def __init__(self,
state_db,
ca_certs=None,
client_authn_factory=None,
keyjar=None,
verify_ssl=True,
config=None,
client_cert=None,
httplib=None,
services=None,
service_factory=None):
oidc.RP.__init__(self,
state_db,
ca_certs,
client_authn_factory=client_authn_factory,
keyjar=keyjar,
verify_ssl=verify_ssl,
config=config,
client_cert=client_cert,
httplib=httplib,
services=services,
service_factory=service_factory)
fe = make_federation_entity(config['federation'],
'',
self.http,
verify_ssl=verify_ssl)
self.service_context.federation_entity = fe
def test_sequence():
config = {
'self_signer': {
'private_path': '{}/private_jwks'.format(root_dir),
'key_defs': KEYDEFS,
'public_path': '{}/public_jwks'.format(root_dir)
},
'sms_dir': '{}/ms/https%3A%2F%2Fsunet.se'.format(root_dir),
'fo_bundle': {
'private_path': '{}/fo_bundle_signing_keys'.format(root_dir),
'key_defs': KEYDEFS,
'public_path': '{}/pub_fo_bundle_signing_keys'.format(root_dir),
'dir': '{}/fo_jwks'.format(root_dir)
},
'context': 'discovery'
}
fe = make_federation_entity(config, 'https://op.example.com')
req = MetadataStatement(foo='bar')
fe.add_sms_spec_to_request(req)
fe.add_signing_keys(req)
updated_req = fe.self_sign(req, 'https://example.com')
assert updated_req
assert set(updated_req.keys()) == {'foo', 'signing_keys',
'metadata_statements'}
def create_federation_entities(entities, keydefs, root_dir='.',
context='discovery'):
res = {}
for entity in entities:
_id = quote_plus(entity)
conf = {
'self_signer': {
'private_path': '{}/private/{}'.format(root_dir, _id),
'key_defs': keydefs,
'public_path': '{}/public/{}'.format(root_dir, _id)
},
'sms_dir': '',
'context': context
}
res[entity] = make_federation_entity(conf, entity)
return res
def create_federation_entity(self):
config = {
'self_signer': {
'private_path': '{}/private_jwks'.format(root_dir),
'key_defs': KEYDEFS,
'public_path': '{}/public_jwks'.format(root_dir)
},
'mdss_endpoint': 'https://swamid.sunet.se/mdss',
'mdss_owner': 'https://swamid.sunet.se',
'mdss_keys': 'mdss_public',
'fo_bundle': {
'private_path': '{}/fo_bundle_signing_keys'.format(root_dir),
'key_defs': KEYDEFS,
'public_path': '{}/pub_fo_bundle_signing_keys'.format(root_dir),
'dir': '{}/public'.format(root_dir)
}
}
self.fe = make_federation_entity(config, 'https://op.example.com',
httpcli=request)
def test_make_federation_entity():
config = {
'self_signer': {
'private_path': '{}/private_jwks'.format(root_dir),
'key_defs': KEYDEFS,
'public_path': '{}/public_jwks'.format(root_dir)
},
'sms_dir': '{}/ms/https%3A%2F%2Fsunet.se'.format(root_dir),
'fo_bundle': {
'private_path': '{}/fo_bundle_signing_keys'.format(root_dir),
'key_defs': KEYDEFS,
'public_path': '{}/pub_fo_bundle_signing_keys'.format(root_dir),
'dir': '{}/fo_jwks'.format(root_dir)
}
}
fe = make_federation_entity(config, 'https://op.example.com')
assert fe
assert isinstance(fe, FederationEntityOOB)
assert isinstance(fe.jwks_bundle, JWKSBundle)
assert fe.iss == 'https://op.example.com'
#!/usr/bin/env python3
import importlib
import sys
from fedoidcmsg.entity import make_federation_entity
if __name__ == '__main__':
import argparse
parser = argparse.ArgumentParser()
parser.add_argument('-p', dest='port', default=80, type=int)
parser.add_argument(dest="config")
args = parser.parse_args()
sys.path.insert(0, ".")
config = importlib.import_module(args.config)
federation_entity = make_federation_entity(
config.client_config['federation'], '')
print('')
'log.screen': True,
'cors.expose_public.on': True
}
}
_base_url = config.BASEURL
_kj = init_key_jar(**config.RP_CONFIG['jwks'])
if args.insecure:
verify_ssl = False
else:
verify_ssl = True
federation_entity = make_federation_entity(
config.CLIENTS['']['federation'],
httpcli=requests.request,
verify_ssl=verify_ssl)
rph = RPHandler(base_url=_base_url,
hash_seed="BabyDriver",
keyjar=_kj,
jwks_path=config.RP_CONFIG['jwks_url_path'],
client_configs=config.CLIENTS,
service_factory=factory,
client_cls=oidc.RP,
verify_ssl=verify_ssl,
federation_entity=federation_entity)
cherrypy.tree.mount(cprp.Consumer(rph, 'html'), '/', provider_config)
# If HTTPS
def clear_metadata_statements(entities):
for fedent in entities:
fedent.metadata_statements = copy.deepcopy(MIN_SET)
for _dir in [
'private', 'public', 'sms/registration', 'sms/discovery',
'sms/response'
]:
if not os.path.isdir(_dir):
os.makedirs(_dir)
conf = json.loads(open('mdss_conf.json').read())
fe = make_federation_entity(config=conf)
FEDENT = {fe.iss: fe}
for _cnf in ['swamid_conf.json', 'edugain_conf.json']:
conf = json.loads(open(_cnf).read())
FEDENT[conf['entity_id']] = make_federation_entity(config=conf)
# Short cuts
SWAMID = FEDENT['https://swamid.sunet.se']
EDUGAIN = FEDENT['https://edugain.org']
for seq in [[fe.iss, SWAMID.iss, EDUGAIN.iss], [fe.iss, SWAMID.iss]]:
for ctx in ['registration', 'discovery', 'response']:
try:
_sms = make_signing_sequence(seq, FEDENT, ctx, lifetime=86400)
except Exception as err:
for entity_id in os.listdir(_dir):
_fname = os.path.join(_dir, entity_id)
if os.path.isfile(_fname):
_ms = MetadataStatement().from_json(open(_fname).read())
fe.add_sms_spec_to_request(_ms,
federation=fed,
context=ctx)
sms = fe.self_signer.sign(_ms, iss=fe.entity_id)
_out_dir = os.path.join(outgoing, fo)
if not os.path.isdir(_out_dir):
os.makedirs(_out_dir)
out = os.path.join(outgoing, fo, entity_id)
with atomic_write(out, overwrite=True) as f:
f.write(sms)
if __name__ == '__main__':
conf = json.loads(open('mdss_conf.json').read())
federation_entity = make_federation_entity(config=conf,
eid=conf['entity_id'])
for ctx in ['registration', 'discovery', 'response']:
_in = '{}/in'.format(ctx)
if not os.path.isdir(_in):
continue
_out = '{}/out'.format(ctx)
process(_in, _out, federation_entity)