def __init__(self, msg=None, with_digest=False, **kwargs): self.msg = msg self._dict = {} self.with_digest = with_digest self.jwt = None if kwargs: for key in self.args: try: _val = kwargs[key] except KeyError: if key == "alg": self._dict[key] = "none" continue if key == "jwk": if isinstance(_val, dict): self._dict["jwk"] = keyrep(_val) elif isinstance(_val, str): self._dict["jwk"] = keyrep(json.loads(_val)) else: self._dict["jwk"] = _val elif key == "x5c" or key == "crit": self._dict["x5c"] = _val or [] else: self._dict[key] = _val
def __init__(self, auth_req_callback_func, internal_attributes, conf): super().__init__(auth_req_callback_func, internal_attributes, conf) self.root_key = keyrep(conf["root_key_jwk"]) self.software_statements = conf["software_statements"] self.federation_keys = [] for k in conf["federations_jwk"]: self.federation_keys.append(keyrep(k))
def init_oidc_fed_rp(cnf): name = cnf["SERVER_NAME"] with open(cnf["RELYING_PARTY_CONFIG"]) as f: rp_config = yaml.safe_load(f) root_key = keyrep(rp_config["root_key_jwk"]) federation_keys = [keyrep(jwk) for jwk in rp_config["federations_jwk"]] return RP(name, root_key, rp_config["software_statements"], federation_keys, name + "/signed_jwks")
def init_fed_op(cnf): with open(cnf["PROVIDER_CONFIG"]) as f: provider_config = yaml.safe_load(f) root_key = keyrep(provider_config["root_key_jwk"]) federation_keys = [keyrep(jwk) for jwk in provider_config["federations_jwk"]] authn_broker = AuthnBroker() name = "https://" + cnf["SERVER_NAME"] user = "******" authn_broker.add("password", NoAuthn(None, user)) provider = Provider(name, SessionDB(name), {}, authn_broker, None, AuthzHandling(), verify_client, None) return OP(name, root_key, provider_config["software_statements"], federation_keys, name + "/signed_jwks", provider, name + "/jwks")
def test_private_key_from_jwk(): keys = [] kspec = json.loads(open(full_path("jwk_private_key.json")).read()) keys.append(keyrep(kspec)) key = keys[0] assert isinstance(key.n, six.integer_types) assert isinstance(key.e, six.integer_types) assert isinstance(key.d, six.integer_types) assert isinstance(key.p, six.integer_types) assert isinstance(key.q, six.integer_types) assert isinstance(key.dp, six.integer_types) assert isinstance(key.dq, six.integer_types) assert isinstance(key.qi, six.integer_types) _d = key.to_dict() print(_d) print(_d.keys()) assert _eq(list(_d.keys()), [ 'n', 'alg', 'dq', 'e', 'q', 'p', 'dp', 'd', 'ext', 'key_ops', 'kty', 'qi' ]) assert _eq(list(_d.keys()), kspec.keys())
def parse_header(self, encheader): for attr, val in json.loads(b64d(str(encheader))).items(): if attr == "jwk": self["jwk"] = keyrep(val) else: self[attr] = val if "kid" in self: try: assert isinstance(self["kid"], basestring) except AssertionError: raise HeaderError("kid of wrong value type")
def _get_client_public_key(self, access_token): _jws = jws.factory(access_token) if _jws: data = _jws.verify_compact(access_token, self.keyjar.get_verify_key(owner="")) try: return keyrep(data["cnf"]["jwk"]) except KeyError: raise NonPoPTokenError( "Could not extract public key as JWK from access token") raise NonPoPTokenError("Unsigned access token, maybe not PoP?")
