Example #1
0
def test_keyjar_remove_key():
    ks = KeyJar()
    ks[""] = KeyBundle([{"kty": "oct", "key": "a1b2c3d4", "use": "sig"},
                        {"kty": "oct", "key": "a1b2c3d4", "use": "ver"}])
    ks["http://www.example.org"] = [
        KeyBundle([
            {"kty": "oct", "key": "e5f6g7h8", "use": "sig"},
            {"kty": "oct", "key": "e5f6g7h8", "use": "ver"}]),
        keybundle_from_local_file(RSAKEY, "rsa", ["enc", "dec"])
    ]
    ks["http://www.example.com"] = keybundle_from_local_file(RSA0, "rsa",
                                                             ["enc", "dec"])

    coll = ks["http://www.example.org"]
    # coll is list of KeyBundles
    assert len(coll) == 2
    keys = ks.get_encrypt_key(key_type="RSA", owner="http://www.example.org")
    assert len(keys) == 1
    _key = keys[0]
    ks.remove_key("http://www.example.org", "RSA", _key)

    coll = ks["http://www.example.org"]
    assert len(coll) == 1  # Only one remaining key
    keys = ks.get_encrypt_key(key_type="rsa", owner="http://www.example.org")
    assert len(keys) == 0

    keys = ks.verify_keys("http://www.example.com")
    assert len(keys) == 1
    assert len([k for k in keys if k.kty == "oct"]) == 1

    keys = ks.decrypt_keys("http://www.example.org")
    assert keys == []
Example #2
0
    def test_remove_key(self):
        ks = KeyJar()
        ks[""] = KeyBundle([
            {
                "kty": "oct",
                "key": "a1b2c3d4",
                "use": "sig"
            },
            {
                "kty": "oct",
                "key": "a1b2c3d4",
                "use": "ver"
            },
        ])
        ks["http://www.example.org"] = [
            KeyBundle([
                {
                    "kty": "oct",
                    "key": "e5f6g7h8",
                    "use": "sig"
                },
                {
                    "kty": "oct",
                    "key": "e5f6g7h8",
                    "use": "ver"
                },
            ]),
            keybundle_from_local_file(RSAKEY, "rsa", ["enc", "dec"]),
        ]
        ks["http://www.example.com"] = keybundle_from_local_file(
            RSA0, "rsa", ["enc", "dec"])

        coll = ks["http://www.example.org"]
        # coll is list of KeyBundles
        assert len(coll) == 2
        keys = ks.get_encrypt_key(key_type="RSA",
                                  owner="http://www.example.org")
        assert len(keys) == 1
        _key = keys[0]
        ks.remove_key("http://www.example.org", "RSA", _key)

        coll = ks["http://www.example.org"]
        assert len(coll) == 1  # Only one remaining key
        keys = ks.get_encrypt_key(key_type="rsa",
                                  owner="http://www.example.org")
        assert len(keys) == 0

        keys = ks.verify_keys("http://www.example.com")
        assert len(keys) == 2
        assert len([k for k in keys if k.kty == "oct"]) == 2

        keys = ks.decrypt_keys("http://www.example.org")
        assert keys == []
Example #3
0
def test_keyjar_pairkeys():
    ks = KeyJar()
    ks[""] = KeyBundle([{
        "kty": "oct",
        "key": "a1b2c3d4",
        "use": "sig"
    }, {
        "kty": "oct",
        "key": "a1b2c3d4",
        "use": "ver"
    }])
    ks["http://www.example.org"] = KeyBundle([{
        "kty": "oct",
        "key": "e5f6g7h8",
        "use": "sig"
    }, {
        "kty": "oct",
        "key": "e5f6g7h8",
        "use": "ver"
    }])
    ks["http://www.example.org"].append(
        keybundle_from_local_file(RSAKEY, "rsa", ["ver", "sig"]))

    collection = ks.verify_keys("http://www.example.org")
    assert len(collection) == 3
    assert len([k for k in collection if k.kty == "oct"]) == 2
    assert len([k for k in collection if k.kty == "RSA"]) == 1
Example #4
0
def test_srv2():
    cc = ClaimsClient(client_id="client_1")
    cc.client_secret = "hemlig"

    req = cc.construct_UserClaimsRequest(
        request_args={
            "sub": "diana",
            "claims_names": ["gender", "birthdate"]
        })

    srv = ClaimsServer("pyoicserv",
                       SessionDB(),
                       CDB,
                       USERINFO,
                       verify_client,
                       keyjar=KEYJAR,
                       dist_claims_mode=ClaimsMode(USER2MODE))

    srv.keyjar[""] = keybundle_from_local_file("rsa.key", "rsa",
                                               ["ver", "sig"])

    assert srv

    resp = srv.claims_endpoint(req.to_urlencoded(), "")

    print resp.message

    ucr = UserClaimsResponse().deserialize(resp.message, "json")
    ucr.verify(keyjar=srv.keyjar)

