def set_client_db(self, db=None): if db is None and self.conf.get("client_db"): _spec = self.conf.get("client_db") _kwargs = _spec.get("kwargs", {}) self.cdb = importer(_spec["class"])(**_kwargs) else: self.cdb = {}
def set_jti_db(self, db=None): if db is None and self.conf.get("jti_db"): _spec = self.conf.get("jti_db") _kwargs = _spec.get("kwargs", {}) self.jti_db = importer(_spec["class"])(**_kwargs) else: self.jti_db = db or InMemoryDataBase()
def build_signing_service(self, spec): spec['kwargs']['base_path'] = os.path.join(self.wd, spec['kwargs']["base_path"]) if isinstance(spec["class"], str): _instance = importer(spec["class"])(**spec['kwargs']) else: _instance = spec["class"](**spec['kwargs']) return _instance
def do_add_on(self): if self.conf.get("add_on"): for spec in self.conf["add_on"].values(): if isinstance(spec["function"], str): _func = importer(spec["function"]) else: _func = spec["function"] _func(self.endpoint, **spec["kwargs"])
def __init__(self, base_class=Message): if isinstance(base_class, str): self.base_class = importer(base_class)() elif isinstance(base_class, Message): self.base_class = base_class elif type(base_class) == abc.ABCMeta: self.base_class = base_class() self.info = {}
def init_token_handler(ec, spec, typ): try: _cls = spec["class"] except KeyError: cls = DefaultToken else: cls = importer(_cls) return cls(typ=typ, ec=ec, **spec)
def set_session_db(self, sso_db=None, db=None): if sso_db is None and self.conf.get("sso_db"): _spec = self.conf.get("sso_db") _kwargs = _spec.get("kwargs", {}) _db = importer(_spec["class"])(**_kwargs) sso_db = SSODb(_db) else: sso_db = sso_db or SSODb() if db is None and self.conf.get("session_db"): _spec = self.conf.get("session_db") _kwargs = _spec.get("kwargs", {}) db = importer(_spec["class"])(**_kwargs) self.do_session_db(sso_db, db) # append userinfo db to the session db self.do_userinfo() logger.debug("Session DB: {}".format(self.sdb.__dict__))
def init_service(conf, endpoint_context=None): kwargs = conf.get("kwargs", {}) if endpoint_context: kwargs["endpoint_context"] = endpoint_context if isinstance(conf["class"], str): return importer(conf["class"])(**kwargs) return conf["class"](**kwargs)
def init_user_info(conf, cwd): kwargs = conf.get("kwargs", {}) if "db_file" in kwargs: kwargs["db_file"] = os.path.join(cwd, kwargs["db_file"]) if isinstance(conf["class"], str): return importer(conf["class"])(**kwargs) return conf["class"](**kwargs)
def do_sub_func(self): _conf = self.conf.get("sub_func", {}) for key, args in _conf.items(): if "class" in args: self._sub_func[key] = init_service(args) elif "function" in args: if isinstance(args["function"], str): self._sub_func[key] = importer(args["function"]) else: self._sub_func[key] = args["function"]
def init_user_info(conf, cwd): try: kwargs = conf["kwargs"] except KeyError: kwargs = {} if "db_file" in kwargs: kwargs["db_file"] = os.path.join(cwd, kwargs["db_file"]) if isinstance(conf["class"], str): return util.importer(conf["class"])(**kwargs) else: return conf["class"](**kwargs)
def init_service(conf, endpoint_context=None): try: kwargs = conf["kwargs"] except KeyError: kwargs = {} if endpoint_context: kwargs["endpoint_context"] = endpoint_context if isinstance(conf["class"], str): return util.importer(conf["class"])(**kwargs) else: return conf["class"](**kwargs)
def init_token_handler(ec, spec, typ): try: _cls = spec["class"] except KeyError: cls = DefaultToken else: cls = importer(_cls) _kwargs = spec.get('kwargs') if _kwargs is None: if cls != DefaultToken: warnings.warn( "Token initialisation arguments should be grouped under 'kwargs'.", DeprecationWarning, stacklevel=2, ) _kwargs = spec return cls(typ=typ, ec=ec, **_kwargs)
def create_federation_entity(entity_id, httpc_params=None, **kwargs): args = {"httpc_params": httpc_params} for param in ['trusted_roots', 'authority_hints']: try: args[param] = load_json(kwargs[param]) except KeyError: pass for param in [ 'entity_type', 'priority', 'opponent_entity_type', 'registration_type', 'cwd' ]: try: args[param] = kwargs[param] except KeyError: pass _conf = {} for _key in ['keys', 'db_conf', 'issuer']: _value = kwargs.get(_key) if _value: _conf[_key] = _value if _conf: _conf['httpc_params'] = args['httpc_params'] args['config'] = _conf federation_entity = FederationEntity(entity_id, **args) add_ons = kwargs.get("add_on") if add_ons: for spec in add_ons.values(): if isinstance(spec["function"], str): _func = importer(spec["function"]) else: _func = spec["function"] _func(federation_entity, **spec["kwargs"]) return federation_entity
