def restore_state(self, filename): txt = open(filename).read() state = json.loads(txt) self.trace.start = state["trace_log"]["start"] self.trace.trace = state["trace_log"]["trace"] self.flow_index = state["flow_index"] self.client_config = state["client_config"] self.test_output = state["test_output"] self.client.behaviour = state["client"]["behaviour"] self.client.keyjar.restore(state["client"]["keyjar"]) pcr = ProviderConfigurationResponse().from_json( state["client"]["provider_info"]) self.client.provider_info = pcr self.client.client_id = state["client"]["client_id"] self.client.client_secret = state["client"]["client_secret"] for key, val in pcr.items(): if key.endswith("_endpoint"): setattr(self.client, key, val) try: self.client.registration_response = RegistrationResponse( ).from_json(state["client"]["registration_resp"]) except KeyError: pass
def restore_state(self, filename): txt = open(filename).read() state = json.loads(txt) self.trace.start = state["trace_log"]["start"] self.trace.trace = state["trace_log"]["trace"] self.flow_index = state["flow_index"] self.client_config = state["client_config"] self.test_output = state["test_output"] self.client.behaviour = state["client"]["behaviour"] self.client.keyjar.restore(state["client"]["keyjar"]) pcr = ProviderConfigurationResponse().from_json( state["client"]["provider_info"]) self.client.provider_info = pcr self.client.client_id = state["client"]["client_id"] self.client.client_secret = state["client"]["client_secret"] for key, val in pcr.items(): if key.endswith("_endpoint"): setattr(self.client, key, val) try: self.client.registration_response = RegistrationResponse().from_json( state["client"]["registration_resp"]) except KeyError: pass
def _create_client(provider_metadata, client_metadata, verify_ssl=True): """ Create a pyoidc client instance. :param provider_metadata: provider configuration information :type provider_metadata: Mapping[str, Union[str, Sequence[str]]] :param client_metadata: client metadata :type client_metadata: Mapping[str, Union[str, Sequence[str]]] :return: client instance to use for communicating with the configured provider :rtype: oic.oic.Client """ client = oic.Client( client_authn_method=CLIENT_AUTHN_METHOD, verify_ssl=verify_ssl ) # Provider configuration information if "authorization_endpoint" in provider_metadata: # no dynamic discovery necessary client.handle_provider_config(ProviderConfigurationResponse(**provider_metadata), provider_metadata["issuer"]) else: # do dynamic discovery client.provider_config(provider_metadata["issuer"]) # Client information if "client_id" in client_metadata: # static client info provided client.store_registration_info(RegistrationRequest(**client_metadata)) else: # do dynamic registration client.register(client.provider_info['registration_endpoint'], **client_metadata) client.subject_type = (client.registration_response.get("subject_type") or client.provider_info["subject_types_supported"][0]) return client
def run(self): if self.dynamic: self.catch_exception(self.conv.entity.provider_config, **self.op_args) else: self.conv.entity.provider_info = ProviderConfigurationResponse( **self.conf.INFO["provider_info"])
def openid_configuration(environ, start_response, logger, handle): _oas = environ["oic.server"] _path = geturl(environ, False, False) conf = ProviderConfigurationResponse(issuer=_oas.name, authorization_endpoint=_path+"/authorization", token_endpoint=_path+"/token", user_info_endpoint=_path+"/user_info", check_session_endpoint=_path+"/check", refresh_session_endpoint=_path+"/refresh_session", end_session_endpoint=_path+"/end_session", registration_endpoint=_path+"/registration", scopes_supported=["openid"], flows_supported=["code", "id_token", "token"]) resp = Response(conf.to_json()) return resp(environ, start_response)