def jwk_dict_to_public_key(jwk): """ Converts the specified JWK into a public key. """ jwkest_key = keyrep(jwk) if isinstance(jwkest_key, RSAKey): pycrypto_key = jwkest_key.key return RSAPublicNumbers(e=pycrypto_key.e, n=pycrypto_key.n).public_key(default_backend()) elif isinstance(jwkest_key, ECKey): x, y = jwkest_key.get_key() return EllipticCurvePublicNumbers(x, y, jwkest_key.curve).public_key( default_backend()) raise Exception("Unsupported kind of JWK: %s", str(type(jwkest_key)))
def __init__(self, msg=None, **kwargs): self.msg = msg self._dict = {"kid": ""} if kwargs: for key in self.args: try: _val = kwargs[key] except KeyError: if key == "alg": self._dict[key] = "none" continue if key == "jwk": if isinstance(_val, dict): self._dict["jwk"] = keyrep(_val) elif isinstance(_val, basestring): self._dict["jwk"] = keyrep(json.loads(_val)) else: self._dict["jwk"] = _val elif key == "x5c" or key == "crit": self._dict["x5c"] = _val or [] else: self._dict[key] = _val
def main(): parser = ArgumentParser() parser.add_argument("entity_data_path", help="path to the data for the software statement") parser.add_argument("keypath", help="path to private JWK key to use for signing the software statement") args = parser.parse_args() with open(args.keypath) as f: jwk = f.read() key = keyrep(json.loads(jwk)) with open(args.entity_data_path) as f: entity_data = f.read() print(Federation(key).create_software_statement(json.loads(entity_data)))
def _verify_signature_chain(self, software_statements, signing_key): # type: (Sequence[str], str) -> Tuple[str, Key] """ Verify the signature chain: signature of software statement (containing root key) and signature of a signing key (in the form of a JWS). :param software_statements: all software statements from the provider :param signing_key: the entity's intermediate signing key :return: """ software_statement = self._verify_software_statements(software_statements) root_key = keyrep(software_statement.msg["root_key"]) signing_key = self._verify_signing_key(signing_key, root_key) return software_statement, signing_key
def _verify_signing_key(self, signing_key, verification_key): # type: (str, Key) -> Key """ Verify the signature of an intermediate signing key. :param signing_key: JWS containing the providers intermediate key :param verification_key: key to verify the signature with :raise OIDCFederationError: if the signature could not be verified :return: key contained in the JWS """ try: signing_key = self._verify(signing_key, keys=[verification_key]).msg except JWKESTException as e: raise OIDCFederationError("The entity's signing key could not be verified.") return keyrep(signing_key)
def test_private_key_from_jwk(): keys = [] kspec = json.loads(open(full_path("jwk_private_key.json")).read()) keys.append(keyrep(kspec)) key = keys[0] assert isinstance(key.n, six.integer_types) assert isinstance(key.e, six.integer_types) assert isinstance(key.d, six.integer_types) assert isinstance(key.p, six.integer_types) assert isinstance(key.q, six.integer_types) assert isinstance(key.dp, six.integer_types) assert isinstance(key.dq, six.integer_types) assert isinstance(key.qi, six.integer_types) _d = key.to_dict() print(_d) print(_d.keys()) assert _eq(list(_d.keys()), ["n", "alg", "dq", "e", "q", "p", "dp", "d", "ext", "key_ops", "kty", "qi"]) assert _eq(list(_d.keys()), kspec.keys())
def test_private_key_from_jwk(): keys = [] kspec = json.loads(open("jwk_private_key.json").read()) keys.append(keyrep(kspec)) key = keys[0] assert isinstance(key.n, six.integer_types) assert isinstance(key.e, six.integer_types) assert isinstance(key.d, six.integer_types) assert isinstance(key.p, six.integer_types) assert isinstance(key.q, six.integer_types) assert isinstance(key.dp, six.integer_types) assert isinstance(key.dq, six.integer_types) assert isinstance(key.qi, six.integer_types) _d = key.to_dict() print(_d) print(_d.keys()) assert _eq(list(_d.keys()), ['n', 'alg', 'dq', 'e', 'q', 'p', 'dp', 'd', 'ext', 'key_ops', 'kty', 'qi']) assert _eq(list(_d.keys()), kspec.keys())
args = parser.parse_args() if args.log: setup_logging(args.log) _kid = args.kid keys = [] if args.rsa_file: keys.append( RSAKey(key=import_rsa_key_from_file(args.rsa_file), kid=_kid)) if args.hmac_key: keys.append(SYMKey(key=args.hmac_key)) if args.jwk: kspec = json.loads(open(args.jwk).read()) keys.append(keyrep(kspec)) if args.jwks: txt = open(args.jwks).read() keys.extend(jwks_load(txt)) if not keys: exit(-1) if args.msg_file: message = open(args.msg_file).read().strip("\n") elif args.message == "-": message = sys.stdin.read() else: message = args.message
def parse_header(self, encheader): for attr, val in json.loads(b64d(str(encheader))).items(): if attr == "jwk": self["jwk"] = keyrep(val) else: self[attr] = val
parser.add_argument('-j', dest="jwk", help="JSON Web Key") parser.add_argument('-J', dest="jwks", help="JSON Web Keys") parser.add_argument("message", nargs="?", help="The message") args = parser.parse_args() keys = [] if args.rsa_file: keys = [RSAKey(key=import_rsa_key_from_file(args.rsa_file))] elif args.hmac_key: keys = [SYMKey(key=args.hmac_key)] if args.jwk: kspec = json.loads(open(args.jwk).read()) keys.append(keyrep(kspec)) if args.jwks: keys.extend(load_jwks(open(args.jwk).read())) if not keys: exit(-1) if args.msg_file: if args.msg_file == "A.2.1": message = open("A.2.1").read().replace("\n","\r\n") else: message = open(args.msg_file).read().strip("\n") elif args.message == "-": message = sys.stdin.read() else: