def init_token_handler(server_get, spec, token_class):
_kwargs = spec.get("kwargs", {})
_lt = spec.get("lifetime")
if _lt:
_kwargs["lifetime"] = _lt
try:
_cls = spec["class"]
except KeyError:
cls = DefaultToken
_pw = spec.get("password")
if _pw is not None:
_kwargs["password"] = _pw
else:
cls = importer(_cls)
if _kwargs is None:
if cls != DefaultToken:
warnings.warn(
"Token initialisation arguments should be grouped under 'kwargs'.",
DeprecationWarning,
stacklevel=2,
)
_kwargs = spec
return cls(token_class=token_class, server_get=server_get, **_kwargs)
def init_user_info(conf, cwd: str):
kwargs = conf.get("kwargs", {})
if isinstance(conf["class"], str):
return importer(conf["class"])(**kwargs)
return conf["class"](**kwargs)
def configure_grant_types(self, grant_types_supported):
if grant_types_supported is None:
self.helper = {k: v(self) for k, v in self.helper_by_grant_type.items()}
return
self.helper = {}
# TODO: do we want to allow any grant_type?
for grant_type, grant_type_options in grant_types_supported.items():
_conf = grant_type_options.get("kwargs", {})
if _conf is False:
continue
try:
grant_class = grant_type_options["class"]
except (KeyError, TypeError):
raise ProcessError(
"Token Endpoint's grant types must be True, None or a dict with a"
" 'class' key."
)
if isinstance(grant_class, str):
try:
grant_class = importer(grant_class)
except (ValueError, AttributeError):
raise ProcessError(
f"Token Endpoint's grant type class {grant_class} can't" " be imported."
)
try:
self.helper[grant_type] = grant_class(self, _conf)
except Exception as e:
raise ProcessError(f"Failed to initialize class {grant_class}: {e}")
def issued_token_load(items: List[dict], **kwargs):
res = []
for item in items:
_class_name = list(item.keys())[0]
_cls = importer(_class_name)
_cls = _cls().load(item[_class_name])
res.append(_cls)
return res
def set_scopes_handler(self):
_spec = self.conf.get("scopes_handler")
if _spec:
_kwargs = _spec.get("kwargs", {})
_cls = importer(_spec["class"])(**_kwargs)
self.scopes_handler = _cls(_kwargs)
else:
self.scopes_handler = Scopes()
def build_signing_service(self, spec):
spec['kwargs']['base_path'] = os.path.join(self.wd,
spec['kwargs']["base_path"])
if isinstance(spec["class"], str):
_instance = importer(spec["class"])(**spec['kwargs'])
else:
_instance = spec["class"](**spec['kwargs'])
return _instance
def do_add_on(self, endpoints):
_add_on_conf = self.conf.get("add_on")
if _add_on_conf:
for spec in _add_on_conf.values():
if isinstance(spec["function"], str):
_func = importer(spec["function"])
else:
_func = spec["function"]
_func(endpoints, **spec["kwargs"])
def create_self_signed_trust_marks(spec, **kwargs):
if isinstance(spec["function"], str):
_func = importer(spec["function"])
else:
_func = spec["function"]
res = []
for id, content in spec["kwargs"].items():
_args = kwargs.copy()
_args.update(content)
res.append(_func(id=id, sub=id, **_args))
return res
def create_federation_entity(entity_id,
httpc=None,
httpc_params=None,
cwd="",
**kwargs):
args = {"httpc_params": httpc_params}
_conf = {}
_key_conf = kwargs.get("keys")
if _key_conf:
kwargs["key_conf"] = _key_conf
for param in ['trusted_roots', 'authority_hints']:
try:
_conf[param] = load_json(kwargs[param])
except KeyError:
pass
for param in [
'entity_type', 'priority', 'opponent_entity_type',
'registration_type', 'cwd', 'endpoint'
]:
try:
_conf[param] = kwargs[param]
except KeyError:
pass
for _key in ['key_conf', 'db_conf', 'issuer']:
_value = kwargs.get(_key)
if _value:
_conf[_key] = _value
if _conf:
_conf['httpc_params'] = args['httpc_params']
args['config'] = _conf
federation_entity = FederationEntity(entity_id,
httpc=httpc,
cwd=cwd,
**args)
add_ons = kwargs.get("add_on")
