Esempio n. 1
0
    def __call__(self):
        res = {}

        for ent,item in self.metad.items():
            if "spsso_descriptor" not in item:
                continue

            for sp in item["spsso_descriptor"]:
                if "extensions" not in sp:
                    continue

                for elem in sp["extensions"]["extension_elements"]:
                    if elem["__class__"] == ENTITY_ATTR:
                        for attr in elem["attribute"]:
                            if attr["name"] == ATTR_NAME:
                                for val in attr["attribute_value"]:
                                    try:
                                        socialsecrets = json.loads(decrypt(val["text"],
                                                                           self.dkeys,
                                                                           "private"))
                                        if "entityId" in socialsecrets and ent in socialsecrets["entityId"]:
                                            if "secret" in socialsecrets:
                                                res[ent] = socialsecrets["secret"]
                                    except Exception as exp:
                                        logger.warning('The secrets in the metadata cannot med used for the sp: ' + ent,
                                                       exc_info=True)
        self._ava.update(res)
Esempio n. 2
0
    def from_jwt(self, txt, key=None, verify=True, keyjar=None, **kwargs):
        """
        Given a signed and/or encrypted JWT, verify its correctness and then
        create a class instance from the content.

        :param txt: The JWT
        :param key: keys that might be used to decrypt and/or verify the
            signature of the JWT
        :param verify: Whether the signature should be verified or not
        :return: A class instance
        """
        if key is None and keyjar is not None:
            key = keyjar.get_verify_key(owner="")
        elif key is None:
            key = {}

        header = json.loads(b64d(str(txt.split(".")[0])))
        try:
            htype = header["typ"]
        except KeyError:
            htype = None

        jso = None
        if htype == "JWE" or ("alg" in header and "enc" in header):  # encrypted
            if keyjar:
                dkeys = keyjar.get_decrypt_key(owner="")
            else:
                dkeys = {}
            txt = jwe.decrypt(txt, dkeys, "private")
            try:
                jso = json.loads(txt)
            except Exception:
                pass

        # assume htype == 'JWS'
        if not jso:
            try:
                jso = jwkest.unpack(txt)[1]
                if isinstance(jso, basestring):
                    jso = json.loads(jso)
                if verify:
                    if keyjar:
                        for ent in ["iss", "aud", "client_id"]:
                            if ent not in jso:
                                continue
                            if ent == "aud":
                                for _e in jso[ent]:
                                    self._add_key(keyjar, _e, key)
                            else:
                                self._add_key(keyjar, jso[ent], key)

                    jws.verify(txt, key)
            except Exception:
                raise

        return self.from_dict(jso)
Esempio n. 3
0
    def from_jwe(self, msg, keys):
        """
        Decrypt an encrypted JWT and load the JSON object that was the body of the JWT into this object.

        :param msg: An encrypted JWT
        :param keys: Dictionary, keys are key type and key is the value or simple list.
        :return: The decrypted message. If decryption failed an exception will be raised.
        """
        if isinstance(keys, dict):
            keys = keyitems2keyreps(keys)

        jwe = JWE()
        _res = jwe.decrypt(msg, keys)
        return self.from_json(_res.decode())
Esempio n. 4
0
    def from_jwe(self, msg, keys):
        """
        Decrypt an encrypted JWT and load the JSON object that was the body
        of the JWT into this object.

        :param msg: An encrypted JWT
        :param keys: Dictionary, keys are key type and key is the value or
        simple list.
        :return: The decrypted message. If decryption failed an exception
        will be raised.
        """
        if isinstance(keys, dict):
            keys = keyitems2keyreps(keys)

        jwe = JWE()
        _res = jwe.decrypt(msg, keys)
        return self.from_json(_res.decode())
Esempio n. 5
0
    def _func(self, conv):
        client = conv.client
        for instance, msg in conv.protocol_response:
            if isinstance(instance, message.AccessTokenResponse):
                _dic = json.loads(msg)
                header = json.loads(b64d(str(_dic["id_token"].split(".")[0])))
                try:
                    assert header["alg"].startswith("RSA")
                except AssertionError:
                    self._status = self.status
                    break

                dkeys = client.keyjar.get_decrypt_key(owner="")
                txt = decrypt(_dic["id_token"], dkeys, "private")
                _tmp = unpack(txt)[0]
                try:
                    assert _tmp["alg"] == "RS256"
                except AssertionError:
                    self._status = self.status
                break

        return {}
 def from_jwe(self, msg, keys):
     krs = keyitems2keyreps(keys)
     jwe = JWE()
     _res = jwe.decrypt(msg, krs)
     return self.from_json(_res[0].decode())
Esempio n. 7
0
            print >> sys.stderr, "Missing private key to decrypt with"
            exit()
    elif args.jwk_file:
        keys = assign(load_jwks(open(args.jwk_file).read()))
        if args.mode == "private":
            print >> sys.stderr, "Missing private key to decrypt with"
            exit()
    elif args.x509_url:
        keys = assign(load_x509_cert(lrequest, args.x509_url))
        if args.mode == "private":
            print >> sys.stderr, "Missing private key to decrypt with"
            exit()
    elif args.x509_file:
        keys = {"rsa": [x509_rsa_loads(open(args.x509_file).read())]}
        if args.mode == "private":
            print >> sys.stderr, "Missing private key to decrypt with"
            exit()
    elif args.rsa_file:
        keys = {"rsa": [rsa_load(args.rsa_file)]}
    else:
        print >> sys.stderr, "Needs encryption key"
        exit()

    if args.file:
        msg = open(args.file).read()
        msg = msg.strip("\n\r")
    else:
        msg = args.message

    print decrypt(msg, keys, args.mode, debug=args.debug)
Esempio n. 8
0
 def from_jwe(self, msg, keys):
     krs = keyitems2keyreps(keys)
     jwe = JWE()
     _res = jwe.decrypt(msg, krs)
     return self.from_json(_res[0].decode())