def index(self, op, **kwargs):
if cherrypy.request.method == "OPTIONS":
cherrypy_cors.preflight(allowed_methods=["GET"],
origins='*',
allowed_headers='Authorization')
else:
try:
authz = cherrypy.request.headers['Authorization']
except KeyError:
authz = None
try:
assert authz.startswith("Bearer")
except AssertionError:
op.events.store(EV_FAULT, "Bad authorization token")
cherrypy.HTTPError(400, "Bad authorization token")
tok = authz[7:]
try:
_claims = op.claim_access_token[tok]
except KeyError:
op.events.store(EV_FAULT, "Bad authorization token")
cherrypy.HTTPError(400, "Bad authorization token")
else:
# one time token
del op.claim_access_token[tok]
_info = Message(**_claims)
jwt_key = op.keyjar.get_signing_key()
op.events.store(EV_RESPONSE, _info.to_dict())
cherrypy.response.headers["content-type"] = 'application/jwt'
return as_bytes(_info.to_jwt(key=jwt_key, algorithm="RS256"))
def test_to_jwt(keytype, alg):
msg = Message(a='foo', b='bar', c='tjoho')
_jwt = msg.to_jwt(KEYJAR.get_signing_key(keytype, ''), alg)
msg1 = Message().from_jwt(_jwt, KEYJAR.get_signing_key(keytype, ''))
assert msg1 == msg
def test_to_jwt(keytype, alg):
msg = Message(a="foo", b="bar", c="tjoho")
_jwt = msg.to_jwt(KEYJAR.get_signing_key(keytype, ""), alg)
msg1 = Message().from_jwt(_jwt, KEYJAR.get_signing_key(keytype, ""))
assert msg1 == msg
def test_to_jwt_ec():
msg = Message(a='foo', b='bar', c='tjoho')
_jwt = msg.to_jwt(KEYJAR.get_signing_key('EC', ''), 'ES256')
msg1 = Message().from_jwt(_jwt, KEYJAR.get_signing_key('EC', ''))
assert msg1 == msg
def test_to_jwt(keytype, alg):
msg = Message(a='foo', b='bar', c='tjoho')
_jwt = msg.to_jwt(KEYJAR.get_signing_key(keytype, ''), alg)
msg1 = Message().from_jwt(_jwt, KEYJAR.get_signing_key(keytype, ''))
assert msg1 == msg
def application(self, environ, start_response):
"""
:param environ: The HTTP application environment
:param start_response: The application to run when the handling of the
request is done
:return: The response as a list of lines
"""
path = environ.get('PATH_INFO', '').lstrip('/')
response_encoder = ResponseEncoder(environ=environ,
start_response=start_response)
parameters = parse_qs(environ["QUERY_STRING"])
session_info = {
"addr": get_client_address(environ),
'cookie': environ.get("HTTP_COOKIE", ''),
'path': path,
'parameters': parameters
}
jlog = JLog(LOGGER, session_info['addr'])
jlog.info(session_info)
if path == "robots.txt":
return static(environ, start_response, "static/robots.txt")
if path.startswith("static/"):
return static(environ, start_response, path)
elif path.startswith("tar/"):
return static(environ, start_response, path)
elif path.startswith("log"):
return display_log(path, environ, start_response, lookup=LOOKUP)
elif path.startswith('clear/'):
return clear_log(path, environ, start_response, lookup=LOOKUP)
elif path.startswith('mktar/'):
return make_tar(path, environ, start_response, lookup=LOOKUP)
elif path.startswith("_static/"):
return static(environ, start_response, path)
elif path.startswith("jwks.json"):
try:
mode, endpoint = extract_mode(self.op_args["baseurl"])
events = Events()
events.store('Init',
'===========================================')
op, path, jlog.id = self.op_setup(environ, mode, events,
self.test_conf, endpoint)
jwks = op.generate_jwks(mode)
resp = Response(jwks,
headers=[('Content-Type', 'application/json')])
return resp(environ, start_response)
except KeyError:
# Try to load from static file
return static(environ, start_response, "static/jwks.json")
events = Events()
events.store('Init', '===========================================')
if path == "test_list":
return rp_test_list(environ, start_response)
elif path == "":
return registration(environ, start_response)
elif path == "generate_client_credentials":
client_id, client_secret = generate_static_client_credentials(
parameters)
return response_encoder.return_json(
json.dumps({"client_id": client_id,
"client_secret": client_secret}))
elif path == "3rd_party_init_login":
return rp_support_3rd_party_init_login(environ, start_response)
# path should be <oper_id>/<test_id>/<endpoint>
try:
mode = parse_path(path)
except ValueError:
resp = BadRequest('Illegal path')
return resp(environ, start_response)
try:
endpoint = mode['endpoint']
except KeyError:
_info = {'error': 'No endpoint', 'mode': mode}
events.store(EV_FAULT, _info)
jlog.error(_info)
resp = BadRequest('Illegal path')
return resp(environ, start_response)
if endpoint == ".well-known/webfinger":
session_info['endpoint'] = endpoint
try:
_p = urlparse(parameters["resource"][0])
except KeyError:
events.store(EV_FAULT,
FailedOperation('webfinger',
'No resource defined'))
jlog.error({'reason': 'No resource defined'})
resp = ServiceError("No resource defined")
return resp(environ, start_response)
if _p.scheme in ["http", "https"]:
events.store(EV_REQUEST,
Operation(name='webfinger', type='url',
path=_p.path))
mode = parse_path(_p.path)
elif _p.scheme == "acct":
_l, _ = _p.path.split('@')
_a = _l.split('.')
