Skip to content

Commit

Permalink
Test warning for backends that support verifying with private keys
Browse files Browse the repository at this point in the history
  • Loading branch information
blag committed Dec 20, 2019
1 parent 74cdac5 commit 58fc6b3
Showing 1 changed file with 18 additions and 6 deletions.
24 changes: 18 additions & 6 deletions tests/test_jws.py
Original file line number Diff line number Diff line change
@@ -1,11 +1,17 @@
import json
import warnings

import pytest

from jose import jwk
from jose import jws
from jose.constants import ALGORITHMS
from jose.exceptions import JWSError

import pytest
try:
from jose.backends.cryptography_backend import CryptographyRSAKey
except ImportError:
CryptographyRSAKey = None


@pytest.fixture
Expand Down Expand Up @@ -291,15 +297,21 @@ def test_wrong_key(self, payload):
with pytest.raises(JWSError):
jws.verify(token, rsa_public_key, ALGORITHMS.HS256)

def test_private_verify(self, payload):
@pytest.mark.pycrypto
@pytest.mark.pycryptodome
@pytest.mark.skipif(CryptographyRSAKey is not None, reason="Cryptography backend outright fails verification")
def test_private_verify_raises_warning(self, payload):
token = jws.sign(payload, rsa_private_key, algorithm='RS256')

# verify with public
dec = jws.verify(token, rsa_public_key, algorithms='RS256')
jws.verify(token, rsa_public_key, algorithms='RS256')

with pytest.raises(JWSError):
# verify with private does not work
dec = jws.verify(token, rsa_private_key, algorithms='RS256')
with warnings.catch_warnings(record=True) as w:
# verify with private raises warning
jws.verify(token, rsa_private_key, algorithms='RS256')

assert ("Attempting to verify a message with a private key. "
"This is not recommended.") == str(w[-1].message)


ec_private_key = """-----BEGIN EC PRIVATE KEY-----
Expand Down

0 comments on commit 58fc6b3

Please sign in to comment.