def test_get_enc_not_mine(self): ks = KeyJar() ks.add_kb( "", KeyBundle( [ {"kty": "oct", "key": "a1b2c3d4e5f6g7h8", "use": "sig"}, {"kty": "oct", "key": "a1b2c3d4e5f6g7h8", "use": "enc"}, ] ), ) ks.add_kb( "http://www.example.org/", KeyBundle( [ {"kty": "oct", "key": "1a2b3c4d5e6f7g8h", "use": "sig"}, {"kty": "oct", "key": "1a2b3c4d5e6f7g8h", "use": "enc"}, ] ), ) ks.add_kb( "http://www.example.org/", keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]), ) assert ks.get("enc", "oct", "http://www.example.org/")
def test_items(self): issuer = KeyIssuer() issuer.add_kb( KeyBundle([ { "kty": "oct", "key": "abcdefghijklmnop", "use": "sig" }, { "kty": "oct", "key": "ABCDEFGHIJKLMNOP", "use": "enc" }, ])) issuer.add_kb( KeyBundle([ { "kty": "oct", "key": "0123456789012345", "use": "sig" }, { "kty": "oct", "key": "1234567890123456", "use": "enc" }, ])) issuer.add_kb(keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"])) assert len(issuer.all_keys()) == 5
def test_dump_issuer_keys(self): kb = keybundle_from_local_file("file://%s/jwk.json" % BASE_PATH, "jwks", ["sig"]) assert len(kb) == 1 kj = KeyJar() kj.issuer_keys[""] = [kb] _jwks_dict = kj.export_jwks() _info = _jwks_dict['keys'][0] assert _info == { 'use': 'sig', 'e': 'AQAB', 'kty': 'RSA', 'alg': 'RS256', 'n': 'pKybs0WaHU_y4cHxWbm8Wzj66HtcyFn7Fh3n' '-99qTXu5yNa30MRYIYfSDwe9JVc1JUoGw41yq2StdGBJ40HxichjE' '-Yopfu3B58Q' 'lgJvToUbWD4gmTDGgMGxQxtv1En2yedaynQ73sDpIK-12JJDY55pvf' '-PCiSQ9OjxZLiVGKlClDus44_uv2370b9IN2JiEOF-a7JB' 'qaTEYLPpXaoKWDSnJNonr79tL0T7iuJmO1l705oO3Y0TQ' '-INLY6jnKG_RpsvyvGNnwP9pMvcP1phKsWZ10ofuuhJGRp8IxQL9Rfz' 'T87OvF0RBSO1U73h09YP-corWDsnKIi6TbzRpN5YDw', 'kid': 'abc' }
def test_get_enc_not_mine(self): issuer = KeyIssuer() issuer.add_kb( KeyBundle([ { "kty": "oct", "key": "a1b2c3d4e5f6g7h8", "use": "sig" }, { "kty": "oct", "key": "a1b2c3d4e5f6g7h8", "use": "enc" }, ])) issuer.add_kb( KeyBundle([ { "kty": "oct", "key": "1a2b3c4d5e6f7g8h", "use": "sig" }, { "kty": "oct", "key": "1a2b3c4d5e6f7g8h", "use": "ver" }, ])) issuer.add_kb(keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"])) assert issuer.get("enc", "oct")
def test_items(self): ks = KeyJar() ks.add_kb( "", KeyBundle( [ {"kty": "oct", "key": "abcdefghijklmnop", "use": "sig"}, {"kty": "oct", "key": "ABCDEFGHIJKLMNOP", "use": "enc"}, ] ), ) ks.add_kb( "http://www.example.org", KeyBundle( [ {"kty": "oct", "key": "0123456789012345", "use": "sig"}, {"kty": "oct", "key": "1234567890123456", "use": "enc"}, ] ), ) ks.add_kb( "http://www.example.org", keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]), ) assert len(ks.items()) == 2
def test_issuer_extra_slash(self): ks = KeyJar() ks.add_kb( "", KeyBundle( [ {"kty": "oct", "key": "abcdefghijklmnop", "use": "sig"}, {"kty": "oct", "key": "ABCDEFGHIJKLMNOP", "use": "enc"}, ] ), ) ks.add_kb( "http://www.example.org", KeyBundle( [ {"kty": "oct", "key": "0123456789012345", "use": "sig"}, {"kty": "oct", "key": "1234567890123456", "use": "enc"}, ] ), ) ks.add_kb( "http://www.example.org", keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]), ) assert ks.get("sig", "RSA", "http://www.example.org/")
def test_keybundle_from_local_der(): kb = keybundle_from_local_file( "{}".format(os.path.join(BASE_PATH, 'rsa.key')), "der", ['enc']) assert len(kb) == 1 keys = kb.get('rsa') assert len(keys) == 1 assert isinstance(keys[0], RSAKey)
