Esempio n. 1
0
    def construct(self, cis, request_args=None, http_args=None, **kwargs):
        """
        :param cis: Request class instance
        :param request_args: Request arguments
        :param http_args: HTTP arguments
        :return: dictionary of HTTP arguments
        """

        if http_args is None:
            http_args = {}

        try:
            passwd = kwargs["password"]
        except KeyError:
            try:
                passwd = http_args["password"]
            except KeyError:
                try:
                    passwd = cis["client_secret"]
                except KeyError:
                    passwd = self.cli.client_secret

        try:
            user = kwargs["user"]
        except KeyError:
            user = self.cli.client_id

        if "headers" not in http_args:
            http_args["headers"] = {}

        http_args["headers"]["Authorization"] = "Basic {}".format(
            b64e_enc_dec("{}:{}".format(user, passwd), "utf-8", "utf-8")
        )

        try:
            del cis["client_secret"]
        except KeyError:
            pass

        if cis and not cis.c_param["client_id"][VREQUIRED]:
            try:
                del cis["client_id"]
            except KeyError:
                pass

        return http_args
Esempio n. 2
0
    def sign_json(self, keys=None, headers=None, flatten=False):
        """
        Produce JWS using the JWS JSON Serialization

        :param keys: list of keys to use for signing the JWS
        :param headers: list of tuples (protected headers, unprotected
        headers) for each signature
        :return:
        """

        def create_signature(protected, unprotected):
            protected_headers = protected or {}
            # always protect the signing alg header
            protected_headers.setdefault("alg", self.alg)
            _jws = JWS(self.msg, **protected_headers)
            encoded_header, payload, signature = _jws.sign_compact(
                protected=protected,
                keys=keys).split(".")
            signature_entry = {"signature": signature}
            if unprotected:
                signature_entry["header"] = unprotected
            if encoded_header:
                signature_entry["protected"] = encoded_header

            return signature_entry

        res = {"payload": b64e_enc_dec(self.msg, "utf-8", "ascii")}

        if headers is None:
            headers = [(dict(alg=self.alg), None)]

        if flatten and len(
                headers) == 1:  # Flattened JWS JSON Serialization Syntax
            signature_entry = create_signature(*headers[0])
            res.update(signature_entry)
        else:
            res["signatures"] = []
            for protected, unprotected in headers:
                signature_entry = create_signature(protected, unprotected)
                res["signatures"].append(signature_entry)

        return json.dumps(res)
Esempio n. 3
0
File: jws.py Progetto: lxp20201/lxp
    def sign_json(self, keys=None, headers=None, flatten=False):
        """
        Produce JWS using the JWS JSON Serialization

        :param keys: list of keys to use for signing the JWS
        :param headers: list of tuples (protected headers, unprotected
        headers) for each signature
        :return:
        """
        def create_signature(protected, unprotected):
            protected_headers = protected or {}
            # always protect the signing alg header
            protected_headers.setdefault("alg", self.alg)
            _jws = JWS(self.msg, **protected_headers)
            encoded_header, payload, signature = _jws.sign_compact(
                protected=protected, keys=keys).split(".")
            signature_entry = {"signature": signature}
            if unprotected:
                signature_entry["header"] = unprotected
            if encoded_header:
                signature_entry["protected"] = encoded_header

            return signature_entry

        res = {"payload": b64e_enc_dec(self.msg, "utf-8", "ascii")}

        if headers is None:
            headers = [(dict(alg=self.alg), None)]

        if flatten and len(
                headers) == 1:  # Flattened JWS JSON Serialization Syntax
            signature_entry = create_signature(*headers[0])
            res.update(signature_entry)
        else:
            res["signatures"] = []
            for protected, unprotected in headers:
                signature_entry = create_signature(protected, unprotected)
                res["signatures"].append(signature_entry)

        return json.dumps(res)
Esempio n. 4
0
# register at the AS
reg_info = _uma_client.construct_RegistrationRequest(
    request_args=_uma_client.registration_info)
reg_resp = authzsrv.oauth_registration_endpoint(reg_info.to_json())
reginfo = RegistrationResponse().from_json(reg_resp.message)
_uma_client.store_registration_info(reginfo)

# Get a RPT from the AS using the issued client credentials using HTTP Basic
# auth
# (OIDC 'client_secret_basic') combined with the user id of the Requesting Party
# as authentication and the ticket received in (3).

authn = "Basic {}".format(
    b64e_enc_dec(
        "{}:{}".format(_uma_client.client_id, _uma_client.client_secret),
        "ascii", "ascii"))

rqp_claims = b64e_enc_dec(json.dumps({"uid": REQUESTOR}), "utf-8", "ascii")

request = RPTRequest(
    grant_type=RQP_CLAIMS_GRANT_TYPE,
    ticket=ticket,
    claim_tokens=[ClaimToken(format="json", token=rqp_claims)])

resp = authzsrv.rpt_token_endpoint(authn=authn, request=request.to_json())

rtr = RPTResponse().from_json(resp.message)
_uma_client.token[REQUESTOR] = {}
_uma_client.token[REQUESTOR]["RPT"] = rtr["rpt"]
Esempio n. 5
0
# register at the AS
reg_info = _uma_client.construct_RegistrationRequest(
    request_args=_uma_client.registration_info)
reg_resp = authzsrv.oauth_registration_endpoint(reg_info.to_json())

reginfo = RegistrationResponse().from_json(reg_resp.message)
_uma_client.store_registration_info(reginfo)

# Get a RPT from the AS using the issued client credentials using HTTP Basic
# auth
# (OIDC 'client_secret_basic') combined with the user id of the Requesting Party
# as authentication and the ticket received in (3).

authn = "Basic {}".format(
    b64e_enc_dec("{}:{}".format(client.client_id, client.client_secret),
                 "ascii", "ascii"))

rqp_claims = b64e_enc_dec(json.dumps({"uid": REQUESTOR}), "utf-8", "ascii")

request = RPTRequest(grant_type=RQP_CLAIMS_GRANT_TYPE, ticket=ticket,
                     claim_tokens=[ClaimToken(format="json", token=rqp_claims)])

resp = authzsrv.rpt_token_endpoint(authn=authn, request=request.to_json())

rtr = RPTResponse().from_json(resp.message)
_uma_client.token[REQUESTOR] = {}
_uma_client.token[REQUESTOR]["RPT"] = rtr["rpt"]


# Introspection of the RPT