def gen_certificate(self, email, ua_pub_key): ttl = time() + self.app.config.get('auth.cert_ttl_in_secs', 86400) certificate_info = { 'exp': ttl, 'iss': self.app.config.get('auth.issuer', 'UNDEFINED'), 'moz-vep-id': email, 'moz-vep-purpose': self.app.config.get('auth.purpose', ''), 'moz-vep-publicKey': ua_pub_key } jws = JWS(config = self.app.config) return jws.sign(certificate_info)
def verify(self, request, **kw): """ Verify an IAR. """ body = '' jws = JWS(config = self.app.config) (content_type, template) = self.get_template_from_request(request) if not jws.verify(request.params.get('iar', '')): body = template.render( request = request, config = self.app.config, error = self.error_codes.get('INVALID')) else: body = template.render(request = request, config = self.app.config) return Response(str(body), content_type = content_type)
def refresh_certificate(self, request, **kw): """ Refresh a given's certificate """ jws = JWS(config = self.app.config) error = None response = None (content_type, template) = self.get_template_from_request(request) uid = self.get_session_uid(request) pub_key = request.params.get('pubkey') if pub_key is None: logger.warn("Request missing pubkey argument") raise HTTPBadRequest() try: cert_info = jws.parse(request.params.get('certificate', None)) if cert_info is None: logger.error('Certificat information missing from request') raise HTTPBadRequest() except JWSException, ex: logger.error('Could not parse JWS object: %s ' % str(ex)) raise HTTPBadRequest()
class TestJWS(unittest.TestCase): # Please use valid credentials and targets good_credentials = {'email': '*****@*****.**', 'password': '******'} default_params = {'sid': '123abc', 'output': 'json', 'audience': 'test.example.com'} user_info = {'uid': 'test_api_1', 'pemail': '*****@*****.**', 'emails': {'*****@*****.**': {'state': 'verified'}, '*****@*****.**': {'state': 'pending'}} } config = { 'oidstorage.backend': 'oidserver.storage.memory.MemoryStorage', 'oid.host': 'http://*****:*****@example.org', 'oid.reply_to': '*****@*****.**', 'oid.admin_page': True, 'test.nomail': True, 'global.debug_page': '__debug__', 'jws.rsa_key_path': 'oidserver/tests/keys/test_rsa' } payload = {'a':1, 'b':2} # TO GENERATE A PUBLIC KEY: test_rsa_public = None; fake_sbs = 'test_string' ## API Entry points: # get_certificate x # refresh_certificate x # validate/.... # ## Admin entry points # verify_address # ## beaker is being stupid and overwriting session information beaker_is_being_stupid = True extra_environ = {'beaker.session': {'uid': 'test_api_1'}} session = {} def setUp(self, **kw): # use a default 'dummy' config file. self.app = TestApp(make_app(self.config)) self.app.reset() self.jws = JWS(config = self.config) def test_sign_HS256(self): alg = 'HS256' header = self.jws.header(alg) sbs = "%s.%s" % (base64.urlsafe_b64encode(cjson.encode(header)), self.fake_sbs) signed = self.jws._sign_HS(alg, header, sbs) (header_str, payload_str, sig_str) = signed.split('.') self.failUnless(self.jws._verify_HS(alg, base64.urlsafe_b64decode(header_str), "%s.%s" % (header_str, payload_str), sig_str)) def test_sign_RS256(self): alg = 'RS256' #jku = URL to public keys. rsa = RSA.load_key(self.config.get('jws.rsa_key_path')) #testKey = {'e': int(rsa.e.encode('hex'), 16), # 'n': int(rsa.n.encode('hex'), 16)} testKey = {'e': rsa.e, 'n': rsa.n} ## Don't store the public key, Needs to be "fetched" from a known ## location header = self.jws.header(alg = alg) sbs = "%s.%s" % (base64.urlsafe_b64encode(cjson.encode(header)), self.fake_sbs) signed = self.jws._sign_RS(alg, header, sbs) # trim off the fake "sbs" (sbs, sig_str) = signed.rsplit('.',1) self.failUnless(self.jws._verify_RS(alg, header, sbs, sig_str, testKey = testKey))
def setUp(self, **kw): # use a default 'dummy' config file. self.app = TestApp(make_app(self.config)) self.app.reset() self.jws = JWS(config = self.config)