def init_oidc_rp_handler(app): _jwks_def = app.config.get('KEYS') _jwks_def['public_path'] = _jwks_def['public_path'].format(dir_path) _jwks_def['private_path'] = _jwks_def['private_path'].format(dir_path) _kj = init_key_jar(**_jwks_def) rph = RPHandler(base_url=app.config.get('BASE_URL'), hash_seed="BabyHoldOn", keyjar=_kj, jwks_path=app.config.get('PUBLIC_JWKS_PATH'), client_configs=app.config.get('CLIENTS'), services=app.config.get('SERVICES'), verify_ssl=app.config.get('VERIFY_SSL')) return rph
def __init__(self, config, key_jar_conf=None, client_authn_factory=None): if key_jar_conf: _kj = init_key_jar(**key_jar_conf) else: _kj = None self.service_context = ServiceContext(config=config, keyjar=_kj) caf = client_authn_factory or ca_factory sdb = DB() self.service = {} self.service['token'] = AccessToken( service_context=self.service_context, state_db=sdb, client_authn_factory=caf) self.service['refresh_token'] = RefreshAccessToken( service_context=self.service_context, state_db=sdb, client_authn_factory=caf) self.http = requests.request
def init_oidc_op_endpoints(app): _config = app.config.get('CONFIG') _server_info_config = _config['server_info'] for path,val in app.config.get('PATH').items(): pos = _server_info_config part = path.split(':') for p in part[:-1]: try: pos = pos[p] except TypeError: p = int(p) pos = pos[p] pos[part[-1]] = val.format(folder) _jwks_def = _server_info_config['jwks'] _jwks_def['public_path'] = _jwks_def['public_path'].format(folder) _jwks_def['private_path'] = _jwks_def['private_path'].format(folder) _kj = init_key_jar(iss=_server_info_config['issuer'], **_jwks_def) # _jwks = _kj.export_jwks_as_json(True, '') # _kj.import_jwks_as_json(_jwks, ) cookie_dealer = CookieDealer(**_server_info_config['cookie_dealer']) endpoint_context = EndpointContext(_server_info_config, keyjar=_kj, cwd=folder, cookie_dealer=cookie_dealer) cookie_dealer.endpoint_context = endpoint_context for endp in endpoint_context.endpoint.values(): p = urlparse(endp.endpoint_path) _vpath = p.path.split('/') if _vpath[0] == '': endp.vpath = _vpath[1:] else: endp.vpath = _vpath return endpoint_context
from oidcendpoint.user_authn.authn_context import INTERNETPROTOCOLPASSWORD from oidcmsg.key_jar import init_key_jar from oidcop.cookie import CookieDealer KEYDEFS = [{ "type": "RSA", "key": '', "use": ["sig"] }, { "type": "EC", "crv": "P-256", "use": ["sig"] }] KEYJAR = init_key_jar('public.jwks', 'private.jwks', KEYDEFS) class TestCookieDealer(object): @pytest.fixture(autouse=True) def create_cookie_dealer(self): conf = { "issuer": "https://example.com/", "password": "******", "token_expires_in": 600, "grant_expires_in": 300, "refresh_token_expires_in":
#!/usr/bin/env python3 import importlib import json import os import sys from urllib.parse import quote_plus from oidcmsg.key_jar import init_key_jar for _dir in ['public', 'private']: if not os.path.isdir(_dir): os.makedirs(_dir) sys.path.insert(0, '.') config = importlib.import_module('conf') sys.path.pop(0) kj = init_key_jar(**config.client_config['federation']['self_signer']) ent_id = quote_plus(config.client_config['federation']['entity_id']) enrolement_info = { 'entity_id': config.client_config['federation']['entity_id'], 'signing_keys': kj.export_jwks_as_json(), 'metadata_endpoint': '{}/metadata'.format(config.BASEURL) } fp = open('enrollment_info', 'w') fp.write(json.dumps(enrolement_info)) fp.close()
'tools.staticdir.dir': os.path.join(folder, 'static'), 'tools.staticdir.debug': True, 'tools.staticdir.on': True, 'tools.staticdir.content_types': { 'json': 'application/json', 'jwks': 'application/json', 'jose': 'application/jose' }, 'log.screen': True, 'cors.expose_public.on': True }} _server_info_config = config.CONFIG['server_info'] _jwks_config = _server_info_config['jwks'] _kj = init_key_jar(iss=_server_info_config['issuer'], **_jwks_config) cookie_dealer = CookieDealer(**_server_info_config['cookie_dealer']) endpoint_context = EndpointContext(_server_info_config, keyjar=_kj, cwd=folder, cookie_dealer=cookie_dealer) for endp in endpoint_context.endpoint.values(): p = urlparse(endp.endpoint_path) _vpath = p.path.split('/') if _vpath[0] == '': endp.vpath = _vpath[1:] else: endp.vpath = _vpath cherrypy.tree.mount(
