class UmaCAS(object):
def __init__(
self,
name,
sdb,
cdb,
authn_broker,
authz,
client_authn,
symkey,
urlmap=None,
as_keyjar=None,
as_configuration=None,
base_url="",
client_authn_methods=None,
authn_at_registration="",
client_info_url="",
secret_lifetime=86400,
# client conf below
client_id=None,
ca_certs=None,
client_authn_method=None,
c_keyjar=None,
server_info=None,
authz_page="",
flow_type="",
password=None,
registration_info=None,
response_type="",
scope="",
acr="",
resource_srv="",
):
self.authzsrv = OAuth2UmaAS(
name,
sdb,
cdb,
authn_broker,
authz,
client_authn,
symkey,
urlmap,
as_keyjar,
configuration=as_configuration,
base_url=base_url,
client_authn_methods=client_authn_methods,
authn_at_registration=authn_at_registration,
client_info_url=client_info_url,
secret_lifetime=secret_lifetime,
)
self.client = Client(
client_id,
ca_certs,
client_authn_method,
c_keyjar,
server_info,
authz_page,
flow_type,
password,
registration_info,
response_type,
scope,
)
self.client.redirect_uris = self.client.registration_info["redirect_uris"]
self.baseurl = self.authzsrv.baseurl
self.resource_srv = resource_srv
self.acr = acr
self.trace = []
def get_aat(self, user):
request_args = {
"response_type": "code",
"client_id": "internal",
"redirect_uri": self.client.redirect_uris[0],
"scope": [self.client.get_uma_scope("AAT")],
"state": "_state",
}
areq = AuthorizationRequest(**request_args)
self.trace.append(trace("get_aat", "C-->AS", query=areq.to_dict(), user=user))
sid = self.authzsrv.sdb.create_authz_session(user, areq)
grant = self.authzsrv.sdb[sid]["code"]
self.client.token[user] = {"AAT": self.authzsrv.sdb.upgrade_to_token(grant)}
self.trace.append(trace("get_aat", "C<--AS", data={"AAT": self.client.token[user]["AAT"]["access_token"]}))
# C <-> AS internal communication
def rpt_endpoint(self, authn, **kwargs):
return self.authzsrv.rpt_endpoint(authn)
def get_rpt(self, user):
authn = "Bearer %s" % self.client.token[user]["AAT"]["access_token"]
self.trace.append(trace("*get_rpt", "C-->AS", authn_info=authn))
resp = self.rpt_endpoint(authn)
rtr = RPTResponse().from_json(resp.message)
self.client.token[user]["RPT"] = rtr["rpt"]
self.trace.append(trace("*get_rpt", "C<--AS", data={"RPT": self.client.token[user]["RPT"]}))
def authorization_request_endpoint(self, data, authn):
self.trace.append(trace("*authorization_request", "C-->AS", authn_info=authn, query=data))
return self.authzsrv.authorization_request_endpoint(data, authn)
def resource_sets_by_user(self, uid):
return self.authzsrv.resource_sets_by_user(uid)
def store_permission(self, user, requestor, resource_id, scopes):
return self.authzsrv.store_permission(user, requestor, resource_id, scopes)
# client stuff
def rs_query(self, requestor, path):
try:
rpt = self.client.token[requestor]["RPT"]
except KeyError:
rpt = None
url = "%s/%s" % (self.resource_srv, path)
if rpt:
kwargs = {"headers": [("Authorization", "Bearer %s" % rpt)]}
self.trace.append(trace("rs_query", "C-->RS", authn_info="Bearer %s" % rpt, url=url))
else:
kwargs = {}
self.trace.append(trace("rs_query", "C-->RS", url=url))
return self.client.send(url, "GET", **kwargs)
def get_info(self, requester, path, state=""):
"""
:param requester: requester
"""
resp = self.rs_query(requester, path)
self.trace.append(trace("rs_query", "C<--RS", response=resp))
if resp.status_code == 200:
return Response(resp.text)
if resp.status_code == 401: # No RPT
as_uri = resp.headers["as_uri"]
if as_uri == self.baseurl:
# It's me as it should be, means get a RPT from myself
self.get_aat(requester)
self.get_rpt(requester)
return self.get_info(requester, path, state)
else:
return R2C[500]("Wrong AS")
if resp.status_code == 403: # Permission registered, got ticket
prr = PermissionRegistrationResponse().from_json(resp.text)
kwargs = self.client.create_authorization_data_request(requester, prr["ticket"])
resp = self.authorization_request_endpoint(kwargs["data"], kwargs["headers"]["Authorization"])
self.trace.append(trace("*authorization_request", "C<--AS", response=resp))
if resp.status == "200 OK":
return self.get_info(requester, path)
raise UMAError()
def get_tokens(self, query):
aresp = AuthorizationResponse().from_urlencoded(query)
uid = self.client.acquire_access_token(aresp, "AAT")
self.client.get_rpt(uid)
return uid
