class FakeOP:
STATE = "12345678"
def __init__(self):
op_base_url = TestConfiguration.get_instance().rp_config.OP_URL
self.provider = Provider(
"https://op.tester.se/",
SessionDB(op_base_url),
CDB,
AUTHN_BROKER,
USERINFO,
AUTHZ,
verify_client,
SYMKEY,
urlmap=None,
keyjar=KEYJAR
)
self.provider.baseurl = TestConfiguration.get_instance().rp_config.OP_URL
self.op_base = TestConfiguration.get_instance().rp_config.OP_URL
self.redirect_urls = TestConfiguration.get_instance().rp_config.CLIENTS[PROVIDER]["client_info"][
"redirect_uris"]
def setup_userinfo_endpoint(self):
cons = Consumer({}, CONSUMER_CONFIG, {"client_id": CLIENT_ID},
server_info=SERVER_INFO, )
cons.behaviour = {
"request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]}
cons.keyjar[""] = KC_RSA
cons.client_secret = "drickyoughurt"
state, location = cons.begin("openid", "token",
path=TestConfiguration.get_instance().rp_base)
resp = self.provider.authorization_endpoint(
request=urlparse(location).query)
# redirect
atr = AuthorizationResponse().deserialize(
urlparse(resp.message).fragment, "urlencoded")
uir = UserInfoRequest(access_token=atr["access_token"], schema="openid")
resp = self.provider.userinfo_endpoint(request=uir.to_urlencoded())
responses.add(
responses.POST,
self.op_base + "userinfo",
body=resp.message,
status=200,
content_type='application/json')
def setup_token_endpoint(self):
authreq = AuthorizationRequest(state="state",
redirect_uri=self.redirect_urls[0],
client_id=CLIENT_ID,
response_type="code",
scope=["openid"])
_sdb = self.provider.sdb
sid = _sdb.token.key(user="******", areq=authreq)
access_grant = _sdb.token(sid=sid)
ae = AuthnEvent("user", "salt")
_sdb[sid] = {
"oauth_state": "authz",
"authn_event": ae,
"authzreq": authreq.to_json(),
"client_id": CLIENT_ID,
"code": access_grant,
"code_used": False,
"scope": ["openid"],
"redirect_uri": self.redirect_urls[0],
}
_sdb.do_sub(sid, "client_salt")
# Construct Access token request
areq = AccessTokenRequest(code=access_grant, client_id=CLIENT_ID,
redirect_uri=self.redirect_urls[0],
client_secret="client_secret_1")
txt = areq.to_urlencoded()
resp = self.provider.token_endpoint(request=txt)
responses.add(
responses.POST,
self.op_base + "token",
body=resp.message,
status=200,
content_type='application/json')
def setup_authentication_response(self, state=None):
context = Context()
context.path = 'openid/authz_cb'
op_base = TestConfiguration.get_instance().rp_config.OP_URL
if not state:
state = rndstr()
context.request = {
'code': 'F+R4uWbN46U+Bq9moQPC4lEvRd2De4o=',
'scope': 'openid profile email address phone',
'state': state}
context.state = self.generate_state(op_base)
return context
def generate_state(self, op_base):
state = State()
state_id = TestConfiguration.get_instance().rp_config.STATE_ID
state_data = {
StateKeys.OP: PROVIDER,
StateKeys.NONCE: "9YraWpJAmVp4L3NJ",
StateKeys.TOKEN_ENDPOINT: TestConfiguration.get_instance().rp_config.OP_URL + "token",
StateKeys.CLIENT_ID: "client_1",
StateKeys.CLIENT_SECRET: "2222222222",
StateKeys.JWKS_URI:
TestConfiguration.get_instance().rp_config.OP_URL + "static/jwks.json",
StateKeys.USERINFO_ENDPOINT:
TestConfiguration.get_instance().rp_config.OP_URL + "userinfo",
StateKeys.STATE: FakeOP.STATE
}
state.add(state_id, state_data)
return state
def setup_client_registration_endpoint(self):
client_info = TestConfiguration.get_instance().rp_config.CLIENTS[PROVIDER]["client_info"]
request = RegistrationRequest().deserialize(json.dumps(client_info), "json")
_cinfo = self.provider.do_client_registration(request, CLIENT_ID)
args = dict([(k, v) for k, v in _cinfo.items()
if k in RegistrationResponse.c_param])
args['client_id'] = CLIENT_ID
self.provider.comb_uri(args)
registration_response = RegistrationResponse(**args)
responses.add(
responses.POST,
self.op_base + "registration",
body=registration_response.to_json(),
status=200,
content_type='application/json')
def setup_opienid_config_endpoint(self):
self.provider.baseurl = self.op_base
self.provider.jwks_uri = self.publish_jwks()
provider_info = self.provider.create_providerinfo()
responses.add(
responses.GET,
self.op_base + ".well-known/openid-configuration",
body=provider_info.to_json(),
status=200,
content_type='application/json'
)
def setup_webfinger_endpoint(self):
wf = WebFinger()
resp = Response(wf.response(subject=self.op_base, base=self.op_base))
responses.add(responses.GET,
self.op_base + ".well-known/webfinger",
body=resp.message,
status=200,
content_type='application/json')
def publish_jwks(self):
jwks_uri = self.op_base + "static/jwks.json"
responses.add(
responses.GET,
jwks_uri,
body=json.dumps(JWKS),
status=200,
content_type='application/json')
return jwks_uri
