Beispiel #1
0
    def test_register_client(self):
        federation = Federation(TestOP.federation_key)

        rp_root_key = rsa_key()
        rp_intermediate_key = rsa_key()
        rp_signed_intermediate_key = JWS(
            json.dumps(rp_intermediate_key.serialize(private=False)), alg=rp_root_key.alg
        ).sign_compact(keys=[rp_root_key])
        rp_software_statement = federation.create_software_statement(
            dict(root_key=rp_root_key.serialize(private=False), response_types=["code"])
        )
        client_metadata = {
            "signing_key": rp_signed_intermediate_key,
            "signed_jwks_uri": "https://rp.example.com/signed_jwks",
            "software_statements": [rp_software_statement],
            "redirect_uris": ["https://rp.example.com"],
            "response_types": ["id_token"],
        }
        req = FederationRegistrationRequest(**client_metadata)
        signature = SignedHttpRequest(rp_intermediate_key).sign(rp_intermediate_key.alg, body=req.to_json())

        response = self.op.register_client("pop {}".format(signature), req.to_json())
        client_metadata = json.loads(response.message)
        registration_response = FederationRegistrationResponse().from_dict(client_metadata)
        assert registration_response.verify()
        assert "client_id" in registration_response
        assert registration_response["provider_software_statement"] == self.op.software_statements_jws[0]
        assert registration_response["response_types"] == ["code"]
    def test_sign_registration_request(self):
        rp_root_key = rsa_key()
        rp = RP(None, rp_root_key, [], None, None)

        reg_req = FederationRegistrationRequest(**{"foo": "bar"})
        signed = rp._sign_registration_request(reg_req)
        _jws = JWS()
        assert _jws.is_jws(signed)
        assert _jws.jwt.headers["kid"] == rp.intermediate_key.kid
        assert SignedHttpRequest(rp.intermediate_key).verify(signed, body=reg_req.to_json())