if add_ons:
for spec in add_ons.values():
if isinstance(spec["function"], str):
_func = importer(spec["function"])
else:
_func = spec["function"]
_func(federation_entity, **spec["kwargs"])
return federation_entity
def client_auth_setup(auth_set, server_get):
res = []
for item in auth_set:
if item is None or item.lower() == "none":
res.append(None)
else:
_cls = CLIENT_AUTHN_METHOD.get(item)
if _cls:
res.append(_cls(server_get))
else:
res.append(importer(item)(server_get))
return res
def init_service(conf, server_get=None):
kwargs = conf.get("kwargs", {})
if server_get:
kwargs["server_get"] = server_get
if isinstance(conf["class"], str):
try:
return importer(conf["class"])(**kwargs)
except TypeError as err:
logger.error("Could not init service class: {}".format(conf["class"]), err)
raise
return conf["class"](**kwargs)
def do_sub_func(self) -> None:
"""
Loads functions that creates subject "sub" values
:return: string
"""
ses_par = self.conf.get("session_params") or {}
sub_func = ses_par.get("sub_func") or {}
for key, args in sub_func.items():
if "class" in args:
self._sub_func[key] = init_service(args)
elif "function" in args:
if isinstance(args["function"], str):
self._sub_func[key] = importer(args["function"])
else:
self._sub_func[key] = args["function"]
def token_map_load(items: dict, **kwargs):
return {k: importer(v) for k, v in items.items()}
def client_registration_setup(self, request, new_id=True, set_secret=True):
try:
request.verify()
except (MessageException, ValueError) as err:
logger.error("request.verify() on %s", request)
return ResponseMessage(error="invalid_configuration_request",
error_description="%s" % err)
request.rm_blanks()
try:
self.match_client_request(request)
except CapabilitiesMisMatch as err:
return ResponseMessage(
error="invalid_request",
error_description="Don't support proposed %s" % err,
)
_context = self.server_get("endpoint_context")
if new_id:
if self.kwargs.get("client_id_generator"):
cid_generator = importer(
self.kwargs["client_id_generator"]["class"])
cid_gen_kwargs = self.kwargs["client_id_generator"].get(
"kwargs", {})
else:
cid_generator = importer(
"oidcop.oidc.registration.random_client_id")
cid_gen_kwargs = {}
client_id = cid_generator(reserved=_context.cdb.keys(),
**cid_gen_kwargs)
if "client_id" in request:
del request["client_id"]
else:
client_id = request.get("client_id")
if not client_id:
raise ValueError("Missing client_id")
_cinfo = {"client_id": client_id, "client_salt": rndstr(8)}
if self.server_get("endpoint", "registration_read"):
self.add_registration_api(_cinfo, client_id, _context)
if new_id:
_cinfo["client_id_issued_at"] = utc_time_sans_frac()
client_secret = ""
if set_secret:
client_secret = self.add_client_secret(_cinfo, client_id, _context)
logger.debug(
"Stored client info in CDB under cid={}".format(client_id))
_context.cdb[client_id] = _cinfo
_cinfo = self.do_client_registration(
request,
client_id,
ignore=["redirect_uris", "policy_uri", "logo_uri", "tos_uri"],
)
if isinstance(_cinfo, ResponseMessage):
return _cinfo
args = dict([(k, v) for k, v in _cinfo.items()
if k in self.response_cls.c_param])
comb_uri(args)
response = self.response_cls(**args)
# Add the client_secret as a symmetric key to the key jar
if client_secret:
_context.keyjar.add_symmetric(client_id, str(client_secret))
logger.debug(
"Stored updated client info in CDB under cid={}".format(client_id))
logger.debug("ClientInfo: {}".format(_cinfo))
_context.cdb[client_id] = _cinfo
# Not all databases can be sync'ed
if hasattr(_context.cdb, "sync") and callable(_context.cdb.sync):
_context.cdb.sync()
msg = "registration_response: {}"
logger.info(msg.format(sanitize(response.to_dict())))
return response
