Пример #1
0
def as_setup(jconf):

    _module = importlib.import_module('oic.utils.authn.user')
    ab = AuthnBroker()
    for _id, authn in jconf["authn"].items():
        cls = getattr(_module, authn["class"])
        if "template_lookup" in authn["kwargs"]:
            authn["kwargs"]["template_lookup"] = lookup(jconf["template_root"])

        ci = cls(None, **authn["kwargs"])
        ab.add(_id, ci, authn["level"], authn["authn_authority"])

    _base = jconf["configuration"]["issuer"]
    cauth = dict([(x, CLIENT_AUTHN_METHOD[x])
                  for x in jconf["client_auth_methods"]])

    return {
        "name": _base,
        "sdb": {},
        "cdb": {},
        "authn_broker": ab,
        "authz": Implicit("PERMISSION"),
        "client_authn": verify_client,
        "symkey": "1234567890123456",
        "client_authn_methods": cauth,
        "client_info_url": jconf["client_info_url"],
        "default_acr": jconf["default_acr"],
        "keyjar": None
    }
Пример #2
0
    def test_pkce_verify_256(self, session_db_factory):
        _cli = Client(
            config={"code_challenge": {
                "method": "S256",
                "length": 64
            }})
        args, cv = _cli.add_code_challenge()

        authn_broker = AuthnBroker()
        authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
        _prov = Provider(
            "as",
            session_db_factory("https://connect-op.heroku.com"),
            {},
            authn_broker,
            Implicit(),
            verify_client,
        )

        assert _prov.verify_code_challenge(cv, args["code_challenge"]) is True
        assert _prov.verify_code_challenge(cv, args["code_challenge"],
                                           "S256") is True
        resp = _prov.verify_code_challenge("XXX", args["code_challenge"])
        assert isinstance(resp, Response)
        assert resp.info()["status_code"] == 401
Пример #3
0
def test_pkce_verify_512():
    _cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}})
    args, cv = _cli.add_code_challenge()

    authn_broker = AuthnBroker()
    authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
    _prov = Provider("as", sdb.SessionDB(SERVER_INFO["issuer"]), CDB,
                     authn_broker, Implicit(), verify_client)

    assert _prov.verify_code_challenge(cv, args['code_challenge'],
                                       'S512') is True
Пример #4
0
    def test_pkce_verify_512(self, session_db_factory):
        _cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}})
        args, cv = _cli.add_code_challenge()

        authn_broker = AuthnBroker()
        authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
        _prov = Provider("as",
                         session_db_factory('https://connect-op.heroku.com'), {},
                         authn_broker, Implicit(), verify_client)

        assert _prov.verify_code_challenge(cv, args['code_challenge'], 'S512') is True
        resp = _prov.verify_code_challenge('XXX', args['code_challenge'])
        assert isinstance(resp, Response)
        assert resp.info()['status_code'] == 401
Пример #5
0
    def create_provider(self):
        authn_broker = AuthnBroker()
        authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))

        self.provider = Provider("pyoicserv",
                                 sdb.SessionDB(
                                     TestProvider.SERVER_INFO["issuer"]),
                                 TestProvider.CDB,
                                 authn_broker, Implicit(),
                                 verify_client,
                                 client_info_url="https://example.com/as",
                                 client_authn_methods={
                                     "client_secret_post": ClientSecretPost,
                                     "client_secret_basic": ClientSecretBasic,
                                     "bearer_header": BearerHeader})
Пример #6
0
def test_pkce_verify_256(session_db_factory):
    _cli = Client(config={'code_challenge': {'method': 'S256', 'length': 64}})
    args, cv = _cli.add_code_challenge()

    authn_broker = AuthnBroker()
    authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
    _prov = Provider("as", session_db_factory(SERVER_INFO["issuer"]), CDB,
                     authn_broker, Implicit(), verify_client)

    assert _prov.verify_code_challenge(cv, args['code_challenge']) is True
    assert _prov.verify_code_challenge(cv, args['code_challenge'],
                                       'S256') is True
    resp = _prov.verify_code_challenge('XXX', args['code_challenge'])
    assert isinstance(resp, Response)
    assert resp.info()['status_code'] == 401
Пример #7
0
def test_pkce_verify_512(session_db_factory):
    _cli = Client(config={"code_challenge": {"method": "S512", "length": 96}})
    args, cv = _cli.add_code_challenge()

    authn_broker = AuthnBroker()
    authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
    _prov = Provider(
        "as",
        session_db_factory(SERVER_INFO["issuer"]),
        CDB,
        authn_broker,
        Implicit(),
        verify_client,
    )

    assert _prov.verify_code_challenge(cv, args["code_challenge"],
                                       "S512") is True
    resp = _prov.verify_code_challenge("XXX", args["code_challenge"])
    assert isinstance(resp, Response)
    assert resp.info()["status_code"] == 401
Пример #8
0
import json
import socket
from mako.lookup import TemplateLookup
from oic.utils.authn.authn_context import AuthnBroker
from oic.utils.authn.client import verify_client
from oic.utils.authn.user import UserAuthnMethod, UsernamePasswordMako
from oic.utils.authn.user import BasicAuthn
from oic.utils.authz import Implicit
from oic.utils.keyio import keyjar_init
from oic.utils.sdb import SessionDB
from oic.utils.userinfo import UserInfo
from uma import authzsrv

__author__ = 'roland'

AUTHZ = Implicit("PERMISSION")
CDB = {}
AUTHZSRV = None

PASSWD = {
    "linda": "krall",
    "hans": "thetake",
}

USER_DB = {
    "hans": {
        "name": "Hans Granberg",
        "sub": "*****@*****.**"
    },
    "linda": {
        "name": "Linda Lindgren",
Пример #9
0
    :param prefix: prefix string
    :param lista: list of claims=value
    :return: list of possible strings
    """
    assert msg.startswith(prefix)
    qsl = [
        '{}={}'.format(k, v[0])
        for k, v in parse_qs(msg[len(prefix):]).items()
    ]
    return set(qsl) == set(lista)


AUTHN_BROKER = AuthnBroker()
AUTHN_BROKER.add("UNDEFINED", DummyAuthn(None, "username"))
# dealing with authorization
AUTHZ = Implicit()


class TestProvider(object):
    @pytest.fixture(autouse=True)
    def create_provider(self, session_db_factory):
        self.provider = Provider("pyoicserv",
                                 session_db_factory(ISSUER),
                                 CDB,
                                 AUTHN_BROKER,
                                 AUTHZ,
                                 verify_client,
                                 baseurl='https://example.com/as')

    def test_init(self, session_db_factory):
        provider = Provider("pyoicserv", session_db_factory(ISSUER), CDB,
Пример #10
0
    config.issuer = config.issuer % args.port
    config.SERVICE_URL = config.SERVICE_URL % args.port

    for cnf in config.AUTHN_METHOD.values():
        try:
            cnf["config"]["return_to"] = cnf["config"]["return_to"] % args.port
        except KeyError:
            pass

    # Initiate the authentication broker. This is the service that
    # chooses which authentication method that is to be used.

    broker = authn_setup(config)

    # dealing with authorization, this is just everything goes.
    authz = Implicit()

    # Initiate the OAuth2 provider instance
    OAS = Provider(config.issuer,
                   SessionDB(),
                   cdb,
                   broker,
                   authz,
                   client_authn=verify_client,
                   symkey=config.SYM_KEY)

    # set some parameters
    try:
        OAS.cookie_ttl = config.COOKIETTL
    except AttributeError:
        pass