def test_explicit_registration(self): config = create_from_config_file( Configuration, entity_conf=[{ "class": FedRPConfiguration, "attr": "rp" }], filename=full_path('conf_foodle.uninett.no.yaml'), base_path=BASE_PATH) config.rp.federation.web_cert_path = "{}/{}".format( dir_path, lower_or_upper(config.web_conf, "server_cert")) rph = init_oidc_rp_handler(config.rp, BASE_PATH) rp = rph.init_client('ntnu') rp.client_get( "service_context").federation_entity.collector = DummyCollector( httpd=Publisher(ROOT_DIR), trusted_roots=ANCHOR, root_dir=ROOT_DIR) _service = rp.client_get("service", 'provider_info') args = self.provider_endpoint.process_request() info = self.provider_endpoint.do_response(**args) _resp = _service.parse_response(info["response"]) with responses.RequestsMock() as rsps: _jwks = open( os.path.join(BASE_PATH, 'base_data', 'ntnu.no', 'op.ntnu.no', 'jwks.json')).read() rsps.add("GET", "https://op.ntnu.no/static/jwks.json", body=_jwks, adding_headers={"Content-Type": "application/json"}, status=200) _service.update_service_context(_resp) # Do the client registration request # First let the client construct the client registration request _service = rp.client_get("service", 'registration') _request_args = _service.get_request_parameters() # send it to the provider args = self.registration_endpoint.process_request( _request_args["body"]) response_args = self.provider_endpoint.do_response(**args) # Let the client deal with the response from the provider _resp = _service.parse_response(response_args["response"], request=_request_args["body"]) _service.update_service_context(_resp) # and we're done reg_resp = _service.client_get("service_context").get( "registration_response") assert reg_resp["token_endpoint_auth_method"] == "private_key_jwt"
def main(config_file, args): logging.basicConfig(level=logging.DEBUG) config = create_from_config_file(Configuration, entity_conf=[{ "class": FedOpConfiguration, "attr": "op", "path": ["op", "server_info"] }], filename=config_file) app = oidc_provider_init_app(config) web_conf = config.webserver context = create_context(dir_path, web_conf) kwargs = {} _srv_context = app.server.server_get("endpoint_context") if args.display: print(json.dumps(_srv_context.provider_info, indent=4, sort_keys=True)) exit(0) if args.insecure: _srv_context.federation_entity.collector.insecure = True _cert = os.path.join(dir_path, lower_or_upper(web_conf, "server_cert")) _srv_context.federation_entity.collector.web_cert_path = _cert app.run(host=web_conf['domain'], port=web_conf['port'], debug=web_conf['debug'], ssl_context=context, **kwargs)
def main(config_file, args): logging.basicConfig(level=logging.DEBUG) config = Configuration.create_from_config_file(config_file) app = oidc_provider_init_app(config) web_conf = config.webserver context = create_context(dir_path, web_conf) kwargs = {} if args.display: print( json.dumps(app.endpoint_context.provider_info, indent=4, sort_keys=True)) exit(0) if args.insecure: app.endpoint_context.federation_entity.collector.insecure = True _cert = os.path.join(dir_path, lower_or_upper(web_conf, "server_cert")) app.endpoint_context.federation_entity.collector.web_cert_path = _cert app.run(host=web_conf['domain'], port=web_conf['port'], debug=web_conf['debug'], ssl_context=context, **kwargs)
def init_oidc_rp_handler(app): rp_keys_conf = app.rp_config.rp_keys _fed_conf = app.rp_config.federation _httpc_params = app.rp_config.httpc_params _fed_conf['entity_id'] = _fed_conf['entity_id'].format( domain=app.rp_config.domain, port=app.rp_config.port) _fed_conf['web_cert_path'] = "{}/{}".format( dir_path, lower_or_upper(app.rp_config.web_conf, "server_cert")) _path = rp_keys_conf['uri_path'] if _path.startswith('./'): _path = _path[2:] elif _path.startswith('/'): _path = _path[1:] for client, _cnf in app.rp_config.clients.items(): for attr in ['client_id', 'entity_id']: _val = _cnf.get(attr) if _val: _cnf[attr] = _val.format(domain=app.rp_config.domain, port=app.rp_config.port) args = {k: v for k, v in rp_keys_conf.items() if k != "uri_path"} rp_keyjar = init_key_jar(**args) rp_keyjar.httpc_params = _httpc_params rph = RPHandler(base_url=app.rp_config.base_url, hash_seed=app.rp_config.hash_seed, jwks_path=_path, client_configs=app.rp_config.clients, keyjar=rp_keyjar, services=app.rp_config.services, httpc_params=_httpc_params, federation_entity_config=_fed_conf) return rph
key_setup() logging.basicConfig(level=logging.DEBUG) app = Flask(__name__, static_url_path='') app.fss_config = Configuration.create_from_config_file("conf.yaml") app.register_blueprint(sigserv_views) # Initialize the oidc_provider after views to be able to set correct urls _server_info_config = app.fss_config.server_info app.signing_service = SigningService(_server_info_config, cwd=dir_path) web_conf = app.fss_config.web_conf app.signing_service.cwd = dir_path cert_file = lower_or_upper(web_conf, "server_cert") if not cert_file.startswith("/"): _cert = "{}/{}".format(dir_path, cert_file) with open(cert_file, 'r') as fp: pem = fp.read() app.signing_service.x5c = pems_to_x5c([pem]) if __name__ == "__main__": web_conf = app.fss_config.web_conf ssl_context = create_context(dir_path, web_conf) app.run(host=web_conf.get('domain'), port=web_conf.get('port'), debug=web_conf.get('domain', True), ssl_context=ssl_context)
environ['peercert'] = '' return environ logging.basicConfig(level=logging.DEBUG) config_file = "conf_uwsgi.yaml" config = create_from_config_file(Configuration, entity_conf=[{'class': FedOpConfiguration, "attr": "op", "path": ["op", "server_info"]}], filename=config_file) app = oidc_provider_init_app(config) web_conf = config.webserver # To be able to publish the TLS cert in the entity statement _cert = os.path.join(dir_path, lower_or_upper(web_conf, "server_cert")) app.server.endpoint_context.federation_entity.collector.web_cert_path = _cert def main(): global app parser = argparse.ArgumentParser() parser.add_argument('-d', dest='display', action='store_true') # parser.add_argument('-t', dest='tls', action='store_true') parser.add_argument('-k', dest='insecure', action='store_true') parser.add_argument(dest="config") args = parser.parse_args() kwargs = {} if args.display:
fp.write(_jwks) for _key_file, _port in rp_spec: if os.path.isfile(_key_file): key_jar = KeyJar() key_jar.import_jwks_from_file(_key_file, "") _jwks = key_jar.export_jwks_as_json(issuer_id="") _file = 'base_data/lu.se/https%3A%2F%2F{}%3A{}%2Flocal/jwks.json'.format( domain, _port) with open(_file, "w") as fp: fp.write(_jwks) app = init_app(sys.argv[1], NAME) logging.basicConfig(level=logging.DEBUG) web_conf = app.fss_config.web_conf ssl_context = create_context(dir_path, web_conf) app.signing_service.cwd = dir_path _cert = "{}/{}".format(dir_path, lower_or_upper(web_conf, "server_cert")) with open(_cert.format(dir_path), 'r') as fp: pem = fp.read() app.signing_service.x5c = pems_to_x5c([pem]) app.run(host=web_conf.get('domain'), port=web_conf.get('port'), debug=web_conf.get('debug', True), ssl_context=ssl_context)