def create_endpoint(self):
        conf = {
            "issuer": ENTITY_ID,
            "password": "******",
            "token_expires_in": 600,
            "grant_expires_in": 300,
            "refresh_token_expires_in": 86400,
            "verify_ssl": False,
            'keys': {
                'key_defs': KEYSPEC
            },
            "endpoint": {},
            "jwks": {
                "private_path": "own/jwks.json",
                "uri_path": "static/jwks.json"
            },
            "authentication": {
                "anon": {
                    'acr': UNSPECIFIED,
                    "class": NoAuthn,
                    "kwargs": {
                        "user": "******"
                    }
                }
            },
            'template_dir': 'template'
        }
        endpoint_context = EndpointContext(conf)
        self.endpoint = ProviderConfiguration(endpoint_context)

        # === Federation stuff =======
        fe_conf = {'keys': {'key_defs': KEYSPEC}}

        federation_entity = FederationEntity(
            ENTITY_ID,
            trusted_roots=ANCHOR,
            authority_hints={'https://ntnu.no': ['https://feide.no']},
            httpd=Publisher(ROOT_DIR),
            config=fe_conf,
            entity_type='openid_relying_party',
            opponent_entity_type='openid_provider')

        federation_entity.collector = DummyCollector(httpd=Publisher(
            os.path.join(BASE_PATH, 'data')),
                                                     trusted_roots=ANCHOR,
                                                     root_dir=ROOT_DIR)

        self.fedent = federation_entity
        self.endpoint.endpoint_context.federation_entity = federation_entity
Beispiel #2
0
    def test_explicit_registration(self):
        config = create_from_config_file(
            Configuration,
            entity_conf=[{
                "class": FedRPConfiguration,
                "attr": "rp"
            }],
            filename=full_path('conf_foodle.uninett.no.yaml'),
            base_path=BASE_PATH)

        config.rp.federation.web_cert_path = "{}/{}".format(
            dir_path, lower_or_upper(config.web_conf, "server_cert"))

        rph = init_oidc_rp_handler(config.rp, BASE_PATH)

        rp = rph.init_client('ntnu')
        rp.client_get(
            "service_context").federation_entity.collector = DummyCollector(
                httpd=Publisher(ROOT_DIR),
                trusted_roots=ANCHOR,
                root_dir=ROOT_DIR)

        _service = rp.client_get("service", 'provider_info')

        args = self.provider_endpoint.process_request()
        info = self.provider_endpoint.do_response(**args)

        _resp = _service.parse_response(info["response"])

        with responses.RequestsMock() as rsps:
            _jwks = open(
                os.path.join(BASE_PATH, 'base_data', 'ntnu.no', 'op.ntnu.no',
                             'jwks.json')).read()
            rsps.add("GET",
                     "https://op.ntnu.no/static/jwks.json",
                     body=_jwks,
                     adding_headers={"Content-Type": "application/json"},
                     status=200)
            _service.update_service_context(_resp)

        # Do the client registration request
        # First let the client construct the client registration request
        _service = rp.client_get("service", 'registration')
        _request_args = _service.get_request_parameters()

        # send it to the provider
        args = self.registration_endpoint.process_request(
            _request_args["body"])
        response_args = self.provider_endpoint.do_response(**args)

        # Let the client deal with the response from the provider

        _resp = _service.parse_response(response_args["response"],
                                        request=_request_args["body"])
        _service.update_service_context(_resp)

        # and we're done
        reg_resp = _service.client_get("service_context").get(
            "registration_response")
        assert reg_resp["token_endpoint_auth_method"] == "private_key_jwt"
Beispiel #3
0
    def create_op_enpoint_context(self):
        cwd = os.getcwd()
        if cwd.endswith('tests'):
            sys.path.append(".")
        else:  # assume it's run from the package root dir
            sys.path.append("tests")
        import conf_op_umu_se

        _conf = conf_op_umu_se.CONF.copy()

        configuration = FedOpConfiguration(conf=_conf,
                                           base_path=BASE_PATH,
                                           domain="127.0.0.1",
                                           port=443)
        server = Server(configuration)

        # _endpoint_context = init_oidc_op_endpoints(op_conf, BASE_PATH)
        _endpoint_context = server.get_endpoint_context()
        _endpoint_context.federation_entity.collector = DummyCollector(
            httpd=Publisher(ROOT_DIR), trusted_roots=ANCHOR, root_dir=ROOT_DIR)

        self.provider_endpoint = server.server_get("endpoint",
                                                   'provider_config')
        self.registration_endpoint = server.server_get("endpoint",
                                                       "registration")
        self.authorization_endpoint = server.server_get(
            "endpoint", "authorization")
Beispiel #4
0
    def create_op_enpoint_context(self):
        cwd = os.getcwd()
        if cwd.endswith('tests'):
            sys.path.append(".")
        else:  # assume it's run from the package root dir
            sys.path.append("tests")
        import conf_op_ntnu_no