def run(self): if self.dynamic: self.catch_exception_and_error(self.conv.entity.provider_config, **self.op_args) else: self.conv.events.store(EV_NOOP, "Dynamic discovery") self.conv.entity.provider_info = ProviderConfigurationResponse( **self.conv.entity_config["provider_info"])
def __call__(self, conv, **kwargs): cli = conv.client name = self.id + b64encode(str( conv.client_config["srv_discovery_url"])) f = open(name) info = json.loads(f.read()) f.close() cli.token[self.scope] = info["token"] cli.provider_info = ProviderConfigurationResponse().from_dict( info["provider_info"])
def test_check_http_response_200(): _info = setup_conv() _conv = _info['conv'] _conv.events.store(EV_HTTP_RESPONSE, RESPONSE_200) _conv.events.store( EV_PROTOCOL_RESPONSE, ProviderConfigurationResponse( issuer='https://example.com', authorization_endpoint='https://example.com/authz', jwks_uri='https://example.com/jwks.json', subject_types_supported=['public'], id_token_signing_alg_values_supported=['RS256'])) cr = CheckHTTPResponse() res = cr._func(_conv) assert res == {} assert cr._status == OK
def fetch_op_keys(self, client, state): """ Fetch op keys :type client: Client :type state: dict[str, str] :param client: oidc client :param state: A dictionary with all state values for the backend module. :return: oidc client with op keys. """ client.keyjar = KeyJar(verify_ssl=self.config.VERIFY_SSL) pcr = ProviderConfigurationResponse() pcr['jwks_uri'] = state[StateKeys.JWKS_URI] client.handle_provider_config(pcr, self.config.OP_URL) for issuer, keybundle_list in client.keyjar.issuer_keys.items(): for kb in keybundle_list: if kb.remote: kb.do_remote() return client
def __init__(self, provider_configuration, redirect_uri): """ Args: provider_configuration (flask_pyoidc.provider_configuration.ProviderConfiguration) """ self._provider_configuration = provider_configuration self._client = Client(client_authn_method=CLIENT_AUTHN_METHOD) provider_metadata = provider_configuration.ensure_provider_metadata() self._client.handle_provider_config( ProviderConfigurationResponse(**provider_metadata.to_dict()), provider_metadata['issuer']) if self._provider_configuration.registered_client_metadata: client_metadata = self._provider_configuration.registered_client_metadata.to_dict( ) registration_response = RegistrationResponse(**client_metadata) self._client.store_registration_info(registration_response) self._redirect_uri = redirect_uri
def test_verify_response_missing(): _info = setup_conv() _conv = _info['conv'] # Add responses _conv.events.store( EV_PROTOCOL_RESPONSE, ProviderConfigurationResponse( issuer='https://example.com', authorization_endpoint='https://example.com/authz', jwks_uri='https://example.com/jwks.json', subject_types_supported=['public'], id_token_signing_alg_values_supported=['RS256'])) vr = VerifyResponse() vr._kwargs = { "response_cls": ["AccessTokenResponse", "AuthorizationResponse"] } res = vr._func(_conv) assert res == {} assert vr._status == ERROR
def create_client(self, userid="", **kwargs): """ Do an instantiation of a client instance :param userid: An identifier of the user :param: Keyword arguments Keys are ["srv_discovery_url", "client_info", "client_registration", "provider_info"] :return: client instance """ _key_set = set(kwargs.keys()) args = {} for param in ["verify_ssl"]: try: args[param] = kwargs[param] except KeyError: pass else: _key_set.discard(param) client = self.client_cls(client_authn_method=CLIENT_AUTHN_METHOD, behaviour=kwargs["behaviour"], verify_ssl=self.config.VERIFY_SSL, **args) # The behaviour parameter is not significant for the election process _key_set.discard("behaviour") for param in ["allow"]: try: setattr(client, param, kwargs[param]) except KeyError: pass else: _key_set.discard(param) if _key_set == set(["client_info"]): # Everything dynamic # There has to be a userid if not userid: raise MissingAttribute("Missing userid specification") # Find the service that