def get_configuration_information(self, subject_id):
"""
:param subject_id:
:return: A signed JWT
"""
es_api = FSFetchEntityStatement(self.root_dir,
iss=get_netloc(subject_id))
jws = es_api.create_entity_statement(get_netloc(subject_id))
# config = verify_self_signed_signature(jws)
# return config
return jws
def test_make_entity_statement():
fse = FSFetchEntityStatement(BASE_PATH, iss='ntnu.no')
_statement = fse.create_entity_statement('foodle.uninett.no')
_jws = factory(_statement)
assert _jws
payload = _jws.jwt.payload()
assert payload['iss'] == 'https://ntnu.no'
assert payload['sub'] == 'https://foodle.uninett.no'
es = EntityStatement().from_dict(payload)
_item = es['metadata_policy']['openid_relying_party']
assert _item['contacts'] == {"add": '*****@*****.**'}
def test_config_information():
fse = FSFetchEntityStatement(BASE_PATH, iss='foodle.uninett.no')
_jwt = fse.create_entity_statement('foodle.uninett.no')
_jws = factory(_jwt)
assert _jws
payload = _jws.jwt.payload()
assert payload['iss'] == 'https://foodle.uninett.no'
assert payload['sub'] == 'https://foodle.uninett.no'
es = EntityStatement().from_dict(payload)
_item = es['metadata']['openid_relying_party']
assert isinstance(_item, RegistrationResponse)
assert _item['response_types'] == ['code']
def build_path(self, intermediate, root_dir='.', sub=''):
"""
Builds a trust path as a sequence of signed JWTs containing entity
statements
:param root_dir: Where to find the dummy information to put in the entity
statement
:param intermediate: Which issuer to use
:param sub: The identifier of the subject
:return: An Issuer instance
"""
es_api = FSFetchEntityStatement(self.root_dir,
iss=get_netloc(intermediate))
jws = es_api.create_entity_statement(get_netloc(sub))
superior = {}
_jwt = factory(jws)
entity_statement = _jwt.jwt.payload()
if 'authority_hints' in entity_statement:
for key in entity_statement['authority_hints']:
superior[key] = self.build_path(key, root_dir, intermediate)
return jws, superior
def test_collect_intermediate(self):
_collector = self.endpoint.server_get("endpoint_context").federation_entity.collector
subject = 'https://op.ntnu.no'
intermediate = 'https://ntnu.no'
fedop1 = 'https://feide.no'
fedop2 = 'https://swamid.se'
# self-signed from subject
es_api = FSFetchEntityStatement(ROOT_DIR, iss=get_netloc(subject))
subj_sesi = es_api.create_entity_statement(get_netloc(subject))
# self-signed from intermediate
es_api = FSFetchEntityStatement(ROOT_DIR, iss=get_netloc(intermediate))
inter_sesi = es_api.create_entity_statement(get_netloc(intermediate))
# self-signed from fedop
es_api = FSFetchEntityStatement(ROOT_DIR, iss=get_netloc(fedop1))
fedop_sesi_1 = es_api.create_entity_statement(get_netloc(fedop1))
es_api = FSFetchEntityStatement(ROOT_DIR, iss=get_netloc(fedop2))
fedop_sesi_2 = es_api.create_entity_statement(get_netloc(fedop2))
# intermediate on subject
es_api = FSFetchEntityStatement(ROOT_DIR, iss=get_netloc(intermediate))
inter_on_sub = es_api.create_entity_statement(get_netloc(subject))
# fedop on intermediate
es_api = FSFetchEntityStatement(ROOT_DIR, iss=get_netloc(fedop1))
fedop_on_inter_1 = es_api.create_entity_statement(get_netloc(intermediate))
es_api = FSFetchEntityStatement(ROOT_DIR, iss=get_netloc(fedop2))
fedop_on_inter_2 = es_api.create_entity_statement(get_netloc(intermediate))
sleep(1)
with responses.RequestsMock() as rsps:
_url = "{}/.well-known/openid-federation".format(intermediate)
rsps.add("GET", _url, body=inter_sesi, status=200)
_url = "{}/.well-known/openid-federation".format(fedop1)
rsps.add("GET", _url, body=fedop_sesi_1, status=200)
_url = "{}/.well-known/openid-federation".format(fedop2)
rsps.add("GET", _url, body=fedop_sesi_2, status=200)
_url = 'https://ntnu.no/fetch?iss=https%3A%2F%2Fntnu.no&sub=https%3A%2F%2Fop.ntnu.no'
rsps.add("GET", _url, body=inter_on_sub, status=200)
_url = 'https://feide.no/fetch?iss=https%3A%2F%2Ffeide.no&sub=https%3A%2F%2Fntnu.no'
rsps.add("GET", _url, body=fedop_on_inter_1, status=200)
_url = 'https://swamid.se/fetch?iss=https%3A%2F%2Fswamid.se&sub=https%3A%2F%2Fntnu.no'
rsps.add("GET", _url, body=fedop_on_inter_2, status=200)
tree = _collector.collect_intermediate(subject, 'https://ntnu.no')
assert tree
assert len(_collector.config_cache) == 3
assert set(_collector.config_cache.keys()) == {'https://ntnu.no', 'https://feide.no',
'https://swamid.se'}
# The unpacked fedop1's self signed entity statement
_info = _collector.config_cache['https://feide.no']
assert _info['sub'] == fedop1
assert _info['iss'] == fedop1
assert _info['metadata']['federation_entity']['federation_fetch_endpoint'] == 'https://feide.no/fetch'
# For each entity statement there is also the expiration time
assert len(_collector.entity_statement_cache) == 6
assert set(_collector.entity_statement_cache.keys()) == {
'https://feide.no!!https://ntnu.no',
'https://feide.no!exp!https://ntnu.no',