class FakeOP:
STATE = "12345678"
def __init__(self):
op_base_url = TestConfiguration.get_instance().rp_config.OP_URL
self.provider = Provider("https://op.tester.se/",
SessionDB(op_base_url),
CDB,
AUTHN_BROKER,
USERINFO,
AUTHZ,
verify_client,
SYMKEY,
urlmap=None,
keyjar=KEYJAR)
self.provider.baseurl = TestConfiguration.get_instance(
).rp_config.OP_URL
self.op_base = TestConfiguration.get_instance().rp_config.OP_URL
self.redirect_urls = TestConfiguration.get_instance(
).rp_config.CLIENTS[PROVIDER]["client_info"]["redirect_uris"]
def setup_userinfo_endpoint(self):
cons = Consumer(
{},
CONSUMER_CONFIG,
{"client_id": CLIENT_ID},
server_info=SERVER_INFO,
)
cons.behaviour = {
"request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]
}
cons.keyjar[""] = KC_RSA
cons.client_secret = "drickyoughurt"
state, location = cons.begin(
"openid", "token", path=TestConfiguration.get_instance().rp_base)
resp = self.provider.authorization_endpoint(
request=urlparse(location).query)
# redirect
atr = AuthorizationResponse().deserialize(
urlparse(resp.message).fragment, "urlencoded")
uir = UserInfoRequest(access_token=atr["access_token"],
schema="openid")
resp = self.provider.userinfo_endpoint(request=uir.to_urlencoded())
responses.add(responses.POST,
self.op_base + "userinfo",
body=resp.message,
status=200,
content_type='application/json')
def setup_token_endpoint(self):
authreq = AuthorizationRequest(state="state",
redirect_uri=self.redirect_urls[0],
client_id=CLIENT_ID,
response_type="code",
scope=["openid"])
_sdb = self.provider.sdb
sid = _sdb.token.key(user="******", areq=authreq)
access_grant = _sdb.token(sid=sid)
ae = AuthnEvent("user", "salt")
_sdb[sid] = {
"oauth_state": "authz",
"authn_event": ae,
"authzreq": authreq.to_json(),
"client_id": CLIENT_ID,
"code": access_grant,
"code_used": False,
"scope": ["openid"],
"redirect_uri": self.redirect_urls[0],
}
_sdb.do_sub(sid, "client_salt")
# Construct Access token request
areq = AccessTokenRequest(code=access_grant,
client_id=CLIENT_ID,
redirect_uri=self.redirect_urls[0],
client_secret="client_secret_1")
txt = areq.to_urlencoded()
resp = self.provider.token_endpoint(request=txt)
responses.add(responses.POST,
self.op_base + "token",
body=resp.message,
status=200,
content_type='application/json')
def setup_authentication_response(self, state=None):
context = Context()
context.path = 'openid/authz_cb'
op_base = TestConfiguration.get_instance().rp_config.OP_URL
if not state:
state = rndstr()
context.request = {
'code': 'F+R4uWbN46U+Bq9moQPC4lEvRd2De4o=',
'scope': 'openid profile email address phone',
'state': state
}
context.state = self.generate_state(op_base)
return context
def generate_state(self, op_base):
state = State()
state_id = TestConfiguration.get_instance().rp_config.STATE_ID
state_data = {
StateKeys.OP:
PROVIDER,
StateKeys.NONCE:
"9YraWpJAmVp4L3NJ",
StateKeys.TOKEN_ENDPOINT:
TestConfiguration.get_instance().rp_config.OP_URL + "token",
StateKeys.CLIENT_ID:
"client_1",
StateKeys.CLIENT_SECRET:
"2222222222",
StateKeys.JWKS_URI:
TestConfiguration.get_instance().rp_config.OP_URL +
"static/jwks.json",
StateKeys.USERINFO_ENDPOINT:
TestConfiguration.get_instance().rp_config.OP_URL + "userinfo",
StateKeys.STATE:
FakeOP.STATE
}
state.add(state_id, state_data)
return state
def setup_client_registration_endpoint(self):
client_info = TestConfiguration.get_instance(
).rp_config.CLIENTS[PROVIDER]["client_info"]
request = RegistrationRequest().deserialize(json.dumps(client_info),
"json")
_cinfo = self.provider.do_client_registration(request, CLIENT_ID)
args = dict([(k, v) for k, v in _cinfo.items()
if k in RegistrationResponse.c_param])
args['client_id'] = CLIENT_ID
self.provider.comb_uri(args)
registration_response = RegistrationResponse(**args)
responses.add(responses.POST,
self.op_base + "registration",
body=registration_response.to_json(),
status=200,
content_type='application/json')
def setup_opienid_config_endpoint(self):
self.provider.baseurl = self.op_base
self.provider.jwks_uri = self.publish_jwks()
provider_info = self.provider.create_providerinfo()
responses.add(responses.GET,
self.op_base + ".well-known/openid-configuration",
body=provider_info.to_json(),
status=200,
content_type='application/json')
def setup_webfinger_endpoint(self):
wf = WebFinger()
resp = Response(wf.response(subject=self.op_base, base=self.op_base))
responses.add(responses.GET,
self.op_base + ".well-known/webfinger",
body=resp.message,
status=200,
content_type='application/json')
def publish_jwks(self):
jwks_uri = self.op_base + "static/jwks.json"
responses.add(responses.GET,
jwks_uri,
body=json.dumps(JWKS),
status=200,
content_type='application/json')
return jwks_uri