    print ucr
    assert _eq(ucr["claims_names"], ["gender", "birthdate"])
    assert "jwt" in ucr
Example #5
0
    def test_keyjar_group_keys(self):
        ks = KeyJar()
        ks[""] = KeyBundle([{
            "kty": "oct",
            "key": "a1b2c3d4",
            "use": "sig"
        }, {
            "kty": "oct",
            "key": "a1b2c3d4",
            "use": "ver"
        }])
        ks["http://www.example.org"] = KeyBundle([{
            "kty": "oct",
            "key": "e5f6g7h8",
            "use": "sig"
        }, {
            "kty": "oct",
            "key": "e5f6g7h8",
            "use": "ver"
        }])
        ks["http://www.example.org"].append(
            keybundle_from_local_file(RSAKEY, "rsa", ["ver", "sig"]))

        verified_keys = ks.verify_keys("http://www.example.org")
        assert len(verified_keys) == 6
        assert len([k for k in verified_keys if k.kty == "oct"]) == 4
        assert len([k for k in verified_keys if k.kty == "RSA"]) == 2
Example #6
0
    def test_sign_enc_request(self):
        cli = Client()
        cli.redirect_uris = ["http://www.example.org/authz"]
        cli.client_id = "client_1"

        for kb in self.server.keyjar.issuer_keys[""]:
            _jwks = kb.jwks()
            _keys = [k for k in json.loads(_jwks)["keys"]
                     if k["use"] in ["ver"]]
            _kb = KeyBundle(_keys)
            cli.keyjar.add_kb(self.server.name, _kb)
    
        _kb = keybundle_from_local_file("%s/rsa.pub" % BASE_PATH, "RSA", ["enc"])
        cli.keyjar.add_kb(self.server.name, _kb)
    
        request_args = {"redirect_uri": cli.redirect_uris[0],
                        "client_id": cli.client_id,
                        "scope": "openid",
                        "response_type": "code"}
    
        kwargs = {"request_object_signing_alg": "none",
                  "request_object_encryption_alg": "RSA1_5",
                  "request_object_encryption_enc": "A128CBC-HS256",
                  "request_method": "parameter",
                  "target": self.server.name}
    
        areq = cli.construct_AuthorizationRequest(request_args=request_args,
                                                  **kwargs)
    
        assert areq
        assert areq["request"]
Example #7
0
    def test_dump_issuer_keys(self):
        kb = keybundle_from_local_file("file://%s/jwk.json" % BASE_PATH, "jwk",
                                       ["ver", "sig"])
        assert len(kb) == 1
        kj = KeyJar()
        kj.issuer_keys[""] = [kb]
        res = kj.dump_issuer_keys("")

        assert len(res) == 1
        assert res[0] == {
            'use':
            'sig',
            'e':
            'AQAB',
            'kty':
            'RSA',
            'alg':
            'RS256',
            'n':
            'pKybs0WaHU_y4cHxWbm8Wzj66HtcyFn7Fh3n-99qTXu5yNa30MRYIYfSDwe9JVc1JUoGw41yq2StdGBJ40HxichjE-Yopfu3B58Q'
            'lgJvToUbWD4gmTDGgMGxQxtv1En2yedaynQ73sDpIK-12JJDY55pvf-PCiSQ9OjxZLiVGKlClDus44_uv2370b9IN2JiEOF-a7JB'
            'qaTEYLPpXaoKWDSnJNonr79tL0T7iuJmO1l705oO3Y0TQ-INLY6jnKG_RpsvyvGNnwP9pMvcP1phKsWZ10ofuuhJGRp8IxQL9Rfz'
            'T87OvF0RBSO1U73h09YP-corWDsnKIi6TbzRpN5YDw',
            'kid':
            'abc'
        }
Example #8
0
def test_srv2():
    cc = ClaimsClient(client_id="client_1")
    cc.client_secret = "hemlig"

    req = cc.construct_UserClaimsRequest(
        request_args={"sub": "diana", "claims_names": ["gender", "birthdate"]})

    srv = ClaimsServer("pyoicserv", SessionDB("https://example.com"), CDB,
                       USERINFO, verify_client,
                       keyjar=KEYJAR, dist_claims_mode=ClaimsMode(USER2MODE))

    srv.keyjar[""] = keybundle_from_local_file("%s/rsa.key" % BASE_PATH, "rsa", ["ver", "sig"])

    assert srv

    resp = srv.claims_endpoint(req.to_urlencoded(), "")

    print resp.message

    ucr = UserClaimsResponse().deserialize(resp.message, "json")
    ucr.verify(keyjar=srv.keyjar)

    print ucr
    assert _eq(ucr["claims_names"], ["gender", "birthdate"])
    assert "jwt" in ucr
Example #9
0
def test_kid_usage():
    kb = keybundle_from_local_file("file://jwk.json", "jwk", ["ver", "sig"])
    kj = KeyJar()
    kj.issuer_keys["https://example.com"] = [kb]

    _key = kj.get_key_by_kid("abc", "https://example.com")
    assert _key
    assert _key.kid == "abc"
Example #10
0
def test_kid_usage():
    kb = keybundle_from_local_file("file://jwk.json", "jwk", ["ver", "sig"])
    kj = KeyJar()
    kj.issuer_keys["https://example.com"] = [kb]

