class FakeOP: STATE = "12345678" def __init__(self): op_base_url = TestConfiguration.get_instance().rp_config.OP_URL self.provider = Provider( "https://op.tester.se/", SessionDB(op_base_url), CDB, AUTHN_BROKER, USERINFO, AUTHZ, verify_client, SYMKEY, urlmap=None, keyjar=KEYJAR ) self.provider.baseurl = TestConfiguration.get_instance().rp_config.OP_URL self.op_base = TestConfiguration.get_instance().rp_config.OP_URL self.redirect_urls = TestConfiguration.get_instance().rp_config.CLIENTS[PROVIDER]["client_info"][ "redirect_uris"] def setup_userinfo_endpoint(self): cons = Consumer({}, CONSUMER_CONFIG, {"client_id": CLIENT_ID}, server_info=SERVER_INFO, ) cons.behaviour = { "request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]} cons.keyjar[""] = KC_RSA cons.client_secret = "drickyoughurt" state, location = cons.begin("openid", "token", path=TestConfiguration.get_instance().rp_base) resp = self.provider.authorization_endpoint( request=urlparse(location).query) # redirect atr = AuthorizationResponse().deserialize( urlparse(resp.message).fragment, "urlencoded") uir = UserInfoRequest(access_token=atr["access_token"], schema="openid") resp = self.provider.userinfo_endpoint(request=uir.to_urlencoded()) responses.add( responses.POST, self.op_base + "userinfo", body=resp.message, status=200, content_type='application/json') def setup_token_endpoint(self): authreq = AuthorizationRequest(state="state", redirect_uri=self.redirect_urls[0], client_id=CLIENT_ID, response_type="code", scope=["openid"]) _sdb = self.provider.sdb sid = _sdb.token.key(user="******", areq=authreq) access_grant = _sdb.token(sid=sid) ae = AuthnEvent("user", "salt") _sdb[sid] = { "oauth_state": "authz", "authn_event": ae, "authzreq": authreq.to_json(), "client_id": CLIENT_ID, "code": access_grant, "code_used": False, "scope": ["openid"], "redirect_uri": self.redirect_urls[0], } _sdb.do_sub(sid, "client_salt") # Construct Access token request areq = AccessTokenRequest(code=access_grant, client_id=CLIENT_ID, redirect_uri=self.redirect_urls[0], client_secret="client_secret_1") txt = areq.to_urlencoded() resp = self.provider.token_endpoint(request=txt) responses.add( responses.POST, self.op_base + "token", body=resp.message, status=200, content_type='application/json') def setup_authentication_response(self, state=None): context = Context() context.path = 'openid/authz_cb' op_base = TestConfiguration.get_instance().rp_config.OP_URL if not state: state = rndstr() context.request = { 'code': 'F+R4uWbN46U+Bq9moQPC4lEvRd2De4o=', 'scope': 'openid profile email address phone', 'state': state} context.state = self.generate_state(op_base) return context def generate_state(self, op_base): state = State() state_id = TestConfiguration.get_instance().rp_config.STATE_ID state_data = { StateKeys.OP: PROVIDER, StateKeys.NONCE: "9YraWpJAmVp4L3NJ", StateKeys.TOKEN_ENDPOINT: TestConfiguration.get_instance().rp_config.OP_URL + "token", StateKeys.CLIENT_ID: "client_1", StateKeys.CLIENT_SECRET: "2222222222", StateKeys.JWKS_URI: TestConfiguration.get_instance().rp_config.OP_URL + "static/jwks.json", StateKeys.USERINFO_ENDPOINT: TestConfiguration.get_instance().rp_config.OP_URL + "userinfo", StateKeys.STATE: FakeOP.STATE } state.add(state_id, state_data) return state def setup_client_registration_endpoint(self): client_info = TestConfiguration.get_instance().rp_config.CLIENTS[PROVIDER]["client_info"] request = RegistrationRequest().deserialize(json.dumps(client_info), "json") _cinfo = self.provider.do_client_registration(request, CLIENT_ID) args = dict([(k, v) for k, v in _cinfo.items() if k in RegistrationResponse.c_param]) args['client_id'] = CLIENT_ID self.provider.comb_uri(args) registration_response = RegistrationResponse(**args) responses.add( responses.POST, self.op_base + "registration", body=registration_response.to_json(), status=200, content_type='application/json') def setup_opienid_config_endpoint(self): self.provider.baseurl = self.op_base self.provider.jwks_uri = self.publish_jwks() provider_info = self.provider.create_providerinfo() responses.add( responses.GET, self.op_base + ".well-known/openid-configuration", body=provider_info.to_json(), status=200, content_type='application/json' ) def setup_webfinger_endpoint(self): wf = WebFinger() resp = Response(wf.response(subject=self.op_base, base=self.op_base)) responses.add(responses.GET, self.op_base + ".well-known/webfinger", body=resp.message, status=200, content_type='application/json') def publish_jwks(self): jwks_uri = self.op_base + "static/jwks.json" responses.add( responses.GET, jwks_uri, body=json.dumps(JWKS), status=200, content_type='application/json') return jwks_uri