        _conf = conf_op_ntnu_no.CONF.copy()
        add_base_path(
            _conf, {
                "session_key": ['filename'],
                "keys": ['private_path', 'public_path'],
                "jwks": ["private_path", "public_path"],
                "": ["template"]
            }, dir_path)
        add_base_path(
            _conf["federation"], {
                "session_key": ['filename'],
                "keys": ['private_path', 'public_path'],
                "": ["authority_hints", "trusted_roots"]
            }, dir_path)
        add_base_path(_conf["token_handler_args"], {
            "jwks_def": ['private_path', 'public_path'],
        }, dir_path)
        add_base_path(_conf["userinfo"], {
            "kwargs": ['db_file'],
        }, dir_path)
        add_base_path(_conf["cookie_dealer"], {
            "sign_jwk": ['filename'],
        }, dir_path)

        server = Server(_conf)

        # _endpoint_context = init_oidc_op_endpoints(op_conf, BASE_PATH)
        _endpoint_context = server.get_endpoint_context()
        _endpoint_context.federation_entity.collector = DummyCollector(
            httpd=Publisher(ROOT_DIR), trusted_roots=ANCHOR, root_dir=ROOT_DIR)

        self.provider_endpoint = server.server_get("endpoint",
                                                   'provider_config')
        self.registration_endpoint = server.server_get("endpoint",
                                                       "registration")
        self.authorization_endpoint = server.server_get(
            "endpoint", "authorization")
Beispiel #5
0
    def test_automatic_registration(self):
        config = create_from_config_file(
            Configuration,
            entity_conf=[{
                "class": FedRPConfiguration,
                "attr": "rp"
            }],
            filename=full_path('conf_foodle.uninett.no.yaml'),
            base_path=BASE_PATH)

        rph = init_oidc_rp_handler(config.rp, BASE_PATH)

        rp = rph.init_client('ntnu')
        rp.client_get(
            "service_context").federation_entity.collector = DummyCollector(
                httpd=Publisher(ROOT_DIR),
                trusted_roots=ANCHOR,
                root_dir=ROOT_DIR)

        _service = rp.client_get("service", 'provider_info')

        # don't need to parse the request since there is none
        args = self.provider_endpoint.process_request()
        info = self.provider_endpoint.do_response(**args)

        _resp = _service.parse_response(info["response"])

        with responses.RequestsMock() as rsps:
            _jwks = open(
                os.path.join(BASE_PATH, 'base_data', 'ntnu.no', 'op.ntnu.no',
                             'jwks.json')).read()
            rsps.add("GET",
                     "https://op.ntnu.no/static/jwks.json",
                     body=_jwks,
                     adding_headers={"Content-Type": "application/json"},
                     status=200)
            _service.update_service_context(_resp)

        # Do the client authorization request
        # First let the client construct the authorization request
        _service = rp.client_get("service", 'authorization')
        _request_args = _service.get_request_parameters()

        # send it to the provider
        _req_args = parse_qs(_request_args['url'].split('?')[1])
        with responses.RequestsMock() as rsps:
            _jwks = open(os.path.join(BASE_PATH,
                                      'static/jwks_auto.json')).read()
            _url = 'https://foodle.uninett.no/jwks.json'
            rsps.add("GET",
                     _url,
                     body=_jwks,
                     adding_headers={"Content-Type": "application/json"},
                     status=200)
            _req_args = self.authorization_endpoint.parse_request(
                compact(_req_args))

        # need to register a user session info
        args = self.authorization_endpoint.process_request(_req_args)
        response_args = self.authorization_endpoint.do_response(**args)

        # Let the client deal with the response from the provider

        _resp = _service.parse_response(response_args["response"],
                                        request=compact(_req_args))
        _service.update_service_context(_resp)

        # and we're done
        assert 'trust_anchor_id' in _resp
    def create_endpoint(self):
        conf = {
            "issuer": ENTITY_ID,
            "password": "******",
            "token_expires_in": 600,
            "grant_expires_in": 300,
            "refresh_token_expires_in": 86400,
            "verify_ssl": False,
            "claims_interface": {
                "class": "oidcop.session.claims.ClaimsInterface",
                "kwargs": {}
            },
            'keys': {
                'key_defs': KEYSPEC,
                "private_path": "own/jwks.json",
                "uri_path": "static/jwks.json"
            },
            "endpoint": {
                "provider_config": {
                    "path": ".well-known/openid-configuration",
                    "class": ProviderConfiguration,
                    "kwargs": {},
                }
            },
            "authentication": {
                "anon": {
                    'acr': UNSPECIFIED,
                    "class": NoAuthn,
                    "kwargs": {
                        "user": "******"
                    }
                }
            },
            'template_dir': 'template',
            "federation": {
                "entity_id": ENTITY_ID,
                'keys': {
                    'key_defs': KEYSPEC
                },
                "endpoint": {
                    "fetch": {
                        "path": "fetch",
                        "class": Fetch,
                        "kwargs": {
                            "client_authn_method": None
                        },
                    }
                },
                "trusted_roots": ANCHOR,
                "authority_hints": ['https://feide.no'],
                "entity_type": 'openid_relying_party',
                "opponent_entity_type": 'openid_provider'
            }
        }
        server = FederationServer(conf)
        self.endpoint = server.server_get('endpoint', 'provider_config')

        server.endpoint_context.federation_entity.collector = DummyCollector(
            httpd=Publisher(os.path.join(BASE_PATH, 'data')),
            trusted_roots=ANCHOR,
            root_dir=ROOT_DIR)