def serialize(self, private=False):
if not self.key:
raise SerializationNotPossible()
res = self.common()
res.update({"n": long_to_base64(self.n), "e": long_to_base64(self.e)})
if private:
res["d"] = long_to_base64(self.d)
return res
def serialize(self, private=False):
if not self.crv and not self.curve:
raise SerializationNotPossible()
res = self.common()
res.update({"crv": self.curve.name(), "x": long_to_base64(self.x), "y": long_to_base64(self.y)})
if private and self.d:
res["d"] = long_to_base64(self.d)
return res
def serialize(self, private=False):
if not self.key:
raise SerializationNotPossible()
res = self.common()
res.update({
"n": long_to_base64(self.n),
"e": long_to_base64(self.e)
})
if private:
res["d"] = long_to_base64(self.d)
return res
def serialize(self, private=False):
if not self.crv and not self.curve:
raise SerializationNotPossible()
res = self.common()
res.update({
"crv": self.curve.name(),
"x": long_to_base64(self.x),
"y": long_to_base64(self.y)
})
if private and self.d:
res["d"] = long_to_base64(self.d)
return res
def get(self, request, *args, **kwargs):
dic = dict(keys=[])
key = get_rsa_key().encode('utf-8')
public_key = RSA.importKey(key).publickey()
dic['keys'].append({
'kty': 'RSA',
'alg': 'RS256',
'use': 'sig',
'kid': md5(key).hexdigest(),
'n': long_to_base64(public_key.n),
'e': long_to_base64(public_key.e),
})
return JsonResponse(dic)
def get(self, request, *args, **kwargs):
dic = dict(keys=[])
key = get_rsa_key().encode('utf-8')
public_key = RSA.importKey(key).publickey()
dic['keys'].append({
'kty': 'RSA',
'alg': 'RS256',
'use': 'sig',
'kid': md5(key).hexdigest(),
'n': long_to_base64(public_key.n),
'e': long_to_base64(public_key.e),
})
return JsonResponse(dic)
def get(self, request, *args, **kwargs):
dic = dict(keys=[])
for rsakey in get_oidc_rsa_key_model().objects.all():
public_key = RSA.importKey(rsakey.key).publickey()
dic['keys'].append({
'kty': 'RSA',
'alg': 'RS256',
'use': 'sig',
'kid': rsakey.kid,
'n': long_to_base64(public_key.n),
'e': long_to_base64(public_key.e),
})
response = JsonResponse(dic)
response['Access-Control-Allow-Origin'] = '*'
return response
def get(self, request, *args, **kwargs):
dic = dict(keys=[])
for rsakey in RSAKey.objects.all():
public_key = RSA.importKey(rsakey.key).publickey()
dic['keys'].append({
'kty': 'RSA',
'alg': 'RS256',
'use': 'sig',
'kid': rsakey.kid,
'n': long_to_base64(public_key.n),
'e': long_to_base64(public_key.e),
})
response = JsonResponse(dic)
response['Access-Control-Allow-Origin'] = '*'
return response
def serialize(self, private=False):
if not self.key:
raise SerializationNotPossible()
res = self.common()
for param in self.longs:
item = getattr(self, param)
if item:
res[param] = long_to_base64(item)
return res
def serialize(self, private=False):
if not self.key:
raise SerializationNotPossible()
res = self.common()
for param in self.longs:
item = getattr(self, param)
if item:
res[param] = long_to_base64(item)
return res
def get(self, request, *args, **kwargs):
dic = dict(keys=[])
for rsakey in RSAKey.objects.all():
public_key = RSA.importKey(rsakey.key).publickey()
dic['keys'].append({
'kty': 'RSA',
'alg': 'RS256',
'use': 'sig',
'kid': rsakey.kid,
'n': long_to_base64(public_key.n),
'e': long_to_base64(public_key.e),
})
response = JsonResponse(dic)
if settings.get('OIDC_CORS_MANAGEMENT_ENABLE'):
response['Access-Control-Allow-Origin'] = '*'
return response
def serialize(self, private=False):
if not self.key:
raise SerializationNotPossible()
res = self.common()
public_longs = list(set(self.public_members) & set(self.longs))
for param in public_longs:
item = getattr(self, param)
if item:
res[param] = long_to_base64(item)
if private:
for param in self.longs:
if not private and param in ["d", "p", "q", "dp", "dq", "di", "qi"]:
continue
item = getattr(self, param)
if item:
res[param] = long_to_base64(item)
return res
def serialize(self, private=False):
if not self.key:
raise SerializationNotPossible()
res = self.common()
