def __init__(self, jwks_file=None, httpcli=None, iss='', keyjar=None, signed_metadata_statements_dir='.', fo_jwks_dir=None, fo_priority_order=None, ms_cls=ClientMetadataStatement, fo_bundle_uri=None, fo_bundle_sign_key=None, verify_ssl=True, ca_certs=None, client_cert=None): if jwks_file: keyjar = self.read_jwks_file(jwks_file) if httpcli is None: httpcli = PBase(verify_ssl=verify_ssl, ca_certs=ca_certs, keyjar=keyjar, client_cert=client_cert) Operator.__init__(self, iss=iss, keyjar=keyjar, httpcli=httpcli) # FO keys self.fo_keyjar = None self.fo_jwks_dir = fo_jwks_dir self.jwks_mtime = {} if fo_jwks_dir: self.get_fo_keyjar_from_dir() if fo_bundle_uri: self.fo_bundle_uri = fo_bundle_uri self.fo_bundle_sign_key = fo_bundle_sign_key self.import_from_bundle(fo_bundle_uri, fo_bundle_sign_key) # Signed metadata statements self.signed_metadata_statements_dir = signed_metadata_statements_dir self.sms_mtime = {} self.signed_metadata_statements = {} self.get_sms_from_dir() self.fo_priority_order = {} or fo_priority_order self.ms_cls = ms_cls
def __init__(self, srv, jwks_file=None, iss='', keyjar=None, signed_metadata_statements_dir='.', fo_bundle=None, ms_cls=ClientMetadataStatement): if jwks_file: keyjar = self.read_jwks_file(jwks_file) Operator.__init__(self, iss=iss, keyjar=keyjar, httpcli=srv) # FO keys self.fo_bundle = fo_bundle # Signed metadata statements self.signed_metadata_statements = FileSystem( signed_metadata_statements_dir, key_conv={'to': quote_plus, 'from': unquote_plus}) self.signed_metadata_statements.sync() self.ms_cls = ms_cls
def fo_member(*args): _jb = JWKSBundle('') for fo in args: _jb[fo.iss] = fo.keyjar.issuer_keys[''] return Operator(jwks_bundle=_jb)
SYMKEY = rndstr(16) # symmetric key used to encrypt cookie info USERINFO = UserInfo(USERDB) KEYS = {} ISSUER = {} OPERATOR = {} for entity in ['fo', 'fo1', 'org', 'inter', 'admin', 'ligo', 'op']: fname = os.path.join(BASE_PATH, "{}.key".format(entity)) _keydef = KEYDEFS[:] _keydef[0]['key'] = fname _jwks, _keyjar, _kidd = build_keyjar(_keydef) KEYS[entity] = {'jwks': _jwks, 'keyjar': _keyjar, 'kidd': _kidd} ISSUER[entity] = 'https://{}.example.org'.format(entity) OPERATOR[entity] = Operator(keyjar=_keyjar, iss=ISSUER[entity]) FOP = OPERATOR['fo'] FOP.fo_keyjar = FOP.keyjar FO1P = OPERATOR['fo1'] FO1P.fo_keyjar = FO1P.keyjar ORGOP = OPERATOR['org'] ADMINOP = OPERATOR['admin'] INTEROP = OPERATOR['inter'] LIGOOP = OPERATOR['ligo'] OPOP = OPERATOR['op'] def fo_member(*args): _jb = JWKSBundle('') for fo in args:
def fo_member(*args): _jb = JWKSBundle('https://sunet.se/op') for fo in args: _jb[fo.iss] = fo.signing_keys_as_jwks() return Operator(jwks_bundle=_jb)
def fo_member(*args): _kj = KeyJar() for fo in args: _kj.issuer_keys[fo.iss] = fo.keyjar.issuer_keys[''] return Operator(fo_keyjar=_kj)
print(70 * "-") print(txt) print(70 * "-") print_lines(json.dumps(req.to_dict(), sort_keys=True, indent=2, separators=(',', ': '))) key_conf = [ {"type": "RSA", "use": ["sig"]}, ] # ----------------------------------------------------------------------------- # FO get's its key pair # ----------------------------------------------------------------------------- swamid = Operator(iss='https://swamid.sunet.se/', keyjar=build_keyjar(key_conf)[1]) print_private_key(swamid.keyjar, "SWAMID's key pair") incommon = Operator(iss='https://www.incommon.org', keyjar=build_keyjar(key_conf)[1]) print_private_key(incommon.keyjar, "InCommon's key pair") # ----------------------------------------------------------------------------- # Create initial Organisation key pair (OA) # ----------------------------------------------------------------------------- sunet = Operator(iss='https://www.sunet.se', keyjar=build_keyjar(key_conf)[1]) # -----------------------------------------------------------------------------
def fo_member(*args): return Operator(fo_keyjar=fo_keyjar(*args))