_6_2) key = jwk.JWK(**Symmetric_Key_MAC_3_5) s = jws.JWS(payload=plaintext) s.add_signature(key, None, protected, header) sig = s.serialize() s.deserialize(sig, key) self.assertEqual(json_decode(sig), JWS_flattened_4_6_3) # Just deserialize each example form s.deserialize(json_encode(JWS_general_4_6_3), key) s.deserialize(json_encode(JWS_flattened_4_6_3), key) def test_4_7_signing(self): plaintext = base64url_decode(Payload_plaintext_b64_4) header = json_encode(JWS_Unprotected_Header_4_7_2) key = jwk.JWK(**Symmetric_Key_MAC_3_5) s = jws.JWS(payload=plaintext) s.add_signature(key, None, None, header) sig = s.serialize() s.deserialize(sig, key) self.assertEqual(json_decode(sig), JWS_flattened_4_7_3) # Just deserialize each example form s.deserialize(json_encode(JWS_general_4_7_3), key) s.deserialize(json_encode(JWS_flattened_4_7_3), key) def test_4_8_signing(self): plaintext = base64url_decode(Payload_plaintext_b64_4) s = jws.JWS(payload=plaintext) # 4_8_2 protected = \ base64url_decode(JWS_Protected_Header_4_8_2).decode('utf-8') header = json_encode(JWS_Unprotected_Header_4_8_2) pri_key = jwk.JWK(**RSA_Private_Key_3_4) s.add_signature(pri_key, None, protected, header) # 4_8_3 header = json_encode(JWS_Unprotected_Header_4_8_3) pri_key = jwk.JWK(**EC_Private_Key_3_2) s.add_signature(pri_key, None, None, header) # 4_8_4 protected = \ base64url_decode(JWS_Protected_Header_4_8_4).decode('utf-8') sym_key = jwk.JWK(**Symmetric_Key_MAC_3_5) s.add_signature(sym_key, None, protected) sig = s.serialize() # Can't compare signature with reference because ECDSA uses # random nonces every time a signature is generated. rsa_key = jwk.JWK(**RSA_Public_Key_3_3) ec_key = jwk.JWK(**EC_Public_Key_3_1) s.deserialize(sig, rsa_key) s.deserialize(sig, ec_key) s.deserialize(sig, sym_key) # Just deserialize each example form s.deserialize(json_encode(JWS_general_4_8_5), rsa_key) s.deserialize(json_encode(JWS_general_4_8_5), ec_key) s.deserialize(json_encode(JWS_general_4_8_5), sym_key) # 5.0 Payload_plaintext_5 = \ b"You can trust us to stick with you through thick and " + \ b"thin\xe2\x80\x93to the bitter end. And you can trust us to " + \ b"keep any secret of yours\xe2\x80\x93closer than you keep it " + \ b"yourself. But you cannot trust us to let you face trouble " + \ b"alone, and go off without a word. We are your friends, Frodo." # 5.1 RSA_key_5_1_1 = { "kty": "RSA", "kid": "frodo.baggins@hobbiton.example", "use": "enc", "n": "[AWS-SECRET-REMOVED]Lj8NnPU9XIYegT" "HVHQjxKDSHP2l-F5jS7sppG1wgdAqZyhnWvXhYNvcM7RfgKxqNx_xAHx" "6f3yy7s-[AWS-SECRET-REMOVED]t5fS9W5U" "NwaAllhrd-osQGPjIeI1deHTwx-ZTHu3C60Pu_LJIl6hKn9wbwaUmA4c" "[AWS-SECRET-REMOVED]zV0WOKPfA6OPI4oy" "[AWS-SECRET-REMOVED]2e_VOIKVMsnDrJYA" "VotGlvMQ", "e": "AQAB", "d": "[AWS-SECRET-REMOVED]nJN7ZEi963R7wy" "bQ1PLAHmpIbNTztfrheoAniRV1NCIqXaW_qS461xiDTp4ntEPnqcKsyO" "5jMAji7-[AWS-SECRET-REMOVED]USZ_hLg6" "[AWS-SECRET-REMOVED]rdE6fpLc9Oaq-qeP" "1GFULimrRdndm-P8q8kvN3KHlNAtEgrQAgTTgz80S-3VD0FgWfgnb1PN" "miuPUxO8OpI9KDIfu_acc6fg14nsNaJqXe6RESvhGPH2afjHqSy_Fd2v" "pzj85bQQ", "p": "[AWS-SECRET-REMOVED]nUE3sdTYKSLtaE" "oekX9vbBZuWxHdVhM6UnKCJ_2iNk8Z0ayLYHL0_G21aXf9-unynEpUsH" "[AWS-SECRET-REMOVED]lOH-a3QQlDDQoJOJ" "2VFmU", "q": "te8LY4-[AWS-SECRET-REMOVED]wiQ93_V" "F099aP1ESeLja2nw-6iKIe-qT7mtCPozKfVtUYfz5HrJ_XY2kfexJINb" "9lhZHMv5p1skZpeIS-GPHCC6gRlKo1q-idn_qxyusfWv7WAxlSVfQfk8" "d6Et0", "dp": "UfYKcL_or492vVc0PzwLSplbg4L3-Z5wL48mwiswbpzOyIgd2xHTH" "QmjJpFAIZ8q-[AWS-SECRET-REMOVED]17JV" "RDo1inX7x2Kdh8ERCreW8_4zXItuTl_KiXZNU5lvMQjWbIw2eTx1lpsf" "lo0rYU", "dq": "iEgcO-QfpepdH8FWd7mUFyrXdnOkXJBCogChY6YKuIHGc_p8Le9Mb" "pFKESzEaLlN1Ehf3B6oGBl5Iz_ayUlZj2IoQZ82znoUrpa9fVYNot87A" "CfzIG7q9Mv7RiPAderZi03tkVXAdaBau_9vs5rS-7HMtxkVrxSUvJY14" "TkXlHE", "qi": "kC-lzZOqoFaZCr5l0tOVtREKoVqaAYhQiqIRGL-MzS4sCmRkxm5vZ" "lXYx6RtE1n_[AWS-SECRET-REMOVED]QpSc7" "[AWS-SECRET-REMOVED]L6fG9mkDcIyPrBXx" "2bQ_mM"} JWE_IV_5_1_2 = "bbd5sTkYwhAIqfHsx8DayA" JWE_Encrypted_Key_5_1_3 = \ "laLxI0j-nLH-_[AWS-SECRET-REMOVED]1WClnQePF" + \ "vG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2G" + \ "[AWS-SECRET-REMOVED]H77f2ff7xiSxh9oSewYrcG" + \ "[AWS-SECRET-REMOVED]7Mv1rOTOI5I8NQqeXXW8Vl" + \ "[AWS-SECRET-REMOVED]EecelIO1wx1BpyIfgvfjOh" + \ "MBs9M8XL223Fg47xlGsMXdfuY-4jaqVw" JWE_Protected_Header_5_1_4 = \ "[AWS-SECRET-REMOVED]YWdnaW5zQGhvYmJpdG9uLm" + \ "[AWS-SECRET-REMOVED]0" JWE_Ciphertext_5_1_4 = \ "0fys_TY_[AWS-SECRET-REMOVED]vGZ4_FNVSiGc_r" + \ "aa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8O" + \ "[AWS-SECRET-REMOVED]dQKPdNTjPPEmRqcaGeTWZV" + \ "[AWS-SECRET-REMOVED]M_s8uwIFcqt4r5GX8TKaI0" + \ "zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2" + \ "O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VW" + \ "i7lzA6BP430m" JWE_Authentication_Tag_5_1_4 = "kvKuFBXHe5mQr4lqgobAUg" JWE_compact_5_1_5 = \ "%s.%s.%s.%s.%s" % (JWE_Protected_Header_5_1_4, JWE_Encrypted_Key_5_1_3, JWE_IV_5_1_2, JWE_Ciphertext_5_1_4, JWE_Authentication_Tag_5_1_4) JWE_general_5_1_5 = { "recipients": [{ "encrypted_key": JWE_Encrypted_Key_5_1_3}], "protected": JWE_Protected_Header_5_1_4, "iv": JWE_IV_5_1_2, "ciphertext": JWE_Ciphertext_5_1_4, "tag": JWE_Authentication_Tag_5_1_4} JWE_flattened_5_1_5 = { "protected": JWE_Protected_Header_5_1_4, "encrypted_key": JWE_Encrypted_Key_5_1_3, "iv": JWE_IV_5_1_2, "ciphertext": JWE_Ciphertext_5_1_4, "tag": JWE_Authentication_Tag_5_1_4} # 5.2 RSA_key_5_2_1 = { "kty": "RSA", "kid": "samwise.gamgee@hobbiton.example", "use": "enc", "n": "[AWS-SECRET-REMOVED]2-5zVUxa6prHRr" "[AWS-SECRET-REMOVED]BioZBl1XP2e-C-Fy" "[AWS-SECRET-REMOVED]fpGrZLarohiWCPnk" "Nrg71S2CuNZSQBIPGjXfkmIy2tl_VWgGnL22GplyXj5YlBLdxXp3XeSt" "[AWS-SECRET-REMOVED]iwA7sXRItBCivR4M" "5qnZtdw-7v4WuR4779ubDuJ5nalMv2S66-RPcnFAzWSKxtBDnFJJDGIU" "e7Tzizjg1nms0Xq_yPub_UOlWn0ec85FCft1hACpWG8schrOBeNqHBOD" "FskYpUc2LC5JA2TaPF2dA67dg1TTsC_FupfQ2kNGcE1LgprxKHcVWYQb" "86B-HozjHZcqtauBzFNV5tbTuB-TpkcvJfNcFLlH3b8mb-H_ox35FjqB" "SAjLKyoeqfKTpVjvXhd09knwgJf6VKq6UC418_TOljMVfFTWXUxlnfhO" "[AWS-SECRET-REMOVED]5qFDxDQKis99gcDa" "iCAwM3yEBIzuNeeCa5dartHDb1xEB_HcHSeYbghbMjGfasvKn0aZRsnT" "yC0xhWBlsolZE", "e": "AQAB", "alg": "RSA-OAEP", "d": "n7fzJc3_WG59VEOBTkayzuSMM780OJQuZjN_KbH8lOZG25ZoA7T4Bx" "[AWS-SECRET-REMOVED]jcWZ-oBtVk7gCAWq" "-B3qhfF3izlbkosrzjHajIcY33HBhsy4_WerrXg4MDNE4HYojy68TcxT" "[AWS-SECRET-REMOVED]ewfmmrfveEogLx9E" "A-KMgAjTiISXxqIXQhWUQX1G7v_mV_Hr2YuImYcNcHkRvp9E7ook0876" "DhkO8v4UOZLwA1OlUX98mkoqwc58A_Y2lBYbVx1_s5lpPsEqbbH-nqIj" "[AWS-SECRET-REMOVED]v-Rn9fLIv9jZ6r7r" "-MSH9sqbuziHN2grGjD_jfRluMHa0l84fFKl6bcqN1JWxPVhzNZo01yD" "F-[AWS-SECRET-REMOVED]q3jDIsgoL8Mo1L" "oomgiJxUwL_GWEOGu28gplyzm-9Q0U0nyhEf1uhSR8aJAQWAiFImWH5W" "_IQT9I7-yrindr_2fWQ_i1UgMsGzA7aOGzZfPljRy6z-tY_KuBG00-28" "S_aWvjyUc-Alp8AUyKjBZ-7CWH32fGWK48j1t-zomrwjL_mnhsPbGs0c" "9WsWgRzI-K8gE", "p": "7_[AWS-SECRET-REMOVED]XgVy9l9etKgh" "vM4hRkOvbb01kYVuLFmxIkCDtpi-zLCYAdXKrAK3PtSbtzld_XZ9nlsY" "a_QZWpXB_[AWS-SECRET-REMOVED]zD_AC3m" "Y46J961Y2LRnreVwAGNw53p07Db8yD_92pDa97vqcZOdgtybH9q6uma-" "RFNhO1AoiJhYZj69hjmMRXx-x56HO9cnXNbmzNSCFCKnQmn4GQLmRj9s" "fbZRqL94bbtE4_[AWS-SECRET-REMOVED]gP" "gWCv5HoQ", "q": "zqOHk1P6WN_[AWS-SECRET-REMOVED]6Zy" "KQCO-O6mKXtcgE8_Q_hA2kMRcKOcvHil1hqMCNSXlflM7WPRPZu2qCDc" "qssd_uMbP-DqYthH_EzwL9KnYoH7JQFxxmcv5An8oXUtTwk4knKjkIYG" "[AWS-SECRET-REMOVED]n41UlbJ7TCqewzVJ" "[AWS-SECRET-REMOVED]mnfPevSJQBE79-EX" "e2kSwVgOzvt-[AWS-SECRET-REMOVED]epQJ" "JlXXnH8Q", "dp": "[AWS-SECRET-REMOVED]t1jK83_FJA-xn" "x5kA7-1erdHdms_[AWS-SECRET-REMOVED]Q" "J_[AWS-SECRET-REMOVED]LhUpGo1IZuG72F" "ZQ5gTjXoTXC2-[AWS-SECRET-REMOVED]C3i" "[AWS-SECRET-REMOVED]eIQAeEgT_yXcrKGm" "pKdSO08kLBx8VUjkbv_3Pn20Gyu2YEuwpFlM_H1NikuxJNKFGmnAq9Lc" "nwwT0jvoQ", "dq": "[AWS-SECRET-REMOVED]f72O9kLMCfd_1" "VBEqeD-1jjwELKDjck8kOBl5UvohK1oDfSP1DleAy-cnmL29DqWmhgwM" "1ip0CCNmkmsmDSlqkUXDi6sAaZuntyukyflI-qSQ3C_BafPyFaKrt1fg" "[AWS-SECRET-REMOVED]25cfc10wZ9hQNOrI" "[AWS-SECRET-REMOVED]9zwJcSUvODlXBPc2" "AycH6Ci5yjbxt4Ppox_5pjm6xnQkiPgj01GpsUssMmBN7iHVsrE7N2iz" "nBNCeOUIQ", "qi": "FZhClBMywVVjnuUud-05qd5CYU0dK79akAgy9oX6RX6I3IIIPckCc" "iRrokxglZn-omAY5CnCe4KdrnjFOT5YUZE7G_Pg44XgCXaarLQf4hl80" "oPEf6-jJ5Iy6wPRx7G2e8qLxnh9cOdf-kRqgOS3F48Ucvw3ma5V6KGMw" "QqWFeV31XtZ8l5cVI-I3NzBS7qltpUVgz2Ju021eyc7IlqgzR98qKONl" "[AWS-SECRET-REMOVED]ZI1seJiGDizHRUP4" "[AWS-SECRET-REMOVED]6SNMNVcyVS9IWjlq" "8EzqZEKIA"} JWE_IV_5_2_2 = "-nBoKLH0YkLZPSI9" JWE_Encrypted_Key_5_2_3 = \ "[AWS-SECRET-REMOVED]lCiud48LxeolRdtFF4nzQi" + \ "beYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyu" + \ "cvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58" + \ "-[AWS-SECRET-REMOVED]D4_H4Bd7V3u9h8Gkg8Bpx" + \ "KdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pK" + \ "IIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7" + \ "pZfPYDSXZyS0CfKKkMozT_[AWS-SECRET-REMOVED]" + \ "fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe3" + \ "[AWS-SECRET-REMOVED]-xDmMuxC0G7S2rscw5lQQU" + \ "06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5" + \ "Jx9paBpnNmOOKH35j_[AWS-SECRET-REMOVED]ozDR" + \ "s" JWE_Protected_Header_5_2_4 = \ "[AWS-SECRET-REMOVED]c2UuZ2FtZ2VlQGhvYmJpdG" + \ "9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0" JWE_Ciphertext_5_2_4 = \ "o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgR" + \ "L-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEw" + \ "[AWS-SECRET-REMOVED]rsuhw5f-pGYzseva-TUaL8" + \ "iWnctc-[AWS-SECRET-REMOVED]p5fnbYGLa1QUiML" + \ "7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSV" + \ "[AWS-SECRET-REMOVED]bnypNimbM8zVOw" JWE_Authentication_Tag_5_2_4 = "UCGiqJxhBI3IFVdPalHHvA" JWE_compact_5_2_5 = \ "%s.%s.%s.%s.%s" % (JWE_Protected_Header_5_2_4, JWE_Encrypted_Key_5_2_3, JWE_IV_5_2_2, JWE_Ciphertext_5_2_4, JWE_Authentication_Tag_5_2_4) JWE_general_5_2_5 = { "recipients": [{ "encrypted_key": JWE_Encrypted_Key_5_2_3}], "protected": JWE_Protected_Header_5_2_4, "iv": JWE_IV_5_2_2, "ciphertext": JWE_Ciphertext_5_2_4, "tag": JWE_Authentication_Tag_5_2_4} JWE_flattened_5_2_5 = { "protected": JWE_Protected_Header_5_2_4, "encrypted_key": JWE_Encrypted_Key_5_2_3, "iv": JWE_IV_5_2_2, "ciphertext": JWE_Ciphertext_5_2_4, "tag": JWE_Authentication_Tag_5_2_4} # 5.3 Payload_plaintext_5_3_1 = \ b'{"keys":[{"kty":"oct","kid":"77c7e2b8-6e13-45cf-8672-617b5b45' + \ b'243a","use":"enc","alg":"A128GCM","k":"XctOhJAkA-pD9Lh7ZgW_2A' + \ b'"},{"kty":"oct","kid":"[HEROKU-API-KEY-REMOVED]",' + \ b'"use":"enc","alg":"A128KW","k":"GZy6sIZ6wl9NJOKB-jnmVQ"},{"kt' + \ b'y":"oct","kid":"[HEROKU-API-KEY-REMOVED]","use":"' + \ b'enc","alg":"A256GCMKW","k":"qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0N' + \ b'LBvdQstiS8"}]}' Password_5_3_1 = b'entrap_o\xe2\x80\x93peter_long\xe2\x80\x93credit_tun' JWE_IV_5_3_2 = "VBiCzVHNoLiR3F4V82uoTQ" JWE_Encrypted_Key_5_3_3 = \ "[AWS-SECRET-REMOVED]PWdgtURtmeDV1g" JWE_Protected_Header_no_p2x = { "alg": "PBES2-HS512+A256KW", "cty": "jwk-set+json", "enc": "A128CBC-HS256"} JWE_Protected_Header_5_3_4 = \ "[AWS-SECRET-REMOVED]MnMiOiI4UTFTemluYXNSM3" + \ "[AWS-SECRET-REMOVED]Jqd2stc2V0K2pzb24iLCJl" + \ "bmMiOiJBMTI4Q0JDLUhTMjU2In0" JWE_Ciphertext_5_3_4 = \ "23i-[AWS-SECRET-REMOVED]2nsnGIX86vMXqIi6IR" + \ "[AWS-SECRET-REMOVED]EYCNA_XOmzg8yZR9oyjo6l" + \ "TF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb" + \ "6asmas_[AWS-SECRET-REMOVED]3fOoOJbmk2GBQZL" + \ "_[AWS-SECRET-REMOVED]8AtzXFFsx9qKvC982KLKd" + \ "[AWS-SECRET-REMOVED]aS-rCrcD_ePOGSuxvgtrok" + \ "[AWS-SECRET-REMOVED]hJwcmywIyzi4BqRpmdn_N-" + \ "zl5tuJYyuvKhjKv6ihbsV_[AWS-SECRET-REMOVED]" + \ "3kobXZ77ulMwDs4p" JWE_Authentication_Tag_5_3_4 = "0HlwodAhOCILG5SQ2LQ9dg" JWE_compact_5_3_5 = \ "%s.%s.%s.%s.