Beispiel #1
0
def test_collect_superiors():
    # entity_id = 'https://feide.no'
    entity_id = 'https://foodle.uninett.no'
    target = 'https://foodle.uninett.no'
    collector = DummyCollector(trusted_roots=ANCHOR,
                               httpd=Publisher(
                                   os.path.join(BASE_PATH, 'base_data')),
                               root_dir=os.path.join(BASE_PATH, 'base_data'))
    entity_statement = collector.get_entity_statement(
        api_endpoint='https://foodle.uninett.no/fed_api',
        issuer=entity_id,
        subject=entity_id)
    _config = verify_self_signed_signature(entity_statement)
    assert _config

    tree = collector.collect_superiors(_config['iss'], entity_statement)
    node = {entity_id: (entity_statement, tree)}
    chains = branch2lists(node)

    assert len(chains) == 1  # only one chain
    assert len(chains[0]) == 4  # And that chain contains 4 statements
    _jws00 = factory(chains[0][0])
    payload = _jws00.jwt.payload()
    # The Federation Entity Statement will be first in line
    assert payload["iss"] == 'https://feide.no'
Beispiel #2
0
def test_eval_chains():
    target = 'https://foodle.uninett.no'
    collector = DummyCollector(trusted_roots=ANCHOR,
                               httpd=Publisher(
                                   os.path.join(BASE_PATH, 'base_data')),
                               root_dir=os.path.join(BASE_PATH, 'base_data'))
    entity_statement = collector.get_entity_statement(target,
                                                      issuer=target,
                                                      subject=target)
    _config = verify_self_signed_signature(entity_statement)
    assert _config

    tree = collector.collect_superiors(_config['iss'], entity_statement)
    _node = {target: (entity_statement, tree)}
    chains = branch2lists(_node)

    key_jar = KeyJar()
    key_jar.import_jwks_as_json(jwks, 'https://feide.no')

    statements = [
        eval_chain(c, key_jar, 'openid_relying_party') for c in chains
    ]

    assert len(statements) == 1
    statement = statements[0]
    assert statement.fo == "https://feide.no"
    assert set(statement.metadata.keys()) == {
        'response_types', 'claims', 'contacts', 'application_type',
        'redirect_uris', 'id_token_signing_alg_values_supported', 'jwks_uri'
    }
Beispiel #3
0
def test_get_configuration_information():
    target = 'https://foodle.uninett.no'
    collector = DummyCollector(trusted_roots=ANCHOR,
                               httpd=Publisher(
                                   os.path.join(BASE_PATH, 'base_data')),
                               root_dir=os.path.join(BASE_PATH, 'base_data'))
    _jws = collector.get_configuration_information(target)
    entity_statement = verify_self_signed_signature(_jws)
    assert entity_statement['iss'] == target
    assert entity_statement['sub'] == target
    assert 'metadata' in entity_statement
Beispiel #4
0
def test_get_entity_statement():
    entity_id = 'https://foodle.uninett.no'
    target = 'https://foodle.uninett.no'
    collector = DummyCollector(trusted_roots=ANCHOR,
                               httpd=Publisher(
                                   os.path.join(BASE_PATH, 'base_data')),
                               root_dir=os.path.join(BASE_PATH, 'base_data'))
    _jws = collector.get_entity_statement(
        api_endpoint='https://foodle.uninett.no/fed_api',
        issuer=entity_id,
        subject=target)

    msg = verify_self_signed_signature(_jws)
    assert msg['iss'] == entity_id
    assert msg['sub'] == target
Beispiel #5
0
    def test_explicit_registration(self):
        config = create_from_config_file(
            Configuration,
            entity_conf=[{
                "class": FedRPConfiguration,
                "attr": "rp"
            }],
            filename=full_path('conf_foodle.uninett.no.yaml'),
            base_path=BASE_PATH)

        config.rp.federation.web_cert_path = "{}/{}".format(
            dir_path, lower_or_upper(config.web_conf, "server_cert"))

        rph = init_oidc_rp_handler(config.rp, BASE_PATH)

        rp = rph.init_client('ntnu')
        rp.client_get(
            "service_context").federation_entity.collector = DummyCollector(
                httpd=Publisher(ROOT_DIR),
                trusted_roots=ANCHOR,
                root_dir=ROOT_DIR)

