def test_to_jwe(keytype, alg, enc):
msg = Message(a='foo', b='bar', c='tjoho')
_jwe = msg.to_jwe(KEYJAR.get_encrypt_key(keytype, ''), alg=alg, enc=enc)
with pytest.raises(HeaderError):
Message().from_jwt(_jwe, KEYJAR, encalg="RSA-OAEP", encenc=enc)
with pytest.raises(HeaderError):
Message().from_jwt(_jwe, KEYJAR, encenc="A256CBC-HS512", encalg=alg)
def test_to_jwe(keytype, alg, enc):
msg = Message(a="foo", b="bar", c="tjoho")
_jwe = msg.to_jwe(KEYJAR.get_encrypt_key(keytype, ""), alg=alg, enc=enc)
with pytest.raises(HeaderError):
Message().from_jwt(_jwe, KEYJAR, encalg="RSA-OAEP", encenc=enc)
with pytest.raises(HeaderError):
Message().from_jwt(_jwe, KEYJAR, encenc="A256CBC-HS512", encalg=alg)
def test_no_suitable_keys():
keytype = 'RSA'
alg = 'RS256'
msg = Message(a='foo', b='bar', c='tjoho')
_jwt = msg.to_jwt(NEW_KEYJAR.get_signing_key(keytype, '', kid=NEW_KID),
alg)
with pytest.raises(NoSuitableSigningKeys):
Message().from_jwt(_jwt, KEYJAR)
def test_no_suitable_keys():
keytype = "RSA"
alg = "RS256"
msg = Message(a="foo", b="bar", c="tjoho")
_jwt = msg.to_jwt(NEW_KEYJAR.get_signing_key(keytype, "", kid=NEW_KID),
alg)
with pytest.raises(NoSuitableSigningKeys):
Message().from_jwt(_jwt, KEYJAR)
def correct_usage(self, metadata, federation_usage):
"""
Remove MS paths that are marked to be used for another usage
:param metadata: Metadata statement as dictionary
:param federation_usage: In which context this is expected to used.
:return: Filtered Metadata statement.
"""
if 'metadata_statements' in metadata:
_msl = {}
for fo, ms in metadata['metadata_statements'].items():
if not isinstance(ms, Message):
ms = json.loads(ms)
if self.correct_usage(ms, federation_usage=federation_usage):
_msl[fo] = ms
if _msl:
metadata['metadata_statements'] = Message(**_msl)
return metadata
else:
return None
else: # this is the innermost
try:
assert federation_usage == metadata['federation_usage']
except KeyError:
pass
except AssertionError:
return None
return metadata
def test_create_client_metadata_statement():
ms = MetadataStatement()
ORGOP.add_signing_keys(ms)
sms = FOP.pack_metadata_statement(ms)
cms = ClientMetadataStatement(
metadata_statements=Message(**{FOP.iss: sms}),
contacts=['*****@*****.**'])
assert cms
def extend_with_ms(self, req, sms_dict):
"""
Add signed metadata statements to a request
:param req: The request
:param sms_dict: A dictionary with FO IDs as keys and signed metadata
statements (sms) or uris pointing to sms as values.
:return: The updated request
"""
_ms_uri = {}
_ms = {}
for fo, sms in sms_dict.items():
if sms.startswith('http://') or sms.startswith('https://'):
_ms_uri[fo] = sms
else:
_ms[fo] = sms
if _ms:
req['metadata_statements'] = Message(**_ms)
if _ms_uri:
req['metadata_statement_uris'] = Message(**_ms_uri)
return req
def test_get_metadata_statement():
jb = JWKSBundle('')
for iss in ['https://example.org/', 'https://example.com/']:
jb[iss] = build_keyjar(KEYDEFS)[1]
self_signer = InternalSigningService(keyjar=jb['https://example.com/'],
iss='https://example.com/')
op = Operator(self_signer=self_signer, iss='https://example.com/')
req = MetadataStatement(foo='bar')
sms = op.pack_metadata_statement(req, sign_alg='RS256')
sms_dir = {'https://example.com': sms}
req['metadata_statements'] = Message(**sms_dir)
ent = FederationEntity(None, fo_bundle=public_jwks_bundle(jb))
loe = ent.get_metadata_statement(req)
assert loe
def test_json_type_error():
val = '{"key":"A byte string"}'
m = Message()
m.from_json(val)
assert "key" in m
def test_to_dict_with_raw_types():
msg = Message(c_default=[])
content_fixture = {"c_default": []}