    _key = kj.get_key_by_kid("abc", "https://example.com")
    assert _key
    assert _key.kid == "abc"
Example #11
0
def test_local_jwk_file():
    kb = keybundle_from_local_file("file://jwk.json", "jwk", ["ver", "sig"])
    assert len(kb) == 1
    kj = KeyJar()
    kj.issuer_keys[""] = [kb]
    keys = kj.get_signing_key()
    assert len(keys) == 1
    key = keys[0]
    assert isinstance(key, RSAKey)
    assert key.kid == "abc"
Example #12
0
def test_local_jwk_file():
    kb = keybundle_from_local_file("file://jwk.json", "jwk", ["ver", "sig"])
    assert len(kb) == 1
    kj = KeyJar()
    kj.issuer_keys[""] = [kb]
    keys = kj.get_signing_key()
    assert len(keys) == 1
    key = keys[0]
    assert isinstance(key, RSAKey)
    assert key.kid == "abc"
Example #13
0
 def keyjar(self):
     symkey = KeyBundle(
         [{"kty": "oct", "key": "abcdefghijklmnop", "use": "ver"},
          {"kty": "oct", "key": "abcdefghijklmnop", "use": "sig"}])
     base_path = os.path.abspath(os.path.join(os.path.dirname(__file__), "data/keys"))
     rsakey = keybundle_from_local_file(
         os.path.abspath(os.path.join(base_path, "rsa.key")), "rsa",
         ["ver", "sig"])
     keyjar = KeyJar()
     keyjar["client1"] = [symkey, rsakey]
     keyjar[""] = rsakey
     return keyjar
Example #14
0
 def test_unpack_verify_key(self):
     srv = JWT(keyjar, iss=issuer)
     _jwt = srv.pack(sub="sub")
     # Remove the signing key from keyjar
     keyjar.remove_key("", "RSA", "")
     # And add it back as verify
     kb = keybundle_from_local_file(os.path.join(BASE_PATH, "cert.key"), "RSA", ["ver"])
     # keybundle_from_local_file doesn'assign kid, so assign manually
     kb._keys[0].kid = kidd["sig"]["RSA"]
     keyjar.add_kb("", kb)
     info = srv.unpack(_jwt)
     assert info["sub"] == "sub"
Example #15
0
def test_signing():
    kb = keybundle_from_local_file("file://jwk.json", "jwk", ["ver", "sig"])
    assert len(kb) == 1
    kj = KeyJar()
    kj.issuer_keys[""] = [kb]
    keys = kj.get_signing_key()
    payload = "Please take a moment to register today"
    _jws = JWS(payload, alg="RS512")
    try:
        _jwt = _jws.sign_compact(keys)
        assert False
    except (NoSuitableSigningKeys, WrongTypeOfKey):
        assert True
Example #16
0
def test_signing():
    # Signing is only possible if key is a private RSA key
    kb = keybundle_from_local_file("rsa.key", "rsa", ["ver", "sig"])
    assert len(kb) == 2
    kj = KeyJar()
    kj.issuer_keys[""] = [kb]
    keys = kj.get_signing_key()
    payload = "Please take a moment to register today"
    _jws = JWS(payload, alg="RS512")
    try:
        _jwt = _jws.sign_compact(keys)
        assert True
    except (NoSuitableSigningKeys, WrongTypeOfKey):
        assert False
Example #17
0
def test_keyjar_pairkeys():
    ks = KeyJar()
    ks[""] = KeyBundle([{"kty": "oct", "key": "a1b2c3d4", "use": "sig"},
                        {"kty": "oct", "key": "a1b2c3d4", "use": "ver"}])
    ks["http://www.example.org"] = KeyBundle([
        {"kty": "oct", "key": "e5f6g7h8", "use": "sig"},
        {"kty": "oct", "key": "e5f6g7h8", "use": "ver"}])
    ks["http://www.example.org"].append(
        keybundle_from_local_file(RSAKEY, "rsa", ["ver", "sig"]))

    collection = ks.verify_keys("http://www.example.org")
    assert len(collection) == 3
    assert len([k for k in collection if k.kty == "oct"]) == 2
    assert len([k for k in collection if k.kty == "RSA"]) == 1
Example #18
0
def test_signing():
    # Signing is only possible if key is a private RSA key
    kb = keybundle_from_local_file("rsa.key", "rsa", ["ver", "sig"])
    assert len(kb) == 2
    kj = KeyJar()
    kj.issuer_keys[""] = [kb]
    keys = kj.get_signing_key()
    payload = "Please take a moment to register today"
    _jws = JWS(payload, alg="RS512")
    try:
        _jwt = _jws.sign_compact(keys)
        assert True
    except (NoSuitableSigningKeys, WrongTypeOfKey):
        assert False
Example #19
0
    def test_keyjar_group_keys(self):
        ks = KeyJar()
        ks[""] = KeyBundle([{"kty": "oct", "key": "a1b2c3d4", "use": "sig"},
                            {"kty": "oct", "key": "a1b2c3d4", "use": "ver"}])
        ks["http://www.example.org"] = KeyBundle([
            {"kty": "oct", "key": "e5f6g7h8", "use": "sig"},
            {"kty": "oct", "key": "e5f6g7h8", "use": "ver"}])
        ks["http://www.example.org"].append(
            keybundle_from_local_file(RSAKEY, "rsa", ["ver", "sig"]))