provides information about the OP issuer = client.wf.discovery_query(userid) # Gather OP information _ = client.provider_config(issuer) # register the client _ = client.register(client.provider_info["registration_endpoint"], **kwargs["client_info"]) elif _key_set == set(["client_info", "srv_discovery_url"]): # Ship the webfinger part # Gather OP information _ = client.provider_config(kwargs["srv_discovery_url"]) # register the client _ = client.register(client.provider_info["registration_endpoint"], **kwargs["client_info"]) elif _key_set == set(["provider_info", "client_info"]): client.handle_provider_config( ProviderConfigurationResponse(**kwargs["provider_info"]), kwargs["provider_info"]["issuer"]) _ = client.register(client.provider_info["registration_endpoint"], **kwargs["client_info"]) elif _key_set == set(["provider_info", "client_registration"]): client.handle_provider_config( ProviderConfigurationResponse(**kwargs["provider_info"]), kwargs["provider_info"]["issuer"]) client.store_registration_info(RegistrationResponse( **kwargs["client_registration"])) elif _key_set == set(["srv_discovery_url", "client_registration"]): _ = client.provider_config(kwargs["srv_discovery_url"]) client.store_registration_info(RegistrationResponse( **kwargs["client_registration"])) else: raise Exception("Configuration error ?") return client
authzsrv = uma_as.main(BASE, AS_CookieHandler) RS_PORT = 8089 RS_HOST = "https://*****:*****@example.com"], "redirect_uris": [callback] } # link to the client that will talk to the AS
def create_client(**kwargs): """ kwargs = config.CLIENT.iteritems """ _key_set = set(kwargs.keys()) args = {} for param in ["verify_ssl", "client_id", "client_secret"]: try: args[param] = kwargs[param] except KeyError: try: args[param] = kwargs['client_registration'][param] except KeyError: pass else: _key_set.discard(param) client = Client(client_authn_method=CLIENT_AUTHN_METHOD, behaviour=kwargs["behaviour"], verify_ssl=conf.VERIFY_SSL, **args) # The behaviour parameter is not significant for the election process _key_set.discard("behaviour") # I do not understand how this was ever working without discarding this # Below is not a case where _key_set includes "registration_response" _key_set.discard("registration_response") for param in ["allow"]: try: setattr(client, param, kwargs[param]) except KeyError: pass else: _key_set.discard(param) if _key_set == set(["client_info"]): # Everything dynamic # There has to be a userid if not userid: raise MissingAttribute("Missing userid specification") # Find the service that provides information about the OP issuer = client.wf.discovery_query(userid) # Gather OP information _ = client.provider_config(issuer) # register the client _ = client.register(client.provider_info["registration_endpoint"], **kwargs["client_info"]) elif _key_set == set(["client_info", "srv_discovery_url"]): # Ship the webfinger part # Gather OP information _ = client.provider_config(kwargs["srv_discovery_url"]) # register the client _ = client.register(client.provider_info["registration_endpoint"], **kwargs["client_info"]) elif _key_set == set(["provider_info", "client_info"]): client.handle_provider_config( ProviderConfigurationResponse(**kwargs["provider_info"]), kwargs["provider_info"]["issuer"]) _ = client.register(client.provider_info["registration_endpoint"], **kwargs["client_info"]) elif _key_set == set(["provider_info", "client_registration"]): client.handle_provider_config( ProviderConfigurationResponse(**kwargs["provider_info"]), kwargs["provider_info"]["issuer"]) client.store_registration_info( RegistrationResponse(**kwargs["client_registration"])) elif _key_set == set(["srv_discovery_url", "client_registration"]): _ = client.provider_config(kwargs["srv_discovery_url"]) client.store_registration_info( RegistrationResponse(**kwargs["client_registration"])) else: raise Exception("Configuration error ?") return client
