def test_metadata_policy():
item = EntityStatement(**MSG)
assert item
_metadata_policy = item["metadata_policy"]
for typ, item in _metadata_policy.items():
for attr, _policy in item.items():
_p = Policy(**_policy)
_p.verify()
def test_crit_known_unknown_not_critical():
entity_id = "https://ent.example.org"
_now = utc_time_sans_frac()
_statement = EntityStatement(sub=entity_id,
iss=entity_id,
iat=_now,
exp=_now + 3600,
foo="bar")
_statement.verify(known_extensions=["foo"])
_statement.verify(known_extensions=["foo", "xyz"])
_statement.verify()
def test_make_entity_statement():
fse = FSEntityStatementAPI(BASE_PATH, iss='ntnu.no')
_statement = fse.create_entity_statement('foodle.uninett.no')
_jws = factory(_statement)
assert _jws
payload = _jws.jwt.payload()
assert payload['iss'] == 'https://ntnu.no'
assert payload['sub'] == 'https://foodle.uninett.no'
es = EntityStatement().from_dict(payload)
_item = es['metadata_policy']['openid_relying_party']
assert _item['contacts'] == {"add": '*****@*****.**'}
def get_self_signed_entity_statement(entity_id):
_url = entity_id + "/.well-known/openid-federation"
_response = requests.request("GET", _url, verify=False)
_jws = factory(_response.text)
_payload = _jws.jwt.payload()
entity_statement = EntityStatement(**_payload)
_key_jar = KeyJar()
# verify entity_statement["iss"]
_key_jar.import_jwks(entity_statement['jwks'], entity_id)
_keys = _key_jar.get_jwt_verify_keys(_jws.jwt)
_res = _jws.verify_compact(keys=_keys)
return _res
def test_entity_statement():
client_info = RegistrationRequest(
**{
"application_type": "web",
"claims": ["sub", "name", "email", "picture"],
"id_token_signing_alg_values_supported": ["RS256", "RS512"],
"redirect_uris": ["https://foodle.uninett.no/callback"],
"response_types": ["code"]
})
metadata = Metadata()
metadata['openid_relying_party'] = client_info
iat = utc_time_sans_frac() # seconds since epoch
exp = iat + 3600
entity_statement = EntityStatement(metadata=metadata,
iss='https://example.com',
sub='https://foo.example.com',
iat=iat,
exp=exp)
jes = entity_statement.to_json()
_es = EntityStatement().from_json(jes)
assert set(_es.keys()) == {'metadata', 'iss', 'sub', 'iat', 'exp'}
assert set(_es['metadata'].keys()) == {'openid_relying_party'}
assert set(_es['metadata']['openid_relying_party'].keys()) == {
'application_type', 'claims', 'id_token_signing_alg_values_supported',
'redirect_uris', 'response_types'
}
def test_config_information():
fse = FSEntityStatementAPI(BASE_PATH, iss='foodle.uninett.no')
_jwt = fse.create_entity_statement('foodle.uninett.no')
_jws = factory(_jwt)
assert _jws
payload = _jws.jwt.payload()
assert payload['iss'] == 'https://foodle.uninett.no'
assert payload['sub'] == 'https://foodle.uninett.no'
es = EntityStatement().from_dict(payload)
_item = es['metadata']['openid_relying_party']
assert isinstance(_item, RegistrationResponse)
assert _item['response_types'] == ['code']
def test_policy_language_crit_not_supported():
_now = utc_time_sans_frac()
_statement = EntityStatement(iat=_now, exp=_now + 3600, **MSG)
_statement.verify(known_policy_extensions=["regexp"])
with pytest.raises(UnknownCriticalExtension):
_statement.verify()
def test_crit_critical_not_supported():
entity_id = "https://ent.example.org"
_now = utc_time_sans_frac()
_statement = EntityStatement(sub=entity_id,
iss=entity_id,
iat=_now,
exp=_now + 3600,
foo="bar",
crit=["foo"])
with pytest.raises(UnknownCriticalExtension):
_statement.verify(known_extensions=["xyz"])
with pytest.raises(UnknownCriticalExtension):
_statement.verify()
import json
from cryptojwt.jwt import utc_time_sans_frac
from fedservice import apply_policy
from fedservice import combine_policy
from fedservice.message import EntityStatement
from fedservice.message import FederationEntity
from fedservice.message import MetadataPolicy
from fedservice.message import TrustMark
from oidcmsg.oidc import ProviderConfigurationResponse
from oidcmsg.oidc import RegistrationRequest
from oidcmsg.oidc import RegistrationResponse
txt = open("2.1.json").read()
es = EntityStatement().from_json(txt)
now = utc_time_sans_frac()
es['iat'] = now
es['exp'] = now + 3600
print("2.1", es.verify())
# 3.6
txt = open("3.6.json").read()
fe = FederationEntity().from_json(txt)
print("3.6", fe.verify())