def test_dump_issuer_keys(self): kb = keybundle_from_local_file("file://%s/jwk.json" % BASE_PATH, "jwks", ["sig"]) assert len(kb) == 1 kj = KeyJar() kj.add_kb("", kb) _jwks_dict = kj.export_jwks() _info = _jwks_dict["keys"][0] assert _info == { "use": "sig", "e": "AQAB", "kty": "RSA", "alg": "RS256", "n": "pKybs0WaHU_y4cHxWbm8Wzj66HtcyFn7Fh3n" "-99qTXu5yNa30MRYIYfSDwe9JVc1JUoGw41yq2StdGBJ40HxichjE" "-Yopfu3B58Q" "lgJvToUbWD4gmTDGgMGxQxtv1En2yedaynQ73sDpIK-12JJDY55pvf" "-PCiSQ9OjxZLiVGKlClDus44_uv2370b9IN2JiEOF-a7JB" "qaTEYLPpXaoKWDSnJNonr79tL0T7iuJmO1l705oO3Y0TQ" "-INLY6jnKG_RpsvyvGNnwP9pMvcP1phKsWZ10ofuuhJGRp8IxQL9Rfz" "T87OvF0RBSO1U73h09YP-corWDsnKIi6TbzRpN5YDw", "kid": "abc", }
def test_ec_keybundle_from_local_der(): kb = keybundle_from_local_file("{}".format(EC0), "der", ["enc"], keytype="EC") assert len(kb) == 1 keys = kb.get("ec") assert len(keys) == 1 _key = keys[0] assert _key.kid assert isinstance(_key, ECKey)
def test_keybundle_from_local_der(): kb = keybundle_from_local_file("{}".format(RSA0), "der", ["enc"]) assert len(kb) == 1 keys = kb.get("rsa") assert len(keys) == 1 _key = keys[0] assert isinstance(_key, RSAKey) assert _key.kid
def do_provider_info(self, client=None, state=''): """ Either get the provider info from configuration or through dynamic discovery. :param client: A Client instance :param state: A key by which the state of the session can be retrieved :return: issuer ID """ if not client: if state: client = self.get_client_from_session_key(state) else: raise ValueError('Missing state/session key') if not client.service_context.get('provider_info'): dynamic_provider_info_discovery(client) return client.service_context.get('provider_info')['issuer'] else: _pi = client.service_context.get('provider_info') for key, val in _pi.items(): # All service endpoint parameters in the provider info has # a name ending in '_endpoint' so I can look specifically # for those if key.endswith("_endpoint"): for _srv in client.service_context.service.values(): # Every service has an endpoint_name assigned # when initiated. This name *MUST* match the # endpoint names used in the provider info if _srv.endpoint_name == key: _srv.endpoint = val if 'keys' in _pi: _kj = client.service_context.keyjar for typ, _spec in _pi['keys'].items(): if typ == 'url': for _iss, _url in _spec.items(): _kj.add_url(_iss, _url) elif typ == 'file': for kty, _name in _spec.items(): if kty == 'jwks': _kj.import_jwks_from_file( _name, client.service_context.get('issuer')) elif kty == 'rsa': # PEM file _kb = keybundle_from_local_file( _name, "der", ["sig"]) _kj.add_kb( client.service_context.get('issuer'), _kb) else: raise ValueError( 'Unknown provider JWKS type: {}'.format(typ)) try: return client.service_context.get('provider_info')['issuer'] except KeyError: return client.service_context.get('issuer')
def test_key_issuer(): kb = keybundle_from_local_file("file://%s/jwk.json" % BASE_PATH, "jwks", ["sig"]) assert len(kb) == 1 issuer = KeyIssuer() issuer.add(kb) _item = item.KeyIssuer().serialize(issuer) _iss = item.KeyIssuer().deserialize(_item) assert len(_iss) == 1 # 1 key assert len(_iss.get("sig", "rsa")) == 1 # 1 RSA key _kb = _iss[0] assert kb.difference(_kb) == [] # no difference