public_longs = list(set(self.public_members) & set(self.longs))
for param in public_longs:
item = getattr(self, param)
if item:
res[param] = long_to_base64(item)
if private:
for param in self.longs:
if not private and param in ["d", "p", "q", "dp", "dq", "di",
"qi"]:
continue
item = getattr(self, param)
if item:
res[param] = long_to_base64(item)
return res
def get(self, request: HttpRequest, application_slug: str) -> HttpResponse:
"""Show RSA Key data for Provider"""
application = get_object_or_404(Application, slug=application_slug)
provider: OAuth2Provider = get_object_or_404(
OAuth2Provider, pk=application.provider_id)
response_data = {}
if provider.jwt_alg == JWTAlgorithms.RS256:
public_key = import_rsa_key(provider.rsa_key.key_data).publickey()
response_data["keys"] = [{
"kty": "RSA",
"alg": "RS256",
"use": "sig",
"kid": provider.rsa_key.kid,
"n": long_to_base64(public_key.n),
"e": long_to_base64(public_key.e),
}]
response = JsonResponse(response_data)
response["Access-Control-Allow-Origin"] = "*"
return response
def test_base64_long_base64():
x64 = 'omXjOQmHl77TtpwMXL9WPcd-Xcg1bh8CoLGOyX1Ug_CLtZJx_SvSo0bj5bEiVb8eCa5mXuc6sDg9_RRpCvKHHxZG6f9qh5r3ZNY-yr5hKQqeMafWa4b6UqouLSSwKsNe5FWD327BoyaEsMyCRheQg4wX86G_8zqynuvbT6KzQbQtp4iqQvMWGswovmflsk7zoZUESAFu6L5xlJUEFXMlDLPH13SsPKwvL4MgHa-Cx938B0FReUFtq7qEQHIPhGSTOeTS-v8Acp6VqkmcLB4kCIsk_Icr46VTEPv3WWDHcbSzp-RPR0lTa8WTdOd_E98U70jfAZJAKMDWr4sQkvfk7w'
_l = base64_to_long(x64)
r64 = long_to_base64(_l)
assert x64 == r64
def test_long_base64_long():
_n = long_to_base64(_CKEY.n)
l = base64_to_long(_n)
assert _CKEY.n == l
def test_long_base64_long():
_n = long_to_base64(_CKEY.n)
l = base64_to_long(_n)
assert _CKEY.n == l
class MockView(APIView):
permission_classes = (IsAuthenticated,)
authentication_classes = (JSONWebTokenAuthentication, BearerTokenAuthentication)
def get(self, request):
return HttpResponse('a')
urlpatterns = [
url(r'^test/$', MockView.as_view(), name="testview")
]
key = RSAKey(kid="test",
kty="RSA",
e=long_to_base64(long(65537)),
n=long_to_base64(long(103144733181541730170695212353035735911272360475451101847332641719504193145911782103718552703497383385072400068398348471608551845979550140132066577502098324638900101678499876506366406838561711807168917151266210861310839976066381600661109647310812646802675105044570916072792610952531033569123889433857109695663)),
d=long_to_base64(long(87474011172773995802176478974956531454728135178991596207863469898989014679490621318105454312226445649668492543167679449044101982079487873850500638991205330610459744732712633893362912169260215247013564296846583369572335796121742404877695795618480142002129365141632060905382558309932032446524457731175746076993)))
def make_jwt(payload):
jws = JWS(payload, alg='RS256')
return jws.sign_compact([key])
def make_id_token(sub,
iss='http://example.com',
aud='you',
exp=999999999999, # tests will start failing in September 33658
iat=999999999999,
**kwargs):
class MockView(APIView):
permission_classes = (IsAuthenticated, )
authentication_classes = (JSONWebTokenAuthentication,
BearerTokenAuthentication)
def get(self, request):
return HttpResponse('a')
urlpatterns = [url(r'^test/$', MockView.as_view(), name="testview")]
key = RSAKey(
kid="test",
kty="RSA",
e=long_to_base64(long(65537)),
n=long_to_base64(
long(
103144733181541730170695212353035735911272360475451101847332641719504193145911782103718552703497383385072400068398348471608551845979550140132066577502098324638900101678499876506366406838561711807168917151266210861310839976066381600661109647310812646802675105044570916072792610952531033569123889433857109695663
)),
d=long_to_base64(
long(
87474011172773995802176478974956531454728135178991596207863469898989014679490621318105454312226445649668492543167679449044101982079487873850500638991205330610459744732712633893362912169260215247013564296846583369572335796121742404877695795618480142002129365141632060905382558309932032446524457731175746076993
)))
def make_jwt(payload):
jws = JWS(payload, alg='RS256')
return jws.sign_compact([key])