'https://ntnu.no!!https://op.ntnu.no',
'https://ntnu.no!exp!https://op.ntnu.no',
'https://swamid.se!!https://ntnu.no',
'https://swamid.se!exp!https://ntnu.no'
}
# have a look at the payload
_info = unverified_entity_statement(
_collector.entity_statement_cache['https://swamid.se!!https://ntnu.no'])
assert _info['sub'] == intermediate
assert _info['iss'] == fedop2
assert _info['authority_hints'] == [fedop2]
_collector_dump = _collector.dump()
_c2 = Collector()
_c2.load(_collector_dump)
assert len(_c2.config_cache) == 3
assert set(_c2.config_cache.keys()) == {'https://ntnu.no', 'https://feide.no', 'https://swamid.se'}
# The unpacked fedop1's self signed entity statement
_info = _c2.config_cache['https://feide.no']
assert _info['sub'] == fedop1
assert _info['iss'] == fedop1
assert _info['metadata']['federation_entity']['federation_fetch_endpoint'] == 'https://feide.no/fetch'
# For each entity statement there is also the expiration time
assert len(_c2.entity_statement_cache) == 6
assert set(_c2.entity_statement_cache.keys()) == {
'https://feide.no!!https://ntnu.no',
'https://feide.no!exp!https://ntnu.no',
'https://ntnu.no!!https://op.ntnu.no',
'https://ntnu.no!exp!https://op.ntnu.no',
'https://swamid.se!!https://ntnu.no',
'https://swamid.se!exp!https://ntnu.no'
}
# have a look at the payload
_info = unverified_entity_statement(_c2.entity_statement_cache['https://swamid.se!!https://ntnu.no'])
assert _info['sub'] == intermediate
assert _info['iss'] == fedop2
assert _info['authority_hints'] == [fedop2]
def get_entity_statement(self, api_endpoint, issuer, subject):
es_api = FSFetchEntityStatement(self.root_dir, iss=get_netloc(issuer))
return es_api.create_entity_statement(get_netloc(subject))
def test_parse_registration_response(self):
# construct the entity statement the OP should return
es_api = FSFetchEntityStatement(os.path.join(BASE_PATH, 'base_data'),
iss="op.ntnu.no")
jws = es_api.create_entity_statement("op.ntnu.no")
# parse the response and collect the trust chains
res = self.disco_service.parse_response(jws)
_context = self.registration_service.client_get("service_context")
_fe = _context.federation_entity
_context.issuer = "https://op.ntnu.no"
self.disco_service.update_service_context(res)
self.registration_service.endpoint = _context.get(
'provider_info')['federation_registration_endpoint']
# construct the client registration request
req_args = {'entity_id': _fe.context.entity_id}
jws = self.registration_service.construct(request_args=req_args)
assert jws
# construct the information needed to send the request
_info = self.registration_service.get_request_parameters(
request_body_type="jose", method="POST")
# create the request
_req_jwt = factory(_info['body'])
payload = _req_jwt.jwt.payload()
# The OP as federation entity
del _fe.context.keyjar["https://op.ntnu.no"]
# make sure I have the private keys
_fe.context.keyjar.import_jwks(
es_api.keyjar.export_jwks(True, "https://op.ntnu.no"),
"https://op.ntnu.no")
tree = _fe.collect_statement_chains(payload['iss'], _info['body'])
_node = {payload['iss']: (_info['body'], tree)}
chains = branch2lists(_node)
statements = [
eval_chain(c, _fe.context.keyjar, 'openid_relying_party')
for c in chains
]
metadata_policy = {
"client_id": {
"value": "aaaaaaaaa"
},
"client_secret": {
"value": "bbbbbbbbbb"
}
}
# This is the registration response from the OP
_jwt = _fe.context.create_entity_statement(
'https://op.ntnu.no',
'https://foodle.uninett.no',
metadata_policy={_fe.context.entity_type: metadata_policy},
trust_anchor_id=statements[0].anchor,
authority_hints=['https://feide.no'])
claims = self.registration_service.parse_response(
_jwt, request=_info['body'])
assert set(claims.keys()) == {
'application_type', 'client_secret', 'client_id', "contacts",
'federation_type', 'grant_types', 'id_token_signed_response_alg',
'redirect_uris', 'response_types', 'token_endpoint_auth_method'
}
def create_statements(self):
res = {}
# self-signed from subject
es_api = FSFetchEntityStatement(ROOT_DIR, iss=get_netloc(self.subject))
res['subj_sesi'] = es_api.create_entity_statement(
get_netloc(self.subject))
# self-signed from intermediate
es_api = FSFetchEntityStatement(ROOT_DIR,
iss=get_netloc(self.intermediate))
res['inter_sesi'] = es_api.create_entity_statement(
get_netloc(self.intermediate))
# self-signed from fedop
es_api = FSFetchEntityStatement(ROOT_DIR, iss=get_netloc(self.fedop))
res['fedop_sesi'] = es_api.create_entity_statement(
get_netloc(self.fedop))
# intermediate on subject
es_api = FSFetchEntityStatement(ROOT_DIR,
iss=get_netloc(self.intermediate))
res['inter_on_sub'] = es_api.create_entity_statement(
get_netloc(self.subject))
# fedop1 on intermediate
es_api = FSFetchEntityStatement(ROOT_DIR, iss=get_netloc(self.fedop))
res['fedop_on_inter'] = es_api.create_entity_statement(
get_netloc(self.intermediate))
return res