def test_dumps_loads(): bundle = JWKSBundle(ISS, SIGN_KEYS) bundle['https://www.swamid.se'] = KEYJAR['https://www.swamid.se'] bundle['https://www.sunet.se'] = KEYJAR['https://www.sunet.se'] bundle['https://www.feide.no'] = KEYJAR['https://www.feide.no'] _str = bundle.dumps() bundle2 = JWKSBundle(ISS, SIGN_KEYS) bundle2.loads(_str) assert set(bundle.keys()) == set(bundle2.keys()) for iss, kj in bundle.items(): assert bundle2[iss] == kj
def create_federation_entity(iss, conf, fos, sup, entity=''): _keybundle = FSJWKSBundle('', fdir=conf.JWKS_DIR, key_conv={ 'to': quote_plus, 'from': unquote_plus }) # Organisation information _kj = _keybundle[sup] fname = os.path.join(conf.MS_DIR, quote_plus(sup)) signer = Signer(InternalSigningService(sup, _kj), fname) # And then the FOs jb = JWKSBundle('') for fo in fos: jb[fo] = _keybundle[fo] # The OPs own signing keys _keys = build_keyjar(conf.SIG_DEF_KEYS)[1] return FederationEntity(entity, iss=iss, keyjar=_keys, signer=signer, fo_bundle=jb)
def test_create_fo_keys_bundle(): jb = JWKSBundle(ORGOP.iss, ORGOP.keyjar) jb[FOP.iss] = FOP.keyjar jb[FO1P.iss] = FO1P.keyjar sb = jb.create_signed_bundle() _jw = jws.factory(sb) assert _jw
def test_sign_verify(): bundle = JWKSBundle(ISS, SIGN_KEYS) bundle['https://www.swamid.se'] = KEYJAR['https://www.swamid.se'] bundle['https://www.sunet.se'] = KEYJAR['https://www.sunet.se'] bundle['https://www.feide.no'] = KEYJAR['https://www.feide.no'] _jws = bundle.create_signed_bundle() bundle2 = JWKSBundle(ISS2) verify_keys = SIGN_KEYS.copy() verify_keys.issuer_keys[ISS] = verify_keys.issuer_keys[''] bundle2.upload_signed_bundle(_jws, verify_keys) assert set(bundle.keys()) == set(bundle2.keys()) for iss, kj in bundle.items(): assert bundle2[iss] == kj
def test_set_jwks(): bundle = JWKSBundle(ISS, SIGN_KEYS) bundle['https://www.sunet.se'] = KEYJAR[ 'https://www.sunet.se'].export_jwks(private=True) _kj = KEYJAR['https://www.sunet.se'].copy() _kj.issuer_keys['https://www.sunet.se'] = _kj.issuer_keys[''] del _kj.issuer_keys[''] assert bundle['https://www.sunet.se'] == _kj
def test_set_del_get(): bundle = JWKSBundle(ISS, SIGN_KEYS) bundle['https://www.swamid.se'] = KEYJAR['https://www.swamid.se'] bundle['https://www.sunet.se'] = KEYJAR['https://www.sunet.se'] bundle['https://www.feide.no'] = KEYJAR['https://www.feide.no'] del bundle['https://www.sunet.se'] assert set( bundle.keys()) == {'https://www.swamid.se', 'https://www.feide.no'}
def test_dump_load(): jb = make_jwks_bundle('', ['fo0', 'fo1', 'fo2', 'fo3'], None, KEYDEFS) bs = jb.dumps() receiver = JWKSBundle('') receiver.loads(bs) assert len(receiver.keys()) == 4 assert set(receiver.keys()) == {'fo0', 'fo1', 'fo2', 'fo3'}
def test_set_get(): bundle = JWKSBundle(ISS, SIGN_KEYS) bundle['https://www.swamid.se'] = KEYJAR['https://www.swamid.se'] # When imported the key in issuer_keys are changed from '' to the issuer ID _kj = KEYJAR['https://www.swamid.se'].copy() _kj.issuer_keys['https://www.swamid.se'] = _kj.issuer_keys[''] del _kj.issuer_keys[''] _sekj = bundle['https://www.swamid.se'] assert _sekj == _kj
def test_get_metadata_statement(): jb = JWKSBundle('') for iss in ['https://example.org/', 'https://example.com/']: jb[iss] = build_keyjar(KEYDEFS)[1] op = Operator(keyjar=jb['https://example.com/'], iss='https://example.com/') req = MetadataStatement(foo='bar') sms = op.pack_metadata_statement(req, alg='RS256') sms_dir = {'https://example.com': sms} req['metadata_statements'] = Message(**sms_dir) ent = FederationEntity(None, fo_bundle=jb) loe = ent.get_metadata_statement(req) assert loe
