def setUp(self):
self.store = memstore.MemoryStore()
self.consumer = GenericConsumer(self.store)
self.endpoint = OpenIDServiceEndpoint()
def associate(services, url):
'''Create an association (OpenID section 8) between RP and OP.
Return response as a dictionary.'''
req_data = {
'openid.ns': "http://specs.openid.net/auth/2.0",
'openid.mode': "associate",
'openid.assoc_type': "HMAC-SHA1",
'openid.session_type': "no-encryption",
}
if url.startswith('http:'):
# Use DH exchange
req_data['openid.session_type'] = "DH-SHA1"
# Private key: random number between 1 and dh_prime-1
priv = random.SystemRandom().randrange(1, dh_prime - 1)
# Public key: 2^priv mod prime
pubkey = pow(2L, priv, dh_prime)
dh_public_base64 = base64.b64encode(btwoc(pubkey))
# No need to send key and generator
req_data['openid.dh_consumer_public'] = dh_public_base64
if is_compat_1x(services):
# 14.2.1: clear session_type in 1.1 compatibility mode
if req_data['openid.session_type'] == "no-encryption":
req_data['openid.session_type'] = ''
del req_data['openid.ns']
res = urllib.urlopen(url, b(urllib.urlencode(req_data)))
try:
if res.getcode() != 200:
raise ValueError(
"OpenID provider refuses connection with status %s" %
res.getcode())
data = parse_response(res.read())
except ValueError:
endpoint = OpenIDServiceEndpoint.fromOPEndpointURL(url)
store = MemoryStore()
consumer = GenericConsumer(store)
try:
assoc = consumer._requestAssociation(
endpoint, req_data['openid.assoc_type'],
req_data['openid.session_type'])
data = {
'assoc_handle': assoc.handle,
'expires_in': assoc.lifetime,
'mac_key': oidutil.toBase64(assoc.secret),
}
except ServerError:
data = {
'error':
'Server %s refused its suggested association type: session_type=%s, assoc_type=%s'
% (url, req_data['openid.assoc_type'],
req_data['openid.session_type']),
}
if 'error' in data:
raise ValueError, "associate failed: " + data['error']
if url.startswith('http:'):
enc_mac_key = b(data.get('enc_mac_key'))
if not enc_mac_key:
raise ValueError, "Provider protocol error: not using DH-SHA1"
enc_mac_key = base64.b64decode(enc_mac_key)
dh_server_public = unbtwoc(
base64.b64decode(b(data['dh_server_public'])))
# shared secret: sha1(2^(server_priv*priv) mod prime) xor enc_mac_key
shared_secret = btwoc(pow(dh_server_public, priv, dh_prime))
shared_secret = hashlib.sha1(shared_secret).digest()
if len(shared_secret) != len(enc_mac_key):
raise ValueError, "incorrect DH key size"
# Fake mac_key result
data['mac_key'] = b(
base64.b64encode(string_xor(enc_mac_key, shared_secret)))
return data
