def init_oidc_rp_handler(app):
_jwks_def = app.config.get('KEYS')
_jwks_def['public_path'] = _jwks_def['public_path'].format(dir_path)
_jwks_def['private_path'] = _jwks_def['private_path'].format(dir_path)
_kj = init_key_jar(**_jwks_def)
rph = RPHandler(base_url=app.config.get('BASE_URL'),
hash_seed="BabyHoldOn",
keyjar=_kj,
jwks_path=app.config.get('PUBLIC_JWKS_PATH'),
client_configs=app.config.get('CLIENTS'),
services=app.config.get('SERVICES'),
verify_ssl=app.config.get('VERIFY_SSL'))
return rph
def __init__(self, config, key_jar_conf=None, client_authn_factory=None):
if key_jar_conf:
_kj = init_key_jar(**key_jar_conf)
else:
_kj = None
self.service_context = ServiceContext(config=config, keyjar=_kj)
caf = client_authn_factory or ca_factory
sdb = DB()
self.service = {}
self.service['token'] = AccessToken(
service_context=self.service_context,
state_db=sdb,
client_authn_factory=caf)
self.service['refresh_token'] = RefreshAccessToken(
service_context=self.service_context,
state_db=sdb,
client_authn_factory=caf)
self.http = requests.request
def init_oidc_op_endpoints(app):
_config = app.config.get('CONFIG')
_server_info_config = _config['server_info']
for path,val in app.config.get('PATH').items():
pos = _server_info_config
part = path.split(':')
for p in part[:-1]:
try:
pos = pos[p]
except TypeError:
p = int(p)
pos = pos[p]
pos[part[-1]] = val.format(folder)
_jwks_def = _server_info_config['jwks']
_jwks_def['public_path'] = _jwks_def['public_path'].format(folder)
_jwks_def['private_path'] = _jwks_def['private_path'].format(folder)
_kj = init_key_jar(iss=_server_info_config['issuer'], **_jwks_def)
# _jwks = _kj.export_jwks_as_json(True, '')
# _kj.import_jwks_as_json(_jwks, )
cookie_dealer = CookieDealer(**_server_info_config['cookie_dealer'])
endpoint_context = EndpointContext(_server_info_config, keyjar=_kj,
cwd=folder, cookie_dealer=cookie_dealer)
cookie_dealer.endpoint_context = endpoint_context
for endp in endpoint_context.endpoint.values():
p = urlparse(endp.endpoint_path)
_vpath = p.path.split('/')
if _vpath[0] == '':
endp.vpath = _vpath[1:]
else:
endp.vpath = _vpath
return endpoint_context
from oidcendpoint.user_authn.authn_context import INTERNETPROTOCOLPASSWORD
from oidcmsg.key_jar import init_key_jar
from oidcop.cookie import CookieDealer
KEYDEFS = [{
"type": "RSA",
"key": '',
"use": ["sig"]
}, {
"type": "EC",
"crv": "P-256",
"use": ["sig"]
}]
KEYJAR = init_key_jar('public.jwks', 'private.jwks', KEYDEFS)
class TestCookieDealer(object):
@pytest.fixture(autouse=True)
def create_cookie_dealer(self):
conf = {
"issuer":
"https://example.com/",
"password":
"******",
"token_expires_in":
600,
"grant_expires_in":
300,
"refresh_token_expires_in":
#!/usr/bin/env python3
import importlib
import json
import os
import sys
from urllib.parse import quote_plus
from oidcmsg.key_jar import init_key_jar
for _dir in ['public', 'private']:
if not os.path.isdir(_dir):
os.makedirs(_dir)
sys.path.insert(0, '.')
config = importlib.import_module('conf')
sys.path.pop(0)
kj = init_key_jar(**config.client_config['federation']['self_signer'])
ent_id = quote_plus(config.client_config['federation']['entity_id'])
enrolement_info = {
'entity_id': config.client_config['federation']['entity_id'],
'signing_keys': kj.export_jwks_as_json(),
'metadata_endpoint': '{}/metadata'.format(config.BASEURL)
}
fp = open('enrollment_info', 'w')
fp.write(json.dumps(enrolement_info))
fp.close()
'tools.staticdir.dir': os.path.join(folder, 'static'),
'tools.staticdir.debug': True,
'tools.staticdir.on': True,
'tools.staticdir.content_types': {
'json': 'application/json',
'jwks': 'application/json',
'jose': 'application/jose'
},
'log.screen': True,
'cors.expose_public.on': True
}}
_server_info_config = config.CONFIG['server_info']
_jwks_config = _server_info_config['jwks']
_kj = init_key_jar(iss=_server_info_config['issuer'], **_jwks_config)
cookie_dealer = CookieDealer(**_server_info_config['cookie_dealer'])
endpoint_context = EndpointContext(_server_info_config, keyjar=_kj,
cwd=folder, cookie_dealer=cookie_dealer)
for endp in endpoint_context.endpoint.values():
p = urlparse(endp.endpoint_path)
_vpath = p.path.split('/')
if _vpath[0] == '':
endp.vpath = _vpath[1:]
else:
endp.vpath = _vpath
cherrypy.tree.mount(
parser.add_argument('-k', dest='insecure', action='store_true')
parser.add_argument(dest="config")
args = parser.parse_args()
folder = os.path.abspath(os.curdir)
sys.path.insert(0, ".")
