def service_error(self, message, html=None):
"""
:return A error response which is used to show error messages in the client
"""
message = {"ExceptionMessage": message, "HTML": html}
resp = ServiceError(json.dumps(message))
return resp(self.environ, self.start_response)
def application(environ, start_response):
session = Session(environ['beaker.session'])
path = environ.get('PATH_INFO', '').lstrip('/')
resp = None
for regex, callback in URLS:
match = re.search(regex, path)
if match is not None:
try:
environ['oic.url_args'] = match.groups()[0]
except IndexError:
environ['oic.url_args'] = path
logger.info("callback: %s" % callback)
try:
resp = callback(environ, session, path)
except Exception, err:
print >> sys.stderr, "%s" % err
message = traceback.format_exception(*sys.exc_info())
print >> sys.stderr, message
logger.exception("%s" % err)
resp = ServiceError("%s" % err)
if isinstance(resp, tuple):
return resp[0](environ, start_response, **resp[1])
elif isinstance(resp, Response):
return resp(environ, start_response)
else:
break
def run_test_instance(self, iss, tag):
_port = self.get_port(iss, tag)
args = [
"optest.py", "-i",
unquote_plus(iss), "-t",
unquote_plus(tag), "-p",
str(_port), "-M", self.mako_dir
]
for _fl in self.flows:
args.extend(["-f", _fl])
if self.path2port:
args.extend(["-m", self.path2port])
ppmap = read_path2port_map(self.path2port)
try:
_path = ppmap[str(_port)]
except KeyError:
_errtxt = 'Port not in path2port map file {}'.format(
self.path2port)
logger.error(_errtxt)
return ServiceError(_errtxt)
url = '{}{}'.format(self.test_tool_base, _path)
else:
url = '{}:{}'.format(self.test_tool_base[:-1], _port)
_econf = self.rest.read_conf(iss, tag)
if _econf['tool']['insecure']:
args.append('-k')
args.append(self.test_tool_conf)
_key = '{}:{}'.format(iss, tag)
# If already running - kill
try:
pid = self.running_processes[_key]
except KeyError:
pass
else:
logger.info('kill {}'.format(pid))
subprocess.call(['kill', pid])
logger.info(args)
if False: # Only on Windows
DETACHED_PROCESS = 0x00000008
process = subprocess.Popen(args,
creationflags=DETACHED_PROCESS).pid
else:
process = subprocess.Popen(args,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
# continues immediately
if process.pid:
logger.info("process id: {}".format(process.pid))
self.running_processes['{}:{}'.format(iss, tag)] = process.pid
time.sleep(5)
return url
def registration(environ, events):
_op = environ["oic.op"]
if environ["REQUEST_METHOD"] == "POST":
return wsgi_wrapper(environ, _op.registration_endpoint, events)
elif environ["REQUEST_METHOD"] == "GET":
return wsgi_wrapper(environ, _op.read_registration, events)
else:
return ServiceError("Method not supported")
def run_test_instance(self, iss, tag):
_port = self.assigned_ports.register_port(iss, tag)
args = [
self.test_script, "-i",
unquote_plus(iss), "-t",
unquote_plus(tag), "-p",
str(_port), "-M", self.mako_dir, "-f", self.flowdir
]
if self.path2port:
args.extend(["-m", self.path2port])
ppmap = read_path2port_map(self.path2port)
try:
_path = ppmap[str(_port)]
except KeyError:
_errtxt = 'Port not in path2port map file {}'.format(
self.path2port)
logger.error(_errtxt)
return ServiceError(_errtxt)
url = '{}{}'.format(self.test_tool_base, _path)
else:
url = '{}:{}'.format(self.test_tool_base[:-1], _port)
typ, _econf = self.rest.read_conf(iss, tag)
if _econf['tool']['insecure']:
args.append('-k')
args.append(self.test_tool_conf)
# If already running - kill
try:
pid = isrunning(unquote_plus(iss), unquote_plus(tag))
except KeyError:
pass
else:
if pid:
logger.info('kill {}'.format(pid))
subprocess.call(['kill', str(pid)])
# Now get it running
args.append('&')
logger.info("Test tool command: {}".format(" ".join(args)))
# spawn independent process
os.system(" ".join(args))
pid = 0
for i in range(0, 10):
time.sleep(1)
pid = isrunning(unquote_plus(iss), unquote_plus(tag))
if pid:
break
if pid:
logger.info("process id: {}".format(pid))
self.running_processes[self.key(iss, tag)] = pid
return url
else:
return None
def application(environ, start_response):
session = environ['beaker.session']
path = environ.get('PATH_INFO', '').lstrip('/')
try:
_cli = session["client"]
except KeyError:
