예제 #1
0
def public_jwks_bundle(eids):
    jb_copy = JWKSBundle('')
    for eid in eids:
        jwks = ENTITY[eid].signing_keys_as_jwks()
        kj_copy = KeyJar()
        kj_copy.import_jwks(jwks, eid)
        jb_copy.bundle[eid] = kj_copy
    return jb_copy
예제 #2
0
def public_jwks_bundle(jwks_bundle):
    jb_copy = JWKSBundle('')
    for fo, kj in jwks_bundle.bundle.items():
        kj_copy = KeyJar()
        for owner in kj.owners():
            public_keys_keyjar(kj, owner, kj_copy, owner)
        jb_copy.bundle[fo] = kj_copy
    return jb_copy
예제 #3
0
def test_dump_load():
    jb = make_jwks_bundle('', ['fo0', 'fo1', 'fo2', 'fo3'], None, KEYDEFS)

    bs = jb.dumps()

    receiver = JWKSBundle('')
    receiver.loads(bs)

    assert len(receiver.keys()) == 4
    assert set(receiver.keys()) == {'fo0', 'fo1', 'fo2', 'fo3'}
예제 #4
0
def test_set_del_get():
    bundle = JWKSBundle(ISS, SIGN_KEYS)
    bundle['https://www.swamid.se'] = KEYJAR['https://www.swamid.se']
    bundle['https://www.sunet.se'] = KEYJAR['https://www.sunet.se']
    bundle['https://www.feide.no'] = KEYJAR['https://www.feide.no']

    del bundle['https://www.sunet.se']

    assert set(
        bundle.keys()) == {'https://www.swamid.se', 'https://www.feide.no'}
예제 #5
0
def test_update_metadata_statement():
    make_signing_sequence(['https://op.sunet.se', 'https://sunet.se',
                           'https://swamid.sunet.se'], ENTITY)

    op = ENTITY['https://op.sunet.se']
    metadata_statement = MetadataStatement(foo='bar')
    metadata_statement = op.update_metadata_statement(metadata_statement)
    assert metadata_statement
    assert set(metadata_statement.keys()) == {'foo', 'metadata_statements'}

    swamid = ENTITY['https://swamid.sunet.se']
    # on the RP side
    rp = FederationEntityOOB(None, 'https://rp.sunet.se')
    # Need the FO bundle, which in this case only needs Swamid's key
    jb = JWKSBundle('https://rp.sunet.se')
    _kj = KeyJar()
    _kj.import_jwks(swamid.self_signer.public_keys(), swamid.iss)
    jb['https://swamid.sunet.se'] = _kj
    rp.jwks_bundle = jb

    l = rp.get_metadata_statement(metadata_statement, MetadataStatement,
                                  'discovery')

    assert l[0].iss == 'https://op.sunet.se'
    assert l[0].fo == 'https://swamid.sunet.se'
    assert l[0].le == {'foo':'bar'}
예제 #6
0
def test_set_jwks():
    bundle = JWKSBundle(ISS, SIGN_KEYS)
    bundle['https://www.sunet.se'] = KEYJAR[
        'https://www.sunet.se'].export_jwks(private=True)

    _kj = KEYJAR['https://www.sunet.se'].copy()
    _kj.issuer_keys['https://www.sunet.se'] = _kj.issuer_keys['']
    del _kj.issuer_keys['']

    assert bundle['https://www.sunet.se'] == _kj
예제 #7
0
def test_sign_verify():
    bundle = JWKSBundle(ISS, SIGN_KEYS)
    bundle['https://www.swamid.se'] = KEYJAR['https://www.swamid.se']
    bundle['https://www.sunet.se'] = KEYJAR['https://www.sunet.se']
    bundle['https://www.feide.no'] = KEYJAR['https://www.feide.no']

    _jws = bundle.create_signed_bundle()

    bundle2 = JWKSBundle(ISS2)
    verify_keys = public_keys_keyjar(SIGN_KEYS.copy(), '', None, ISS)

    bundle2.upload_signed_bundle(_jws, verify_keys)

    assert set(bundle.keys()) == set(bundle2.keys())

