def main(config_file, args): logging.basicConfig(level=logging.DEBUG) config = create_from_config_file(Configuration, entity_conf=[{ "class": OPConfiguration, "attr": "op", "path": ["op", "server_info"] }], filename=config_file, base_path=dir_path) app = oidc_provider_init_app(config.op, 'oidc_op') app.logger = config.logger web_conf = config.webserver context = create_context(dir_path, web_conf) if args.display: print( json.dumps(app.endpoint_context.provider_info, indent=4, sort_keys=True)) exit(0) kwargs = {} if context: kwargs["ssl_context"] = context # kwargs["request_handler"] = PeerCertWSGIRequestHandler app.run(host=web_conf['domain'], port=web_conf['port'], debug=web_conf['debug'], **kwargs)
def main(config_file, args): logging.basicConfig(level=logging.DEBUG) config = create_from_config_file(Configuration, entity_conf=[{ "class": FedOpConfiguration, "attr": "op", "path": ["op", "server_info"] }], filename=config_file) app = oidc_provider_init_app(config) web_conf = config.webserver context = create_context(dir_path, web_conf) kwargs = {} _srv_context = app.server.server_get("endpoint_context") if args.display: print(json.dumps(_srv_context.provider_info, indent=4, sort_keys=True)) exit(0) if args.insecure: _srv_context.federation_entity.collector.insecure = True _cert = os.path.join(dir_path, lower_or_upper(web_conf, "server_cert")) _srv_context.federation_entity.collector.web_cert_path = _cert app.run(host=web_conf['domain'], port=web_conf['port'], debug=web_conf['debug'], ssl_context=context, **kwargs)
def test_explicit_registration(self): config = create_from_config_file( Configuration, entity_conf=[{ "class": FedRPConfiguration, "attr": "rp" }], filename=full_path('conf_foodle.uninett.no.yaml'), base_path=BASE_PATH) config.rp.federation.web_cert_path = "{}/{}".format( dir_path, lower_or_upper(config.web_conf, "server_cert")) rph = init_oidc_rp_handler(config.rp, BASE_PATH) rp = rph.init_client('ntnu') rp.client_get( "service_context").federation_entity.collector = DummyCollector( httpd=Publisher(ROOT_DIR), trusted_roots=ANCHOR, root_dir=ROOT_DIR) _service = rp.client_get("service", 'provider_info') args = self.provider_endpoint.process_request() info = self.provider_endpoint.do_response(**args) _resp = _service.parse_response(info["response"]) with responses.RequestsMock() as rsps: _jwks = open( os.path.join(BASE_PATH, 'base_data', 'ntnu.no', 'op.ntnu.no', 'jwks.json')).read() rsps.add("GET", "https://op.ntnu.no/static/jwks.json", body=_jwks, adding_headers={"Content-Type": "application/json"}, status=200) _service.update_service_context(_resp) # Do the client registration request # First let the client construct the client registration request _service = rp.client_get("service", 'registration') _request_args = _service.get_request_parameters() # send it to the provider args = self.registration_endpoint.process_request( _request_args["body"]) response_args = self.provider_endpoint.do_response(**args) # Let the client deal with the response from the provider _resp = _service.parse_response(response_args["response"], request=_request_args["body"]) _service.update_service_context(_resp) # and we're done reg_resp = _service.client_get("service_context").get( "registration_response") assert reg_resp["token_endpoint_auth_method"] == "private_key_jwt"
def test_server_configure(): configuration = create_from_config_file( Configuration, entity_conf=[{ "class": OPConfiguration, "attr": "op", "path": ["op", "server_info"] }], filename=full_path("srv_config.yaml"), base_path=BASEDIR, ) assert configuration assert "logger" in configuration assert "op" in configuration op_conf = configuration["op"] assert "add_on" in op_conf authz = op_conf["authz"] assert set(authz.keys()) == {"kwargs", "class"} id_token_conf = op_conf.get("id_token", {}) assert set(id_token_conf.keys()) == {"kwargs", "class"} with pytest.raises(KeyError): _ = configuration["add_on"] assert configuration.get("add_on", {}) == {} userinfo_conf = op_conf.get("userinfo") assert userinfo_conf["kwargs"]["db_file"].startswith(BASEDIR)