if len(_a) == 2:
_oper_id = _a[0]
_test_id = _a[1]
elif len(_a) > 2:
_oper_id = ".".join(_a[:-1])
_test_id = _a[-1]
else:
_oper_id = _a[0]
_test_id = 'default'
mode.update({'oper_id': _oper_id, 'test_id': _test_id})
events.store(EV_REQUEST,
Operation(name='webfinger', type='acct',
oper_id=_oper_id, test_id=_test_id))
else:
_msg = "Unknown scheme: {}".format(_p.scheme)
events.events(EV_FAULT, FailedOperation('webfinger', _msg))
jlog.error({'reason': _msg})
resp = ServiceError(_msg)
return resp(environ, start_response)
elif endpoint == "claim":
authz = environ["HTTP_AUTHORIZATION"]
_ev = Operation('claim')
try:
assert authz.startswith("Bearer")
except AssertionError:
resp = BadRequest()
else:
_ev.authz = authz
events.store(EV_REQUEST, _ev)
tok = authz[7:]
# mode, endpoint = extract_mode(self.op_args["baseurl"])
_op, _, sid = self.op_setup(environ, mode, events,
self.test_conf, endpoint)
try:
_claims = _op.claim_access_token[tok]
except KeyError:
resp = BadRequest()
else:
del _op.claim_access_token[tok]
_info = Message(**_claims)
jwt_key = _op.keyjar.get_signing_key()
resp = Response(_info.to_jwt(key=jwt_key,
algorithm="RS256"),
content='application/jwt')
return resp(environ, start_response)
if mode:
session_info.update(mode)
jlog.id = mode['oper_id']
try:
_op, path, jlog.id = self.op_setup(environ, mode, events,
self.test_conf,
endpoint)
except UnknownTestID as err:
resp = BadRequest('Unknown test ID: {}'.format(err.args[0]))
return resp(environ, start_response)
session_info["op"] = _op
session_info["path"] = path
session_info['test_conf'] = self.test_conf[session_info['test_id']]
for regex, callback in URLS:
match = re.search(regex, endpoint)
if match is not None:
_op = HTTPRequest(endpoint=endpoint,
method=environ["REQUEST_METHOD"])
try:
_op.authz = environ["HTTP_AUTHORIZATION"]
except KeyError:
pass
events.store(EV_HTTP_REQUEST, _op)
try:
environ['oic.url_args'] = match.groups()[0]
except IndexError:
environ['oic.url_args'] = endpoint
jlog.info({'callback': callback.__name__})
try:
return callback(environ, start_response, session_info,
events, op_arg=self.op_args, jlog=jlog)
except Exception as err:
print("%s" % err)
message = traceback.format_exception(*sys.exc_info())
print(message)
events.store(EV_EXCEPTION, err)
LOGGER.exception("%s" % err)
resp = ServiceError("%s" % err)
return resp(environ, start_response)
LOGGER.debug("unknown page: '{}'".format(endpoint))
events.store(EV_FAULT, 'No such page: {}'.format(endpoint))
resp = NotFound("Couldn't find the side you asked for!")
return resp(environ, start_response)