    # Again can't compare straight off because bundle contains private keys
    # while bundle2 contains the public equivalents.
    for iss, kj in bundle.items():
        assert len(kj.get_issuer_keys(iss)) == len(
            bundle2[iss].get_issuer_keys(iss))
예제 #8
0
def test_set_get():
    bundle = JWKSBundle(ISS, SIGN_KEYS)
    bundle['https://www.swamid.se'] = KEYJAR['https://www.swamid.se']

    # When imported the key in issuer_keys are changed from '' to the issuer ID
    _kj = KEYJAR['https://www.swamid.se'].copy()
    _kj.issuer_keys['https://www.swamid.se'] = _kj.issuer_keys['']
    del _kj.issuer_keys['']

    _sekj = bundle['https://www.swamid.se']
    assert _sekj == _kj
예제 #9
0
def fo_member(*args):
    """
    Anonymous member of a set of federations.
    Used to parse compounded metadata statements.

    :param args: The federations
    :return: An Operator instance
    """
    _jb = JWKSBundle('https://sunet.se/op')
    for fo in args:
        _jb[fo.iss] = fo.signing_keys_as_jwks()

    return Operator(jwks_bundle=_jb)
예제 #10
0
def test_get_metadata_statement():
    jb = JWKSBundle('')
    for iss in ['https://example.org/', 'https://example.com/']:
        jb[iss] = build_keyjar(KEYDEFS)[1]

    self_signer = InternalSigningService(keyjar=jb['https://example.com/'],
                                         iss='https://example.com/')
    op = Operator(self_signer=self_signer, iss='https://example.com/')
    req = MetadataStatement(foo='bar')
    sms = op.pack_metadata_statement(req, sign_alg='RS256')
    sms_dir = {'https://example.com': sms}
    req['metadata_statements'] = Message(**sms_dir)
    ent = FederationEntity(None, fo_bundle=public_jwks_bundle(jb))
    loe = ent.get_metadata_statement(req)
    assert loe
예제 #11
0
def test_dumps_loads():
    bundle = JWKSBundle(ISS, SIGN_KEYS)
    bundle['https://www.swamid.se'] = KEYJAR['https://www.swamid.se']
    bundle['https://www.sunet.se'] = KEYJAR['https://www.sunet.se']
    bundle['https://www.feide.no'] = KEYJAR['https://www.feide.no']

    _str = bundle.dumps()

    fp = open('bundle.json', 'w')
    fp.write(_str)
    fp.close()

    bundle2 = JWKSBundle(ISS, SIGN_KEYS)
    bundle2.loads(_str)

    # bundle contains private keys
    # bundle2 contains the public keys
    # This comparision could be made better

    for fo, kj in bundle.items():
        assert len(kj.get_issuer_keys(fo)) == len(
            bundle2[fo].get_issuer_keys(fo))
예제 #12
0
def test_add_sms_spec_to_request():
    jb = JWKSBundle('')
    for iss in ['https://example.org/', 'https://example.com/']:
        jb[iss] = build_keyjar(KEYDEFS)[1]
    kj = build_keyjar(KEYDEFS)[1]

    sign_serv = InternalSigningService('https://signer.example.com',
                                       keyjar=kj)
    ent = FederationEntityOOB(None, self_signer=sign_serv,
                              fo_bundle=public_jwks_bundle(jb),
                              context='response')
    ent.metadata_statements = {
        'response': {
            'https://example.org/': 'https://example.org/sms1'
        }
    }

    req = MetadataStatement(foo='bar')
    ent.add_sms_spec_to_request(req, ['https://example.org/'])

    assert 'metadata_statement_uris' in req
예제 #13
0
def test_create():
    bundle = JWKSBundle(ISS, SIGN_KEYS)
    assert bundle
예제 #14
0
SYMKEY = rndstr(16)

TOOL_ISS = 'https://localhost'

ALL = [
    'https://swamid.sunet.se', 'https://www.feide.no', 'https://sunet.se',
    'https://uninett.no', 'https://sunet.se/op', 'https://foodle.uninett.no'
]

_path = os.path.realpath(__file__)
root_dir, _fname = os.path.split(_path)