def create_client(self, **kwargs): """ Do an instantiation of a client instance :param: Keyword arguments Keys are: srv_discovery_url client_info client_registration provider_info behaviour :return: client instance """ _key_set = set(list(kwargs.keys())) try: _verify_ssl = kwargs['verify_ssl'] except KeyError: _verify_ssl = self.verify_ssl else: _key_set.discard('verify_ssl') _client = self.client_cls(client_authn_method=CLIENT_AUTHN_METHOD, behaviour=kwargs["behaviour"], verify_ssl=_verify_ssl) # The behaviour parameter is not significant for the election process _key_set.discard("behaviour") for param in ["allow"]: try: setattr(_client, param, kwargs[param]) except KeyError: pass else: _key_set.discard(param) if _key_set == {"client_info", "srv_discovery_url"}: # Ship the webfinger part # Gather OP information _client.provider_config(kwargs["srv_discovery_url"]) # register the client _client.register(_client.provider_info["registration_endpoint"], **kwargs["client_info"]) self.get_path(kwargs['client_info']['redirect_uris'], kwargs["srv_discovery_url"]) elif _key_set == {"provider_info", "client_info"}: _client.handle_provider_config( ProviderConfigurationResponse(**kwargs["provider_info"]), kwargs["provider_info"]["issuer"]) _client.register(_client.provider_info["registration_endpoint"], **kwargs["client_info"]) self.get_path(kwargs['client_info']['redirect_uris'], kwargs["provider_info"]["issuer"]) elif _key_set == {"provider_info", "client_registration"}: _client.handle_provider_config( ProviderConfigurationResponse(**kwargs["provider_info"]), kwargs["provider_info"]["issuer"]) _client.store_registration_info(ClientInfoResponse( **kwargs["client_registration"])) self.get_path(kwargs['client_info']['redirect_uris'], kwargs["provider_info"]["issuer"]) elif _key_set == {"srv_discovery_url", "client_registration"}: _client.provider_config(kwargs["srv_discovery_url"]) _client.store_registration_info(ClientInfoResponse( **kwargs["client_registration"])) self.get_path(kwargs['client_registration']['redirect_uris'], kwargs["srv_discovery_url"]) else: raise Exception("Configuration error ?") return client
def create_client(self, **kwargs): """ Instantiate a client instance :param: Keyword arguments Keys are ["srv_discovery_url", "client_info", "client_registration", "provider_info". "keys] :return: client instance """ _key_set = set(kwargs.keys()) args = {} client = self.client_cls(client_authn_methods=CLIENT_AUTHN_METHOD, behaviour=kwargs["behaviour"], verify_ssl=self.config.VERIFY_SSL, **args) # The behaviour parameter is not significant for the election process _key_set.discard("behaviour") try: setattr(client, "allow", kwargs["allow"]) except KeyError: pass else: _key_set.discard("allow") try: jwks = keyjar_init(client, kwargs["keys"]) except KeyError: pass else: # export JWKS p = urlparse(self.config.CLIENT["key_export_url"] % self._port) f = open("." + p.path, "w") f.write(json.dumps(jwks)) f.close() client.jwks_uri = p.geturl() self.test_features = _key_set try: client.client_prefs = copy.copy(kwargs["preferences"]) except KeyError: pass else: _key_set.discard("preferences") if "client_info" in _key_set: client.redirect_uris = self.config.CLIENT["client_info"][ "redirect_uris"] elif "client_registration" in _key_set: reg_info = self.config.CLIENT["client_registration"] client.redirect_uris = reg_info["redirect_uris"] client.client_id = reg_info["client_id"] try: client.client_secret = reg_info["client_secret"] except KeyError: pass if "provider_info" in _key_set: client.provider_info = ProviderConfigurationResponse( **self.config.CLIENT["provider_info"]) for key, val in self.config.CLIENT["provider_info"].items(): if key.endswith("_endpoint"): setattr(client, key, val) elif key == "jwks_uri": client.keyjar.load_keys(client.provider_info, client.provider_info["issuer"]) return client