def test_get_enc_not_mine(self):
ks = KeyJar()
ks.add_kb(
"",
KeyBundle(
[
{"kty": "oct", "key": "a1b2c3d4e5f6g7h8", "use": "sig"},
{"kty": "oct", "key": "a1b2c3d4e5f6g7h8", "use": "enc"},
]
),
)
ks.add_kb(
"http://www.example.org/",
KeyBundle(
[
{"kty": "oct", "key": "1a2b3c4d5e6f7g8h", "use": "sig"},
{"kty": "oct", "key": "1a2b3c4d5e6f7g8h", "use": "enc"},
]
),
)
ks.add_kb(
"http://www.example.org/",
keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]),
)
assert ks.get("enc", "oct", "http://www.example.org/")
def test_items(self):
issuer = KeyIssuer()
issuer.add_kb(
KeyBundle([
{
"kty": "oct",
"key": "abcdefghijklmnop",
"use": "sig"
},
{
"kty": "oct",
"key": "ABCDEFGHIJKLMNOP",
"use": "enc"
},
]))
issuer.add_kb(
KeyBundle([
{
"kty": "oct",
"key": "0123456789012345",
"use": "sig"
},
{
"kty": "oct",
"key": "1234567890123456",
"use": "enc"
},
]))
issuer.add_kb(keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]))
assert len(issuer.all_keys()) == 5
def test_dump_issuer_keys(self):
kb = keybundle_from_local_file("file://%s/jwk.json" % BASE_PATH,
"jwks", ["sig"])
assert len(kb) == 1
kj = KeyJar()
kj.issuer_keys[""] = [kb]
_jwks_dict = kj.export_jwks()
_info = _jwks_dict['keys'][0]
assert _info == {
'use':
'sig',
'e':
'AQAB',
'kty':
'RSA',
'alg':
'RS256',
'n':
'pKybs0WaHU_y4cHxWbm8Wzj66HtcyFn7Fh3n'
'-99qTXu5yNa30MRYIYfSDwe9JVc1JUoGw41yq2StdGBJ40HxichjE'
'-Yopfu3B58Q'
'lgJvToUbWD4gmTDGgMGxQxtv1En2yedaynQ73sDpIK-12JJDY55pvf'
'-PCiSQ9OjxZLiVGKlClDus44_uv2370b9IN2JiEOF-a7JB'
'qaTEYLPpXaoKWDSnJNonr79tL0T7iuJmO1l705oO3Y0TQ'
'-INLY6jnKG_RpsvyvGNnwP9pMvcP1phKsWZ10ofuuhJGRp8IxQL9Rfz'
'T87OvF0RBSO1U73h09YP-corWDsnKIi6TbzRpN5YDw',
'kid':
'abc'
}
def test_get_enc_not_mine(self):
issuer = KeyIssuer()
issuer.add_kb(
KeyBundle([
{
"kty": "oct",
"key": "a1b2c3d4e5f6g7h8",
"use": "sig"
},
{
"kty": "oct",
"key": "a1b2c3d4e5f6g7h8",
"use": "enc"
},
]))
issuer.add_kb(
KeyBundle([
{
"kty": "oct",
"key": "1a2b3c4d5e6f7g8h",
"use": "sig"
},
{
"kty": "oct",
"key": "1a2b3c4d5e6f7g8h",
"use": "ver"
},
]))
issuer.add_kb(keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]))
assert issuer.get("enc", "oct")
def test_items(self):
ks = KeyJar()
ks.add_kb(
"",
KeyBundle(
[
{"kty": "oct", "key": "abcdefghijklmnop", "use": "sig"},
{"kty": "oct", "key": "ABCDEFGHIJKLMNOP", "use": "enc"},
]
),
)
ks.add_kb(
"http://www.example.org",
KeyBundle(
[
{"kty": "oct", "key": "0123456789012345", "use": "sig"},
{"kty": "oct", "key": "1234567890123456", "use": "enc"},
]
),
)
ks.add_kb(
"http://www.example.org",
keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]),
)
assert len(ks.items()) == 2
def test_issuer_extra_slash(self):
ks = KeyJar()
ks.add_kb(
"",
KeyBundle(
[
{"kty": "oct", "key": "abcdefghijklmnop", "use": "sig"},
{"kty": "oct", "key": "ABCDEFGHIJKLMNOP", "use": "enc"},
]
),
)
ks.add_kb(
"http://www.example.org",
KeyBundle(
[
{"kty": "oct", "key": "0123456789012345", "use": "sig"},
{"kty": "oct", "key": "1234567890123456", "use": "enc"},
]
),
)
ks.add_kb(
"http://www.example.org",
keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]),
)
assert ks.get("sig", "RSA", "http://www.example.org/")
def test_keybundle_from_local_der():
kb = keybundle_from_local_file(
"{}".format(os.path.join(BASE_PATH, 'rsa.key')), "der", ['enc'])
assert len(kb) == 1
keys = kb.get('rsa')
assert len(keys) == 1
