def rp_service_setup(self):
config = {
"entity_id": RECEIVER,
"httpc_params": {"verify": False, "timeout": 1},
"federation": {
"endpoint": {
"fetch": {
"path": "fetch",
"class": Fetch,
"kwargs": {"client_authn_method": None},
}
},
"trusted_roots": ANCHOR,
"authority_hints": [],
"entity_type": 'openid_relying_party',
"opponent_entity_type": 'openid_provider',
}
}
federation_entity = FederationEntity(
config=config,
httpc=Publisher(os.path.join(BASE_PATH, 'base_data')),
)
# Swap in the DummyCollector
federation_entity.collector = DummyCollector(trusted_roots=ANCHOR,
httpd=Publisher(
os.path.join(BASE_PATH, 'base_data')),
root_dir=os.path.join(BASE_PATH, 'base_data'))
self.fedent = federation_entity
class TestSelfSigned(object):
@pytest.fixture(autouse=True)
def create_issuer(self):
self.entity = FederationEntity(config=CONFIG_SELF_SIGN)
def test_get_trust_mark_self_signed(self):
# Verify the self signed trust marks
for _jws in self.entity.server_get('context').signed_trust_marks:
_jwt = factory(_jws)
_payload = _jwt.jwt.payload()
_tm = TrustMark(**_payload)
assert _tm.verify()
def test_verify_using_id(self):
_endpoint = self.entity.get_endpoint("status")
_resp = _endpoint.process_request({
"id": "https://openid.net/certification/op",
"sub": self.entity.context.entity_id
})
assert _resp == {'response_args': {"active": True}}
def test_using_trust_mark(self):
_jws = self.entity.server_get('context').signed_trust_marks[0]
_endpoint = self.entity.get_endpoint("status")
_resp = _endpoint.process_request({"trust_mark": _jws})
assert _resp == {'response_args': {"active": True}}
def __init__(self,
client_authn_factory: Optional[Callable] = None,
keyjar: Optional[KeyJar] = None,
config: Optional[Union[dict, Configuration]] = None,
services: Optional[dict] = None,
jwks_uri: Optional[str] = '',
httpc_params: Optional[dict] = None,
httpc: Optional[Callable] = None,
cwd: Optional[str] = "",
httplib: Optional[Callable] = None):
Client.__init__(self,
client_authn_factory=client_authn_factory,
keyjar=keyjar,
config=config,
services=services,
jwks_uri=jwks_uri,
httpc_params=httpc_params)
if httpc is None and httplib:
httpc = httplib
fed_conf = config.get("federation")
if fed_conf:
self._service_context.federation_entity = FederationEntity(
config=fed_conf, httpc=httpc, cwd=cwd)
def __init__(self,
entity_id: str = "",
config: Optional[Union[dict, Configuration]] = None,
httpc: Optional[Any] = None,
cwd: Optional[str] = ''):
FederationEntity.__init__(self,
entity_id=entity_id,
config=config,
httpc=httpc,
cwd=cwd)
self.trust_marks = config.get("trust_marks")
_db_conf = config.get("trust_mark_db")
self.issued = init_service(_db_conf)
self.tm_lifetime = {}
for id, tm in self.trust_marks.items():
if "lifetime" in tm:
self.tm_lifetime[id] = tm["lifetime"]
del tm["lifetime"]
def __init__(self,
conf: Union[dict, FedEntityConfiguration],
keyjar: Optional[KeyJar] = None,
httpc: Optional[Any] = None):
entity.Entity.__init__(self, config=conf, keyjar=keyjar)
fed_conf = conf["federation"]
federation_entity = FederationEntity(httpc=httpc, config=fed_conf)
self.client_get(
"service_context").federation_entity = federation_entity
def create_endpoint(self):
conf = {
"httpc_params": {
"verify": False,
"timeout": 1
},
"federation": {
"entity_id":
ENTITY_ID,
"endpoint": {
"fetch": {
"path": "fetch",
"class": Fetch,
"kwargs": {
"client_authn_method": None
},
}
},
"keys": {
"uri_path": "static/fed_jwks.json",
"key_defs": KEYDEFS
},
'authority_hints':
os.path.join(BASEDIR,
'base_data/op.ntnu.no/op.ntnu.no/authority.json'),
'trusted_roots':
os.path.join(BASEDIR, 'trusted_roots.json'),
'priority': [],
'entity_type':
'federation_entity',
"name":
"Example Entity",
"contacts":
"*****@*****.**"
}
}
server = FederationEntity(config=conf.get("federation"),
entity_id=ENTITY_ID,
cwd=BASEDIR)
self.endpoint = server.server_get("endpoint", "fetch")
def __init__(self,
conf: Union[dict, OPConfiguration, ASConfiguration],
keyjar: Optional[KeyJar] = None,
cwd: Optional[str] = "",
cookie_handler: Optional[Any] = None,
httpc: Optional[Any] = None):
Server.__init__(self,
conf=conf,
keyjar=keyjar,
cwd=cwd,
cookie_handler=cookie_handler,
httpc=httpc)
fed_conf = conf.get("federation")
if fed_conf:
self.endpoint_context.federation_entity = FederationEntity(