        _service = rp.client_get("service", 'provider_info')

        args = self.provider_endpoint.process_request()
        info = self.provider_endpoint.do_response(**args)

        _resp = _service.parse_response(info["response"])

        with responses.RequestsMock() as rsps:
            _jwks = open(
                os.path.join(BASE_PATH, 'base_data', 'ntnu.no', 'op.ntnu.no',
                             'jwks.json')).read()
            rsps.add("GET",
                     "https://op.ntnu.no/static/jwks.json",
                     body=_jwks,
                     adding_headers={"Content-Type": "application/json"},
                     status=200)
            _service.update_service_context(_resp)

        # Do the client registration request
        # First let the client construct the client registration request
        _service = rp.client_get("service", 'registration')
        _request_args = _service.get_request_parameters()

        # send it to the provider
        args = self.registration_endpoint.process_request(
            _request_args["body"])
        response_args = self.provider_endpoint.do_response(**args)

        # Let the client deal with the response from the provider

        _resp = _service.parse_response(response_args["response"],
                                        request=_request_args["body"])
        _service.update_service_context(_resp)

        # and we're done
        reg_resp = _service.client_get("service_context").get(
            "registration_response")
        assert reg_resp["token_endpoint_auth_method"] == "private_key_jwt"
Beispiel #6
0
    def create_op_enpoint_context(self):
        cwd = os.getcwd()
        if cwd.endswith('tests'):
            sys.path.append(".")
        else:  # assume it's run from the package root dir
            sys.path.append("tests")
        import conf_op_umu_se

        _conf = conf_op_umu_se.CONF.copy()

        configuration = FedOpConfiguration(conf=_conf,
                                           base_path=BASE_PATH,
                                           domain="127.0.0.1",
                                           port=443)
        server = Server(configuration)

        # _endpoint_context = init_oidc_op_endpoints(op_conf, BASE_PATH)
        _endpoint_context = server.get_endpoint_context()
        _endpoint_context.federation_entity.collector = DummyCollector(
            httpd=Publisher(ROOT_DIR), trusted_roots=ANCHOR, root_dir=ROOT_DIR)

        self.provider_endpoint = server.server_get("endpoint",
                                                   'provider_config')
        self.registration_endpoint = server.server_get("endpoint",
                                                       "registration")
        self.authorization_endpoint = server.server_get(
            "endpoint", "authorization")
Beispiel #7
0
 def rp_service_setup(self):
     config = {
         "entity_id": RECEIVER,
         "httpc_params": {"verify": False, "timeout": 1},
         "federation": {
             "endpoint": {
                 "fetch": {
                     "path": "fetch",
                     "class": Fetch,
                     "kwargs": {"client_authn_method": None},
                 }
             },
             "trusted_roots": ANCHOR,
             "authority_hints": [],
             "entity_type": 'openid_relying_party',
             "opponent_entity_type": 'openid_provider',
         }
     }
     federation_entity = FederationEntity(
         config=config,
         httpc=Publisher(os.path.join(BASE_PATH, 'base_data')),
     )
     # Swap in the DummyCollector
     federation_entity.collector = DummyCollector(trusted_roots=ANCHOR,
                                                  httpd=Publisher(
                                                      os.path.join(BASE_PATH, 'base_data')),
                                                  root_dir=os.path.join(BASE_PATH, 'base_data'))
     self.fedent = federation_entity
 def rp_service_setup(self):
     federation_entity = FederationEntity(
         RECEIVER,
         trusted_roots=ANCHOR,
         authority_hints={},
         httpd=Publisher(os.path.join(BASE_PATH, 'base_data')),
         entity_type='openid_relying_party',
         opponent_entity_type='openid_provider')
     # Swap in the DummyCollector
     federation_entity.collector = DummyCollector(
         trusted_roots=ANCHOR,
         httpd=Publisher(os.path.join(BASE_PATH, 'base_data')),
         root_dir=os.path.join(BASE_PATH, 'base_data'))
     self.fedent = federation_entity
    def create_endpoint(self):
        conf = {
            "issuer": ENTITY_ID,
            "password": "******",
            "token_expires_in": 600,
            "grant_expires_in": 300,
            "refresh_token_expires_in": 86400,
            "verify_ssl": False,
            'keys': {
                'key_defs': KEYSPEC
            },
            "endpoint": {},
            "jwks": {
                "private_path": "own/jwks.json",
                "uri_path": "static/jwks.json"
            },
            "authentication": {
                "anon": {
                    'acr': UNSPECIFIED,
                    "class": NoAuthn,
                    "kwargs": {
                        "user": "******"
                    }
                }
            },
            'template_dir': 'template'
        }
        endpoint_context = EndpointContext(conf)
        self.endpoint = ProviderConfiguration(endpoint_context)