        verified_keys = ks.verify_keys("http://www.example.org")
        assert len(verified_keys) == 3
        assert len([k for k in verified_keys if k.kty == "oct"]) == 2
        assert len([k for k in verified_keys if k.kty == "RSA"]) == 1
Example #20
0
def test_dump_own_keys():
    kb = keybundle_from_local_file("file://jwk.json", "jwk", ["ver", "sig"])
    assert len(kb) == 1
    kj = KeyJar()
    kj.issuer_keys[""] = [kb]
    res = kj.dump_issuer_keys("")

    assert len(res) == 1
    assert res[0] == {
        'use': u'sig',
        'e': u'AQAB',
        'kty': u'RSA',
        'alg': u'RS256',
        'n': u'pKybs0WaHU_y4cHxWbm8Wzj66HtcyFn7Fh3n-99qTXu5yNa30MRYIYfSDwe9JVc1JUoGw41yq2StdGBJ40HxichjE-Yopfu3B58QlgJvToUbWD4gmTDGgMGxQxtv1En2yedaynQ73sDpIK-12JJDY55pvf-PCiSQ9OjxZLiVGKlClDus44_uv2370b9IN2JiEOF-a7JBqaTEYLPpXaoKWDSnJNonr79tL0T7iuJmO1l705oO3Y0TQ-INLY6jnKG_RpsvyvGNnwP9pMvcP1phKsWZ10ofuuhJGRp8IxQL9RfzT87OvF0RBSO1U73h09YP-corWDsnKIi6TbzRpN5YDw',
        'kid': u'abc'}
Example #21
0
    def test_update_RSA(self):
        kc = keybundle_from_local_file(RSAKEY, "rsa", ["ver", "sig"])
        assert kc.remote is False
        assert len(kc.get("oct")) == 0
        assert len(kc.get("RSA")) == 2

        key = kc.get("RSA")[0]
        assert isinstance(key, RSAKey)

        kc.update()
        assert kc.remote is False
        assert len(kc.get("oct")) == 0
        assert len(kc.get("RSA")) == 2

        key = kc.get("RSA")[0]
        assert isinstance(key, RSAKey)
Example #22
0
def test_chain_2():
    kc = keybundle_from_local_file(RSAKEY, "rsa", ["ver","sig"])
    assert kc.remote is False
    assert len(kc.get("oct")) == 0
    assert len(kc.get("RSA")) == 2

    key = kc.get("RSA")[0]
    assert isinstance(key, RSAKey)

    kc.update()
    assert kc.remote is False
    assert len(kc.get("oct")) == 0
    assert len(kc.get("RSA")) == 2

    key = kc.get("RSA")[0]
    assert isinstance(key, RSAKey)
Example #23
0
 def keyjar(self):
     symkey = KeyBundle([{
         "kty": "oct",
         "key": "abcdefghijklmnop",
         "use": "ver"
     }, {
         "kty": "oct",
         "key": "abcdefghijklmnop",
         "use": "sig"
     }])
     base_path = os.path.abspath(
         os.path.join(os.path.dirname(__file__), "data/keys"))
     rsakey = keybundle_from_local_file(
         os.path.abspath(os.path.join(base_path, "rsa.key")), "rsa",
         ["ver", "sig"])
     keyjar = KeyJar()
     keyjar["client1"] = [symkey, rsakey]
     keyjar[""] = rsakey
     return keyjar
Example #24
0
    def test_sign_enc_request(self):
        cli = Client()
        cli.redirect_uris = ["http://www.example.org/authz"]
        cli.client_id = "client_1"

        for kb in self.server.keyjar.issuer_keys[""]:
            _jwks = kb.jwks()
            _keys = [
                k for k in json.loads(_jwks)["keys"] if k["use"] in ["ver"]
            ]
            _kb = KeyBundle(_keys)
            cli.keyjar.add_kb(self.server.name, _kb)

        _kb = keybundle_from_local_file("%s/rsa.pub" % BASE_PATH, "RSA",
                                        ["enc"])
        cli.keyjar.add_kb(self.server.name, _kb)

        request_args = {
            "redirect_uri": cli.redirect_uris[0],
            "client_id": cli.client_id,
            "scope": "openid",
            "response_type": "code"
        }

        kwargs = {
            "request_object_signing_alg": "none",
            "request_object_encryption_alg": "RSA1_5",
            "request_object_encryption_enc": "A128CBC-HS256",
            "request_method": "parameter",
            "target": self.server.name
        }

        areq = cli.construct_AuthorizationRequest(request_args=request_args,
                                                  **kwargs)

        assert areq
        assert areq["request"]
Example #25
0
    def __init__(self, base_url, client_metadata_func):
        # Read OP configuration from file
        with open("conf/op_config.json", "r") as f:
            op_capabilities = json.load(f)
        for key, value in op_capabilities.iteritems():
            if isinstance(value, basestring):
                op_capabilities[key] = value.format(base=base_url)  # replace placeholder with the actual base name

        self.OP = Provider(base_url, {}, client_metadata_func, None, None, None, None, None,
                           capabilities=op_capabilities)
        self.OP.baseurl = op_capabilities["issuer"]

