def _func(self, conv):
response = get_protocol_response(conv, ASConfigurationResponse)
if not response:
response = get_protocol_response(conv, ServerMetadata)
response = response[-1] # Should only be one but ...
res = {}
try:
_jwks_uri = response['jwks_uri']
except KeyError:
try:
kb = KeyBundle(response['jwks'])
except KeyBundle:
self._message = "Neither jwks_uri or jwks defined"
self._status = ERROR
except UnknownKeyType as err:
self._message = '{}'.format(err)
self._status = ERROR
else:
kb = KeyBundle(source=_jwks_uri, verify_ssl=False)
try:
kb.update()
except UpdateFailed as err:
self._message = '{}'.format(err)
self._status = ERROR
return res
def rp_iframe(self, status, service_url):
_conv = self.tester.conv
_entity = _conv.entity
_msg = self.tester.inut.pre_html['rp_session_iframe.html']
# client_id
_msg = _msg.replace("{client_id}", _entity.client_id)
# session_state, get it from the Authorization response
inst = get_protocol_response(_conv, AuthorizationResponse)
_msg = _msg.replace("{session_state}", inst[0]['session_state'])
# issuer
_msg = _msg.replace("{issuer}", _entity.provider_info['issuer'])
# session_change_url
_msg = _msg.replace("{service_url}", service_url)
_msg = _msg.replace('{status}', status)
return as_bytes(_msg)
def _func(self, conv):
# returns a list, should only be one item in the list
response = get_protocol_response(conv, AccessTokenResponse)[0]
res = {}
_tok = response['access_token']
_jwt = jws.factory(_tok)
if _jwt:
_keys = conv.entity.keyjar.get_issuer_keys(
conv.entity.provider_info['issuer'])
_json = _jwt.verify_compact(_tok, _keys)
missing = []
for x in ['iss', 'azp', 'sub', 'kid', 'exp', 'jti']:
if x not in _json:
missing.append(x)
if missing:
self._message = "The following claims are missing from the " \
"access token: {}".format(missing)
self._status = WARNING
try:
_tok = response['refresh_token']
except KeyError:
pass
else:
_jwt = jws.factory(_tok)
if _jwt:
missing = []
_keys = conv.entity.keyjar.get_issuer_keys(
conv.entity.provider_info['issuer'])
_json = _jwt.verify_compact(_tok, _keys)
for x in ['iss', 'azp', 'sub', 'kid', 'exp', 'jti']:
if x not in _json:
missing.append(x)
if missing:
self._message = "The following claims are missing from " \
"the refresh token: {}".format(missing)
self._status = WARNING
return res
def _func(self, conv):
res = {}
# did I get one, should only be one
try:
_ = get_protocol_response(conv, ErrorResponse)[0]
except ValueError:
pass
else:
return res
try:
_response = last_http_response(conv)
except NoSuchEvent:
return {}
if _response.status_code >= 400:
content_type = _response.headers["content-type"]
_content = _response.text
if content_type is None:
res["content"] = _content
elif CONT_JSON in content_type:
try:
self.err = ErrorResponse().deserialize(_content, "json")
self.err.verify()
res["content"] = self.err.to_json()
except Exception:
res["content"] = _content
else:
res["content"] = _content
elif _response.status_code in [300, 301, 302, 303]:
pass
else:
# Should never get here
self._message = 'Not an error message ??'
self._status = WARNING
return res
def _func(self, conv):
res = {}
# did I get one, should only be one
try:
_ = get_protocol_response(conv, ErrorResponse)[0]
except ValueError:
pass
else:
return res
try:
_response = last_http_response(conv)
except NoSuchEvent:
return {}
if _response.status_code >= 400:
content_type = _response.headers["content-type"]
_content = _response.text
if content_type is None:
res["content"] = _content
elif CONT_JSON in content_type:
try:
self.err = ErrorResponse().deserialize(_content, "json")
self.err.verify()
res["content"] = self.err.to_json()
except Exception:
res["content"] = _content
else:
res["content"] = _content
elif _response.status_code in [300, 301, 302, 303]:
pass
else:
# Should never get here
self._message = 'Not an error message ??'
self._status = WARNING
return res
def _func(self, conv):
inst = get_protocol_response(conv, ProviderConfigurationResponse)[0]
return {}