config = importlib.import_module(args.config)
cprp = importlib.import_module('cprp')
if args.port:
_base_url = "{}:{}".format(config.BASEURL, args.port)
else:
_base_url = config.BASEURL
_kj = init_key_jar(**config.RP_CONFIG['jwks'])
if args.insecure:
verify_ssl = False
else:
verify_ssl = True
rph = RPHandler(base_url=_base_url, hash_seed="BabyDriver", keyjar=_kj,
jwks_path=config.RP_CONFIG['jwks_url_path'],
client_configs=config.CLIENTS, service_factory=factory,
client_cls=oidc.RP, verify_ssl=verify_ssl)
client = rph.init_client('')
print(client.service_context.federation_entity.entity_id)
import json
import os
import sys
from urllib.parse import quote_plus
from oidcmsg.key_jar import init_key_jar
for _dir in ['public', 'private']:
if not os.path.isdir(_dir):
os.makedirs(_dir)
sys.path.insert(0, '.')
config = importlib.import_module('conf')
sys.path.pop(0)
kj = init_key_jar(
**config.CONFIG['provider']['server_info']['federation']['self_signer'])
iss = config.CONFIG['provider']['server_info']['issuer']
ent_id = quote_plus(iss)
enrolement_info = {
'entity_id': iss,
'signing_keys': kj.export_jwks_as_json(),
'metadata_endpoint': '{}/metadata'.format(iss)
}
fp = open('enrollment_info', 'w')
fp.write(json.dumps(enrolement_info))
fp.close()
if __name__ == '__main__':
import argparse
parser = argparse.ArgumentParser()
parser.add_argument(dest="config")
args = parser.parse_args()
folder = os.path.abspath(os.curdir)
sys.path.insert(0, ".")
config = importlib.import_module(args.config)
_provider_config = config.CONFIG['provider']
_server_info_config = config.CONFIG['server_info']
_jwks_config = _server_info_config['jwks']
_kj = init_key_jar(private_path=_jwks_config['private_path'],
key_defs=_provider_config['key_defs'],
public_path=_jwks_config['local_path'])
endpoint_context = EndpointContext(config.CONFIG['server_info'],
keyjar=_kj,
cwd=folder)
op = OpenIDProvider(config, endpoint_context)
pi_endpoint = op.endpoint_context.endpoint['provider_info']
_conf = pi_endpoint.provider_info_with_signing_keys()
fp = open('provider_info.json', 'w')
fp.write(_conf.to_json())
fp.close()
from oidcmsg.message import Message
from oidcop.cherryp import OpenIDProvider
for _dir in ['sms/discovery', 'sms/response', 'private', 'public', 'static']:
if not os.path.isdir(_dir):
os.makedirs(_dir)
folder = os.path.abspath(os.curdir)
sys.path.insert(0, ".")
config = importlib.import_module(sys.argv[1])
_provider_config = config.CONFIG['provider']
_server_info_config = _provider_config['server_info']
_jwks_config = _provider_config['jwks']
_kj = init_key_jar(**_jwks_config)
endpoint_context = EndpointContext(_server_info_config, keyjar=_kj, cwd=folder)
for endp in endpoint_context.endpoint.values():
p = urlparse(endp.endpoint_path)
_vpath = p.path.split('/')
if _vpath[0] == '':
endp.vpath = _vpath[1:]
else:
endp.vpath = _vpath
op = OpenIDProvider(config, endpoint_context)
_info = ProviderConfigurationResponse(**op.endpoint_context.provider_info)
SUNET_OP = op.endpoint_context.federation_entity
import pytest
from oidcmsg.jwt import JWT
from oidcmsg.key_jar import init_key_jar
from requests import request
from fedoidcmsg.entity import FederationEntitySwamid
from fedoidcmsg.entity import make_federation_entity
_path = os.path.realpath(__file__)
root_dir, _fname = os.path.split(_path)
KEYDEFS = [{"type": "EC", "crv": "P-256", "use": ["sig"]}]
MDSS_KEYJAR = init_key_jar(public_path='mdss_public',
private_path='mdss_private',
key_defs=KEYDEFS)
class TestFederationEntity(object):
@pytest.fixture(autouse=True)
def create_federation_entity(self):
config = {
'self_signer': {
'private_path': '{}/private_jwks'.format(root_dir),
'key_defs': KEYDEFS,
'public_path': '{}/public_jwks'.format(root_dir)
},
'mdss_endpoint': 'https://swamid.sunet.se/mdss',
'mdss_owner': 'https://swamid.sunet.se',
'mdss_keys': 'mdss_public',