%s" % (JWE_Protected_Header_5_3_4, JWE_Encrypted_Key_5_3_3, JWE_IV_5_3_2, JWE_Ciphertext_5_3_4, JWE_Authentication_Tag_5_3_4) JWE_general_5_3_5 = { "recipients": [{ "encrypted_key": JWE_Encrypted_Key_5_3_3}], "protected": JWE_Protected_Header_5_3_4, "iv": JWE_IV_5_3_2, "ciphertext": JWE_Ciphertext_5_3_4, "tag": JWE_Authentication_Tag_5_3_4} JWE_flattened_5_3_5 = { "protected": JWE_Protected_Header_5_3_4, "encrypted_key": JWE_Encrypted_Key_5_3_3, "iv": JWE_IV_5_3_2, "ciphertext": JWE_Ciphertext_5_3_4, "tag": JWE_Authentication_Tag_5_3_4} # 5.4 EC_key_5_4_1 = { "kty": "EC", "kid": "peregrin.took@tuckborough.example", "use": "enc", "crv": "P-384", "x": "YU4rRUzdmVqmRtWOs2OpDE_[AWS-SECRET-REMOVED]2", "y": "A8-[AWS-SECRET-REMOVED]dtksRJU7D5-SkgaFL1ETP", "d": "iTx2pk7wW-[AWS-SECRET-REMOVED]0IdnYK2xDlZh-j"} JWE_IV_5_4_2 = "mH-G2zVqgztUtnW_" JWE_Encrypted_Key_5_4_3 = \ "0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2" JWE_Protected_Header_no_epk_5_4_4 = { "alg": "ECDH-ES+A128KW", "kid": "peregrin.took@tuckborough.example", "enc": "A128GCM"} JWE_Protected_Header_5_4_4 = \ "[AWS-SECRET-REMOVED]InBlcmVncmluLnRvb2tAdH" + \ "[AWS-SECRET-REMOVED]kiOiJFQyIsImNydiI6IlAt" + \ "[AWS-SECRET-REMOVED]ZF9vWXpCbWF6LUdLRlp1NH" + \ "[AWS-SECRET-REMOVED]J5Ijoic3AzcDVTR2haVkMy" + \ "[AWS-SECRET-REMOVED]NFBnRXdaT3lRVEEtSmRhWT" + \ "h0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0" JWE_Ciphertext_5_4_4 = \ "[AWS-SECRET-REMOVED]OhXgz5NJ76oID7lpnAi_cP" + \ "WJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0" + \ "IgEnj_qfo1hIi-[AWS-SECRET-REMOVED]icQDVCkc" + \ "[AWS-SECRET-REMOVED]NU1ErkjcMqMoT_wtCex3w0" + \ "3XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu" + \ "[AWS-SECRET-REMOVED]4ioYezbS6vTPlQ" JWE_Authentication_Tag_5_4_4 = "WuGzxmcreYjpHGJoa17EBg" JWE_compact_5_4_5 = \ "%s.%s.%s.%s.%s" % (JWE_Protected_Header_5_4_4, JWE_Encrypted_Key_5_4_3, JWE_IV_5_4_2, JWE_Ciphertext_5_4_4, JWE_Authentication_Tag_5_4_4) JWE_general_5_4_5 = { "recipients": [{ "encrypted_key": JWE_Encrypted_Key_5_4_3}], "protected": JWE_Protected_Header_5_4_4, "iv": JWE_IV_5_4_2, "ciphertext": JWE_Ciphertext_5_4_4, "tag": JWE_Authentication_Tag_5_4_4} JWE_flattened_5_4_5 = { "protected": JWE_Protected_Header_5_4_4, "encrypted_key": JWE_Encrypted_Key_5_4_3, "iv": JWE_IV_5_4_2, "ciphertext": JWE_Ciphertext_5_4_4, "tag": JWE_Authentication_Tag_5_4_4} # 5.5 EC_key_5_5_1 = { "kty": "EC", "kid": "meriadoc.brandybuck@buckland.example", "use": "enc", "crv": "P-256", "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8"} JWE_IV_5_5_2 = "yc9N8v5sYyv3iGQT926IUg" JWE_Protected_Header_no_epk_5_5_4 = { "alg": "ECDH-ES", "kid": "meriadoc.brandybuck@buckland.example", "enc": "A128CBC-HS256" } JWE_Protected_Header_5_5_4 = \ "[AWS-SECRET-REMOVED]b2MuYnJhbmR5YnVja0BidW" + \ "[AWS-SECRET-REMOVED]VDIiwiY3J2IjoiUC0yNTYi" + \ "[AWS-SECRET-REMOVED]clhXUXVfdndWT0hIdE5rZF" + \ "[AWS-SECRET-REMOVED]lmR1RUMElqQnBGdzJTUzM0" + \ "[AWS-SECRET-REMOVED]fQ" JWE_Ciphertext_5_5_4 = \ "BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9" + \ "IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_e" + \ "vAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7-" + \ "IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI" + \ "-[AWS-SECRET-REMOVED]4mYpvKDiwmyzGd65KqVw7" + \ "MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ61" + \ "95_JGG2m9Csg" JWE_Authentication_Tag_5_5_4 = "WCCkNa-x4BeB9hIDIfFuhg" JWE_compact_5_5_5 = \ "%s..%s.%s.