def test_keybundle_from_local_der_update(): kb = keybundle_from_local_file( "file://{}".format(os.path.join(BASE_PATH, 'rsa.key')), "der", ['enc']) assert len(kb) == 1 keys = kb.get('rsa') assert len(keys) == 1 assert isinstance(keys[0], RSAKey) kb.update() # Nothing should change assert len(kb) == 1 keys = kb.get('rsa') assert len(keys) == 1 assert isinstance(keys[0], RSAKey)
def test_update_RSA(): kc = keybundle_from_local_file(RSAKEY, "der", ["sig"]) assert kc.remote is False assert len(kc.get("oct")) == 0 assert len(kc.get("RSA")) == 1 key = kc.get("RSA")[0] assert isinstance(key, RSAKey) kc.update() assert kc.remote is False assert len(kc.get("oct")) == 0 assert len(kc.get("RSA")) == 1 key = kc.get("RSA")[0] assert isinstance(key, RSAKey)
def test_keybundle_from_local_der_update(): kb = keybundle_from_local_file("file://{}".format(RSA0), "der", ["enc"]) assert len(kb) == 1 keys = kb.get("rsa") assert len(keys) == 1 _key = keys[0] assert _key.kid assert isinstance(_key, RSAKey) kb.update() # Nothing should change assert len(kb) == 1 keys = kb.get("rsa") assert len(keys) == 1 _key = keys[0] assert _key.kid assert isinstance(_key, RSAKey)
def test_get_enc_not_mine(self): ks = KeyJar() ks[""] = KeyBundle([{ "kty": "oct", "key": "a1b2c3d4e5f6g7h8", "use": "sig" }, { "kty": "oct", "key": "a1b2c3d4e5f6g7h8", "use": "enc" }]) ks["http://www.example.org/"] = KeyBundle([{ "kty": "oct", "key": "1a2b3c4d5e6f7g8h", "use": "sig" }, { "kty": "oct", "key": "1a2b3c4d5e6f7g8h", "use": "ver" }]) ks["http://www.example.org/"].append( keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"])) assert ks.get('enc', 'oct', 'http://www.example.org/')
def test_issuer_missing_slash(self): ks = KeyJar() ks[""] = KeyBundle([{ "kty": "oct", "key": "a1b2c3d4e5f6g7h8", "use": "sig" }, { "kty": "oct", "key": "a1b2c3d4e5f6g7h8", "use": "enc" }]) ks["http://www.example.org/"] = KeyBundle([{ "kty": "oct", "key": "1a2b3c4d5e6f7g8h", "use": "sig" }, { "kty": "oct", "key": "1a2b3c4d5e6f7g8h", "use": "enc" }]) ks["http://www.example.org/"].append( keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"])) assert ks.get('sig', 'RSA', 'http://www.example.org')
def test_issuer_extra_slash(self): ks = KeyJar() ks[""] = KeyBundle([{ "kty": "oct", "key": "abcdefghijklmnop", "use": "sig" }, { "kty": "oct", "key": "ABCDEFGHIJKLMNOP", "use": "enc" }]) ks["http://www.example.org"] = KeyBundle([{ "kty": "oct", "key": "0123456789012345", "use": "sig" }, { "kty": "oct", "key": "1234567890123456", "use": "enc" }]) ks["http://www.example.org"].append( keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"])) assert ks.get('sig', 'RSA', 'http://www.example.org/')
def test_setitem(self): kj = KeyJar() kb = keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]) kj['https://issuer.example.com'] = kb assert list(kj.owners()) == ['https://issuer.example.com']
def test_keyjar_add(self): kj = KeyJar() kb = keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]) kj.add_kb('https://issuer.example.com', kb) assert list(kj.owners()) == ['https://issuer.example.com']
def test_keybundle_from_local_jwks(): kb = keybundle_from_local_file( "{}".format(os.path.join(BASE_PATH, "jwk.json")), "jwks", ["sig"]) assert len(kb) == 1
def test_keyissuer_add(self): issuer = KeyIssuer() kb = keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]) issuer.add_kb(kb) assert len(issuer.all_keys()) == 1