def do_client_registration(self, request, client_id, ignore=None):
if ignore is None:
ignore = []
_cinfo = self.cdb[client_id].copy()
logger.debug("_cinfo: %s" % _cinfo)
for key, val in list(request.items()):
if key not in ignore:
_cinfo[key] = val
if "redirect_uris" in request:
ruri = []
for uri in request["redirect_uris"]:
if urllib.parse.urlparse(uri).fragment:
err = ClientRegistrationErrorResponse(
error="invalid_configuration_parameter",
error_description="redirect_uri contains fragment")
return Response(err.to_json(),
content="application/json",
status="400 Bad Request")
base, query = urllib.parse.splitquery(uri)
if query:
ruri.append((base, urllib.parse.parse_qs(query)))
else:
ruri.append((base, query))
_cinfo["redirect_uris"] = ruri
if "sector_identifier_uri" in request:
si_url = request["sector_identifier_uri"]
try:
res = self.server.http_request(si_url)
except ConnectionError as err:
logger.error("%s" % err)
return self._error_response(
"invalid_configuration_parameter",
descr="Couldn't open sector_identifier_uri")
if not res:
return self._error_response(
"invalid_configuration_parameter",
descr="Couldn't open sector_identifier_uri")
logger.debug("sector_identifier_uri => %s" % res.text)
try:
si_redirects = json.loads(res.text)
except ValueError:
return self._error_response(
"invalid_configuration_parameter",
descr="Error deserializing sector_identifier_uri content")
if "redirect_uris" in request:
logger.debug("redirect_uris: %s" % request["redirect_uris"])
for uri in request["redirect_uris"]:
try:
assert uri in si_redirects
except AssertionError:
return self._error_response(
"invalid_configuration_parameter",
descr="redirect_uri missing from sector_identifiers"
)
_cinfo["si_redirects"] = si_redirects
_cinfo["sector_id"] = si_url
elif "redirect_uris" in request:
if len(request["redirect_uris"]) > 1:
# check that the hostnames are the same
host = ""
for url in request["redirect_uris"]:
part = urllib.parse.urlparse(url)
_host = part.netloc.split(":")[0]
if not host:
host = _host
else:
try:
assert host == _host
except AssertionError:
return self._error_response(
"invalid_configuration_parameter",
descr=
"'sector_identifier_uri' must be registered")
for item in ["policy_url", "logo_url"]:
if item in request:
if self._verify_url(request[item], _cinfo["redirect_uris"]):
_cinfo[item] = request[item]
else:
return self._error_response(
"invalid_configuration_parameter",
descr="%s pointed to illegal URL" % item)
try:
self.keyjar.load_keys(request, client_id)
try:
logger.debug("keys for %s: [%s]" % (
client_id,
",".join(["%s" % x for x in self.keyjar[client_id]])))
except KeyError:
pass
except Exception as err:
logger.error("Failed to load client keys: %s" % request.to_dict())
err = ClientRegistrationErrorResponse(
error="invalid_configuration_parameter",
error_description="%s" % err)
return Response(err.to_json(), content="application/json",
status="400 Bad Request")
return _cinfo
def do_client_registration(self, request, client_id, ignore=None):
if ignore is None:
ignore = []
_cinfo = self.cdb[client_id].copy()
logger.debug("_cinfo: %s" % _cinfo)
for key, val in list(request.items()):
if key not in ignore:
_cinfo[key] = val
if "redirect_uris" in request:
ruri = []
for uri in request["redirect_uris"]:
if urllib.parse.urlparse(uri).fragment:
err = ClientRegistrationErrorResponse(
error="invalid_configuration_parameter",
error_description="redirect_uri contains fragment")
return Response(err.to_json(),
content="application/json",
status="400 Bad Request")
base, query = urllib.parse.splitquery(uri)
if query:
ruri.append((base, urllib.parse.parse_qs(query)))
else:
ruri.append((base, query))
_cinfo["redirect_uris"] = ruri
if "sector_identifier_uri" in request:
si_url = request["sector_identifier_uri"]
try:
res = self.server.http_request(si_url)
except ConnectionError as err:
logger.error("%s" % err)
return self._error_response(
"invalid_configuration_parameter",
descr="Couldn't open sector_identifier_uri")
if not res:
return self._error_response(
"invalid_configuration_parameter",
descr="Couldn't open sector_identifier_uri")
logger.debug("sector_identifier_uri => %s" % res.text)
try:
si_redirects = json.loads(res.text)
except ValueError:
return self._error_response(
"invalid_configuration_parameter",
descr="Error deserializing sector_identifier_uri content")
if "redirect_uris" in request:
logger.debug("redirect_uris: %s" % request["redirect_uris"])
for uri in request["redirect_uris"]:
try:
assert uri in si_redirects
except AssertionError:
return self._error_response(
"invalid_configuration_parameter",
descr="redirect_uri missing from sector_identifiers"
)
_cinfo["si_redirects"] = si_redirects
_cinfo["sector_id"] = si_url
elif "redirect_uris" in request:
if len(request["redirect_uris"]) > 1:
# check that the hostnames are the same
host = ""
for url in request["redirect_uris"]:
part = urllib.parse.urlparse(url)
_host = part.netloc.split(":")[0]
if not host:
