Exemple #1
0
    def sign_compact(self, keys=None):
        """
        Produce a JWS using the JWS Compact Serialization

        :param keys: A dictionary of keys
        :return:
        """

        try:
            _alg = self["alg"]
        except KeyError:
            self["alg"] = _alg = "none"
        else:
            if not _alg:
                self["alg"] = _alg = "none"

        if keys:
            keys = self._pick_keys(keys, use="sig", alg=_alg)
        else:
            keys = self._pick_keys(self._get_keys(), use="sig", alg=_alg)

        xargs = {"alg": _alg}

        if keys:
            key = keys[0]
            if key.kid:
                xargs["kid"] = key.kid
        elif not _alg or _alg.lower() == "none":
            key = None
        else:
            if "kid" in self:
                raise NoSuitableSigningKeys(
                    "No key for algorithm: %s with kid: %s" % (_alg,
                                                               self["kid"]))
            else:
                raise NoSuitableSigningKeys("No key for algorithm: %s" % _alg)

        jwt = JWSig(**xargs)
        if _alg == "none":
            return jwt.pack(parts=[self.msg, ""])

        # All other cases
        try:
            _signer = SIGNER_ALGS[_alg]
        except KeyError:
            raise UnknownAlgorithm(_alg)

        _input = b".".join([b64encode_item(xargs), b64encode_item(self.msg)])
        sig = _signer.sign(_input, key.get_key(alg=_alg, private=True))
        logger.debug("Signed message using key with kid=%s" % key.kid)
        return jwt.pack(parts=[self.msg, sig])
Exemple #2
0
    def sign_compact(self, keys=None):
        """
        Produce a JWS using the JWS Compact Serialization

        :param keys: A dictionary of keys
        :return:
        """

        try:
            _alg = self["alg"]
        except KeyError:
            self["alg"] = _alg = "none"
        else:
            if not _alg:
                self["alg"] = _alg = "none"

        if keys:
            keys = self._pick_keys(keys, use="sig", alg=_alg)
        else:
            keys = self._pick_keys(self._get_keys(), use="sig", alg=_alg)

        xargs = {"alg": _alg}

        if keys:
            key = keys[0]
            if key.kid:
                xargs["kid"] = key.kid
        elif not _alg or _alg.lower() == "none":
            key = None
        else:
            if "kid" in self:
                raise NoSuitableSigningKeys(
                    "No key for algorithm: %s with kid: %s" %
                    (_alg, self["kid"]))
            else:
                raise NoSuitableSigningKeys("No key for algorithm: %s" % _alg)

        jwt = JWSig(**xargs)
        if _alg == "none":
            return jwt.pack(parts=[self.msg, ""])

        # All other cases
        try:
            _signer = SIGNER_ALGS[_alg]
        except KeyError:
            raise UnknownAlgorithm(_alg)

        _input = b".".join([b64encode_item(xargs), b64encode_item(self.msg)])
        sig = _signer.sign(_input, key.get_key(alg=_alg, private=True))
        logger.debug("Signed message using key with kid=%s" % key.kid)
        return jwt.pack(parts=[self.msg, sig])
Exemple #3
0
    def sign_compact(self, keys=None, protected=None):
        """
        Produce a JWS using the JWS Compact Serialization

        :param keys: A dictionary of keys
        :param protected: The protected headers (a dictionary)
        :return:
        """

        key, xargs, _alg = self.alg_keys(keys, 'sig', protected)

        if "typ" in self:
            xargs["typ"] = self["typ"]

        jwt = JWSig(**xargs)
        if _alg == "none":
            return jwt.pack(parts=[self.msg, ""])

        # All other cases
        try:
            _signer = SIGNER_ALGS[_alg]
        except KeyError:
            raise UnknownAlgorithm(_alg)

        _input = jwt.pack(parts=[self.msg])
        sig = _signer.sign(_input.encode("utf-8"),
                           key.get_key(alg=_alg, private=True))
        logger.debug("Signed message using key with kid=%s" % key.kid)
        return ".".join([_input, b64encode_item(sig).decode("utf-8")])
    def prepare_access_token_body(self,
                                  client_key=None,
                                  tamper_message=False,
                                  expiration_datetime=None,
                                  issue_datetime=None,
                                  nonce=None,
                                  issuer=None):
        """
        Prepares a provider access token response.

