def init_token_handler(server_get, spec, token_class): _kwargs = spec.get("kwargs", {}) _lt = spec.get("lifetime") if _lt: _kwargs["lifetime"] = _lt try: _cls = spec["class"] except KeyError: cls = DefaultToken _pw = spec.get("password") if _pw is not None: _kwargs["password"] = _pw else: cls = importer(_cls) if _kwargs is None: if cls != DefaultToken: warnings.warn( "Token initialisation arguments should be grouped under 'kwargs'.", DeprecationWarning, stacklevel=2, ) _kwargs = spec return cls(token_class=token_class, server_get=server_get, **_kwargs)
def init_user_info(conf, cwd: str): kwargs = conf.get("kwargs", {}) if isinstance(conf["class"], str): return importer(conf["class"])(**kwargs) return conf["class"](**kwargs)
def configure_grant_types(self, grant_types_supported): if grant_types_supported is None: self.helper = {k: v(self) for k, v in self.helper_by_grant_type.items()} return self.helper = {} # TODO: do we want to allow any grant_type? for grant_type, grant_type_options in grant_types_supported.items(): _conf = grant_type_options.get("kwargs", {}) if _conf is False: continue try: grant_class = grant_type_options["class"] except (KeyError, TypeError): raise ProcessError( "Token Endpoint's grant types must be True, None or a dict with a" " 'class' key." ) if isinstance(grant_class, str): try: grant_class = importer(grant_class) except (ValueError, AttributeError): raise ProcessError( f"Token Endpoint's grant type class {grant_class} can't" " be imported." ) try: self.helper[grant_type] = grant_class(self, _conf) except Exception as e: raise ProcessError(f"Failed to initialize class {grant_class}: {e}")
def issued_token_load(items: List[dict], **kwargs): res = [] for item in items: _class_name = list(item.keys())[0] _cls = importer(_class_name) _cls = _cls().load(item[_class_name]) res.append(_cls) return res
def set_scopes_handler(self): _spec = self.conf.get("scopes_handler") if _spec: _kwargs = _spec.get("kwargs", {}) _cls = importer(_spec["class"])(**_kwargs) self.scopes_handler = _cls(_kwargs) else: self.scopes_handler = Scopes()
def build_signing_service(self, spec): spec['kwargs']['base_path'] = os.path.join(self.wd, spec['kwargs']["base_path"]) if isinstance(spec["class"], str): _instance = importer(spec["class"])(**spec['kwargs']) else: _instance = spec["class"](**spec['kwargs']) return _instance
def do_add_on(self, endpoints): _add_on_conf = self.conf.get("add_on") if _add_on_conf: for spec in _add_on_conf.values(): if isinstance(spec["function"], str): _func = importer(spec["function"]) else: _func = spec["function"] _func(endpoints, **spec["kwargs"])
def create_self_signed_trust_marks(spec, **kwargs): if isinstance(spec["function"], str): _func = importer(spec["function"]) else: _func = spec["function"] res = [] for id, content in spec["kwargs"].items(): _args = kwargs.copy() _args.update(content) res.append(_func(id=id, sub=id, **_args)) return res
def create_federation_entity(entity_id, httpc=None, httpc_params=None, cwd="", **kwargs): args = {"httpc_params": httpc_params} _conf = {} _key_conf = kwargs.get("keys") if _key_conf: kwargs["key_conf"] = _key_conf for param in ['trusted_roots', 'authority_hints']: try: _conf[param] = load_json(kwargs[param]) except KeyError: pass for param in [ 'entity_type', 'priority', 'opponent_entity_type', 'registration_type', 'cwd', 'endpoint' ]: try: _conf[param] = kwargs[param] except KeyError: pass for _key in ['key_conf', 'db_conf', 'issuer']: _value = kwargs.get(_key) if _value: _conf[_key] = _value if _conf: _conf['httpc_params'] = args['httpc_params'] args['config'] = _conf federation_entity = FederationEntity(entity_id, httpc=httpc, cwd=cwd, **args) add_ons = kwargs.get("add_on") if add_ons: for spec in add_ons.values(): if isinstance(spec["function"], str): _func = importer(spec["function"]) else: _func = spec["function"] _func(federation_entity, **spec["kwargs"]) return federation_entity
