Python JWKSBundle.create_signed_bundle Beispiele

Beispiel #1

Datei: test_x_federation.py Projekt: tingletech/pyoidc

def test_create_fo_keys_bundle():
    jb = JWKSBundle(ORGOP.iss, ORGOP.keyjar)
    jb[FOP.iss] = FOP.keyjar
    jb[FO1P.iss] = FO1P.keyjar
    sb = jb.create_signed_bundle()
    _jw = jws.factory(sb)
    assert _jw

Beispiel #2

Datei: operator.py Projekt: putyta/pyoidc

class FederationOperator(Operator):
    def __init__(self,
                 keyjar=None,
                 fo_keyjar=None,
                 httpcli=None,
                 jwks_file='',
                 iss=None,
                 keyconf=None,
                 bundle_sign_alg='RS256'):

        Operator.__init__(self,
                          keyjar=keyjar,
                          fo_keyjar=fo_keyjar,
                          httpcli=httpcli,
                          iss=iss,
                          jwks_file=jwks_file)

        if self.keyjar is None:
            self.keyjar = build_keyjar(keyconf)[1]
            if jwks_file:
                fp = open(jwks_file, 'w')
                fp.write(json.dumps(self.keyjar.export_jwks(private=True)))
                fp.close()

        self.keyconf = keyconf
        self.bundle_sign_alg = bundle_sign_alg
        self.jb = JWKSBundle(iss, self.keyjar)

    def public_keys(self):
        return self.keyjar.export_jwks()

    def rotate_keys(self, keyconf=None):
        _old = [k.kid for k in self.keyjar.get_issuers_keys('') if k.kid]

        if keyconf:
            self.keyjar = build_keyjar(keyconf, keyjar=self.keyjar)[1]
        else:
            self.keyjar = build_keyjar(self.keyconf, keyjar=self.keyjar)[1]

        for k in self.keyjar.get_issuers_keys(''):
            if k.kid in _old:
                if not k.inactive_since:
                    k.inactive_since = time.time()

    def export_jwks(self):
        return self.keyjar.export_jwks()

    def add_to_bundle(self, fo, jwks):
        self.jb[fo] = jwks

    def remove_from_bundle(self, fo):
        del self.jb[fo]

    def export_bundle(self):
        return self.jb.create_signed_bundle(sign_alg=self.bundle_sign_alg)

Beispiel #3

Datei: test_x_fed_key_bundle.py Projekt: tingletech/pyoidc

def test_create_verify():
    jb = JWKSBundle('iss', SignKeyJar)
    for iss, op in OPERATOR.items():
        jb[op.iss] = op.keyjar

    _jws = jb.create_signed_bundle()
    _jwks = SignKeyJar.export_jwks()
    kj = KeyJar()
    kj.import_jwks(_jwks, 'iss')
    bundle = verify_signed_bundle(_jws, kj)

    assert bundle

Beispiel #4

Datei: test_x_federation.py Projekt: tingletech/pyoidc

def test_create_verify_fo_keys_bundle():
    jb = JWKSBundle(ORGOP.iss, ORGOP.keyjar)
    jb[FOP.iss] = FOP.keyjar
    jb[FO1P.iss] = FO1P.keyjar
    sb = jb.create_signed_bundle()

    kj = KeyJar()
    kj.add_keyjar(ORGOP.keyjar)

    # Necessary since otherwise it won't find the key
    kj.issuer_keys[ORGOP.iss] = kj.issuer_keys['']

    _jwt = verify_signed_bundle(sb, kj)
    bundle = json.loads(_jwt["bundle"])
    assert set(bundle.keys()) == {FOP.iss, FO1P.iss}