def init_keyjar(): # Keys that are kept by the AS kb = KeyBundle() kb.do_keys(JWKS["keys"]) keyjar = KeyJar() keyjar.add_kb('', kb) return keyjar
def store_key(self, key): kb = KeyBundle() kb.do_keys([key]) # Store key with thumbprint as key key_thumbprint = b64e(kb.keys()[0].thumbprint("SHA-256")).decode("utf8") self.thumbprint2key[key_thumbprint] = key return key_thumbprint
def store_key(self, key): kb = KeyBundle() kb.do_keys([key]) # Store key with thumbprint as key key_thumbprint = b64e(kb.keys()[0].thumbprint('SHA-256')).decode( 'utf8') self.thumbprint2key[key_thumbprint] = key return key_thumbprint
def test_reload(): """Emulate what happens if you fetch keys from a remote site and you get back the same JWKS as the last time.""" _jwks = JWK0 kb = KeyBundle() kb.imp_jwks = _jwks kb.do_keys(kb.imp_jwks["keys"]) assert len(kb) == 1 kb.do_keys(kb.imp_jwks["keys"]) assert len(kb) == 1
def test_reload(): """ Emulates what happens if you fetch keys from a remote site and you get back the same JWKS as the last time. """ _jwks = JWK0 kb = KeyBundle() kb.imp_jwks = _jwks kb.do_keys(kb.imp_jwks['keys']) assert len(kb) == 1 kb.do_keys(kb.imp_jwks['keys']) assert len(kb) == 1
def add_software_statement(oper, arg): argkeys = list(arg.keys()) kwargs = {} tre = oper.conf.TRUSTED_REGISTRATION_ENTITY iss = tre['iss'] kb = KeyBundle() kb.imp_jwks = json.load(open(tre['jwks'])) kb.do_keys(kb.imp_jwks['keys']) oper.conv.entity.keyjar.add_kb(iss, kb) if arg['redirect_uris'] is None: kwargs['redirect_uris'] = oper.conv.entity.redirect_uris else: kwargs['redirect_uris'] = arg['redirect_uris'] argkeys.remove('redirect_uris') if 'jwks_uri' in argkeys: if arg['jwks_uri'] is None: kwargs['jwks_uri'] = oper.conv.entity.jwks_uri else: kwargs['jwks_uri'] = arg['jwks_uri'] argkeys.remove('jwks_uri') elif 'jwks' in argkeys: if arg['jwks'] is None: kwargs['jwks'] = { "keys": oper.conv.entity.keyjar.dump_issuer_keys("") } else: kwargs['jwks'] = arg['jwks'] argkeys.remove('jwks') for a in argkeys: kwargs[a] = arg[a] oper.req_args['software_statement'] = make_software_statement( oper.conv.entity.keyjar, iss=iss, owner=iss, **kwargs)
def add_software_statement(oper, arg): argkeys = list(arg.keys()) kwargs = {} tre = oper.conf.TRUSTED_REGISTRATION_ENTITY iss = tre['iss'] kb = KeyBundle() kb.imp_jwks = json.load(open(tre['jwks'])) kb.do_keys(kb.imp_jwks['keys']) oper.conv.entity.keyjar.add_kb(iss, kb) if arg['redirect_uris'] is None: kwargs['redirect_uris'] = oper.conv.entity.redirect_uris else: kwargs['redirect_uris'] = arg['redirect_uris'] argkeys.remove('redirect_uris') if 'jwks_uri' in argkeys: if arg['jwks_uri'] is None: kwargs['jwks_uri'] = oper.conv.entity.jwks_uri else: kwargs['jwks_uri'] = arg['jwks_uri'] argkeys.remove('jwks_uri') elif 'jwks' in argkeys: if arg['jwks'] is None: kwargs['jwks'] = { "keys": oper.conv.entity.keyjar.dump_issuer_keys("")} else: kwargs['jwks'] = arg['jwks'] argkeys.remove('jwks') for a in argkeys: kwargs[a] = arg[a] oper.req_args['software_statement'] = make_software_statement( oper.conv.entity.keyjar, iss=iss, owner=iss, **kwargs)
OAS.baseurl = "%s:%d" % (config.baseurl, args.port) if not OAS.baseurl.endswith("/"): OAS.baseurl += "/" # load extra keys try: extern = config.TRUSTED_REGISTRATION_ENTITIES except AttributeError: pass else: for ent in extern: iss = ent['iss'] kb = KeyBundle() kb.imp_jwks = json.load(open(ent['jwks'])) kb.do_keys(kb.imp_jwks['keys']) OAS.keyjar.add_kb(iss, kb) LOGGER.debug("URLS: '%s" % (URLS,)) # Initiate the web server SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', args.port), application) https = "" if config.SERVICE_URL.startswith("https"): https = " using HTTPS" # SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter( # config.SERVER_CERT, config.SERVER_KEY, config.CERT_CHAIN) SRV.ssl_adapter = BuiltinSSLAdapter(config.SERVER_CERT, config.SERVER_KEY, config.CERT_CHAIN)
oas.baseurl = "%s:%d" % (config.baseurl, args.port) if not oas.baseurl.endswith("/"): oas.baseurl += "/" # load extra keys try: extern = config.TRUSTED_REGISTRATION_ENTITIES except AttributeError: pass else: for ent in extern: iss = ent['iss'] kb = KeyBundle() kb.imp_jwks = json.load(open(ent['jwks'])) kb.do_keys(kb.imp_jwks['keys']) oas.keyjar.add_kb(iss, kb) _app = Application(oas) # Initiate the web server SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', args.port), _app.application) https = "" if config.SERVICE_URL.startswith("https"): https = " using HTTPS" # SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter( # config.SERVER_CERT, config.SERVER_KEY, config.CERT_CHAIN) SRV.ssl_adapter = BuiltinSSLAdapter(config.SERVER_CERT, config.SERVER_KEY, config.CERT_CHAIN)