def test_internal_signing_service():
iss = InternalSigningService('https://swamid.sunet.se',
KJ['https://swamid.sunet.se'])
res = iss.sign(
RegistrationRequest(redirect_uris=['https://example.com/rp/cb']),
receiver='https://example.com/rp')
_jws = factory(res)
assert _jws.jwt.headers['alg'] == 'RS256'
msg = _jws.jwt.payload()
assert msg['iss'] == 'https://swamid.sunet.se'
assert msg['aud'] == ['https://example.com/rp']
def test_add_signing_keys():
kj = build_keyjar(KEYDEFS)[1]
sign_serv = InternalSigningService('https://signer.example.com',
keyjar=kj)
ent = FederationEntityOOB(None, self_signer=sign_serv)
req = MetadataStatement(foo='bar')
ent.add_signing_keys(req)
assert 'signing_keys' in req
def test_web_signing_service():
_kj = KJ['https://swamid.sunet.se']
iss = InternalSigningService('https://swamid.sunet.se', _kj)
_sms = iss.create(
RegistrationRequest(redirect_uris=['https://example.com/rp/cb']),
'https://example.com/rp')
_jwks = _kj.export_jwks()
_vkj = KeyJar()
_vkj.import_jwks(_jwks, 'https://swamid.sunet.se')
wss = WebSigningServiceClient('https://swamid.sunet.se',
'https://swamid.sunet.se/mdss',
'https://example.com/rp', _vkj)
response = Response(200, _sms,
{'Location': 'https://swamid.sunet.se/mdss/abcdefg'})
_res = wss.parse_response(response)
assert set(_res.keys()) == {'sms', 'loc'}
def test_get_metadata_statement():
jb = JWKSBundle('')
for iss in ['https://example.org/', 'https://example.com/']:
jb[iss] = build_keyjar(KEYDEFS)[1]
self_signer = InternalSigningService(keyjar=jb['https://example.com/'],
iss='https://example.com/')
op = Operator(self_signer=self_signer, iss='https://example.com/')
req = MetadataStatement(foo='bar')
sms = op.pack_metadata_statement(req, sign_alg='RS256')
sms_dir = {'https://example.com': sms}
req['metadata_statements'] = Message(**sms_dir)
ent = FederationEntity(None, fo_bundle=public_jwks_bundle(jb))
loe = ent.get_metadata_statement(req)
assert loe
def test_pack_metadata_statement_other_alg():
_keyjar = build_keyjar(KEYDEFS)[1]
self_signer = InternalSigningService('https://example.com/op',
keyjar=_keyjar)
op = Operator(self_signer=self_signer, iss=self_signer.iss)
req = MetadataStatement(issuer='https://example.org/op')
sms = op.pack_metadata_statement(req, sign_alg='ES256')
assert sms # Should be a signed JWT
_jwt = factory(sms)
_body = json.loads(as_unicode(_jwt.jwt.part[1]))
assert _body['iss'] == self_signer.iss
# verify signature
_kj = public_keys_keyjar(_keyjar, '', None, op.iss)
r = _jwt.verify_compact(sms, _kj.get_signing_key(owner=op.iss))
assert r
def test_add_sms_spec_to_request():
jb = JWKSBundle('')
for iss in ['https://example.org/', 'https://example.com/']:
jb[iss] = build_keyjar(KEYDEFS)[1]
kj = build_keyjar(KEYDEFS)[1]
sign_serv = InternalSigningService('https://signer.example.com',
keyjar=kj)
ent = FederationEntityOOB(None, self_signer=sign_serv,
fo_bundle=public_jwks_bundle(jb),
context='response')
ent.metadata_statements = {
'response': {
'https://example.org/': 'https://example.org/sms1'
}
}
req = MetadataStatement(foo='bar')
ent.add_sms_spec_to_request(req, ['https://example.org/'])
assert 'metadata_statement_uris' in req
def test_pack_metadata_statement():
jb = FSJWKSBundle('', None, 'fo_jwks',
key_conv={'to': quote_plus, 'from': unquote_plus})
_keyjar = build_keyjar(KEYDEFS)[1]
self_signer = InternalSigningService('https://example.com/op',
keyjar=_keyjar)
op = Operator(self_signer=self_signer, jwks_bundle=jb,
iss='https://example.com/op')
req = MetadataStatement(issuer='https://example.org/op')
sms = op.pack_metadata_statement(req)
assert sms # Should be a signed JWT
_jwt = factory(sms)
assert _jwt
assert _jwt.jwt.headers['alg'] == 'RS256'
_body = json.loads(as_unicode(_jwt.jwt.part[1]))
assert _body['iss'] == op.iss
assert _body['issuer'] == 'https://example.org/op'
# verify signature
_kj = public_keys_keyjar(_keyjar, '', None, op.iss)
r = _jwt.verify_compact(sms, _kj.get_signing_key(owner=op.iss))
assert r