def entity_statement_with_x5c(): metadata = { "application_type": "web", "claims": ["sub", "name", "email", "picture"], "id_token_signing_alg_values_supported": ["RS256", "RS512"], "redirect_uris": ["https://foodle.uninett.no/callback"], "response_types": ["code"] } iss = "https://example.com" sub = iss key_jar = build_keyjar(KEYSPEC, issuer_id=iss) authority = ["https://ntnu.no"] with open(os.path.join(BASE_PATH, "cert.pem")) as fp: pems = fp.read() _x5c_val = pems_to_x5c([pems]) _jws = create_entity_statement(iss, sub, key_jar, metadata=metadata, authority_hints=authority, x5c=_x5c_val) return _jws
def create_entity_statement(self, request_args, request=None, **kwargs): """ Create a self signed entity statement :param request_args: :param request: :param kwargs: :return: """ _fe = self.server_get("endpoint_context").federation_entity _fe_ctx = _fe.get_context() _md = {_fe_ctx.entity_type: request_args.to_dict()} if _fe.collector.use_ssc: with open(_fe.collector.web_cert_path, 'r') as fp: pem_cert = fp.read() x5c = pems_to_x5c([pem_cert]) return _fe_ctx.create_entity_statement(_fe_ctx.entity_id, sub=_fe_ctx.entity_id, metadata=_md, x5c=x5c) else: return _fe_ctx.create_entity_statement(_fe_ctx.entity_id, sub=_fe_ctx.entity_id, metadata=_md)
def test_pem_to_x5c(): with open(full_path("cert.pem")) as fp: cert_chain = fp.read() x5c = pems_to_x5c([cert_chain]) assert len(x5c) == 1 assert ( x5c[0] == "MIIB2jCCAUOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA0MRgwFgYDVQQDEw9UaGUgY29kZSB0ZXN0ZXIxGDAWBgNVBAoTD1VtZWEgVW5pdmVyc2l0eTAeFw0xMjEwMDQwMDIzMDNaFw0xMzEwMDQwMDIzMDNaMDIxCzAJBgNVBAYTAlNFMSMwIQYDVQQDExpPcGVuSUQgQ29ubmVjdCBUZXN0IFNlcnZlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwf+wiusGhA+gleZYQAOPQlNUIucPiqXdPVyieDqQbXXOPBe3nuggtVzeq7pVFH1dZz4dY2Q2LA5DaegvP8kRvoSB/87ds3dy3Rfym/GUSc5B0l1TgEobcyaep8jguRoHto6GWHfCfKqoUYZq4N8vh4LLMQwLR6zi6Jtu82nB5k8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQCsTntG4dfW5kO/Qle6uBhIhZU+3IreIPmbwzpXoCbcgjRa01z6WiBLwDC1RLAL7ucaF/EVlUq4e0cNXKt4ESGNc1xHISOMLetwvS1SN5tKWA9HNua/SaqRtiShxLUjPjmrtpUgotLNDRvUYnTdTT1vhZar7TSPr1yObirjvz/qLw==" )
key_setup() logging.basicConfig(level=logging.DEBUG) app = Flask(__name__, static_url_path='') app.fss_config = Configuration.create_from_config_file("conf.yaml") app.register_blueprint(sigserv_views) # Initialize the oidc_provider after views to be able to set correct urls _server_info_config = app.fss_config.server_info app.signing_service = SigningService(_server_info_config, cwd=dir_path) web_conf = app.fss_config.web_conf app.signing_service.cwd = dir_path cert_file = lower_or_upper(web_conf, "server_cert") if not cert_file.startswith("/"): _cert = "{}/{}".format(dir_path, cert_file) with open(cert_file, 'r') as fp: pem = fp.read() app.signing_service.x5c = pems_to_x5c([pem]) if __name__ == "__main__": web_conf = app.fss_config.web_conf ssl_context = create_context(dir_path, web_conf) app.run(host=web_conf.get('domain'), port=web_conf.get('port'), debug=web_conf.get('domain', True), ssl_context=ssl_context)