def __init__( self, conf, keyjar=None, client_db=None, session_db=None, cwd="", cookie_dealer=None, httpc=None, cookie_name=None, jwks_uri_path=None, ): self.conf = conf self.keyjar = keyjar or KeyJar() self.cwd = cwd # client database self.cdb = client_db or {} try: self.seed = bytes(conf["seed"], "utf-8") except KeyError: self.seed = bytes(rndstr(16), "utf-8") # Default values, to be changed below depending on configuration self.endpoint = {} self.issuer = "" self.httpc = httpc or requests self.verify_ssl = True self.jwks_uri = None self.sso_ttl = 14400 # 4h self.symkey = rndstr(24) self.id_token_schema = IdToken self.endpoint_to_authn_method = {} self.cookie_dealer = cookie_dealer self.login_hint_lookup = None if cookie_name: self.cookie_name = cookie_name elif "cookie_name" in conf: self.cookie_name = conf["cookie_name"] else: self.cookie_name = { "session": "oidcop", "register": "oidc_op_rp", "session_management": "sman", } for param in [ "verify_ssl", "issuer", "sso_ttl", "symkey", "client_authn", "id_token_schema", ]: try: setattr(self, param, conf[param]) except KeyError: pass try: self.template_handler = conf["template_handler"] except KeyError: try: loader = conf["template_loader"] except KeyError: template_dir = conf["template_dir"] loader = Environment(loader=FileSystemLoader(template_dir), autoescape=True) self.template_handler = Jinja2TemplateHandler(loader) self.setup = {} if not jwks_uri_path: try: jwks_uri_path = conf["jwks"]["uri_path"] except KeyError: pass try: if self.issuer.endswith("/"): self.jwks_uri = "{}{}".format(self.issuer, jwks_uri_path) else: self.jwks_uri = "{}/{}".format(self.issuer, jwks_uri_path) except KeyError: self.jwks_uri = "" if self.keyjar is None or self.keyjar.owners() == []: args = {k: v for k, v in conf["jwks"].items() if k != "uri_path"} self.keyjar = init_key_jar(**args) try: _conf = conf["cookie_dealer"] except KeyError: pass else: if self.cookie_dealer: # already defined raise ValueError("Cookie Dealer already defined") self.cookie_dealer = init_service(_conf) try: _conf = conf["sub_func"] except KeyError: sub_func = None else: sub_func = {} for key, args in _conf.items(): if "class" in args: sub_func[key] = init_service(args) elif "function" in args: if isinstance(args["function"], str): sub_func[key] = util.importer(args["function"]) else: sub_func[key] = args["function"] if session_db: self.sdb = session_db else: try: _th_args = conf["token_handler_args"] except KeyError: # create 3 keys keydef = [ { "type": "oct", "bytes": "24", "use": ["enc"], "kid": "code" }, { "type": "oct", "bytes": "24", "use": ["enc"], "kid": "token" }, { "type": "oct", "bytes": "24", "use": ["enc"], "kid": "refresh" }, ] jwks_def = { "private_path": "private/token_jwks.json", "key_defs": keydef, "read_only": False, } _th_args = {"jwks_def": jwks_def} for typ, tid in [("code", 600), ("token", 3600), ("refresh", 86400)]: _th_args[typ] = {"lifetime": tid} self.sdb = create_session_db(self, _th_args, db=None, sso_db=SSODb(), sub_func=sub_func) self.endpoint = build_endpoints( conf["endpoint"], endpoint_context=self, client_authn_method=CLIENT_AUTHN_METHOD, issuer=conf["issuer"], ) try: _cap = conf["capabilities"] except KeyError: _cap = {} for endpoint, endpoint_instance in self.endpoint.items(): if endpoint_instance.provider_info: _cap.update(endpoint_instance.provider_info) if endpoint in ["webfinger", "provider_info"]: continue _cap[endpoint_instance.endpoint_name] = "{}".format( endpoint_instance.endpoint_path) try: authz_spec = conf["authz"] except KeyError: self.authz = authz.Implicit(self) else: self.authz = init_service(authz_spec, self) try: _authn = conf["authentication"] except KeyError: self.authn_broker = None else: self.authn_broker = populate_authn_broker(_authn, self, self.template_handler) try: _conf = conf["id_token"] except KeyError: self.idtoken = IDToken(self) else: self.idtoken = init_service(_conf, self) try: _conf = conf["userinfo"] except KeyError: pass else: self.userinfo = init_user_info(_conf, self.cwd) self.sdb.userinfo = self.userinfo try: _conf = conf["login_hint_lookup"] except KeyError: pass else: self.login_hint_lookup = init_service(_conf) if self.userinfo: self.login_hint_lookup.user_info = self.userinfo try: _conf = conf["login_hint2acrs"] except KeyError: self.login_hint2acrs = None else: self.login_hint2acrs = init_service(_conf) self.provider_info = self.create_providerinfo(_cap) # which signing/encryption algorithms to use in what context self.jwx_def = {} # special type of logging self.events = None # client registration access tokens self.registration_access_token = {}