def test_get_trust_mark_self_signed(self):
# Verify the self signed trust marks
for _jws in self.entity.server_get('context').signed_trust_marks:
_jwt = factory(_jws)
_payload = _jwt.jwt.payload()
_tm = TrustMark(**_payload)
assert _tm.verify()
def test_get_trust_mark_3rd_party(self):
# Create the Signed JWT representing the Trust Mark
_jws = self.tmi.create_trust_mark(self.id, "https://example.com")
_jwt = factory(_jws)
_payload = _jwt.jwt.payload()
_tm = TrustMark(**_payload)
assert _tm.verify()
def test_create_trust_mark_self_signed():
_entity_id = "https://example.com/op"
_tm = TrustMark(
id="https://openid.net/certification/op",
sub=_entity_id,
mark="http://openid.net/wordpress-content/uploads/2016/05/oid-l-certification-mark-l-cmyk" \
"-150dpi-90mm.jpg",
ref="https://openid.net/wordpress-content/uploads/2015/09/RolandHedberg-pyoidc-0.7.7"
"-Basic-26-Sept-2015.zip"
)
_key_jar = build_keyjar(KEYSPEC, issuer_id=_entity_id)
# Create the Signed JWT representing the Trust Mark
_jwt0 = JWT(key_jar=_key_jar, iss=_entity_id, lifetime=3600)
_jws = _jwt0.pack(_tm)
# Unpack and verify the Trust Mark
_jwt1 = JWT(key_jar=_key_jar,
msg_cls=TrustMark,
allowed_sign_algs=["RS256"])
res_tm = _jwt1.unpack(_jws)
res_tm.verify(entity_id=_entity_id)
assert isinstance(res_tm, TrustMark)
assert res_tm["id"] == "https://openid.net/certification/op"
def test_get_trust_mark_3rd_party():
_iss = "https://feide.no"
_sub = "https://op.ntnu.no"
config = {'keys': {'key_defs': KEYSPEC}}
federation_entity = FederationEntity(
_iss,
trusted_roots=ANCHOR,
config=config,
authority_hints=['https://ntnu.no'],
entity_type='openid_relying_party',
httpd=Publisher(ROOT_DIR),
opponent_entity_type='openid_relying_party')
federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR),
trusted_roots=ANCHOR,
root_dir=ROOT_DIR)
_tm = TrustMark(
id="https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf",
sub=_sub,
)
# Create the Signed JWT representing the Trust Mark
_jwt0 = JWT(key_jar=federation_entity.keyjar, iss=_iss, lifetime=3600)
_jws = _jwt0.pack(_tm)
trust_anchor_id = list(ANCHOR.keys())[0]
_tm = get_trust_mark(federation_entity, _jws, _sub, trust_anchor_id)
assert isinstance(_tm, TrustMark)
def create_trust_mark(entity_id, key_jar, trust_mark_id, subject='', lifetime=0, trust_mark='',
reference=''):
"""
Create Trust Mark.
:param entity_id: The issuers entity_id
:param key_jar: A KeyJar that contains useful keys
:param trust_mark_id: The Trust Mark identifier
:param subject: The subject's id
:param lifetime: For how long the trust mark should be valid (0=for ever)
:param trust_mark: A URL pointing to a graphic trust mark
:param reference: A URL pointing to reference material for this trust mark
:return: A signed JWT containing the provided information
"""
_tm = TrustMark(
id=trust_mark_id,
)
if trust_mark:
_tm["mark"] = trust_mark
if reference:
_tm["ref"] = reference
if subject:
_tm['sub'] = subject
else:
_tm['sub'] = entity_id
# Create the Signed JWT representing the Trust Mark
_jwt = JWT(key_jar=key_jar, iss=entity_id, lifetime=lifetime)
return _jwt.pack(_tm)
def test_get_trust_mark_self_signed():
_entity_id = "https://op.ntnu.no"
config = {'keys': {'key_defs': KEYSPEC}}
federation_entity = FederationEntity(
_entity_id,
trusted_roots=ANCHOR,
config=config,
authority_hints=['https://ntnu.no'],
entity_type='openid_relying_party',
httpd=Publisher(ROOT_DIR),
opponent_entity_type='openid_relying_party')
federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR),
trusted_roots=ANCHOR,
root_dir=ROOT_DIR)
_tm = TrustMark(
id="https://openid.net/certification/op",
sub=_entity_id,
mark=("http://openid.net/wordpress-content/uploads/2016/05/"
"oid-l-certification-mark-l-cmyk-150dpi-90mm.jpg"),
ref=("https://openid.net/wordpress-content/uploads/2015/09/"
"RolandHedberg-pyoidc-0.7.7-Basic-26-Sept-2015.zip"))
# Create the Signed JWT representing the Trust Mark
_jwt0 = JWT(key_jar=federation_entity.keyjar,
iss=_entity_id,
lifetime=3600)
_jws = _jwt0.pack(_tm)
trust_anchor_id = list(ANCHOR.keys())[0]
_tm = get_trust_mark(federation_entity, _jws, _entity_id, trust_anchor_id)
assert isinstance(_tm, TrustMark)
print("4.1.6_metadata.json", mp_org.verify())
# apply policy
res = apply_policy(md, comb_policy)
res_md = RegistrationResponse(**res)
print(json.dumps(res_md.to_dict(), indent=4, sort_keys=True))
print('=', md.to_dict() == res_md.to_dict())
# ============== 4.3.3 ==================
print("-" * 20, "4.3.3", "-" * 20)
for item in ['4.3.3_1.json', '4.3.3_2.json']:
data = open(item).read()
tm = TrustMark().from_json(data)
print(item, tm.verify())
# ============== 5.2 ==================
print("-" * 20, "5.2", "-" * 20)
txt = open("5.2.json").read()
es = EntityStatement().from_json(txt)
now = utc_time_sans_frac()
es['iat'] = now
es['exp'] = now + 3600
print("5.2", es.verify())