host = _host
else:
try:
assert host == _host
except AssertionError:
return self._error_response(
"invalid_configuration_parameter",
descr=
"'sector_identifier_uri' must be registered")
for item in ["policy_url", "logo_url"]:
if item in request:
if self._verify_url(request[item], _cinfo["redirect_uris"]):
_cinfo[item] = request[item]
else:
return self._error_response(
"invalid_configuration_parameter",
descr="%s pointed to illegal URL" % item)
try:
self.keyjar.load_keys(request, client_id)
try:
logger.debug("keys for %s: [%s]" % (client_id, ",".join(
["%s" % x for x in self.keyjar[client_id]])))
except KeyError:
pass
except Exception as err:
logger.error("Failed to load client keys: %s" % request.to_dict())
err = ClientRegistrationErrorResponse(
error="invalid_configuration_parameter",
error_description="%s" % err)
return Response(err.to_json(),
content="application/json",
status="400 Bad Request")
return _cinfo
def l_registration_endpoint(self, request, authn=None, **kwargs):
_log_debug = logger.debug
_log_info = logger.info
_log_debug("@registration_endpoint")
request = RegistrationRequest().deserialize(request, "json")
_log_info("registration_request:%s" % request.to_dict())
resp_keys = list(request.keys())
try:
request.verify()
except MessageException as err:
if "type" not in request:
return self._error(error="invalid_type",
descr="%s" % err)
else:
return self._error(error="invalid_configuration_parameter",
descr="%s" % err)
_keyjar = self.server.keyjar
# create new id och secret
client_id = rndstr(12)
while client_id in self.cdb:
client_id = rndstr(12)
client_secret = secret(self.seed, client_id)
_rat = rndstr(32)
reg_enp = ""
for endp in self.endpoints:
if isinstance(endp, DynamicClientEndpoint):
reg_enp = "%s%s" % (self.baseurl, endp.etype)
self.cdb[client_id] = {
"client_id": client_id,
"client_secret": client_secret,
"registration_access_token": _rat,
"registration_client_uri": "%s?client_id=%s" % (reg_enp, client_id),
"client_secret_expires_at": utc_time_sans_frac() + 86400,
"client_id_issued_at": utc_time_sans_frac()}
self.cdb[_rat] = client_id
_cinfo = self.do_client_registration(request, client_id,
ignore=["redirect_uris",
"policy_url",
"logo_url"])
if isinstance(_cinfo, Response):
return _cinfo
args = dict([(k, v) for k, v in list(_cinfo.items())
if k in RegistrationResponse.c_param])
self.comb_redirect_uris(args)
response = RegistrationResponse(**args)
self.keyjar.load_keys(request, client_id)
# Add the key to the keyjar
if client_secret:
_kc = KeyBundle([{"kty": "oct", "key": client_secret,
"use": "ver"},
{"kty": "oct", "key": client_secret,
"use": "sig"}])
try:
_keyjar[client_id].append(_kc)
except KeyError:
_keyjar[client_id] = [_kc]
self.cdb[client_id] = _cinfo
_log_info("Client info: %s" % _cinfo)
logger.debug("registration_response: %s" % response.to_dict())
return Response(response.to_json(), content="application/json",
headers=[("Cache-Control", "no-store")])
def l_registration_endpoint(self, request, authn=None, **kwargs):
_log_debug = logger.debug
_log_info = logger.info
_log_debug("@registration_endpoint")
request = RegistrationRequest().deserialize(request, "json")
_log_info("registration_request:%s" % request.to_dict())
resp_keys = list(request.keys())
try:
request.verify()
except MessageException as err:
if "type" not in request:
return self._error(error="invalid_type", descr="%s" % err)
else:
return self._error(error="invalid_configuration_parameter",
descr="%s" % err)
_keyjar = self.server.keyjar
# create new id och secret
client_id = rndstr(12)
while client_id in self.cdb:
client_id = rndstr(12)
client_secret = secret(self.seed, client_id)
_rat = rndstr(32)
reg_enp = ""
for endp in self.endpoints:
if isinstance(endp, DynamicClientEndpoint):
reg_enp = "%s%s" % (self.baseurl, endp.etype)
self.cdb[client_id] = {
"client_id": client_id,
"client_secret": client_secret,
"registration_access_token": _rat,
"registration_client_uri":
"%s?client_id=%s" % (reg_enp, client_id),
"client_secret_expires_at": utc_time_sans_frac() + 86400,
"client_id_issued_at": utc_time_sans_frac()
}
self.cdb[_rat] = client_id
_cinfo = self.do_client_registration(
request,
client_id,
ignore=["redirect_uris", "policy_url", "logo_url"])
if isinstance(_cinfo, Response):
return _cinfo
args = dict([(k, v) for k, v in list(_cinfo.items())
if k in RegistrationResponse.c_param])
self.comb_redirect_uris(args)
response = RegistrationResponse(**args)
self.keyjar.load_keys(request, client_id)
# Add the key to the keyjar
if client_secret:
_kc = KeyBundle([{
"kty": "oct",
"key": client_secret,
"use": "ver"
}, {
"kty": "oct",
"key": client_secret,
"use": "sig"
}])
try:
_keyjar[client_id].append(_kc)
except KeyError:
_keyjar[client_id] = [_kc]
self.cdb[client_id] = _cinfo
_log_info("Client info: %s" % _cinfo)
logger.debug("registration_response: %s" % response.to_dict())
return Response(response.to_json(),
content="application/json",
headers=[("Cache-Control", "no-store")])
