def setUp(self): self.store = memstore.MemoryStore() self.consumer = GenericConsumer(self.store) self.endpoint = OpenIDServiceEndpoint()
def associate(services, url): '''Create an association (OpenID section 8) between RP and OP. Return response as a dictionary.''' req_data = { 'openid.ns': "http://specs.openid.net/auth/2.0", 'openid.mode': "associate", 'openid.assoc_type': "HMAC-SHA1", 'openid.session_type': "no-encryption", } if url.startswith('http:'): # Use DH exchange req_data['openid.session_type'] = "DH-SHA1" # Private key: random number between 1 and dh_prime-1 priv = random.SystemRandom().randrange(1, dh_prime - 1) # Public key: 2^priv mod prime pubkey = pow(2L, priv, dh_prime) dh_public_base64 = base64.b64encode(btwoc(pubkey)) # No need to send key and generator req_data['openid.dh_consumer_public'] = dh_public_base64 if is_compat_1x(services): # 14.2.1: clear session_type in 1.1 compatibility mode if req_data['openid.session_type'] == "no-encryption": req_data['openid.session_type'] = '' del req_data['openid.ns'] res = urllib.urlopen(url, b(urllib.urlencode(req_data))) try: if res.getcode() != 200: raise ValueError( "OpenID provider refuses connection with status %s" % res.getcode()) data = parse_response(res.read()) except ValueError: endpoint = OpenIDServiceEndpoint.fromOPEndpointURL(url) store = MemoryStore() consumer = GenericConsumer(store) try: assoc = consumer._requestAssociation( endpoint, req_data['openid.assoc_type'], req_data['openid.session_type']) data = { 'assoc_handle': assoc.handle, 'expires_in': assoc.lifetime, 'mac_key': oidutil.toBase64(assoc.secret), } except ServerError: data = { 'error': 'Server %s refused its suggested association type: session_type=%s, assoc_type=%s' % (url, req_data['openid.assoc_type'], req_data['openid.session_type']), } if 'error' in data: raise ValueError, "associate failed: " + data['error'] if url.startswith('http:'): enc_mac_key = b(data.get('enc_mac_key')) if not enc_mac_key: raise ValueError, "Provider protocol error: not using DH-SHA1" enc_mac_key = base64.b64decode(enc_mac_key) dh_server_public = unbtwoc( base64.b64decode(b(data['dh_server_public']))) # shared secret: sha1(2^(server_priv*priv) mod prime) xor enc_mac_key shared_secret = btwoc(pow(dh_server_public, priv, dh_prime)) shared_secret = hashlib.sha1(shared_secret).digest() if len(shared_secret) != len(enc_mac_key): raise ValueError, "incorrect DH key size" # Fake mac_key result data['mac_key'] = b( base64.b64encode(string_xor(enc_mac_key, shared_secret))) return data