def test_explicit_registration(self):
config = create_from_config_file(
Configuration,
entity_conf=[{
"class": FedRPConfiguration,
"attr": "rp"
}],
filename=full_path('conf_foodle.uninett.no.yaml'),
base_path=BASE_PATH)
config.rp.federation.web_cert_path = "{}/{}".format(
dir_path, lower_or_upper(config.web_conf, "server_cert"))
rph = init_oidc_rp_handler(config.rp, BASE_PATH)
rp = rph.init_client('ntnu')
rp.client_get(
"service_context").federation_entity.collector = DummyCollector(
httpd=Publisher(ROOT_DIR),
trusted_roots=ANCHOR,
root_dir=ROOT_DIR)
_service = rp.client_get("service", 'provider_info')
args = self.provider_endpoint.process_request()
info = self.provider_endpoint.do_response(**args)
_resp = _service.parse_response(info["response"])
with responses.RequestsMock() as rsps:
_jwks = open(
os.path.join(BASE_PATH, 'base_data', 'ntnu.no', 'op.ntnu.no',
'jwks.json')).read()
rsps.add("GET",
"https://op.ntnu.no/static/jwks.json",
body=_jwks,
adding_headers={"Content-Type": "application/json"},
status=200)
_service.update_service_context(_resp)
# Do the client registration request
# First let the client construct the client registration request
_service = rp.client_get("service", 'registration')
_request_args = _service.get_request_parameters()
# send it to the provider
args = self.registration_endpoint.process_request(
_request_args["body"])
response_args = self.provider_endpoint.do_response(**args)
# Let the client deal with the response from the provider
_resp = _service.parse_response(response_args["response"],
request=_request_args["body"])
_service.update_service_context(_resp)
# and we're done
reg_resp = _service.client_get("service_context").get(
"registration_response")
assert reg_resp["token_endpoint_auth_method"] == "private_key_jwt"
def main(config_file, args):
logging.basicConfig(level=logging.DEBUG)
config = create_from_config_file(Configuration,
entity_conf=[{
"class": FedOpConfiguration,
"attr": "op",
"path": ["op", "server_info"]
}],
filename=config_file)
app = oidc_provider_init_app(config)
web_conf = config.webserver
context = create_context(dir_path, web_conf)
kwargs = {}
_srv_context = app.server.server_get("endpoint_context")
if args.display:
print(json.dumps(_srv_context.provider_info, indent=4, sort_keys=True))
exit(0)
if args.insecure:
_srv_context.federation_entity.collector.insecure = True
_cert = os.path.join(dir_path, lower_or_upper(web_conf, "server_cert"))
_srv_context.federation_entity.collector.web_cert_path = _cert
app.run(host=web_conf['domain'],
port=web_conf['port'],
debug=web_conf['debug'],
ssl_context=context,
**kwargs)
def main(config_file, args):
logging.basicConfig(level=logging.DEBUG)
config = Configuration.create_from_config_file(config_file)
app = oidc_provider_init_app(config)
web_conf = config.webserver
context = create_context(dir_path, web_conf)
kwargs = {}
if args.display:
print(
json.dumps(app.endpoint_context.provider_info,
indent=4,
sort_keys=True))
exit(0)
if args.insecure:
app.endpoint_context.federation_entity.collector.insecure = True
_cert = os.path.join(dir_path, lower_or_upper(web_conf, "server_cert"))
app.endpoint_context.federation_entity.collector.web_cert_path = _cert
app.run(host=web_conf['domain'],
port=web_conf['port'],
debug=web_conf['debug'],
ssl_context=context,
**kwargs)
def init_oidc_rp_handler(app):
rp_keys_conf = app.rp_config.rp_keys
_fed_conf = app.rp_config.federation
_httpc_params = app.rp_config.httpc_params
_fed_conf['entity_id'] = _fed_conf['entity_id'].format(