FEDENT = create_federation_entities(ALL, KEYDEFS, root_dir=root_dir)

fo_keybundle = JWKSBundle('')
for iss in ['https://swamid.sunet.se', 'https://www.feide.no']:
    kj = KeyJar()
    kj.import_jwks(FEDENT[iss].signing_keys_as_jwks(), iss)
    fo_keybundle[iss] = kj

SUNET_OP = FEDENT['https://sunet.se/op']
ORG_SUNET = FEDENT['https://sunet.se']
SWAMID = FEDENT['https://swamid.sunet.se']
FOODLE = FEDENT['https://foodle.uninett.no']
FEIDE = FEDENT['https://www.feide.no']
UNINETT = FEDENT['https://uninett.no']


class DB(object):
    def __init__(self):
예제 #15
0
}]

ALL = [
    'https://fo.example.org', 'https://fo1.example.org',
    'https://org.example.org', 'https://inter.example.org',
    'https://admin.example.org', 'https://ligo.example.org',
    'https://op.example.org'
]

_path = os.path.realpath(__file__)
root_dir, _fname = os.path.split(_path)

FEDENT = create_federation_entities(ALL, KEYDEFS, root_dir=root_dir)

FOP = FEDENT['https://fo.example.org']
FOP.jwks_bundle = JWKSBundle(FOP.iss)
FOP.jwks_bundle[FOP.iss] = FOP.self_signer.keyjar

FO1P = FEDENT['https://fo1.example.org']
FO1P.jwks_bundle = JWKSBundle(FO1P.iss)
FO1P.jwks_bundle[FO1P.iss] = FO1P.self_signer.keyjar

ORGOP = FEDENT['https://org.example.org']
ADMINOP = FEDENT['https://admin.example.org']
INTEROP = FEDENT['https://inter.example.org']
LIGOOP = FEDENT['https://ligo.example.org']
OPOP = FEDENT['https://op.example.org']


def clear_metadata_statements(entities):
    for fedent in entities:
예제 #16
0
def make_federation_entity(config, eid='', httpcli=None, verify_ssl=True):
    """
    Construct a :py:class:`fedoidcmsg.entity.FederationEntity` instance based
    on given configuration.

    :param config: Federation entity configuration
    :param eid: Entity ID
    :param httpcli: A http client instance to use when sending HTTP requests
    :param verify_ssl: Whether TLS/SSL certificates should be verified
    :return: A :py:class:`fedoidcmsg.entity.FederationEntity` instance
    """
    args = {}

    if not eid:
        try:
            eid = config['entity_id']
        except KeyError:
            pass

    if 'self_signer' in config:
        self_signer = make_internal_signing_service(config['self_signer'], eid)
        args['self_signer'] = self_signer

    try:
        bundle_cnf = config['fo_bundle']
    except KeyError:
        pass
    else:
        _args = dict([(k, v) for k, v in bundle_cnf.items() if k in KJ_SPECS])
        if _args:
            _kj = init_key_jar(**_args)
        else:
            _kj = None

        if 'dir' in bundle_cnf:
            jb = FSJWKSBundle(eid,
                              _kj,
                              bundle_cnf['dir'],
                              key_conv={
                                  'to': quote_plus,
                                  'from': unquote_plus
                              })
        else:
            jb = JWKSBundle(eid, _kj)
        args['fo_bundle'] = jb

    for item in ['context', 'entity_id', 'fo_priority', 'mds_owner']:
        try:
            args[item] = config[item]
        except KeyError:
            pass

    if 'entity_id' not in args:
        args['entity_id'] = eid

    # These are mutually exclusive
    if 'sms_dir' in config:
        args['sms_dir'] = config['sms_dir']
        return FederationEntityOOB(httpcli, iss=eid, **args)
    elif 'mds_service' in config:
        args['verify_ssl'] = verify_ssl
        args['mds_service'] = config['mds_service']
        return FederationEntityAMS(httpcli, iss=eid, **args)
    elif 'mdss_endpoint' in config:
        args['verify_ssl'] = verify_ssl
        # These are mandatory for this type of entity
        for key in ['mdss_endpoint', 'mdss_owner', 'mdss_keys']:
            args[key] = config[key]
        return FederationEntitySwamid(httpcli, iss=eid, **args)