def test_jwks_uri(self): self.server.cdb["some_cid"] = { "client_secret": "top secret", "jwks_uri": "https://example.com/key", } check_key_availability(self.server, self.jwt) self.assertTrue("some_cid" in self.server.keyjar) # Two symmetric and one remote self.assertEqual(len(self.server.keyjar["some_cid"]), 3)
def test_jwks(self): self.server.cdb["some_cid"] = { "client_secret": "top secret", "jwks": JWK0 } check_key_availability(self.server, self.jwt) self.assertTrue("some_cid" in self.server.keyjar) # Two symmetric and one remote self.assertEqual(len(self.server.keyjar["some_cid"]), 3)
def verify_client(inst, areq, authn, type_method=TYPE_METHOD): """ Guess authentication method and get client from that. :param inst: Entity instance :param areq: The request :param authn: client authentication information :return: tuple containing client id and client authentication method """ if authn: # HTTP Basic auth (client_secret_basic) cid = get_client_id(inst.cdb, areq, authn) auth_method = "client_secret_basic" elif "client_secret" in areq: # client_secret_post client_id = get_client_id(inst.cdb, areq, authn) logger.debug("Verified Client ID: %s" % client_id) cid = ClientSecretBasic(inst).verify(areq, client_id) auth_method = "client_secret_post" elif "client_assertion" in areq: # client_secret_jwt or private_key_jwt check_key_availability(inst, areq["client_assertion"]) for typ, method in type_method: if areq["client_assertion_type"] == typ: cid, auth_method = method(inst).verify(areq) break else: logger.error( "UnknownAssertionType: {}".format(areq["client_assertion_type"]) ) raise UnknownAssertionType(areq["client_assertion_type"], areq) else: logger.error("Missing client authentication.") raise FailedAuthentication("Missing client authentication.") if isinstance(areq, AccessTokenRequest): try: _method = inst.cdb[cid]["token_endpoint_auth_method"] except KeyError: _method = "client_secret_basic" if _method != auth_method: logger.error( "Wrong authentication method used: {} != {}".format( auth_method, _method ) ) raise FailedAuthentication("Wrong authentication method used") # store which authn method was used where try: inst.cdb[cid]["auth_method"][areq.__class__.__name__] = auth_method except KeyError: try: inst.cdb[cid]["auth_method"] = {areq.__class__.__name__: auth_method} except KeyError: pass return cid
def verify_client(inst, areq, authn, type_method=TYPE_METHOD): """ Initiated Guessing ! :param inst: Entity instance :param areq: The request :param authn: client authentication information :return: tuple containing client id and client authentication method """ if authn: # HTTP Basic auth (client_secret_basic) cid = get_client_id(inst.cdb, areq, authn) auth_method = 'client_secret_basic' elif "client_secret" in areq: # client_secret_post client_id = get_client_id(inst.cdb, areq, authn) logger.debug("Verified Client ID: %s" % client_id) cid = ClientSecretBasic(inst).verify(areq, client_id) auth_method = 'client_secret_post' elif "client_assertion" in areq: # client_secret_jwt or private_key_jwt check_key_availability(inst, areq['client_assertion']) for typ, method in type_method: if areq["client_assertion_type"] == typ: cid, auth_method = method(inst).verify(areq) break else: logger.error('UnknownAssertionType: {}'.format( areq["client_assertion_type"])) raise UnknownAssertionType(areq["client_assertion_type"], areq) else: logger.error("Missing client authentication.") raise FailedAuthentication("Missing client authentication.") if isinstance(areq, AccessTokenRequest): try: _method = inst.cdb[cid]['token_endpoint_auth_method'] except KeyError: _method = 'client_secret_basic' if _method != auth_method: logger.error("Wrong authentication method used: {} != {}".format( auth_method, _method)) raise FailedAuthentication("Wrong authentication method used") # store which authn method was used where try: inst.cdb[cid]['auth_method'][areq.__class__.__name__] = auth_method except KeyError: try: inst.cdb[cid]['auth_method'] = { areq.__class__.__name__: auth_method} except KeyError: pass return cid
def test_none(self): self.server.cdb["some_cid"] = {"client_secret": "top secret"} check_key_availability(self.server, self.jwt) self.assertTrue("some_cid" in self.server.keyjar) # Two symmetric self.assertEqual(len(self.server.keyjar["some_cid"]), 2)