%s" % (JWE_Protected_Header_5_5_4, JWE_IV_5_5_2, JWE_Ciphertext_5_5_4, JWE_Authentication_Tag_5_5_4) JWE_general_5_5_5 = { "protected": JWE_Protected_Header_5_5_4, "iv": JWE_IV_5_5_2, "ciphertext": JWE_Ciphertext_5_5_4, "tag": JWE_Authentication_Tag_5_5_4} # 5.6 AES_key_5_6_1 = { "kty": "oct", "kid": "[HEROKU-API-KEY-REMOVED]", "use": "enc", "alg": "A128GCM", "k": "XctOhJAkA-pD9Lh7ZgW_2A"} JWE_IV_5_6_2 = "refa467QzzKx6QAB" JWE_Protected_Header_5_6_3 = \ "[AWS-SECRET-REMOVED]ZTEzLTQ1Y2YtODY3Mi02MT" + \ "diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0" JWE_Ciphertext_5_6_3 = \ "JW_i_f52hww_[AWS-SECRET-REMOVED]HP8yZOZG7Y" + \ "hLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zM" + \ "DB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_" + \ "[AWS-SECRET-REMOVED]i-aQpGbSv_F9N4IZAxscj5" + \ "g-NJsUPbjk29-[AWS-SECRET-REMOVED]9aKZSRSIn" + \ "ZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp" JWE_Authentication_Tag_5_6_3 = "vbb32Xvllea2OtmHAdccRQ" JWE_compact_5_6_4 = \ "%s..%s.%s.%s" % (JWE_Protected_Header_5_6_3, JWE_IV_5_6_2, JWE_Ciphertext_5_6_3, JWE_Authentication_Tag_5_6_3) JWE_general_5_6_4 = { "protected": JWE_Protected_Header_5_6_3, "iv": JWE_IV_5_6_2, "ciphertext": JWE_Ciphertext_5_6_3, "tag": JWE_Authentication_Tag_5_6_3} # 5.7 - A256GCMKW not implemented yet AES_key_5_7_1 = { "kty": "oct", "kid": "[HEROKU-API-KEY-REMOVED]", "use": "enc", "alg": "A256GCMKW", "k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8"} JWE_IV_5_7_2 = "gz6NjyEFNm_vm8Gj6FwoFQ" JWE_Encrypted_Key_5_7_3 = "lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok" JWE_Protected_Header_no_ivtag = { "alg": "A256GCMKW", "kid": "[HEROKU-API-KEY-REMOVED]", "enc": "A128CBC-HS256"} JWE_Protected_Header_5_7_4 = \ "[AWS-SECRET-REMOVED]MDhlMS1iZmE5LTRkOTUtYj" + \ "[AWS-SECRET-REMOVED]ZRM1QzSDZ2bmV3dC0ta3N3" + \ "[AWS-SECRET-REMOVED]IjoiQTEyOENCQy1IUzI1Ni" + \ "J9" JWE_Ciphertext_5_7_4 = \ "Jf5p9-ZhJlJy_IQ_[AWS-SECRET-REMOVED]pS8iaE" + \ "[AWS-SECRET-REMOVED]ZKX0gxKdy6HgLvqoGNbZCz" + \ "LjqcpDiF8q2_[AWS-SECRET-REMOVED]wzZaGV3eFq" + \ "hpco8o4DijXaG5_[AWS-SECRET-REMOVED]Azw9Hde" + \ "b6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0Jtj" + \ "[AWS-SECRET-REMOVED]V98QhrKEnR7xKZ3KCr0_qR" + \ "1B-gxpNk3xWU" JWE_Authentication_Tag_5_7_4 = "DKW7jrb4WaRSNfbXVPlT5g" JWE_compact_5_7_5 = \ "%s.%s.%s.%s.%s" % (JWE_Protected_Header_5_7_4, JWE_Encrypted_Key_5_7_3, JWE_IV_5_7_2, JWE_Ciphertext_5_7_4, JWE_Authentication_Tag_5_7_4) JWE_general_5_7_5 = { "recipients": [{ "encrypted_key": JWE_Encrypted_Key_5_7_3}], "protected": JWE_Protected_Header_5_7_4, "iv": JWE_IV_5_7_2, "ciphertext": JWE_Ciphertext_5_7_4, "tag": JWE_Authentication_Tag_5_7_4} JWE_flattened_5_7_5 = { "protected": JWE_Protected_Header_5_7_4, "encrypted_key": JWE_Encrypted_Key_5_7_3, "iv": JWE_IV_5_7_2, "ciphertext": JWE_Ciphertext_5_7_4, "tag": JWE_Authentication_Tag_5_7_4} # 5.8 AES_key_5_8_1 = { "kty": "oct", "kid": "[HEROKU-API-KEY-REMOVED]", "use": "enc", "alg": "A128KW", "k": "GZy6sIZ6wl9NJOKB-jnmVQ"} JWE_IV_5_8_2 = "Qx0pmsDa8KnJc9Jo" JWE_Encrypted_Key_5_8_3 = "CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx" JWE_Protected_Header_5_8_4 = \ "[AWS-SECRET-REMOVED]NS04MzMyLTQzZDktYTQ2OC" + \ "[AWS-SECRET-REMOVED]0" JWE_Ciphertext_5_8_4 = \ "AwliP-[AWS-SECRET-REMOVED]dhtFJgJxeVmJkLD6" + \ "[AWS-SECRET-REMOVED]3EkU0vjHi9gTlb90qSYFfe" + \ "[AWS-SECRET-REMOVED]f7ej6zaYcMv3WwdxDFl8RE" + \ "wOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-p" + \ "uQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRa" + \ "a8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF" JWE_Authentication_Tag_5_8_4 = "ER7MWJZ1FBI_NKvn7Zb1Lw" JWE_compact_5_8_5 = \ "%s.%s.%s.%s.%s" % (JWE_Protected_Header_5_8_4, JWE_Encrypted_Key_5_8_3, JWE_IV_5_8_2, JWE_Ciphertext_5_8_4, JWE_Authentication_Tag_5_8_4) JWE_general_5_8_5 = { "recipients": [{ "encrypted_key": JWE_Encrypted_Key_5_8_3}], "protected": JWE_Protected_Header_5_8_4, "iv": JWE_IV_5_8_2, "ciphertext": JWE_Ciphertext_5_8_4, "tag": JWE_Authentication_Tag_5_8_4} JWE_flattened_5_8_5 = { "protected": JWE_Protected_Header_5_8_4, "encrypted_key": JWE_Encrypted_Key_5_8_3, "iv": JWE_IV_5_8_2, "ciphertext": JWE_Ciphertext_5_8_4, "tag": JWE_Authentication_Tag_5_8_4} # 5.9 JWE_IV_5_9_2 = "p9pUq6XHY0jfEZIl" JWE_Encrypted_Key_5_9_3 = "5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi" JWE_Protected_Header_5_9_4 = \ "[AWS-SECRET-REMOVED]NS04MzMyLTQzZDktYTQ2OC" + \ "[AWS-SECRET-REMOVED]wiemlwIjoiREVGIn0" JWE_Ciphertext_5_9_4 = \ "[AWS-SECRET-REMOVED]mMI6VB8hry57tDZ61jXyez" + \ "SPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0" + \ "m-[AWS-SECRET-REMOVED]2PsM-w5E_o2B3jDbrYBK" + \ "[AWS-SECRET-REMOVED]w" JWE_Authentication_Tag_5_9_4 = "VILuUwuIxaLVmh5X-T7kmA" JWE_compact_5_9_5 = \ "%s.