class UmaCAS(object):
def __init__(
self,
name,
sdb,
cdb,
authn_broker,
authz,
client_authn,
symkey,
urlmap=None,
as_keyjar=None,
as_configuration=None,
base_url="",
client_authn_methods=None,
authn_at_registration="",
client_info_url="",
secret_lifetime=86400,
# client conf below
client_id=None,
ca_certs=None,
client_authn_method=None,
c_keyjar=None,
server_info=None,
authz_page="",
flow_type="",
password=None,
registration_info=None,
response_type="",
scope="",
acr="",
resource_srv=""):
self.authzsrv = OAuth2UmaAS(
name,
sdb,
cdb,
authn_broker,
authz,
client_authn,
symkey,
urlmap,
as_keyjar,
configuration=as_configuration,
base_url=base_url,
client_authn_methods=client_authn_methods,
authn_at_registration=authn_at_registration,
client_info_url=client_info_url,
secret_lifetime=secret_lifetime)
self.client = Client(client_id, ca_certs, client_authn_method,
c_keyjar, server_info, authz_page, flow_type,
password, registration_info, response_type, scope)
self.client.redirect_uris = self.client.registration_info[
"redirect_uris"]
self.baseurl = self.authzsrv.baseurl
self.resource_srv = resource_srv
self.acr = acr
self.trace = []
def get_aat(self, user):
request_args = {
"response_type": "code",
"client_id": "internal",
"redirect_uri": self.client.redirect_uris[0],
"scope": [self.client.get_uma_scope("AAT")],
"state": "_state"
}
areq = AuthorizationRequest(**request_args)
self.trace.append(
trace("get_aat", "C-->AS", query=areq.to_dict(), user=user))
sid = self.authzsrv.sdb.create_authz_session(user, areq)
grant = self.authzsrv.sdb[sid]["code"]
self.client.token[user] = {
"AAT": self.authzsrv.sdb.upgrade_to_token(grant)
}
self.trace.append(
trace("get_aat",
"C<--AS",
data={"AAT":
self.client.token[user]["AAT"]["access_token"]}))
# C <-> AS internal communication
def rpt_endpoint(self, authn, **kwargs):
return self.authzsrv.rpt_endpoint(authn)
def get_rpt(self, user):
authn = "Bearer %s" % self.client.token[user]["AAT"]["access_token"]
self.trace.append(trace("*get_rpt", "C-->AS", authn_info=authn))
resp = self.rpt_endpoint(authn)
rtr = RPTResponse().from_json(resp.message)
self.client.token[user]["RPT"] = rtr["rpt"]
self.trace.append(
trace("*get_rpt",
"C<--AS",
data={"RPT": self.client.token[user]["RPT"]}))
def authorization_request_endpoint(self, data, authn):
self.trace.append(
trace("*authorization_request",
"C-->AS",
authn_info=authn,
query=data))
return self.authzsrv.authorization_request_endpoint(data, authn)
def resource_sets_by_user(self, uid):
return self.authzsrv.resource_sets_by_user(uid)
def store_permission(self, user, requestor, resource_id, scopes):
return self.authzsrv.store_permission(user, requestor, resource_id,
scopes)
# client stuff
def rs_query(self, requestor, path):
try:
rpt = self.client.token[requestor]["RPT"]
except KeyError:
rpt = None
url = "%s/%s" % (self.resource_srv, path)
if rpt:
kwargs = {"headers": [("Authorization", "Bearer %s" % rpt)]}
self.trace.append(
trace("rs_query",
"C-->RS",
authn_info="Bearer %s" % rpt,
url=url))
else:
kwargs = {}
self.trace.append(trace("rs_query", "C-->RS", url=url))
return self.client.send(url, "GET", **kwargs)
def get_info(self, requester, path, state=""):
"""
:param requester: requester
"""
resp = self.rs_query(requester, path)
self.trace.append(trace("rs_query", "C<--RS", response=resp))
if resp.status_code == 200:
return Response(resp.text)
if resp.status_code == 401: # No RPT
as_uri = resp.headers["as_uri"]
if as_uri == self.baseurl:
# It's me as it should be, means get a RPT from myself
self.get_aat(requester)
self.get_rpt(requester)
return self.get_info(requester, path, state)
else:
return R2C[500]("Wrong AS")
if resp.status_code == 403: # Permission registered, got ticket
prr = PermissionRegistrationResponse().from_json(resp.text)
kwargs = self.client.create_authorization_data_request(
requester, prr["ticket"])
resp = self.authorization_request_endpoint(
kwargs["data"], kwargs["headers"]["Authorization"])
self.trace.append(
trace("*authorization_request", "C<--AS", response=resp))
if resp.status == "200 OK":
return self.get_info(requester, path)
raise UMAError()
def get_tokens(self, query):
aresp = AuthorizationResponse().from_urlencoded(query)
uid = self.client.acquire_access_token(aresp, "AAT")
self.client.get_rpt(uid)
return uid