        # Setup up keys for signing and encrypting
        self.OP.keyjar = KeyJar()
        kb = keybundle_from_local_file("inAcademia", "RSA", ["sig", "enc"])
        self.OP.keyjar.add_kb("", kb)

        try:
            file_name = "static/jwks.json"
            dump_jwks([kb], file_name)
            self.OP.jwks_uri.append("{}/{}".format(base_url, file_name))
        except Exception as e:
            logger.exception("Signing and encryption keys could not be written to jwks.json.")
            raise
Example #26
0
from oic.utils.keyio import KeyJar
from oic.utils.keyio import keybundle_from_local_file
from oic.utils.sdb import SessionDB

from software_statement.message import SWSMessage
from six.moves.urllib.parse import urlparse, parse_qs
from software_statement.provider import SWSProvider, SWS_CACHE_KEY

OP_ISSUER = "https://connect-op.heroku.com"

CLIENT_ID = "client_1"
SIGNING_KEY_FILE = "private.key"

BASE_PATH = os.path.abspath(
    os.path.join(os.path.dirname(__file__), "keys"))
KC_RSA = keybundle_from_local_file(os.path.join(BASE_PATH, SIGNING_KEY_FILE),
                                   "RSA", ["ver", "sig"])

KEYJAR = KeyJar()
KEYJAR[CLIENT_ID] = [KC_RSA]
KEYJAR[""] = KC_RSA

CDB = {}


class DummyAuthn(UserAuthnMethod):
    def __init__(self, srv, user):
        UserAuthnMethod.__init__(self, srv)
        self.user = user

    def authenticated_as(self, cookie=None, **kwargs):
        if cookie == "FAIL":
Example #27
0
    def create_client(self, userid="", **kwargs):
        """
        Do an instantiation of a client instance

        :param userid: An identifier of the user
        :param: Keyword arguments
            Keys are ["srv_discovery_url", "client_info", "client_registration",
            "provider_info"]
        :return: client instance
        """
        _key_set = set(kwargs.keys())
        args = {}
        for param in ["verify_ssl"]:
            try:
                args[param] = kwargs[param]
            except KeyError:
                pass
            else:
                _key_set.discard(param)

        try:
            verify_ssl = default_ssl_check
        except:
            verify_ssl = True

        # Check to see if there is a keyset specified in the client_registration (if it is a client_registration type)
        #   This gets used if the authentication method is "private_key_jwt
        if "client_registration" in _key_set:
            if "keyset_jwk_file" in kwargs["client_registration"].keys():
                key_bundle = keyio.keybundle_from_local_file(kwargs["client_registration"]["keyset_jwk_file"],"jwk","sig")
                key_jar =keyio.KeyJar(verify_ssl=verify_ssl)
                key_jar.add_kb("",key_bundle)
                args["keyjar"] = key_jar

        client = self.client_cls(client_authn_method=CLIENT_AUTHN_METHOD,
                                 behaviour=kwargs["behaviour"], verify_ssl=verify_ssl, **args)

        # The behaviour parameter is not significant for the election process
        _key_set.discard("behaviour")
        for param in ["allow"]:
            try:
                setattr(client, param, kwargs[param])
            except KeyError:
                pass
            else:
                _key_set.discard(param)

        if _key_set == set(["client_info"]):  # Everything dynamic
            # There has to be a userid
            if not userid:
                raise MissingAttribute("Missing userid specification")

            # Find the service that provides information about the OP
            issuer = client.wf.discovery_query(userid)
            # Gather OP information
            client.provider_config(issuer)
            # register the client
            client.register(
                client.provider_info["registration_endpoint"],
                **kwargs["client_info"]
            )
        elif _key_set == set(["client_info", "srv_discovery_url"]):
            # Ship the webfinger part
            # Gather OP information
            client.provider_config(kwargs["srv_discovery_url"])
            # register the client
            client.register(
                client.provider_info["registration_endpoint"],
                **kwargs["client_info"]
            )
        elif _key_set == set(["provider_info", "client_info"]):
            client.handle_provider_config(
                ProviderConfigurationResponse(**kwargs["provider_info"]),
                kwargs["provider_info"]["issuer"])
            client.register(client.provider_info["registration_endpoint"],
                            **kwargs["client_info"])
        elif _key_set == set(["provider_info", "client_registration"]):
            client.handle_provider_config(
                ProviderConfigurationResponse(**kwargs["provider_info"]),
                kwargs["provider_info"]["issuer"])
            client.store_registration_info(RegistrationResponse(
                **kwargs["client_registration"]))
        elif _key_set == set(["srv_discovery_url", "client_registration"]):
            try:
                client.provider_config(kwargs["srv_discovery_url"])
                client.store_registration_info(
                    RegistrationResponse(**kwargs["client_registration"])
                )
            except Exception as e:
                logger.error(
                    "Provider info discovery failed for %s - assume backend unworkable",
                    kwargs["srv_discovery_url"]
                )
                logger.exception(e)
        else:
            raise Exception("Configuration error ?")

