Exemplo n.º 1
0
    def test_handle_registration_response(self):
        federation_key = sym_key()
        op_root_key = rsa_key()
        op_intermediate_key = rsa_key()
        op_signed_intermediate_key = JWS(json.dumps(op_intermediate_key.serialize(private=False)),
                                         alg=op_root_key.alg).sign_compact(keys=[op_root_key])
        op_software_statement = Federation(federation_key).create_software_statement(
                dict(issuer=ISSUER, root_key=op_root_key.serialize(private=False),
                     scopes_supported=["openid", "test_scope"]))
        rp = RP(None, sym_key(), [], [federation_key], None)

        signed_jwks_uri = "{}/signed_jwks".format(ISSUER)
        # fake provider discovery
        rp.client.provider_info = FederationProviderConfigurationResponse(
                **dict(signing_key=op_signed_intermediate_key, signed_jwks_uri=signed_jwks_uri,
                       issuer=ISSUER))
        # signed_jwks_uri
        expected_kid = "OP key 1"
        keys = [RSAKey(key=RSA.generate(1024), kid=expected_kid).serialize(private=False)]
        jwks = json.dumps(dict(keys=keys))
        jws = JWS(jwks, alg=op_intermediate_key.alg).sign_compact(keys=[op_intermediate_key])
        responses.add(responses.GET, signed_jwks_uri, body=jws, status=200,
                      content_type="application/jose")

        resp_args = dict(provider_software_statement=op_software_statement, client_id="foo")
        reg_resp = FederationRegistrationResponse(**resp_args)

        rp._handle_registration_response(reg_resp)
        assert set(rp.client.provider_info["scopes_supported"]) == {"openid", "test_scope"}
        assert rp.client.client_id == "foo"
        assert rp.client.keyjar[ISSUER][0].keys()[0].kid == expected_kid
Exemplo n.º 2
0
    def test_handle_registration_response_fail_when_wrong_software_statement(self):
        rp = RP(None, sym_key(), [], None, None)
        rp.client.provider_info = FederationProviderConfigurationResponse(
                **dict(signing_key="whatever"))  # fake provider discovery

        resp_args = dict(provider_software_statement="abcdef")
        reg_resp = FederationRegistrationResponse(**resp_args)

        with pytest.raises(OIDCFederationError) as exc:
            rp._handle_registration_response(reg_resp)

        assert "software statement" in str(exc.value)