authentik.enterprise.endpoints.connectors.agent.tests.test_apple_jwe
1from base64 import urlsafe_b64decode 2 3from cryptography.hazmat.primitives import serialization 4from cryptography.hazmat.primitives.asymmetric import ec 5from django.test import TestCase 6from jwcrypto.jwe import JWE 7from jwcrypto.jwk import JWK 8 9from authentik.enterprise.endpoints.connectors.agent.http import ( 10 base64url_decode, 11 encrypt_token_with_a256_gcm, 12) 13 14 15class TestAppleJWE(TestCase): 16 17 def test_encrypt(self): 18 data = {"foo": "bar"} 19 apv = ( 20 "AAAABUFwcGxlAAAAQQTFgZOospN6KbkhXhx1lfa-AKYxjEfJhTJrkpdEY_srMmkPzS7VN0Bzt2AtNBEXE" 21 "aphDONiP2Mq6Oxytv5JKOxHAAAAJDgyOThERkY5LTVFMUUtNEUwMS04OEUwLUI3QkQzOUM4QjA3Qw" 22 ) 23 key = ec.generate_private_key(curve=ec.SECP256R1()) 24 pub = ( 25 key.public_key() 26 .public_bytes( 27 encoding=serialization.Encoding.PEM, 28 format=serialization.PublicFormat.SubjectPublicKeyInfo, 29 ) 30 .decode() 31 ) 32 res = encrypt_token_with_a256_gcm(data, pub, base64url_decode(apv)) 33 parsed = JWE() 34 parsed.deserialize(res, JWK.from_pyca(key)) 35 payload = parsed.payload 36 self.assertEqual(payload, b'{"foo": "bar"}') 37 self.assertEqual(parsed.jose_header["apv"], apv) 38 self.assertEqual(parsed.jose_header["typ"], "platformsso-login-response+jwt") 39 self.assertIn(b"APPLE", urlsafe_b64decode(parsed.jose_header["apu"]))
class
TestAppleJWE(django.test.testcases.TestCase):
16class TestAppleJWE(TestCase): 17 18 def test_encrypt(self): 19 data = {"foo": "bar"} 20 apv = ( 21 "AAAABUFwcGxlAAAAQQTFgZOospN6KbkhXhx1lfa-AKYxjEfJhTJrkpdEY_srMmkPzS7VN0Bzt2AtNBEXE" 22 "aphDONiP2Mq6Oxytv5JKOxHAAAAJDgyOThERkY5LTVFMUUtNEUwMS04OEUwLUI3QkQzOUM4QjA3Qw" 23 ) 24 key = ec.generate_private_key(curve=ec.SECP256R1()) 25 pub = ( 26 key.public_key() 27 .public_bytes( 28 encoding=serialization.Encoding.PEM, 29 format=serialization.PublicFormat.SubjectPublicKeyInfo, 30 ) 31 .decode() 32 ) 33 res = encrypt_token_with_a256_gcm(data, pub, base64url_decode(apv)) 34 parsed = JWE() 35 parsed.deserialize(res, JWK.from_pyca(key)) 36 payload = parsed.payload 37 self.assertEqual(payload, b'{"foo": "bar"}') 38 self.assertEqual(parsed.jose_header["apv"], apv) 39 self.assertEqual(parsed.jose_header["typ"], "platformsso-login-response+jwt") 40 self.assertIn(b"APPLE", urlsafe_b64decode(parsed.jose_header["apu"]))
Similar to TransactionTestCase, but use transaction.atomic() to achieve
test isolation.
In most situations, TestCase should be preferred to TransactionTestCase as it allows faster execution. However, there are some situations where using TransactionTestCase might be necessary (e.g. testing some transactional behavior).
On database backends with no transaction support, TestCase behaves as TransactionTestCase.
def
test_encrypt(self):
18 def test_encrypt(self): 19 data = {"foo": "bar"} 20 apv = ( 21 "AAAABUFwcGxlAAAAQQTFgZOospN6KbkhXhx1lfa-AKYxjEfJhTJrkpdEY_srMmkPzS7VN0Bzt2AtNBEXE" 22 "aphDONiP2Mq6Oxytv5JKOxHAAAAJDgyOThERkY5LTVFMUUtNEUwMS04OEUwLUI3QkQzOUM4QjA3Qw" 23 ) 24 key = ec.generate_private_key(curve=ec.SECP256R1()) 25 pub = ( 26 key.public_key() 27 .public_bytes( 28 encoding=serialization.Encoding.PEM, 29 format=serialization.PublicFormat.SubjectPublicKeyInfo, 30 ) 31 .decode() 32 ) 33 res = encrypt_token_with_a256_gcm(data, pub, base64url_decode(apv)) 34 parsed = JWE() 35 parsed.deserialize(res, JWK.from_pyca(key)) 36 payload = parsed.payload 37 self.assertEqual(payload, b'{"foo": "bar"}') 38 self.assertEqual(parsed.jose_header["apv"], apv) 39 self.assertEqual(parsed.jose_header["typ"], "platformsso-login-response+jwt") 40 self.assertIn(b"APPLE", urlsafe_b64decode(parsed.jose_header["apu"]))