def client_auth_setup(auth_set, server_get): res = [] for item in auth_set: if item is None or item.lower() == "none": res.append(None) else: _cls = CLIENT_AUTHN_METHOD.get(item) if _cls: res.append(_cls(server_get)) else: res.append(importer(item)(server_get)) return res
def init_service(conf, server_get=None): kwargs = conf.get("kwargs", {}) if server_get: kwargs["server_get"] = server_get if isinstance(conf["class"], str): try: return importer(conf["class"])(**kwargs) except TypeError as err: logger.error("Could not init service class: {}".format(conf["class"]), err) raise return conf["class"](**kwargs)
def do_sub_func(self) -> None: """ Loads functions that creates subject "sub" values :return: string """ ses_par = self.conf.get("session_params") or {} sub_func = ses_par.get("sub_func") or {} for key, args in sub_func.items(): if "class" in args: self._sub_func[key] = init_service(args) elif "function" in args: if isinstance(args["function"], str): self._sub_func[key] = importer(args["function"]) else: self._sub_func[key] = args["function"]
def token_map_load(items: dict, **kwargs): return {k: importer(v) for k, v in items.items()}
def client_registration_setup(self, request, new_id=True, set_secret=True): try: request.verify() except (MessageException, ValueError) as err: logger.error("request.verify() on %s", request) return ResponseMessage(error="invalid_configuration_request", error_description="%s" % err) request.rm_blanks() try: self.match_client_request(request) except CapabilitiesMisMatch as err: return ResponseMessage( error="invalid_request", error_description="Don't support proposed %s" % err, ) _context = self.server_get("endpoint_context") if new_id: if self.kwargs.get("client_id_generator"): cid_generator = importer( self.kwargs["client_id_generator"]["class"]) cid_gen_kwargs = self.kwargs["client_id_generator"].get( "kwargs", {}) else: cid_generator = importer( "oidcop.oidc.registration.random_client_id") cid_gen_kwargs = {} client_id = cid_generator(reserved=_context.cdb.keys(), **cid_gen_kwargs) if "client_id" in request: del request["client_id"] else: client_id = request.get("client_id") if not client_id: raise ValueError("Missing client_id") _cinfo = {"client_id": client_id, "client_salt": rndstr(8)} if self.server_get("endpoint", "registration_read"): self.add_registration_api(_cinfo, client_id, _context) if new_id: _cinfo["client_id_issued_at"] = utc_time_sans_frac() client_secret = "" if set_secret: client_secret = self.add_client_secret(_cinfo, client_id, _context) logger.debug( "Stored client info in CDB under cid={}".format(client_id)) _context.cdb[client_id] = _cinfo _cinfo = self.do_client_registration( request, client_id, ignore=["redirect_uris", "policy_uri", "logo_uri", "tos_uri"], ) if isinstance(_cinfo, ResponseMessage): return _cinfo args = dict([(k, v) for k, v in _cinfo.items() if k in self.response_cls.c_param]) comb_uri(args) response = self.response_cls(**args) # Add the client_secret as a symmetric key to the key jar if client_secret: _context.keyjar.add_symmetric(client_id, str(client_secret)) logger.debug( "Stored updated client info in CDB under cid={}".format(client_id)) logger.debug("ClientInfo: {}".format(_cinfo)) _context.cdb[client_id] = _cinfo # Not all databases can be sync'ed if hasattr(_context.cdb, "sync") and callable(_context.cdb.sync): _context.cdb.sync() msg = "registration_response: {}" logger.info(msg.format(sanitize(response.to_dict()))) return response