Test warning for backends that support verifying with private keys

mpdavis · Dec 20, 2019 · 2d7f481 · 2d7f481
1 parent 53327c8
commit 2d7f481
Showing 1 changed file with 18 additions and 6 deletions.
diff --git a/tests/test_jws.py b/tests/test_jws.py
@@ -1,11 +1,17 @@
 import json
+import warnings
+
+import pytest
 
 from jose import jwk
 from jose import jws
 from jose.constants import ALGORITHMS
 from jose.exceptions import JWSError
 
-import pytest
+try:
+    from jose.backends.cryptography_backend import CryptographyRSAKey
+except ImportError:
+    CryptographyRSAKey = None
 
 
 @pytest.fixture
@@ -291,15 +297,21 @@ def test_wrong_key(self, payload):
         with pytest.raises(JWSError):
             jws.verify(token, rsa_public_key, ALGORITHMS.HS256)
 
-    def test_private_verify(self, payload):
+    @pytest.mark.pycrypto
+    @pytest.mark.pycryptodome
+    @pytest.mark.skipif(CryptographyRSAKey is None, reason="Cryptography backend outright fails verification")
+    def test_private_verify_raises_warning(self, payload):
         token = jws.sign(payload, rsa_private_key, algorithm='RS256')
 
         # verify with public
-        dec = jws.verify(token, rsa_public_key, algorithms='RS256')
+        jws.verify(token, rsa_public_key, algorithms='RS256')
 
-        with pytest.raises(JWSError):
-            # verify with private does not work
-            dec = jws.verify(token, rsa_private_key, algorithms='RS256')
+        with warnings.catch_warnings(record=True) as w:
+            # verify with private raises warning
+            jws.verify(token, rsa_private_key, algorithms='RS256')
+
+            assert ("Attempting to verify a message with a private key. "
+                    "This is not recommended.") == str(w[-1].message)
 
 
 ec_private_key = """-----BEGIN EC PRIVATE KEY-----