assert isinstance(keys[0], RSAKey)
def test_dump_issuer_keys(self):
kb = keybundle_from_local_file("file://%s/jwk.json" % BASE_PATH,
"jwks", ["sig"])
assert len(kb) == 1
kj = KeyJar()
kj.add_kb("", kb)
_jwks_dict = kj.export_jwks()
_info = _jwks_dict["keys"][0]
assert _info == {
"use":
"sig",
"e":
"AQAB",
"kty":
"RSA",
"alg":
"RS256",
"n":
"pKybs0WaHU_y4cHxWbm8Wzj66HtcyFn7Fh3n"
"-99qTXu5yNa30MRYIYfSDwe9JVc1JUoGw41yq2StdGBJ40HxichjE"
"-Yopfu3B58Q"
"lgJvToUbWD4gmTDGgMGxQxtv1En2yedaynQ73sDpIK-12JJDY55pvf"
"-PCiSQ9OjxZLiVGKlClDus44_uv2370b9IN2JiEOF-a7JB"
"qaTEYLPpXaoKWDSnJNonr79tL0T7iuJmO1l705oO3Y0TQ"
"-INLY6jnKG_RpsvyvGNnwP9pMvcP1phKsWZ10ofuuhJGRp8IxQL9Rfz"
"T87OvF0RBSO1U73h09YP-corWDsnKIi6TbzRpN5YDw",
"kid":
"abc",
}
def test_ec_keybundle_from_local_der():
kb = keybundle_from_local_file("{}".format(EC0), "der", ["enc"], keytype="EC")
assert len(kb) == 1
keys = kb.get("ec")
assert len(keys) == 1
_key = keys[0]
assert _key.kid
assert isinstance(_key, ECKey)
def test_keybundle_from_local_der():
kb = keybundle_from_local_file("{}".format(RSA0), "der", ["enc"])
assert len(kb) == 1
keys = kb.get("rsa")
assert len(keys) == 1
_key = keys[0]
assert isinstance(_key, RSAKey)
assert _key.kid
def do_provider_info(self, client=None, state=''):
"""
Either get the provider info from configuration or through dynamic
discovery.
:param client: A Client instance
:param state: A key by which the state of the session can be
retrieved
:return: issuer ID
"""
if not client:
if state:
client = self.get_client_from_session_key(state)
else:
raise ValueError('Missing state/session key')
if not client.service_context.get('provider_info'):
dynamic_provider_info_discovery(client)
return client.service_context.get('provider_info')['issuer']
else:
_pi = client.service_context.get('provider_info')
for key, val in _pi.items():
# All service endpoint parameters in the provider info has
# a name ending in '_endpoint' so I can look specifically
# for those
if key.endswith("_endpoint"):
for _srv in client.service_context.service.values():
# Every service has an endpoint_name assigned
# when initiated. This name *MUST* match the
# endpoint names used in the provider info
if _srv.endpoint_name == key:
_srv.endpoint = val
if 'keys' in _pi:
_kj = client.service_context.keyjar
for typ, _spec in _pi['keys'].items():
if typ == 'url':
for _iss, _url in _spec.items():
_kj.add_url(_iss, _url)
elif typ == 'file':
for kty, _name in _spec.items():
if kty == 'jwks':
_kj.import_jwks_from_file(
_name,
client.service_context.get('issuer'))
elif kty == 'rsa': # PEM file
_kb = keybundle_from_local_file(
_name, "der", ["sig"])
_kj.add_kb(
client.service_context.get('issuer'), _kb)
else:
raise ValueError(
'Unknown provider JWKS type: {}'.format(typ))
try:
return client.service_context.get('provider_info')['issuer']
except KeyError:
return client.service_context.get('issuer')
def test_key_issuer():
kb = keybundle_from_local_file("file://%s/jwk.json" % BASE_PATH, "jwks", ["sig"])
assert len(kb) == 1
issuer = KeyIssuer()
issuer.add(kb)
_item = item.KeyIssuer().serialize(issuer)
_iss = item.KeyIssuer().deserialize(_item)
assert len(_iss) == 1 # 1 key
assert len(_iss.get("sig", "rsa")) == 1 # 1 RSA key
_kb = _iss[0]
assert kb.difference(_kb) == [] # no difference
def test_keybundle_from_local_der_update():
kb = keybundle_from_local_file(