        return client
Example #28
0
from oic.oic.consumer import Consumer
from oic.oic.consumer import IGNORE
from oic.oic.consumer import clean_response

from oic.utils.time_util import utc_time_sans_frac
from oic.utils.sdb import SessionDB

from fakeoicsrv import MyFakeOICServer

CLIENT_SECRET = "abcdefghijklmnop"
CLIENT_ID = "client_1"

KC_SYM_VS = KeyBundle({"kty": "oct", "key": "abcdefghijklmnop", "use": "ver"})
KC_SYM_S = KeyBundle({"kty": "oct", "key": "abcdefghijklmnop", "use": "sig"})

KC_RSA = keybundle_from_local_file("../oidc_example/op1/certs/mycert.key",
                                   "rsa", ["ver", "sig"])

SRVKEYS = KeyJar()
SRVKEYS[""] = [KC_RSA]
SRVKEYS["client_1"] = [KC_SYM_VS, KC_RSA]

CLIKEYS = KeyJar()
CLIKEYS["http://localhost:8088"] = [KC_RSA]
CLIKEYS[""] = [KC_SYM_VS]
CLIKEYS["http://example.com"] = [KC_RSA]

BASE_ENVIRON = {'SERVER_PROTOCOL': 'HTTP/1.1',
                'REQUEST_METHOD': 'GET',
                'QUERY_STRING': '',
                'HTTP_CONNECTION': 'keep-alive',
                'REMOTE_ADDR': '127.0.0.1',
Example #29
0
from oic.utils.sdb import SessionDB

from fakeoicsrv import MyFakeOICServer
from mitmsrv import MITMServer

from utils_for_tests import _eq

CLIENT_SECRET = "abcdefghijklmnop"
CLIENT_ID = "client_1"

KC_SYM_VS = KeyBundle({"kty": "oct", "key": "abcdefghijklmnop", "use": "ver"})
KC_SYM_S = KeyBundle({"kty": "oct", "key": "abcdefghijklmnop", "use": "sig"})

BASE_PATH = os.path.dirname(os.path.abspath(__file__))

KC_RSA = keybundle_from_local_file("%s/rsa.key" % BASE_PATH, "rsa",
                                   ["ver", "sig"])

SRVKEYS = KeyJar()
SRVKEYS[""] = [KC_RSA]
SRVKEYS["client_1"] = [KC_SYM_VS, KC_RSA]

CLIKEYS = KeyJar()
CLIKEYS["http://localhost:8088"] = [KC_RSA]
CLIKEYS[""] = [KC_SYM_VS]
CLIKEYS["http://example.com"] = [KC_RSA]

BASE_ENVIRON = {
    'SERVER_PROTOCOL': 'HTTP/1.1',
    'REQUEST_METHOD': 'GET',
    'QUERY_STRING': '',
    'HTTP_CONNECTION': 'keep-alive',
Example #30
0
from oic.oic.consumer import Consumer
from oic.oic.consumer import IGNORE
from oic.oic.consumer import clean_response
from oic.utils.time_util import utc_time_sans_frac
from oic.utils.sdb import SessionDB

from fakeoicsrv import MyFakeOICServer
from mitmsrv import MITMServer

__author__ = 'rohe0002'

KC_SYM_VS = KeyBundle({"kty": "oct", "key": "abcdefghijklmnop", "use": "ver"})
KC_SYM_S = KeyBundle({"kty": "oct", "key": "abcdefghijklmnop", "use": "sig"})

BASE_PATH = os.path.abspath(os.path.join(os.path.dirname(__file__), "data/keys"))
KC_RSA = keybundle_from_local_file(os.path.join(BASE_PATH, "rsa.key"), "rsa",
                                   ["ver", "sig"])

SRVKEYS = KeyJar()
SRVKEYS[""] = [KC_RSA]
SRVKEYS["client_1"] = [KC_SYM_VS, KC_RSA]

CLIKEYS = KeyJar()
CLIKEYS["http://localhost:8088"] = [KC_RSA]
CLIKEYS[""] = [KC_RSA, KC_SYM_VS]
CLIKEYS["http://example.com"] = [KC_RSA]