        Note:
            We only override this method to force the JWS class to use the HS256 algorithm.
        """

        body = {'access_token': 'foobar', 'token_type': 'bearer'}
        client_key = client_key or self.client_key
        now = datetime.datetime.utcnow()
        expiration_datetime = expiration_datetime or (
            now + datetime.timedelta(seconds=30))
        issue_datetime = issue_datetime or now
        nonce = nonce or 'a-nonce'
        issuer = issuer or self.issuer
        id_token = self.get_id_token(
            client_key, timegm(expiration_datetime.utctimetuple()),
            timegm(issue_datetime.utctimetuple()), nonce, issuer)

        body['id_token'] = JWS(id_token, jwk=self.key,
                               alg='HS256').sign_compact()
        if tamper_message:
            header, msg, sig = body['id_token'].split('.')
            id_token['sub'] = '1235'
            msg = b64encode_item(id_token).decode('utf-8')
            body['id_token'] = '.'.join([header, msg, sig])

        return json.dumps(body)
Exemple #5
0
    def sign_compact(self, keys=None, protected=None):
        """
        Produce a JWS using the JWS Compact Serialization

        :param keys: A dictionary of keys
        :param protected: The protected headers (a dictionary)
        :return:
        """

        key, xargs, _alg = self.alg_keys(keys, 'sig', protected)

        if "typ" in self:
            xargs["typ"] = self["typ"]

        jwt = JWSig(**xargs)
        if _alg == "none":
            return jwt.pack(parts=[self.msg, ""])

        # All other cases
        try:
            _signer = SIGNER_ALGS[_alg]
        except KeyError:
            raise UnknownAlgorithm(_alg)

        _input = jwt.pack(parts=[self.msg])
        sig = _signer.sign(_input.encode("utf-8"),
                           key.get_key(alg=_alg, private=True))
        logger.debug("Signed message using key with kid=%s" % key.kid)
        return ".".join([_input, b64encode_item(sig).decode("utf-8")])
    def prepare_access_token_body(self,
                                  client_key=None,
                                  tamper_message=False,
                                  expiration_datetime=None,
                                  issue_datetime=None,
                                  nonce=None,
                                  issuer=None):
        body = {'access_token': 'foobar', 'token_type': 'bearer'}
        client_key = client_key or self.client_key
        now = datetime.datetime.utcnow()
        expiration_datetime = expiration_datetime or (
            now + datetime.timedelta(seconds=30))
        issue_datetime = issue_datetime or now
        id_token = self.get_id_token(
            client_key, timegm(expiration_datetime.utctimetuple()),
            timegm(issue_datetime.utctimetuple()))

        key = SYMKey(key=self.jwt_secret, alg='HS256')
        body['access_token'] = JWS(id_token, jwk=key,
                                   alg='HS256').sign_compact()
        if tamper_message:
            header, msg, sig = body['id_token'].split('.')
            id_token['sub'] = '1235'
            msg = b64encode_item(id_token).decode('utf-8')
            body['access_token'] = '.'.join([header, msg, sig])

        return json.dumps(body)
Exemple #7
0
    def prepare_access_token_body(self, client_key=None, tamper_message=False,
                                  expiration_datetime=None,
                                  issue_datetime=None, nonce=None,
                                  issuer=None):
        """
        Prepares a provider access token response. Arguments:

        client_id       -- (str) OAuth ID for the client that requested
                                 authentication.
        expiration_time -- (datetime) Date and time after which the response
                                      should be considered invalid.
        """

        body = {'access_token': 'foobar', 'token_type': 'bearer'}
        client_key = client_key or self.client_key
        now = datetime.datetime.utcnow()
        expiration_datetime = expiration_datetime or \
                              (now + datetime.timedelta(seconds=30))
        issue_datetime = issue_datetime or now
        nonce = nonce or 'a-nonce'
        issuer = issuer or self.issuer
        id_token = self.get_id_token(
            client_key, timegm(expiration_datetime.utctimetuple()),
            timegm(issue_datetime.utctimetuple()), nonce, issuer)

        body['id_token'] = JWS(id_token, jwk=self.key, alg='RS256').sign_compact()
        if tamper_message:
            header, msg, sig = body['id_token'].split('.')
            id_token['sub'] = '1235'
            msg = b64encode_item(id_token).decode('utf-8')
            body['id_token'] = '.'.join([header, msg, sig])

        return json.dumps(body)
    def prepare_access_token_body(self, client_key=None, tamper_message=False,
                                  expiration_datetime=None,
                                  issue_datetime=None, nonce=None,
                                  issuer=None):
        body = {'access_token': 'foobar', 'token_type': 'bearer'}
        client_key = client_key or self.client_key
        now = datetime.datetime.utcnow()
        expiration_datetime = expiration_datetime or (now + datetime.timedelta(seconds=30))
        issue_datetime = issue_datetime or now
        id_token = self.get_id_token(
            client_key, timegm(expiration_datetime.utctimetuple()),
            timegm(issue_datetime.utctimetuple())
        )

        key = SYMKey(key=self.jwt_secret, alg='HS256')
        body['access_token'] = JWS(id_token, jwk=key, alg='HS256').sign_compact()
        if tamper_message:
            header, msg, sig = body['id_token'].split('.')
            id_token['sub'] = '1235'
            msg = b64encode_item(id_token).decode('utf-8')
            body['access_token'] = '.'.join([header, msg, sig])

        return json.dumps(body)
Exemple #9
0
 def b64_encode_header(self):
     return b64encode_item(self.headers)