def parse_federation_response(self, response, **kwargs):
"""
Takes a provider info response and parses it.
If according to the info the OP has more then one federation
in common with the client then the decision has to be handled higher up.
For each Metadata statement that appears in the response, and was
possible to parse, one
:py:class:`fedservice.entity_statement.statement.Statement`
instance is stored in the response by federation operator ID under the
key 'fos'.
:param response: A self-signed JWT containing an entity statement
:returns: A list of lists of Statement instances. The innermost lists represents
trust chains
"""
entity_statement = verify_self_signed_signature(response)
entity_id = entity_statement['iss']
_fe = self.client_get("service_context").federation_entity
_tree = _fe.collect_statement_chains(entity_id, entity_statement)
_node = {entity_id: (response, _tree)}
logger.debug("Translate tree to chains")
_chains = branch2lists(_node)
logger.debug("%s chains", len(_chains))
for c in _chains:
c.append(response)
return [eval_chain(c, _fe.keyjar, 'openid_provider') for c in _chains]
def test_eval_chains():
target = 'https://foodle.uninett.no'
collector = DummyCollector(trusted_roots=ANCHOR,
httpd=Publisher(
os.path.join(BASE_PATH, 'base_data')),
root_dir=os.path.join(BASE_PATH, 'base_data'))
entity_statement = collector.get_entity_statement(target,
issuer=target,
subject=target)
_config = verify_self_signed_signature(entity_statement)
assert _config
tree = collector.collect_superiors(_config['iss'], entity_statement)
_node = {target: (entity_statement, tree)}
chains = branch2lists(_node)
key_jar = KeyJar()
key_jar.import_jwks_as_json(jwks, 'https://feide.no')
statements = [
eval_chain(c, key_jar, 'openid_relying_party') for c in chains
]
assert len(statements) == 1
statement = statements[0]
assert statement.fo == "https://feide.no"
assert set(statement.metadata.keys()) == {
'response_types', 'claims', 'contacts', 'application_type',
'redirect_uris', 'id_token_signing_alg_values_supported', 'jwks_uri'
}
def test_eval_path(self):
leaf_entity_id = 'https://foodle.uninett.no'
_jws = self.fedent.collector.get_entity_statement(
'', leaf_entity_id, leaf_entity_id)
tree = self.fedent.collect_statement_chains(leaf_entity_id, _jws)
_node = {leaf_entity_id: (_jws, tree)}
chains = branch2lists(_node)
statements = [
eval_chain(c, self.fedent.keyjar, 'openid_relying_party')
for c in chains
]
assert len(statements) == 1
statement = statements[0]
assert set(statement.metadata.keys()) == {
'application_type', 'claims',
'id_token_signing_alg_values_supported', 'redirect_uris',
'contacts', 'response_types', 'jwks_uri'
}
statement = self.fedent.pick_metadata(statements)
assert statement.fo == 'https://feide.no'
assert set(statement.metadata.keys()) == {
'application_type', 'claims',
'id_token_signing_alg_values_supported', 'redirect_uris',
'contacts', 'response_types', 'jwks_uri'
}
def main(fedent, entity_id, entity_type):
_jws = fedent.get_configuration_information(entity_id)
_jwt = factory(_jws)
msg = _jwt.jwt.payload()
tree = fedent.collect_statement_chains(entity_id, msg)
chains = branch2lists((_jws, tree))
statements = [eval_chain(c, fedent.keyjar, entity_type) for c in chains]
return statements
def eval_chains(self, chains, entity_type='', apply_policies=True):
"""
:param chains: A list of lists of signed JWT
:param entity_type: The leafs entity type
:param apply_policies: Apply metadata policies from the list on the the metadata of the
leaf entity
:return: List of Statement instances
"""
if not entity_type:
entity_type = self.opponent_entity_type
return [
eval_chain(c, self.keyjar, entity_type, apply_policies)
for c in chains
]
def collect_metadata_statements(self, self_signed_statement,
metadata_type):
"""
:param self_signed_statement: A Self signed Entity Statement
:param metadata_type: One of the metadata types defined in the specification
:return:
"""
payload = self.get_payload(self_signed_statement)
# collect trust chains
_tree = self.collect_statement_chains(payload['iss'], payload)
_node = {payload['iss']: (self_signed_statement, _tree)}
_chains = branch2lists(_node)
# verify the trust paths and apply policies
return [eval_chain(c, self.keyjar, metadata_type) for c in _chains]