"file://{}".format(os.path.join(BASE_PATH, 'rsa.key')), "der", ['enc'])
assert len(kb) == 1
keys = kb.get('rsa')
assert len(keys) == 1
assert isinstance(keys[0], RSAKey)
kb.update()
# Nothing should change
assert len(kb) == 1
keys = kb.get('rsa')
assert len(keys) == 1
assert isinstance(keys[0], RSAKey)
def test_update_RSA():
kc = keybundle_from_local_file(RSAKEY, "der", ["sig"])
assert kc.remote is False
assert len(kc.get("oct")) == 0
assert len(kc.get("RSA")) == 1
key = kc.get("RSA")[0]
assert isinstance(key, RSAKey)
kc.update()
assert kc.remote is False
assert len(kc.get("oct")) == 0
assert len(kc.get("RSA")) == 1
key = kc.get("RSA")[0]
assert isinstance(key, RSAKey)
def test_keybundle_from_local_der_update():
kb = keybundle_from_local_file("file://{}".format(RSA0), "der", ["enc"])
assert len(kb) == 1
keys = kb.get("rsa")
assert len(keys) == 1
_key = keys[0]
assert _key.kid
assert isinstance(_key, RSAKey)
kb.update()
# Nothing should change
assert len(kb) == 1
keys = kb.get("rsa")
assert len(keys) == 1
_key = keys[0]
assert _key.kid
assert isinstance(_key, RSAKey)
def test_get_enc_not_mine(self):
ks = KeyJar()
ks[""] = KeyBundle([{
"kty": "oct",
"key": "a1b2c3d4e5f6g7h8",
"use": "sig"
}, {
"kty": "oct",
"key": "a1b2c3d4e5f6g7h8",
"use": "enc"
}])
ks["http://www.example.org/"] = KeyBundle([{
"kty": "oct",
"key": "1a2b3c4d5e6f7g8h",
"use": "sig"
}, {
"kty": "oct",
"key": "1a2b3c4d5e6f7g8h",
"use": "ver"
}])
ks["http://www.example.org/"].append(
keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]))
assert ks.get('enc', 'oct', 'http://www.example.org/')
def test_issuer_missing_slash(self):
ks = KeyJar()
ks[""] = KeyBundle([{
"kty": "oct",
"key": "a1b2c3d4e5f6g7h8",
"use": "sig"
}, {
"kty": "oct",
"key": "a1b2c3d4e5f6g7h8",
"use": "enc"
}])
ks["http://www.example.org/"] = KeyBundle([{
"kty": "oct",
"key": "1a2b3c4d5e6f7g8h",
"use": "sig"
}, {
"kty": "oct",
"key": "1a2b3c4d5e6f7g8h",
"use": "enc"
}])
ks["http://www.example.org/"].append(
keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]))
assert ks.get('sig', 'RSA', 'http://www.example.org')
def test_issuer_extra_slash(self):
ks = KeyJar()
ks[""] = KeyBundle([{
"kty": "oct",
"key": "abcdefghijklmnop",
"use": "sig"
}, {
"kty": "oct",
"key": "ABCDEFGHIJKLMNOP",
"use": "enc"
}])
ks["http://www.example.org"] = KeyBundle([{
"kty": "oct",
"key": "0123456789012345",
"use": "sig"
}, {
"kty": "oct",
"key": "1234567890123456",
"use": "enc"
}])
ks["http://www.example.org"].append(
keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"]))
assert ks.get('sig', 'RSA', 'http://www.example.org/')
def test_setitem(self):
kj = KeyJar()
kb = keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"])
kj['https://issuer.example.com'] = kb
assert list(kj.owners()) == ['https://issuer.example.com']
def test_keyjar_add(self):
kj = KeyJar()
kb = keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"])
kj.add_kb('https://issuer.example.com', kb)
assert list(kj.owners()) == ['https://issuer.example.com']
def test_keybundle_from_local_jwks():
kb = keybundle_from_local_file(
"{}".format(os.path.join(BASE_PATH, "jwk.json")), "jwks", ["sig"])
assert len(kb) == 1
def test_keyissuer_add(self):
issuer = KeyIssuer()
kb = keybundle_from_local_file(RSAKEY, "der", ["ver", "sig"])
issuer.add_kb(kb)
assert len(issuer.all_keys()) == 1