SERVER_INFO = {
    "version": "3.0",
    "issuer": "https://localhost:8088",
    "authorization_endpoint": "http://localhost:8088/authorization",
    "token_endpoint": "http://localhost:8088/token",
Example #31
0
from oic.oic.message import OpenIDSchema
from oic.oic.message import ProviderConfigurationResponse
from oic.utils.authn.client import CLIENT_AUTHN_METHOD
from oic.utils.keyio import KeyBundle
from oic.utils.keyio import KeyJar
from oic.utils.keyio import keybundle_from_local_file
from oic.utils.time_util import utc_time_sans_frac

__author__ = 'rohe0002'

KC_SYM_VS = KeyBundle({"kty": "oct", "key": "abcdefghijklmnop", "use": "ver"})
KC_SYM_S = KeyBundle({"kty": "oct", "key": "abcdefghijklmnop", "use": "sig"})

BASE_PATH = os.path.abspath(
    os.path.join(os.path.dirname(__file__), "data/keys"))
KC_RSA = keybundle_from_local_file(os.path.join(BASE_PATH, "rsa.key"), "rsa",
                                   ["ver", "sig"])

SRVKEYS = KeyJar()
SRVKEYS[""] = [KC_RSA]
SRVKEYS["client_1"] = [KC_SYM_VS, KC_RSA]

CLIKEYS = KeyJar()
CLIKEYS["http://localhost:8088"] = [KC_RSA]
CLIKEYS[""] = [KC_RSA, KC_SYM_VS]
CLIKEYS["http://example.com"] = [KC_RSA]

SERVER_INFO = {
    "version": "3.0",
    "issuer": "https://localhost:8088",
    "authorization_endpoint": "http://localhost:8088/authorization",
    "token_endpoint": "http://localhost:8088/token",
Example #32
0
    cdb = json.loads(open("claims_client.json").read())
    userinfo = UserInfo(USERDB)

    # in memory session storage

    config = json.loads(open(args.config).read())
    sdb = create_session_db(config["issuer"],
                            config["SESSION_KEY"],
                            password="******")
    OAS = ClaimsServer(config["issuer"], sdb, cdb, userinfo,
                       verify_client)

    if "keys" in config:
        for typ, info in config["keys"].items():
            OAS.keyjar.add_kb("", keybundle_from_local_file(info["key"], "rsa",
                                                            ["ver", "sig"]))
            try:
                OAS.jwks_uri.append(info["jwk"])
            except KeyError:
                pass

    #print URLS
    if args.debug:
        OAS.debug = True

    OAS.endp = ENDPOINTS
    if args.port == 80:
        OAS.baseurl = config["baseurl"]
    else:
        if config["baseurl"].endswith("/"):
            config["baseurl"] = config["baseurl"][:-1]
Example #33
0
from jwkest.jws import alg2keytype
from oic.oic.message import IdToken
from oic.utils.keyio import KeyJar, keybundle_from_local_file

__author__ = 'rohe0002'

kc = keybundle_from_local_file("../oc3/certs/mycert.key", "rsa", ["ver",
                                                                  "sig"])

kj = KeyJar()

kj["foobar"] = [kc]

idt = IdToken().from_dict({"user_id": "diana", "aud": "uo5nowsdL3ck",
                           "iss": "https://localhost:8092", "acr": "2",
                           "exp": 1354442188, "iat": 1354359388})

ckey = kj.get_signing_key(alg2keytype("RS256"), "foobar")
_signed_jwt = idt.to_jwt(key=ckey, algorithm="RS256")
Example #34
0
    "flows_supported": ["code", "token", "code token"],
    #"identifiers_supported":["public","ppid"],
    #"x509_url":"https://connect-op.heroku.com/cert.pem"
}

BASE_PATH = os.path.dirname(os.path.abspath(__file__))

CLIENT_SECRET = "abcdefghijklmnop"
CLIENT_ID = "client_1"

KC_SYM = KeyBundle([{"kty": "oct", "key": CLIENT_SECRET, "use": "ver"},
                    {"kty": "oct", "key": CLIENT_SECRET, "use": "sig"}])
KC_SYM2 = KeyBundle([{"kty": "oct", "key": "drickyoughurt", "use": "sig"},
                     {"kty": "oct", "key": "drickyoughurt", "use": "ver"}])

KC_RSA = keybundle_from_local_file("%s/rsa.key" % BASE_PATH,
                                   "RSA", ["ver", "sig"])

KEYJAR = KeyJar()
KEYJAR[CLIENT_ID] = [KC_SYM, KC_RSA]
KEYJAR["number5"] = [KC_SYM2, KC_RSA]
KEYJAR[""] = KC_RSA

CDB = {
    "number5": {
        "password": "******",
        "client_secret": "drickyoughurt",
        # "jwk_key": CONSUMER_CONFIG["key"],
        "redirect_uris": [("http://localhost:8087/authz", None)],
        "post_logout_redirect_uris": [("https://example.com/post_logout", None)]
    },
    "a1b2c3": {
Example #35
0
    cdb = json.loads(open("claims_client.json").read())
    userinfo = UserInfo(USERDB)