def test_init_rp(): config = create_from_config_file( Configuration, entity_conf=[{ "class": FedRPConfiguration, "attr": "rp" }], filename=full_path('conf_foodle.uninett.no.yaml'), base_path=BASE_PATH) rph = init_oidc_rp_handler(config.rp, BASE_PATH) rp = rph.init_client('ntnu') assert rp
def create_rph(self): _file = os.path.join(BASE_PATH, "conf_rp_auto.yaml") # automatic means no implicit registration config = create_from_config_file(RPConfiguration, entity_conf=[ {"class": FedEntityConfiguration, "attr": "federation", "path": ["federation"]}], filename=_file, base_path=BASE_PATH, file_attributes=DEFAULT_FILE_ATTRIBUTE_NAMES) self.rph1 = init_rp_handler(config) self.rph2 = init_rp_handler(config) self.subject = 'https://op.ntnu.no' self.intermediate = 'https://ntnu.no' self.fedop1 = 'https://feide.no' self.fedop2 = 'https://swamid.se'
def test_op_configure_from_file(): configuration = create_from_config_file( OPConfiguration, filename=full_path("op_config.json"), base_path=BASEDIR, domain="127.0.0.1", port=443, ) assert configuration assert "add_on" in configuration authz_conf = configuration["authz"] assert set(authz_conf.keys()) == {"kwargs", "class"} id_token_conf = configuration.get("id_token") assert set(id_token_conf.keys()) == {"kwargs", "class"} with pytest.raises(KeyError): _ = configuration["foobar"] assert configuration.get("foobar", {}) == {} userinfo_conf = configuration.get("userinfo") assert userinfo_conf["kwargs"]["db_file"].startswith(BASEDIR)
def test_op_configure_default_from_file(): configuration = create_from_config_file( OPConfiguration, filename=full_path("op_config.json"), base_path=BASEDIR, domain="127.0.0.1", port=443, ) assert configuration assert "add_on" in configuration authz = configuration["authz"] assert set(authz.keys()) == {"kwargs", "class"} id_token_conf = configuration.get("id_token", {}) assert set(id_token_conf.keys()) == {"kwargs", "class"} assert id_token_conf["kwargs"] == { "base_claims": { "email": { "essential": True }, "email_verified": { "essential": True }, } }
def test_automatic_registration(self): config = create_from_config_file( Configuration, entity_conf=[{ "class": FedRPConfiguration, "attr": "rp" }], filename=full_path('conf_foodle.uninett.no.yaml'), base_path=BASE_PATH) rph = init_oidc_rp_handler(config.rp, BASE_PATH) rp = rph.init_client('ntnu') rp.client_get( "service_context").federation_entity.collector = DummyCollector( httpd=Publisher(ROOT_DIR), trusted_roots=ANCHOR, root_dir=ROOT_DIR) _service = rp.client_get("service", 'provider_info') # don't need to parse the request since there is none args = self.provider_endpoint.process_request() info = self.provider_endpoint.do_response(**args) _resp = _service.parse_response(info["response"]) with responses.RequestsMock() as rsps: _jwks = open( os.path.join(BASE_PATH, 'base_data', 'ntnu.no', 'op.ntnu.no', 'jwks.json')).read() rsps.add("GET", "https://op.ntnu.no/static/jwks.json", body=_jwks, adding_headers={"Content-Type": "application/json"}, status=200) _service.update_service_context(_resp) # Do the client authorization request # First let the client construct the authorization request _service = rp.client_get("service", 'authorization') _request_args = _service.get_request_parameters() # send it to the provider _req_args = parse_qs(_request_args['url'].split('?')[1]) with responses.RequestsMock() as rsps: _jwks = open(os.path.join(BASE_PATH, 'static/jwks_auto.json')).read() _url = 'https://foodle.uninett.no/jwks.json' rsps.add("GET", _url, body=_jwks, adding_headers={"Content-Type": "application/json"}, status=200) _req_args = self.authorization_endpoint.parse_request( compact(_req_args)) # need to register a user session info args = self.authorization_endpoint.process_request(_req_args) response_args = self.authorization_endpoint.do_response(**args) # Let the client deal with the response from the provider _resp = _service.parse_response(response_args["response"], request=compact(_req_args)) _service.update_service_context(_resp) # and we're done assert 'trust_anchor_id' in _resp