_dict = msg.to_dict(lev=1)
assert _dict == content_fixture
def test_to_dict_with_message_obj():
content = Message(a={"a": {"foo": {"bar": [{"bat": []}]}}})
_dict = content.to_dict(lev=0)
content_fixture = {"a": {"a": {"foo": {"bar": [{"bat": []}]}}}}
assert _dict == content_fixture
def test_to_jwe(keytype, alg, enc):
msg = Message(a="foo", b="bar", c="tjoho")
_jwe = msg.to_jwe(KEYJAR.get_encrypt_key(keytype, ""), alg=alg, enc=enc)
msg1 = Message().from_jwe(_jwe, KEYJAR.get_encrypt_key(keytype, ""))
assert msg1 == msg
def test_to_jwt(keytype, alg):
msg = Message(a="foo", b="bar", c="tjoho")
_jwt = msg.to_jwt(KEYJAR.get_signing_key(keytype, ""), alg)
msg1 = Message().from_jwt(_jwt, KEYJAR)
assert msg1 == msg
def _unpack(self, ms_dict, keyjar, cls, jwt_ms=None, liss=None):
"""
:param ms_dict: Metadata statement as a dictionary
:param keyjar: A keyjar with the necessary FO keys
:param cls: What class to map the metadata into
:param jwt_ms: Metadata statement as a JWS
:param liss: List of FO issuer IDs
:return: ParseInfo instance
"""
if liss is None:
liss = []
_pr = ParseInfo()
_pr.input = ms_dict
ms_flag = False
if 'metadata_statements' in ms_dict:
ms_flag = True
for iss, _ms in ms_dict['metadata_statements'].items():
if liss and iss not in liss:
continue
_pr = self._ums(_pr, _ms, keyjar)
if 'metadata_statement_uris' in ms_dict:
ms_flag = True
if self.httpcli:
for iss, url in ms_dict['metadata_statement_uris'].items():
if liss and iss not in liss:
continue
rsp = self.httpcli(method='GET', url=url,
verify=self.verify_ssl)
if rsp.status_code == 200:
_pr = self._ums(_pr, rsp.text, keyjar)
else:
raise ParseError(
'Could not fetch jws from {}'.format(url))
for _ms in _pr.parsed_statement:
if _ms: # can be None
loaded = False
try:
keyjar.import_jwks_as_json(_ms['signing_keys'],
ms_dict['iss'])
except KeyError:
pass
except TypeError:
try:
keyjar.import_jwks(_ms['signing_keys'], ms_dict['iss'])
except Exception as err:
logger.error(err)
raise
else:
loaded = True
else:
loaded = True
if loaded:
logger.debug(
'Loaded signing keys belonging to {} into the '
'keyjar'.format(ms_dict['iss']))
if ms_flag is True and not _pr.parsed_statement:
return _pr
if jwt_ms:
logger.debug("verifying signed JWT: {}".format(jwt_ms))
try:
_pr.result = cls().from_jwt(jwt_ms, keyjar=keyjar)
except MissingSigningKey:
if 'signing_keys' in ms_dict:
try:
_pr.result = self.self_signed(ms_dict, jwt_ms, cls)
except MissingSigningKey as err:
logger.error('Encountered: {}'.format(err))
_pr.error[jwt_ms] = err
except (JWSException, BadSignature, KeyError) as err:
logger.error('Encountered: {}'.format(err))
_pr.error[jwt_ms] = err
else:
_pr.result = ms_dict
if _pr.result and _pr.parsed_statement:
_prr = _pr.result
_res = {}
for x in _pr.parsed_statement:
if x:
_res[get_fo(x)] = x
_msg = Message(**_res)
logger.debug('Resulting metadata statement: {}'.format(_msg))
_pr.result['metadata_statements'] = _msg
return _pr
def test_to_dict_with_message_obj():
content = Message(a={'a': {'foo': {'bar': [{'bat': []}]}}})
_dict = content.to_dict(lev=0)
content_fixture = {'a': {'a': {'foo': {'bar': [{'bat': []}]}}}}
assert _dict == content_fixture
def test_to_jwe(keytype, alg, enc):
msg = Message(a='foo', b='bar', c='tjoho')
_jwe = msg.to_jwe(KEYJAR.get_encrypt_key(keytype, ''), alg=alg, enc=enc)
msg1 = Message().from_jwe(_jwe, KEYJAR.get_encrypt_key(keytype, ''))
assert msg1 == msg
def test_to_jwt(keytype, alg):
msg = Message(a='foo', b='bar', c='tjoho')
_jwt = msg.to_jwt(KEYJAR.get_signing_key(keytype, ''), alg)
msg1 = Message().from_jwt(_jwt, KEYJAR)
assert msg1 == msg