def test_create_verify_fo_keys_bundle(): jb = JWKSBundle(ORGOP.iss, ORGOP.keyjar) jb[FOP.iss] = FOP.keyjar jb[FO1P.iss] = FO1P.keyjar sb = jb.create_signed_bundle() kj = KeyJar() kj.add_keyjar(ORGOP.keyjar) # Necessary since otherwise it won't find the key kj.issuer_keys[ORGOP.iss] = kj.issuer_keys[''] _jwt = verify_signed_bundle(sb, kj) bundle = _jwt["bundle"] assert set(bundle.keys()) == {FOP.iss, FO1P.iss}
def test_ace(): jb = JWKSBundle('') for iss in ['https://example.org/', 'https://example.com/']: jb[iss] = build_keyjar(KEYDEFS)[1] kj = build_keyjar(KEYDEFS)[1] sign_serv = InternalSigningService('https://signer.example.com', signing_keys=kj) signer = Signer(sign_serv) signer.metadata_statements['response'] = { 'https://example.org/': 'https://example.org/sms1' } ent = FederationEntity(None, keyjar=kj, signer=signer, fo_bundle=jb) req = MetadataStatement(foo='bar') ent.ace(req, ['https://example.org/'], 'response') assert 'metadata_statements' in req assert 'signing_keys' not in req
def fo_jb(jb, test_info): fjb = JWKSBundle('') try: _vals = test_info['metadata_statements'] except KeyError: _vals = test_info['metadata_statement_uris'] for ms in _vals: try: for fo in ms['federations']: fjb[fo] = jb[fo] except KeyError: try: fo = ms['federation'] fjb[fo] = jb[fo] except KeyError: fo = ms['signer'] fjb[fo] = jb[fo] return fjb
def make_jwks_bundle(iss, fo_liss, sign_keyjar, keydefs, base_path=''): """ Given a list of Federation identifiers creates a FSJWKBundle containing all the signing keys. :param iss: The issuer ID of the entity owning the JWKSBundle :param fo_liss: List of federation identifiers :param sign_keyjar: Keys that the JWKSBundel owner can use to sign an export version of the JWKS bundle. :param keydefs: What type of keys that should be created for each federation. The same for all of them. :return: A JWKSBundle instance. """ jb = JWKSBundle(iss, sign_keyjar) for entity in fo_liss: _keydef = copy.deepcopy(keydefs) _jwks, _keyjar, _kidd = build_keyjar(_keydef) jb[entity] = _keyjar return jb
KEYS = {} ISSUER = {} OPERATOR = {} for entity in ['fo', 'fo1', 'org', 'inter', 'admin', 'ligo', 'op']: fname = os.path.join(BASE_PATH, "{}.key".format(entity)) _keydef = KEYDEFS[:] _keydef[0]['key'] = fname _jwks, _keyjar, _kidd = build_keyjar(_keydef) KEYS[entity] = {'jwks': _jwks, 'keyjar': _keyjar, 'kidd': _kidd} ISSUER[entity] = 'https://{}.example.org'.format(entity) OPERATOR[entity] = Operator(keyjar=_keyjar, iss=ISSUER[entity]) FOP = OPERATOR['fo'] FOP.jwks_bundle = JWKSBundle(FOP.iss) FOP.jwks_bundle[FOP.iss] = FOP.keyjar FO1P = OPERATOR['fo1'] FO1P.jwks_bundle = JWKSBundle(FO1P.iss) FO1P.jwks_bundle[FO1P.iss] = FO1P.keyjar ORGOP = OPERATOR['org'] ADMINOP = OPERATOR['admin'] INTEROP = OPERATOR['inter'] LIGOOP = OPERATOR['ligo'] OPOP = OPERATOR['ligo'] def fo_member(*args): _jb = JWKSBundle('https://sunet.se/op')