    # in memory session storage

    config = json.loads(open(args.config).read())
    sdb = create_session_db(config["issuer"],
                            config["SESSION_KEY"],
                            password="******")
    OAS = ClaimsServer(config["issuer"], sdb, cdb, userinfo,
                       verify_client)

    if "keys" in config:
        for typ, info in config["keys"].items():
            OAS.keyjar.add_kb("", keybundle_from_local_file(info["key"], "rsa",
                                                            ["ver", "sig"]))
            try:
                OAS.jwks_uri.append(info["jwk"])
            except KeyError:
                pass

    #print URLS
    if args.debug:
        OAS.debug = True

    OAS.endpoints = ENDPOINTS
    if args.port == 80:
        OAS.baseurl = config["baseurl"]
    else:
        if config["baseurl"].endswith("/"):
            config["baseurl"] = config["baseurl"][:-1]
Example #36
0
    args = parser.parse_args()

    cdb = json.loads(open("claims_client.json").read())
    userinfo = UserInfo(USERDB)

    # in memory session storage

    config = json.loads(open(args.config).read())
    OAS = ClaimsServer(config["issuer"], SessionDB(), cdb, userinfo,
                       verify_client)

    if "keys" in config:
        for typ, info in config["keys"].items():
            OAS.keyjar.add_kb(
                "",
                keybundle_from_local_file(info["key"], "rsa", ["ver", "sig"]))
            try:
                OAS.jwks_uri.append(info["jwk"])
            except KeyError:
                pass

    #print URLS
    if args.debug:
        OAS.debug = True

    OAS.endpoints = ENDPOINTS
    if args.port == 80:
        OAS.baseurl = config["baseurl"]
    else:
        if config["baseurl"].endswith("/"):
            config["baseurl"] = config["baseurl"][:-1]
Example #37
0
}, {
    "kty": "oct",
    "key": CLIENT_SECRET,
    "use": "sig"
}])
KC_SYM2 = KeyBundle([{
    "kty": "oct",
    "key": "drickyoughurt",
    "use": "sig"
}, {
    "kty": "oct",
    "key": "drickyoughurt",
    "use": "ver"
}])

KC_RSA = keybundle_from_local_file("../oidc_example/op1/certs/mycert.key",
                                   "rsa", ["ver", "sig"])

KEYJAR = KeyJar()
KEYJAR[CLIENT_ID] = [KC_SYM, KC_RSA]
KEYJAR["number5"] = [KC_SYM2, KC_RSA]
KEYJAR[""] = KC_RSA

CDB = {
    "number5": {
        "password": "******",
        "client_secret": "drickyoughurt",
        #"jwk_key": CONSUMER_CONFIG["key"],
        "redirect_uris": [("http://localhost:8087/authz", None)],
    },
    "a1b2c3": {
        "redirect_uris": [("http://localhost:8087/authz", None)]
Example #38
0
    #"registration_endpoint":"https://connect-op.heroku.com/connect/client",
    #"scopes_supported":["openid","profile","email","address","PPID"],
    "flows_supported": ["code", "token", "code token"],
    #"identifiers_supported":["public","ppid"],
    #"x509_url":"https://connect-op.heroku.com/cert.pem"
}

CLIENT_SECRET = "abcdefghijklmnop"
CLIENT_ID = "client_1"

KC_SYM = KeyBundle([{"kty": "oct", "key": CLIENT_SECRET, "use": "ver"},
                     {"kty": "oct", "key": CLIENT_SECRET, "use": "sig"}])
KC_SYM2 = KeyBundle([{"kty": "oct", "key": "drickyoughurt", "use": "sig"},
                      {"kty": "oct", "key": "drickyoughurt", "use": "ver"}])

KC_RSA = keybundle_from_local_file("../oc3/certs/mycert.key", "RSA",
                                   ["ver", "sig"])

KEYJAR = KeyJar()
KEYJAR[CLIENT_ID] = [KC_SYM, KC_RSA]
KEYJAR["number5"] = [KC_SYM2, KC_RSA]
KEYJAR[""] = KC_RSA

CDB = {
    "number5": {
        "password": "******",
        "client_secret": "drickyoughurt",
        #"jwk_key": CONSUMER_CONFIG["key"],
        "redirect_uris": [("http://localhost:8087/authz", None)],
    },
    "a1b2c3": {
        "redirect_uris": [("http://localhost:8087/authz", None)]
Example #39
0
        "client_secret": "drickyoghurt",
        "redirect_uris": [("http://*****:*****@example.com",
        "verified": True,
        "sub": "username"
    }
}

PROVIDER_RSA = keybundle_from_local_file(
    "tests/keys/cert.key",
    "RSA", ["ver", "sig"])
PROVIDER_KEYJAR = KeyJar()
PROVIDER_KEYJAR[""] = PROVIDER_RSA

CLIENT_RSA = keybundle_from_local_file(
    "tests/keys/rsa.key",
    "RSA", ["ver", "sig"])
CLIENT_KEYJAR = KeyJar()
CLIENT_KEYJAR[""] = CLIENT_RSA


class DummyAuthn(UserAuthnMethod):
    def __init__(self, srv, user):
        UserAuthnMethod.__init__(self, srv)
        self.user = user