config=fed_conf, httpc=httpc, cwd=cwd)
def __init__(self,
conf: Union[dict, FedOpConfiguration],
keyjar: Optional[KeyJar] = None,
cwd: Optional[str] = "",
cookie_handler: Optional[Any] = None,
httpc: Optional[Any] = None):
server.Server.__init__(self,
conf=conf,
keyjar=keyjar,
cwd=cwd,
cookie_handler=cookie_handler,
httpc=httpc)
fed_conf = conf["federation"]
federation_entity = FederationEntity(httpc=httpc, config=fed_conf)
self.server_get(
"endpoint_context").federation_entity = federation_entity
def create_issuer(self):
self.entity = FederationEntity(config=CONFIG_SELF_SIGN)
def init_entity(config, cwd):
return FederationEntity(config=config, cwd=cwd)
def create_issuer(self):
_intermediate = FederationEntity(config=CONFIG)
self.endpoint = _intermediate.server_get('endpoint', 'list')
def create_issuer(self):
self.entity = FederationEntity(config=CONFIG)
self.endpoint = self.entity.server_get('endpoint', 'fetch')
class Test(object):
@pytest.fixture(autouse=True)
def create_issuer(self):
self.entity = FederationEntity(config=CONFIG)
self.endpoint = self.entity.server_get('endpoint', 'fetch')
def test_self(self):
_context = self.endpoint.server_get("context")
_res = self.endpoint.process_request({"iss": _context.entity_id})
assert _res
assert len(_res["response_args"]) == 3
_info = self.endpoint.do_response(response_args=_res["response_args"],
request={"iss": _context.entity_id})
assert _info
_jws = factory(_info["response"])
_payload = _jws.jwt.payload()
assert _payload["iss"] == _context.entity_id
assert set(_payload.keys()) == {
'sub', 'metadata', 'authority_hints', 'jwks', 'iss', 'iat', 'exp'
}
def test_sub(self):
_context = self.endpoint.server_get("context")
_req = {"iss": _context.entity_id, "sub": "https://example.com"}
_res = self.endpoint.process_request(_req)
assert _res
assert len(_res["response_args"]) == 3
assert set(_res["response_args"].keys()) == {
'jwks', 'metadata_policy', 'authority_hints'
}
_info = self.endpoint.do_response(response_args=_res["response_args"],
request=_req)
assert _info
_jws = factory(_info["response"])
_payload = _jws.jwt.payload()
assert _payload["iss"] == _context.entity_id
assert set(_payload.keys()) == {
'sub', 'metadata_policy', 'authority_hints', 'jwks', 'iss', 'iat',
'exp'
}
assert _payload["sub"] == "https://example.com"
def test_metadata(self):
metadata = self.entity.get_metadata()
_ctx = self.entity.context
iss = sub = _ctx.entity_id
_statement = _ctx.create_entity_statement(
metadata={_ctx.entity_type: metadata},
iss=iss,
sub=sub,
authority_hints=_ctx.authority_hints,
lifetime=_ctx.default_lifetime)
_jws = factory(_statement)
_payload = _jws.jwt.payload()
assert _payload["iss"] == _ctx.entity_id
assert set(_payload.keys()) == {
'sub', 'metadata', 'authority_hints', 'jwks', 'iss', 'iat', 'exp'
}
assert _payload["sub"] == "https://op.ntnu.no"
def test_well_known(self):
_ctx = self.entity.context
_statement = _ctx.make_configuration_statement()
_jws = factory(_statement)
_payload = _jws.jwt.payload()
assert _payload["iss"] == _ctx.entity_id
assert set(_payload.keys()) == {
'sub', 'metadata', 'authority_hints', 'jwks', 'iss', 'iat', 'exp'
}
assert _payload["sub"] == _ctx.entity_id
parser.add_argument('-k', dest='insecure', action='store_true')
parser.add_argument('-t', dest='trusted_roots_file')
parser.add_argument('-e', dest='entity_type')
parser.add_argument('-o', dest='opponent_entity_type')
parser.add_argument('-l', dest='logging', action='store_true')
parser.add_argument(dest="url")
args = parser.parse_args()
if args.logging:
logger = configure_logging(config=LOGGING).getChild(__name__)
trusted_roots = json.loads(open(args.trusted_roots_file).read())
# Creates an entity that can do the collecting of information
conf = {"trusted_roots": trusted_roots, "entity_type": args.entity_type}
federation_entity = FederationEntity('Collector', config=conf)
if args.insecure:
federation_entity.collector.httpc_params = {"verify": False}
jws = federation_entity.get_configuration_information(args.url)
_entity_statement = verify_self_signed_signature(jws)
_tree = federation_entity.collect_statement_chains(
_entity_statement['iss'], _entity_statement)
chains = branch2lists(_tree)
for c in chains:
c.append(jws)
statements = [
eval_chain(c, federation_entity.context.keyjar,