%s.%s.%s.%s" % (JWE_Protected_Header_5_9_4, JWE_Encrypted_Key_5_9_3, JWE_IV_5_9_2, JWE_Ciphertext_5_9_4, JWE_Authentication_Tag_5_9_4) JWE_general_5_9_5 = { "recipients": [{ "encrypted_key": JWE_Encrypted_Key_5_9_3}], "protected": JWE_Protected_Header_5_9_4, "iv": JWE_IV_5_9_2, "ciphertext": JWE_Ciphertext_5_9_4, "tag": JWE_Authentication_Tag_5_9_4} JWE_flattened_5_9_5 = { "protected": JWE_Protected_Header_5_9_4, "encrypted_key": JWE_Encrypted_Key_5_9_3, "iv": JWE_IV_5_9_2, "ciphertext": JWE_Ciphertext_5_9_4, "tag": JWE_Authentication_Tag_5_9_4} # 5.10 AAD_5_10_1 = base64url_encode(json_encode( ["vcard", [["version", {}, "text", "4.0"], ["fn", {}, "text", "Meriadoc Brandybuck"], ["n", {}, "text", ["Brandybuck", "Meriadoc", "Mr.", ""]], ["bday", {}, "text", "TA 2982"], ["gender", {}, "text", "M"]]])) JWE_IV_5_10_2 = "veCx9ece2orS7c_N" JWE_Encrypted_Key_5_10_3 = "4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X" JWE_Protected_Header_5_10_4 = \ "[AWS-SECRET-REMOVED]NS04MzMyLTQzZDktYTQ2OC" + \ "[AWS-SECRET-REMOVED]0" JWE_Ciphertext_5_10_4 = \ "Z_[AWS-SECRET-REMOVED]eJ0Ui8p74SchQP8xygM1" + \ "[AWS-SECRET-REMOVED]_4NFqF-p2Mx8zkbKxI7oPK" + \ "8KNarFbyxIDvICNqBLba-v3uzXBdB89fzOI-Lv4PjOFAQGHrgv1rjXAmKbgkft" + \ "9cB4WeyZw8MldbBhc-V_KWZslrsLNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4a" + \ "[AWS-SECRET-REMOVED]1C6HxLIlqHhCwXDG59weHr" + \ "RDQeHyMRoBljoV3X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV" JWE_Authentication_Tag_5_10_4 = "vOaH_Rajnpy_3hOtqvZHRA" JWE_general_5_10_5 = { "recipients": [{ "encrypted_key": JWE_Encrypted_Key_5_10_3}], "protected": JWE_Protected_Header_5_10_4, "iv": JWE_IV_5_10_2, "aad": AAD_5_10_1, "ciphertext": JWE_Ciphertext_5_10_4, "tag": JWE_Authentication_Tag_5_10_4} JWE_flattened_5_10_5 = { "protected": JWE_Protected_Header_5_10_4, "encrypted_key": JWE_Encrypted_Key_5_10_3, "iv": JWE_IV_5_10_2, "aad": AAD_5_10_1, "ciphertext": JWE_Ciphertext_5_10_4, "tag": JWE_Authentication_Tag_5_10_4} # 5.11 JWE_IV_5_11_2 = "WgEJsDS9bkoXQ3nR" JWE_Encrypted_Key_5_11_3 = "jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H" JWE_Protected_Header_5_11_4 = "eyJlbmMiOiJBMTI4R0NNIn0" JWE_Ciphertext_5_11_4 = \ "[AWS-SECRET-REMOVED]qLL2DM3swKkjOwQyZtWsFL" + \ "YMj5YeLht_[AWS-SECRET-REMOVED]4MyOt80MoPb8" + \ "[AWS-SECRET-REMOVED]nTGm_zWhqc_srOvgiLkzyF" + \ "XPq1hBAURbc3-8BqeRb48iR1-_5g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nO" + \ "WL4teUPS8yHLbWeL83olU4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWL" + \ "Hs1NqBbre0dEwK3HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf" JWE_Authentication_Tag_5_11_4 = "fNYLqpUe84KD45lvDiaBAQ" JWE_Unprotected_Header_5_11_5 = { "alg": "A128KW", "kid": "[HEROKU-API-KEY-REMOVED]"} JWE_general_5_11_5 = { "recipients": [{ "encrypted_key": JWE_Encrypted_Key_5_11_3}], "unprotected": JWE_Unprotected_Header_5_11_5, "protected": JWE_Protected_Header_5_11_4, "iv": JWE_IV_5_11_2, "ciphertext": JWE_Ciphertext_5_11_4, "tag": JWE_Authentication_Tag_5_11_4} JWE_flattened_5_11_5 = { "protected": JWE_Protected_Header_5_11_4, "unprotected": JWE_Unprotected_Header_5_11_5, "encrypted_key": JWE_Encrypted_Key_5_11_3, "iv": JWE_IV_5_11_2, "ciphertext": JWE_Ciphertext_5_11_4, "tag": JWE_Authentication_Tag_5_11_4} # 5.11 JWE_IV_5_12_2 = "YihBoVOGsR1l7jCD" JWE_Encrypted_Key_5_12_3 = "244YHfO_W7RMpQW81UjQrZcq5LSyqiPv" JWE_Ciphertext_5_12_4 = \ "[AWS-SECRET-REMOVED]T1uq-arsVCPaIeFwQfzrSS" + \ "[AWS-SECRET-REMOVED]P3eqQPb4Ic1SDSqyXjw_L3" + \ "[AWS-SECRET-REMOVED]omqeifVPq5GTCWFo5k_MNI" + \ "[AWS-SECRET-REMOVED]u_mvifMYiikfNfsZAudISO" + \ "a6O73yPZtL04k_[AWS-SECRET-REMOVED]dY-bQz4Z" + \ "4KX9lfz1cne31N4-8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF" JWE_Authentication_Tag_5_12_4 = "e2m0Vm7JvjK2VpCKXS-kyg" JWE_Unprotected_Header_5_12_5 = { "alg": "A128KW", "kid": "[HEROKU-API-KEY-REMOVED]", "enc": "A128GCM"} JWE_general_5_12_5 = { "recipients": [{ "encrypted_key": JWE_Encrypted_Key_5_12_3}], "unprotected": JWE_Unprotected_Header_5_12_5, "iv": JWE_IV_5_12_2, "ciphertext": JWE_Ciphertext_5_12_4, "tag": JWE_Authentication_Tag_5_12_4} JWE_flattened_5_12_5 = { "unprotected": JWE_Unprotected_Header_5_12_5, "encrypted_key": JWE_Encrypted_Key_5_12_3, "iv": JWE_IV_5_12_2, "ciphertext": JWE_Ciphertext_5_12_4, "tag": JWE_Authentication_Tag_5_12_4} # 5.13 - A256GCMKW not implemented yet # In general we can't compare ciphertexts with the reference because # either the algorithms use random nonces to authenticate the ciphertext # or we randomly generate the nonce when we create the JWe. # To double check implementation we encrypt/decrypt our own input and then # decrypt the reference and check it against the given plaintext class Cookbook08JWETests(unittest.TestCase): def test_5_1_encryption(self): plaintext = Payload_plaintext_5 protected = base64url_decode(JWE_Protected_Header_5_1_4) rsa_key = jwk.JWK(**RSA_key_5_1_1) e = jwe.JWE(plaintext, protected, algs=jwe.default_allowed_algs + ['RSA1_5']) e.add_recipient(rsa_key) enc = e.serialize() e.deserialize(enc, rsa_key) self.assertEqual(e.payload, plaintext) e.deserialize(JWE_compact_5_1_5, rsa_key) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_general_5_1_5), rsa_key) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_flattened_5_1_5), rsa_key) self.assertEqual(e.payload, plaintext) def test_5_2_encryption(self): plaintext = Payload_plaintext_5 protected = base64url_decode(JWE_Protected_Header_5_2_4) rsa_key = jwk.JWK(**RSA_key_5_2_1) e = jwe.JWE(plaintext, protected) e.add_recipient(rsa_key) enc = e.serialize() e.deserialize(enc, rsa_key) self.assertEqual(e.payload, plaintext) e.deserialize(JWE_compact_5_2_5, rsa_key) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_general_5_2_5), rsa_key) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_flattened_5_2_5), rsa_key) self.assertEqual(e.payload, plaintext) def test_5_3_encryption(self): plaintext = Payload_plaintext_5_3_1 [PASSWORD-REMOVED] unicodepwd = Password_5_3_1.decode('utf8') e = jwe.JWE(plaintext, json_encode(JWE_Protected_Header_no_p2x)) e.add_recipient(password) e.serialize(compact=True) enc = e.serialize() e.deserialize(enc, unicodepwd) self.assertEqual(e.payload, plaintext) e.deserialize(JWE_compact_5_3_5, password) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_general_5_3_5), unicodepwd) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_flattened_5_3_5), password) self.assertEqual(e.payload, plaintext) def test_5_4_encryption(self): plaintext = Payload_plaintext_5 protected = json_encode(JWE_Protected_Header_no_epk_5_4_4) ec_key = jwk.JWK(**EC_key_5_4_1) e = jwe.JWE(plaintext, protected) e.add_recipient(ec_key) enc = e.serialize(compact=True) e.deserialize(enc, ec_key) self.assertEqual(e.payload, plaintext) e.deserialize(JWE_compact_5_4_5, ec_key) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_general_5_4_5), ec_key) self.assertEqual(e.payload, plaintext) def test_5_5_encryption(self): plaintext = Payload_plaintext_5 protected = json_encode(JWE_Protected_Header_no_epk_5_5_4) ec_key = jwk.JWK(**EC_key_5_5_1) e = jwe.JWE(plaintext, protected) e.add_recipient(ec_key) enc = e.serialize(compact=True) e.deserialize(enc, ec_key) self.assertEqual(e.payload, plaintext) e.deserialize(JWE_compact_5_5_5, ec_key) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_general_5_5_5), ec_key) self.assertEqual(e.payload, plaintext) def test_5_6_encryption(self): plaintext = Payload_plaintext_5 protected = base64url_decode(JWE_Protected_Header_5_6_3) aes_key = jwk.JWK(**AES_key_5_6_1) e = jwe.JWE(plaintext, protected) e.add_recipient(aes_key) e.serialize(compact=True) enc = e.serialize() e.deserialize(enc, aes_key) self.assertEqual(e.payload, plaintext) e.deserialize(JWE_compact_5_6_4, aes_key) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_general_5_6_4), aes_key) self.assertEqual(e.payload, plaintext) def test_5_7_encryption(self): plaintext = Payload_plaintext_5 aes_key = jwk.JWK(**AES_key_5_7_1) e = jwe.JWE(plaintext, json_encode(JWE_Protected_Header_no_ivtag)) e.add_recipient(aes_key) enc = e.serialize(compact=True) e.deserialize(enc, aes_key) self.assertEqual(e.payload, plaintext) e.deserialize(JWE_compact_5_7_5, aes_key) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_general_5_7_5), aes_key) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_flattened_5_7_5), aes_key) self.assertEqual(e.payload, plaintext) def test_5_8_encryption(self): plaintext = Payload_plaintext_5 protected = base64url_decode(JWE_Protected_Header_5_8_4) aes_key = jwk.JWK(**AES_key_5_8_1) e = jwe.JWE(plaintext, protected) e.add_recipient(aes_key) enc = e.serialize() e.deserialize(enc, aes_key) self.assertEqual(e.payload, plaintext) e.deserialize(JWE_compact_5_8_5, aes_key) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_general_5_8_5), aes_key) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_flattened_5_8_5), aes_key) self.assertEqual(e.payload, plaintext) def test_5_9_encryption(self): plaintext = Payload_plaintext_5 protected = base64url_decode(JWE_Protected_Header_5_9_4) aes_key = jwk.JWK(**AES_key_5_8_1) e = jwe.JWE(plaintext, protected) e.add_recipient(aes_key) enc = e.serialize() e.deserialize(enc, aes_key) self.assertEqual(e.payload, plaintext) e.deserialize(JWE_compact_5_9_5, aes_key) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_general_5_9_5), aes_key) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_flattened_5_9_5), aes_key) self.assertEqual(e.payload, plaintext) def test_5_10_encryption(self): plaintext = Payload_plaintext_5 protected = base64url_decode(JWE_Protected_Header_5_10_4) aad = base64url_decode(AAD_5_10_1) aes_key = jwk.JWK(**AES_key_5_8_1) e = jwe.JWE(plaintext, protected, aad=aad) e.add_recipient(aes_key) enc = e.serialize() e.deserialize(enc, aes_key) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_general_5_10_5), aes_key) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_flattened_5_10_5), aes_key) self.assertEqual(e.payload, plaintext) def test_5_11_encryption(self): plaintext = Payload_plaintext_5 protected = base64url_decode(JWE_Protected_Header_5_11_4) unprotected = json_encode(JWE_Unprotected_Header_5_11_5) aes_key = jwk.JWK(**AES_key_5_8_1) e = jwe.JWE(plaintext, protected, unprotected) e.add_recipient(aes_key) enc = e.serialize() e.deserialize(enc, aes_key) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_general_5_11_5), aes_key) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_flattened_5_11_5), aes_key) self.assertEqual(e.payload, plaintext) def test_5_12_encryption(self): plaintext = Payload_plaintext_5 unprotected = json_encode(JWE_Unprotected_Header_5_12_5) aes_key = jwk.JWK(**AES_key_5_8_1) e = jwe.JWE(plaintext, None, unprotected) e.add_recipient(aes_key) enc = e.serialize() e.deserialize(enc, aes_key) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_general_5_12_5), aes_key) self.assertEqual(e.payload, plaintext) e.deserialize(json_encode(JWE_flattened_5_12_5), aes_key) self.assertEqual(e.payload, plaintext) # 5.13 - AES-GCM key wrapping not implemented yet # def test_5_13_encryption(self):