class FakeOP: STATE = "12345678" def __init__(self): op_base_url = TestConfiguration.get_instance().rp_config.OP_URL self.provider = Provider("https://op.tester.se/", SessionDB(op_base_url), CDB, AUTHN_BROKER, USERINFO, AUTHZ, verify_client, SYMKEY, urlmap=None, keyjar=KEYJAR) self.provider.baseurl = TestConfiguration.get_instance( ).rp_config.OP_URL self.op_base = TestConfiguration.get_instance().rp_config.OP_URL self.redirect_urls = TestConfiguration.get_instance( ).rp_config.CLIENTS[PROVIDER]["client_info"]["redirect_uris"] def setup_userinfo_endpoint(self): cons = Consumer( {}, CONSUMER_CONFIG, {"client_id": CLIENT_ID}, server_info=SERVER_INFO, ) cons.behaviour = { "request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"] } cons.keyjar[""] = KC_RSA cons.client_secret = "drickyoughurt" state, location = cons.begin( "openid", "token", path=TestConfiguration.get_instance().rp_base) resp = self.provider.authorization_endpoint( request=urlparse(location).query) # redirect atr = AuthorizationResponse().deserialize( urlparse(resp.message).fragment, "urlencoded") uir = UserInfoRequest(access_token=atr["access_token"], schema="openid") resp = self.provider.userinfo_endpoint(request=uir.to_urlencoded()) responses.add(responses.POST, self.op_base + "userinfo", body=resp.message, status=200, content_type='application/json') def setup_token_endpoint(self): authreq = AuthorizationRequest(state="state", redirect_uri=self.redirect_urls[0], client_id=CLIENT_ID, response_type="code", scope=["openid"]) _sdb = self.provider.sdb sid = _sdb.token.key(user="******", areq=authreq) access_grant = _sdb.token(sid=sid) ae = AuthnEvent("user", "salt") _sdb[sid] = { "oauth_state": "authz", "authn_event": ae, "authzreq": authreq.to_json(), "client_id": CLIENT_ID, "code": access_grant, "code_used": False, "scope": ["openid"], "redirect_uri": self.redirect_urls[0], } _sdb.do_sub(sid, "client_salt") # Construct Access token request areq = AccessTokenRequest(code=access_grant, client_id=CLIENT_ID, redirect_uri=self.redirect_urls[0], client_secret="client_secret_1") txt = areq.to_urlencoded() resp = self.provider.token_endpoint(request=txt) responses.add(responses.POST, self.op_base + "token", body=resp.message, status=200, content_type='application/json') def setup_authentication_response(self, state=None): context = Context() context.path = 'openid/authz_cb' op_base = TestConfiguration.get_instance().rp_config.OP_URL if not state: state = rndstr() context.request = { 'code': 'F+R4uWbN46U+Bq9moQPC4lEvRd2De4o=', 'scope': 'openid profile email address phone', 'state': state } context.state = self.generate_state(op_base) return context def generate_state(self, op_base): state = State() state_id = TestConfiguration.get_instance().rp_config.STATE_ID state_data = { StateKeys.OP: PROVIDER, StateKeys.NONCE: "9YraWpJAmVp4L3NJ", StateKeys.TOKEN_ENDPOINT: TestConfiguration.get_instance().rp_config.OP_URL + "token", StateKeys.CLIENT_ID: "client_1", StateKeys.CLIENT_SECRET: "2222222222", StateKeys.JWKS_URI: TestConfiguration.get_instance().rp_config.OP_URL + "static/jwks.json", StateKeys.USERINFO_ENDPOINT: TestConfiguration.get_instance().rp_config.OP_URL + "userinfo", StateKeys.STATE: FakeOP.STATE } state.add(state_id, state_data) return state def setup_client_registration_endpoint(self): client_info = TestConfiguration.get_instance( ).rp_config.CLIENTS[PROVIDER]["client_info"] request = RegistrationRequest().deserialize(json.dumps(client_info), "json") _cinfo = self.provider.do_client_registration(request, CLIENT_ID) args = dict([(k, v) for k, v in _cinfo.items() if k in RegistrationResponse.c_param]) args['client_id'] = CLIENT_ID self.provider.comb_uri(args) registration_response = RegistrationResponse(**args) responses.add(responses.POST, self.op_base + "registration", body=registration_response.to_json(), status=200, content_type='application/json') def setup_opienid_config_endpoint(self): self.provider.baseurl = self.op_base self.provider.jwks_uri = self.publish_jwks() provider_info = self.provider.create_providerinfo() responses.add(responses.GET, self.op_base + ".well-known/openid-configuration", body=provider_info.to_json(), status=200, content_type='application/json') def setup_webfinger_endpoint(self): wf = WebFinger() resp = Response(wf.response(subject=self.op_base, base=self.op_base)) responses.add(responses.GET, self.op_base + ".well-known/webfinger", body=resp.message, status=200, content_type='application/json') def publish_jwks(self): jwks_uri = self.op_base + "static/jwks.json" responses.add(responses.GET, jwks_uri, body=json.dumps(JWKS), status=200, content_type='application/json') return jwks_uri