# What I want to create is something like # (ms_OA + SK[X]) _kj = build_keyjar(config.KEY_DEFS)[1] req = MetadataStatement( federation_usage='discovery', signing_keys={'keys': [x.serialize() for x in _kj.get_signing_key()]}) # FO(ms_OA + SK[X]) _fo_signer = operator[fo] ms_0 = _fo_signer.pack_metadata_statement(req) # OA(ms_IA + SK[IA] + FO(ms_OA + SK[X])) _ia_signer = operator["https://bogus.example.org"] req = MetadataStatement(tos_uri='https://example.org/tos', metadata_statements={fo: ms_0}, signing_keys=_ia_signer.signing_keys_as_jwks()) oa = "https://example.org" _oa_signer = operator[oa] ms_1 = _oa_signer.pack_metadata_statement(req) metadata_statements[fo] = ms_1 _jb = JWKSBundle('https://op.sunet.se') _jb[_fo_signer.iss] = _fo_signer.signing_keys_as_jwks() # uninett_op = Operator(iss='https://op.sunet.se', jwks_bundle=_jb) # foo = uninett_op.unpack_metadata_statement(jwt_ms=ms_1) # print(foo)
def fo_member(*args): _jb = JWKSBundle('https://sunet.se/op') for fo in args: _jb[fo.iss] = fo.signing_keys_as_jwks() return Operator(jwks_bundle=_jb)
tests = _flows.keys() # Get the necessary information about the JWKS bundle info = {} for path in ['bundle', 'bundle/signer', 'bundle/sigkey']: _url = "{}/{}".format(tool_url, path) resp = requests.request('GET', _url, verify=False) info[path] = resp.text # Create a KeyJar instance that contains the key that the bundle was signed with kj = KeyJar() kj.import_jwks(json.loads(info['bundle/sigkey']), info['bundle/signer']) # Create a JWKSBundle instance and load it with the keys in the bundle # I got from the tool jb = JWKSBundle('') jb.upload_signed_bundle(info['bundle'], kj) # This is for the federation entity to use when signing something # like the keys at jwks_uri. _kj = build_keyjar(KEY_DEFS)[1] SIGNERS = [ 'https://swamid.sunet.se', 'https://edugain.com', 'https://www.feide.no' ] # A dictionary of web based signers sig = {} for iss in SIGNERS: qp = urlencode({'signer': iss, 'context': 'registration'}) url = '{}/sign?{}'.format(tool_url, qp) sig[iss] = WebSigningService(iss, url, jb.bundle[iss])
def test_create(): bundle = JWKSBundle(ISS, SIGN_KEYS) assert bundle
import argparse from fedoidc import read_jwks_file from fedoidc.bundle import JWKSBundle from fedoidc.operator import Operator parser = argparse.ArgumentParser() parser.add_argument( '-j', dest='jwks', help="A JWKS file that contains the federation operators public keys") parser.add_argument('-r', dest='req', help="The message") parser.add_argument('-f', dest='fo', help='The identifier of the Federation') parser.add_argument('-l', dest='flatten', action='store_true', help="Flatten the compounded metadata statement") args = parser.parse_args() kj = read_jwks_file(args.jwks) _bundle = JWKSBundle('') _bundle[args.fo] = kj op = Operator(jwks_bundle=_bundle) _fo, _req = open(args.req).read().rsplit(':', 1) res = op.unpack_metadata_statement(jwt_ms=_req.strip()) print(res.result)
for d in ['mds', 'ms']: if os.path.isdir(d): shutil.rmtree(d) liss = list(FO.values()) liss.extend(list(OA.values())) liss.extend(list(EO.values())) signer, keybundle = test_utils.setup(KEYDEFS, TOOL_ISS, liss, ms_path='ms', csms_def=SMS_DEF, mds_dir='mds') fo_keybundle = JWKSBundle('https://example.com') for iss in FO.values(): fo_keybundle[iss] = keybundle[iss] def test_parse_pi(): # Sunet OP sunet_op = 'https://sunet.se/op' # _kj = build_keyjar(KEYDEFS)[1] _kj = signer[EO['sunet.op']].signing_service.signing_keys op_fed_ent = FederationEntity(None, keyjar=_kj, iss=sunet_op, signer=signer['https://sunet.se'], fo_bundle=fo_keybundle)