domain=app.rp_config.domain, port=app.rp_config.port)
_fed_conf['web_cert_path'] = "{}/{}".format(
dir_path, lower_or_upper(app.rp_config.web_conf, "server_cert"))
_path = rp_keys_conf['uri_path']
if _path.startswith('./'):
_path = _path[2:]
elif _path.startswith('/'):
_path = _path[1:]
for client, _cnf in app.rp_config.clients.items():
for attr in ['client_id', 'entity_id']:
_val = _cnf.get(attr)
if _val:
_cnf[attr] = _val.format(domain=app.rp_config.domain,
port=app.rp_config.port)
args = {k: v for k, v in rp_keys_conf.items() if k != "uri_path"}
rp_keyjar = init_key_jar(**args)
rp_keyjar.httpc_params = _httpc_params
rph = RPHandler(base_url=app.rp_config.base_url,
hash_seed=app.rp_config.hash_seed,
jwks_path=_path,
client_configs=app.rp_config.clients,
keyjar=rp_keyjar,
services=app.rp_config.services,
httpc_params=_httpc_params,
federation_entity_config=_fed_conf)
return rph
key_setup()
logging.basicConfig(level=logging.DEBUG)
app = Flask(__name__, static_url_path='')
app.fss_config = Configuration.create_from_config_file("conf.yaml")
app.register_blueprint(sigserv_views)
# Initialize the oidc_provider after views to be able to set correct urls
_server_info_config = app.fss_config.server_info
app.signing_service = SigningService(_server_info_config, cwd=dir_path)
web_conf = app.fss_config.web_conf
app.signing_service.cwd = dir_path
cert_file = lower_or_upper(web_conf, "server_cert")
if not cert_file.startswith("/"):
_cert = "{}/{}".format(dir_path, cert_file)
with open(cert_file, 'r') as fp:
pem = fp.read()
app.signing_service.x5c = pems_to_x5c([pem])
if __name__ == "__main__":
web_conf = app.fss_config.web_conf
ssl_context = create_context(dir_path, web_conf)
app.run(host=web_conf.get('domain'), port=web_conf.get('port'),
debug=web_conf.get('domain', True), ssl_context=ssl_context)
environ['peercert'] = ''
return environ
logging.basicConfig(level=logging.DEBUG)
config_file = "conf_uwsgi.yaml"
config = create_from_config_file(Configuration,
entity_conf=[{'class': FedOpConfiguration, "attr": "op",
"path": ["op", "server_info"]}],
filename=config_file)
app = oidc_provider_init_app(config)
web_conf = config.webserver
# To be able to publish the TLS cert in the entity statement
_cert = os.path.join(dir_path, lower_or_upper(web_conf, "server_cert"))
app.server.endpoint_context.federation_entity.collector.web_cert_path = _cert
def main():
global app
parser = argparse.ArgumentParser()
parser.add_argument('-d', dest='display', action='store_true')
# parser.add_argument('-t', dest='tls', action='store_true')
parser.add_argument('-k', dest='insecure', action='store_true')
parser.add_argument(dest="config")
args = parser.parse_args()
kwargs = {}
if args.display:
fp.write(_jwks)
for _key_file, _port in rp_spec:
if os.path.isfile(_key_file):
key_jar = KeyJar()
key_jar.import_jwks_from_file(_key_file, "")
_jwks = key_jar.export_jwks_as_json(issuer_id="")
_file = 'base_data/lu.se/https%3A%2F%2F{}%3A{}%2Flocal/jwks.json'.format(
domain, _port)
with open(_file, "w") as fp:
fp.write(_jwks)
app = init_app(sys.argv[1], NAME)
logging.basicConfig(level=logging.DEBUG)
web_conf = app.fss_config.web_conf
ssl_context = create_context(dir_path, web_conf)
app.signing_service.cwd = dir_path
_cert = "{}/{}".format(dir_path, lower_or_upper(web_conf, "server_cert"))
with open(_cert.format(dir_path), 'r') as fp:
pem = fp.read()
app.signing_service.x5c = pems_to_x5c([pem])
app.run(host=web_conf.get('domain'),
port=web_conf.get('port'),
debug=web_conf.get('debug', True),
ssl_context=ssl_context)