        # === Federation stuff =======
        fe_conf = {'keys': {'key_defs': KEYSPEC}}

        federation_entity = FederationEntity(
            ENTITY_ID,
            trusted_roots=ANCHOR,
            authority_hints={'https://ntnu.no': ['https://feide.no']},
            httpd=Publisher(ROOT_DIR),
            config=fe_conf,
            entity_type='openid_relying_party',
            opponent_entity_type='openid_provider')

        federation_entity.collector = DummyCollector(httpd=Publisher(
            os.path.join(BASE_PATH, 'data')),
                                                     trusted_roots=ANCHOR,
                                                     root_dir=ROOT_DIR)

        self.fedent = federation_entity
        self.endpoint.endpoint_context.federation_entity = federation_entity
Beispiel #10
0
    def create_op_enpoint_context(self):
        cwd = os.getcwd()
        if cwd.endswith('tests'):
            sys.path.append(".")
        else:  # assume it's run from the package root dir
            sys.path.append("tests")
        import conf_op_ntnu_no

        _conf = conf_op_ntnu_no.CONF.copy()
        add_base_path(
            _conf, {
                "session_key": ['filename'],
                "keys": ['private_path', 'public_path'],
                "jwks": ["private_path", "public_path"],
                "": ["template"]
            }, dir_path)
        add_base_path(
            _conf["federation"], {
                "session_key": ['filename'],
                "keys": ['private_path', 'public_path'],
                "": ["authority_hints", "trusted_roots"]
            }, dir_path)
        add_base_path(_conf["token_handler_args"], {
            "jwks_def": ['private_path', 'public_path'],
        }, dir_path)
        add_base_path(_conf["userinfo"], {
            "kwargs": ['db_file'],
        }, dir_path)
        add_base_path(_conf["cookie_dealer"], {
            "sign_jwk": ['filename'],
        }, dir_path)

        server = Server(_conf)

        # _endpoint_context = init_oidc_op_endpoints(op_conf, BASE_PATH)
        _endpoint_context = server.get_endpoint_context()
        _endpoint_context.federation_entity.collector = DummyCollector(
            httpd=Publisher(ROOT_DIR), trusted_roots=ANCHOR, root_dir=ROOT_DIR)

        self.provider_endpoint = server.server_get("endpoint",
                                                   'provider_config')
        self.registration_endpoint = server.server_get("endpoint",
                                                       "registration")
        self.authorization_endpoint = server.server_get(
            "endpoint", "authorization")
Beispiel #11
0
    def test_automatic_registration(self):
        config = create_from_config_file(
            Configuration,
            entity_conf=[{
                "class": FedRPConfiguration,
                "attr": "rp"
            }],
            filename=full_path('conf_foodle.uninett.no.yaml'),
            base_path=BASE_PATH)

        rph = init_oidc_rp_handler(config.rp, BASE_PATH)

        rp = rph.init_client('ntnu')
        rp.client_get(
            "service_context").federation_entity.collector = DummyCollector(
                httpd=Publisher(ROOT_DIR),
                trusted_roots=ANCHOR,
                root_dir=ROOT_DIR)

