def create_statements(self):
res = {}
# self-signed from subject
es_api = FSEntityStatementAPI(ROOT_DIR, iss=get_netloc(self.subject))
res['subj_sesi'] = es_api.create_entity_statement(
get_netloc(self.subject))
# self-signed from intermediate
es_api = FSEntityStatementAPI(ROOT_DIR,
iss=get_netloc(self.intermediate))
res['inter_sesi'] = es_api.create_entity_statement(
get_netloc(self.intermediate))
# self-signed from fedop
es_api = FSEntityStatementAPI(ROOT_DIR, iss=get_netloc(self.fedop))
res['fedop_sesi'] = es_api.create_entity_statement(
get_netloc(self.fedop))
# intermediate on subject
es_api = FSEntityStatementAPI(ROOT_DIR,
iss=get_netloc(self.intermediate))
res['inter_on_sub'] = es_api.create_entity_statement(
get_netloc(self.subject))
# fedop on intermediate
es_api = FSEntityStatementAPI(ROOT_DIR, iss=get_netloc(self.fedop))
res['fedop_on_inter'] = es_api.create_entity_statement(
get_netloc(self.intermediate))
return res
def test_collect_intermediate(self):
_collector = self.endpoint.server_get(
"endpoint_context").federation_entity.collector
subject = 'https://op.ntnu.no'
intermediate = 'https://ntnu.no'
fedop1 = 'https://feide.no'
fedop2 = 'https://swamid.se'
# self-signed from subject
es_api = FSEntityStatementAPI(ROOT_DIR, iss=get_netloc(subject))
subj_sesi = es_api.create_entity_statement(get_netloc(subject))
# self-signed from intermediate
es_api = FSEntityStatementAPI(ROOT_DIR, iss=get_netloc(intermediate))
inter_sesi = es_api.create_entity_statement(get_netloc(intermediate))
# self-signed from fedop
es_api = FSEntityStatementAPI(ROOT_DIR, iss=get_netloc(fedop1))
fedop_sesi_1 = es_api.create_entity_statement(get_netloc(fedop1))
es_api = FSEntityStatementAPI(ROOT_DIR, iss=get_netloc(fedop2))
fedop_sesi_2 = es_api.create_entity_statement(get_netloc(fedop2))
# intermediate on subject
es_api = FSEntityStatementAPI(ROOT_DIR, iss=get_netloc(intermediate))
inter_on_sub = es_api.create_entity_statement(get_netloc(subject))
# fedop on intermediate
es_api = FSEntityStatementAPI(ROOT_DIR, iss=get_netloc(fedop1))
fedop_on_inter_1 = es_api.create_entity_statement(
get_netloc(intermediate))
es_api = FSEntityStatementAPI(ROOT_DIR, iss=get_netloc(fedop2))
fedop_on_inter_2 = es_api.create_entity_statement(
get_netloc(intermediate))
sleep(1)
with responses.RequestsMock() as rsps:
_url = "{}/.well-known/openid-federation".format(intermediate)
rsps.add("GET", _url, body=inter_sesi, status=200)
_url = "{}/.well-known/openid-federation".format(fedop1)
rsps.add("GET", _url, body=fedop_sesi_1, status=200)
_url = "{}/.well-known/openid-federation".format(fedop2)
rsps.add("GET", _url, body=fedop_sesi_2, status=200)
_url = 'https://ntnu.no/api?iss=https%3A%2F%2Fntnu.no&sub=https%3A%2F%2Fop.ntnu.no'
rsps.add("GET", _url, body=inter_on_sub, status=200)
_url = 'https://feide.no/api?iss=https%3A%2F%2Ffeide.no&sub=https%3A%2F%2Fntnu.no'
rsps.add("GET", _url, body=fedop_on_inter_1, status=200)
_url = 'https://swamid.se/api?iss=https%3A%2F%2Fswamid.se&sub=https%3A%2F%2Fntnu.no'
rsps.add("GET", _url, body=fedop_on_inter_2, status=200)
tree = _collector.collect_intermediate(subject, 'https://ntnu.no')
assert tree
assert len(_collector.config_cache) == 3
assert set(_collector.config_cache.keys()) == {
'https://ntnu.no', 'https://feide.no', 'https://swamid.se'
}
# The unpacked fedop1's self signed entity statement
_info = _collector.config_cache['https://feide.no']
assert _info['sub'] == fedop1
assert _info['iss'] == fedop1
assert _info['metadata']['federation_entity'][
'federation_api_endpoint'] == 'https://feide.no/api'
# For each entity statement there is also the expiration time
assert len(_collector.entity_statement_cache) == 6
assert set(_collector.entity_statement_cache.keys()) == {
'https://feide.no!!https://ntnu.no',
'https://feide.no!exp!https://ntnu.no',
'https://ntnu.no!!https://op.ntnu.no',
'https://ntnu.no!exp!https://op.ntnu.no',
'https://swamid.se!!https://ntnu.no',
'https://swamid.se!exp!https://ntnu.no'
}
# have a look at the payload
_info = unverified_entity_statement(
_collector.
entity_statement_cache['https://swamid.se!!https://ntnu.no'])
assert _info['sub'] == intermediate
assert _info['iss'] == fedop2
assert _info['authority_hints'] == [fedop2]
_collector_dump = _collector.dump()
_c2 = Collector()
_c2.load(_collector_dump)
assert len(_c2.config_cache) == 3
assert set(_c2.config_cache.keys()) == {
'https://ntnu.no', 'https://feide.no', 'https://swamid.se'
}
# The unpacked fedop1's self signed entity statement
_info = _c2.config_cache['https://feide.no']
assert _info['sub'] == fedop1
assert _info['iss'] == fedop1
assert _info['metadata']['federation_entity'][
'federation_api_endpoint'] == 'https://feide.no/api'
# For each entity statement there is also the expiration time
assert len(_c2.entity_statement_cache) == 6
assert set(_c2.entity_statement_cache.keys()) == {
'https://feide.no!!https://ntnu.no',
'https://feide.no!exp!https://ntnu.no',
'https://ntnu.no!!https://op.ntnu.no',
'https://ntnu.no!exp!https://op.ntnu.no',
'https://swamid.se!!https://ntnu.no',
'https://swamid.se!exp!https://ntnu.no'
}
# have a look at the payload
_info = unverified_entity_statement(
_c2.entity_statement_cache['https://swamid.se!!https://ntnu.no'])
assert _info['sub'] == intermediate
assert _info['iss'] == fedop2
assert _info['authority_hints'] == [fedop2]