parser.add_argument('-k', dest='insecure', action='store_true') parser.add_argument(dest="config") args = parser.parse_args() folder = os.path.abspath(os.curdir) sys.path.insert(0, ".") config = importlib.import_module(args.config) cprp = importlib.import_module('cprp') if args.port: _base_url = "{}:{}".format(config.BASEURL, args.port) else: _base_url = config.BASEURL _kj = init_key_jar(**config.RP_CONFIG['jwks']) if args.insecure: verify_ssl = False else: verify_ssl = True rph = RPHandler(base_url=_base_url, hash_seed="BabyDriver", keyjar=_kj, jwks_path=config.RP_CONFIG['jwks_url_path'], client_configs=config.CLIENTS, service_factory=factory, client_cls=oidc.RP, verify_ssl=verify_ssl) client = rph.init_client('') print(client.service_context.federation_entity.entity_id)
import json import os import sys from urllib.parse import quote_plus from oidcmsg.key_jar import init_key_jar for _dir in ['public', 'private']: if not os.path.isdir(_dir): os.makedirs(_dir) sys.path.insert(0, '.') config = importlib.import_module('conf') sys.path.pop(0) kj = init_key_jar( **config.CONFIG['provider']['server_info']['federation']['self_signer']) iss = config.CONFIG['provider']['server_info']['issuer'] ent_id = quote_plus(iss) enrolement_info = { 'entity_id': iss, 'signing_keys': kj.export_jwks_as_json(), 'metadata_endpoint': '{}/metadata'.format(iss) } fp = open('enrollment_info', 'w') fp.write(json.dumps(enrolement_info)) fp.close()
if __name__ == '__main__': import argparse parser = argparse.ArgumentParser() parser.add_argument(dest="config") args = parser.parse_args() folder = os.path.abspath(os.curdir) sys.path.insert(0, ".") config = importlib.import_module(args.config) _provider_config = config.CONFIG['provider'] _server_info_config = config.CONFIG['server_info'] _jwks_config = _server_info_config['jwks'] _kj = init_key_jar(private_path=_jwks_config['private_path'], key_defs=_provider_config['key_defs'], public_path=_jwks_config['local_path']) endpoint_context = EndpointContext(config.CONFIG['server_info'], keyjar=_kj, cwd=folder) op = OpenIDProvider(config, endpoint_context) pi_endpoint = op.endpoint_context.endpoint['provider_info'] _conf = pi_endpoint.provider_info_with_signing_keys() fp = open('provider_info.json', 'w') fp.write(_conf.to_json()) fp.close()
from oidcmsg.message import Message from oidcop.cherryp import OpenIDProvider for _dir in ['sms/discovery', 'sms/response', 'private', 'public', 'static']: if not os.path.isdir(_dir): os.makedirs(_dir) folder = os.path.abspath(os.curdir) sys.path.insert(0, ".") config = importlib.import_module(sys.argv[1]) _provider_config = config.CONFIG['provider'] _server_info_config = _provider_config['server_info'] _jwks_config = _provider_config['jwks'] _kj = init_key_jar(**_jwks_config) endpoint_context = EndpointContext(_server_info_config, keyjar=_kj, cwd=folder) for endp in endpoint_context.endpoint.values(): p = urlparse(endp.endpoint_path) _vpath = p.path.split('/') if _vpath[0] == '': endp.vpath = _vpath[1:] else: endp.vpath = _vpath op = OpenIDProvider(config, endpoint_context) _info = ProviderConfigurationResponse(**op.endpoint_context.provider_info) SUNET_OP = op.endpoint_context.federation_entity
import pytest from oidcmsg.jwt import JWT from oidcmsg.key_jar import init_key_jar from requests import request from fedoidcmsg.entity import FederationEntitySwamid from fedoidcmsg.entity import make_federation_entity _path = os.path.realpath(__file__) root_dir, _fname = os.path.split(_path) KEYDEFS = [{"type": "EC", "crv": "P-256", "use": ["sig"]}] MDSS_KEYJAR = init_key_jar(public_path='mdss_public', private_path='mdss_private', key_defs=KEYDEFS) class TestFederationEntity(object): @pytest.fixture(autouse=True) def create_federation_entity(self): config = { 'self_signer': { 'private_path': '{}/private_jwks'.format(root_dir), 'key_defs': KEYDEFS, 'public_path': '{}/public_jwks'.format(root_dir) }, 'mdss_endpoint': 'https://swamid.sunet.se/mdss', 'mdss_owner': 'https://swamid.sunet.se', 'mdss_keys': 'mdss_public',