        _service = rp.client_get("service", 'provider_info')

        # don't need to parse the request since there is none
        args = self.provider_endpoint.process_request()
        info = self.provider_endpoint.do_response(**args)

        _resp = _service.parse_response(info["response"])

        with responses.RequestsMock() as rsps:
            _jwks = open(
                os.path.join(BASE_PATH, 'base_data', 'ntnu.no', 'op.ntnu.no',
                             'jwks.json')).read()
            rsps.add("GET",
                     "https://op.ntnu.no/static/jwks.json",
                     body=_jwks,
                     adding_headers={"Content-Type": "application/json"},
                     status=200)
            _service.update_service_context(_resp)

        # Do the client authorization request
        # First let the client construct the authorization request
        _service = rp.client_get("service", 'authorization')
        _request_args = _service.get_request_parameters()

        # send it to the provider
        _req_args = parse_qs(_request_args['url'].split('?')[1])
        with responses.RequestsMock() as rsps:
            _jwks = open(os.path.join(BASE_PATH,
                                      'static/jwks_auto.json')).read()
            _url = 'https://foodle.uninett.no/jwks.json'
            rsps.add("GET",
                     _url,
                     body=_jwks,
                     adding_headers={"Content-Type": "application/json"},
                     status=200)
            _req_args = self.authorization_endpoint.parse_request(
                compact(_req_args))

        # need to register a user session info
        args = self.authorization_endpoint.process_request(_req_args)
        response_args = self.authorization_endpoint.do_response(**args)

        # Let the client deal with the response from the provider

        _resp = _service.parse_response(response_args["response"],
                                        request=compact(_req_args))
        _service.update_service_context(_resp)

        # and we're done
        assert 'trust_anchor_id' in _resp
    def create_endpoint(self):
        conf = {
            "issuer": ENTITY_ID,
            "password": "******",
            "token_expires_in": 600,
            "grant_expires_in": 300,
            "refresh_token_expires_in": 86400,
            "verify_ssl": False,
            "claims_interface": {
                "class": "oidcop.session.claims.ClaimsInterface",
                "kwargs": {}
            },
            'keys': {
                'key_defs': KEYSPEC,
                "private_path": "own/jwks.json",
                "uri_path": "static/jwks.json"
            },
            "endpoint": {
                "provider_config": {
                    "path": ".well-known/openid-configuration",
                    "class": ProviderConfiguration,
                    "kwargs": {},
                }
            },
            "authentication": {
                "anon": {
                    'acr': UNSPECIFIED,
                    "class": NoAuthn,
                    "kwargs": {
                        "user": "******"
                    }
                }
            },
            'template_dir': 'template',
            "federation": {
                "entity_id": ENTITY_ID,
                'keys': {
                    'key_defs': KEYSPEC
                },
                "endpoint": {
                    "fetch": {
                        "path": "fetch",
                        "class": Fetch,
                        "kwargs": {
                            "client_authn_method": None
                        },
                    }
                },
                "trusted_roots": ANCHOR,
                "authority_hints": ['https://feide.no'],
                "entity_type": 'openid_relying_party',
                "opponent_entity_type": 'openid_provider'
            }
        }
        server = FederationServer(conf)
        self.endpoint = server.server_get('endpoint', 'provider_config')

        server.endpoint_context.federation_entity.collector = DummyCollector(
            httpd=Publisher(os.path.join(BASE_PATH, 'data')),
            trusted_roots=ANCHOR,
            root_dir=ROOT_DIR)