_cli = session["client"] = make_client(**KW_ARGS)
session["done"] = []
_flows = KW_ARGS["flows"]
if path == "robots.txt":
return static(environ, start_response, "static/robots.txt")
elif path.startswith("static/"):
return static(environ, start_response, path)
elif path.startswith("export/"):
return static(environ, start_response, path)
if path == "": # list
session["done"] = []
session["flows"] = make_list(**KW_ARGS)
return flow_list(environ, start_response,
node_dict(_flows, session["flows"]), session["done"])
elif path in list(_flows.keys()):
try:
redirs = KW_ARGS["cinfo"]["client"]["redirect_uris"]
except KeyError:
redirs = KW_ARGS["cinfo"]["registered"]["redirect_uris"]
conversation = Conversation(_flows[path], _cli, redirs)
session["rf_args"] = {
"profiles": KW_ARGS["profiles"],
"test_id": path,
"conv": conversation,
"conf": KW_ARGS["conf"],
"profile": KW_ARGS["profile"]
}
try:
resp = run_flow(**session["rf_args"])
except Exception as err:
resp = ServiceError("%s" % err)
return resp(environ, start_response)
else:
if resp:
return resp(environ, start_response)
else:
session["done"].append(path)
return flow_list(environ, start_response,
node_dict(_flows, session["flows"]),
session["done"])
else:
logger.debug("unknown side: %s" % path)
resp = NotFound("Couldn't find the side you asked for!")
return resp(environ, start_response)
def service_error(self, message, event_id=None, html=None):
"""
:return A error response which is used to show error messages in the client
"""
if event_id:
message += " Please reference to this event by: " + event_id
response_message = {"ExceptionMessage": message + "", "HTML": html}
resp = ServiceError(json.dumps(response_message))
return resp(self.environ, self.start_response)
def registration(environ, start_response, session, trace):
trace.info(HEADER % "ClientRegistration")
_oas = session["op"]
if environ["REQUEST_METHOD"] == "POST":
return wsgi_wrapper(environ, start_response, _oas.registration_endpoint,
session, trace)
elif environ["REQUEST_METHOD"] == "GET":
return wsgi_wrapper(environ, start_response, _oas.read_registration,
session, trace)
else:
resp = ServiceError("Method not supported")
return resp(environ, start_response)
def registration(environ, start_response, session_info, events, jlog,
**kwargs):
events.store(EV_REQUEST, Operation("ClientRegistration"))
_op = session_info["op"]
if environ["REQUEST_METHOD"] == "POST":
return wsgi_wrapper(environ, start_response, _op.registration_endpoint,
session_info, events, jlog)
elif environ["REQUEST_METHOD"] == "GET":
return wsgi_wrapper(environ, start_response, _op.read_registration,
session_info, events, jlog)
else:
resp = ServiceError("Method not supported")
return resp(environ, start_response)
def application(environ, start_response):
"""
The main WSGI application. Dispatch the current request to
the functions from above and store the regular expression
captures in the WSGI environment as `oic.url_args` so that
the functions from above can access the url placeholders.
If nothing matches call the `not_found` function.
:param environ: The HTTP application environment
:param start_response: The application to run when the handling of the
request is done
:return: The response as a list of lines
"""
global OAS
# user = environ.get("REMOTE_USER", "")
path = environ.get('PATH_INFO', '').lstrip('/')
LOGGER.info("path: %s" % path)
if path == "robots.txt":
return static(environ, start_response, "static/robots.txt")
environ["oic.oas"] = OAS
if path.startswith("static/"):
return static(environ, start_response, path)
for regex, callback in URLS:
match = re.search(regex, path)
if match is not None:
try:
environ['oic.url_args'] = match.groups()[0]
except IndexError:
environ['oic.url_args'] = path
LOGGER.debug("callback: %s" % callback)
try:
return callback(environ, start_response)
except Exception as err:
print("{}".format(err), file=sys.stderr)
message = traceback.format_exception(*sys.exc_info())
print(message, file=sys.stderr)
LOGGER.exception("%s" % err)
resp = ServiceError("%s" % err)
return resp(environ, start_response)
LOGGER.debug("unknown side: %s" % path)
resp = NotFound("Couldn't find the side you asked for!")
return resp(environ, start_response)
def registration(environ, start_response, logger):
_oas = environ["oic.oas"]
if environ["REQUEST_METHOD"] == "POST":
return wsgi_wrapper(environ,
start_response,
_oas.registration_endpoint,
logger=logger)
elif environ["REQUEST_METHOD"] == "GET":
return wsgi_wrapper(environ,
start_response,
_oas.read_registration,
logger=logger)
else:
resp = ServiceError("Method not supported")
return resp(environ, start_response)
def _create_authzreq(self, role, session, acr_value=""):
request_args = role.get_request_args(acr_value, session)
try:
url, body, ht_args, csi = role.request_info(
AuthorizationRequest, "GET", request_args=request_args)
except Exception:
message = traceback.format_exception(*sys.exc_info())
resp = ServiceError(message)
else:
resp_headers = [("Location", str(url))]
if ht_args:
resp_headers.extend([(a, b) for a, b in list(ht_args.items())])
resp = Redirect(url, headers=resp_headers)
return resp
def uid(environ, session, path):
query = parse_qs(environ["QUERY_STRING"])
if "uid" in query:
try:
link = RP.find_srv_discovery_url(resource=query["uid"][0])
except requests.ConnectionError:
return ServiceError("Webfinger lookup failed, connection error")
session["srv_discovery_url"] = link
md5 = hashlib.md5()
md5.update(link)
opkey = base64.b16encode(md5.digest())
client = create_client(opkey)
SERVER_ENV["OIC_CLIENT"][opkey] = client
session["opkey"] = opkey
return {"client": client, "link": link}
else:
return BadRequest()
def application(environ, start_response):
"""
The main WSGI application. Dispatch the current request to
the functions from above and store the regular expression
captures in the WSGI environment as `oic.url_args` so that
the functions from above can access the url placeholders.
If nothing matches call the `not_found` function.
:param environ: The HTTP application environment
:param start_response: The application to run when the handling of the
request is done
:return: The response as a list of lines
"""
global OAS
# user = environ.get("REMOTE_USER", "")
path = environ.get('PATH_INFO', '').lstrip('/')
logger = logging.getLogger('oicServer')
environ["oic.oas"] = OAS
for regex, callback in URLS:
match = re.search(regex, path)
if match is not None:
try:
environ['oic.url_args'] = match.groups()[0]
except IndexError:
environ['oic.url_args'] = path
logger.info("callback: %s" % callback)
try:
return callback(environ, start_response, logger)
except Exception as err:
print(str(err), file=sys.stderr)
message = traceback.format_exception(*sys.exc_info())
print(message, file=sys.stderr)
logger.exception("%s" % err)
resp = ServiceError("%s" % err)
return resp(environ, start_response)
resp = Response(template_lookup=LOOKUP, mako_template="index.html")
return resp(environ, start_response)
def run_test(self, tester, _path, _sid, environ, start_response):
_op = '{} {}'.format(environ['REQUEST_METHOD'], _path)
resp = tester.run(_path, sid=_sid, op=_op, **self.kwargs)
if resp:
logger.info('Response class: {}'.format(resp.__class__.__name__))
if isinstance(resp, requests.Response):
try:
loc = resp.headers['location']
except KeyError:
logger.info('Response type: {}, missing location'.format(
type(resp)))
resp = ServiceError('Wrong response: {}:{}'.format(
resp.status_code, resp.text))
return resp(environ, start_response), 0
else:
try:
tester.conv.events.store('Cookie',
resp.headers['set-cookie'])
except KeyError:
pass
# For me !
if loc.startswith(tester.base_url):
_path = loc[len(tester.base_url):]
if _path[0] == '/':
_path = _path[1:]
return 0, _path
else:
if self.internal:
_url = absolute_url(
loc, tester.sh['test_conf']['start_page'])
logging.info('Redirect not to me => {}'.format(_url))
res = tester.conv.entity.server.http_request(_url)
logging.info('{} response'.format(res.status_code))
logging.debug('txt: {}'.format(res.text))
res = tester.display_test_list()
return res, 0
else:
res = SeeOther(loc)
return res(environ, start_response), 0
elif resp is True or resp is False or resp is None:
return tester.display_test_list(), 0
else:
return resp(environ, start_response), 0
def application(self, environ, start_response):
logger.info("Connection from: %s" % environ["REMOTE_ADDR"])
session = environ['beaker.session']
path = environ.get('PATH_INFO', '').lstrip('/')
logger.info("path: %s" % path)
self.events.store(EV_REQUEST, path)
try:
sh = session['session_info']
except KeyError:
sh = SessionHandler(**self.kwargs)
sh.session_init()
session['session_info'] = sh
inut = WebIO(session=sh, **self.kwargs)
inut.environ = environ
inut.start_response = start_response
tester = WebTester(inut, sh, **self.kwargs)
if path == "robots.txt":
return static_mime("static/robots.txt", environ, start_response)
elif path.startswith("static/"):
return static_mime(path, environ, start_response)
elif path == "list":
try:
qs = parse_qs(get_post(environ))
except Exception as err:
pass
else:
sh['test_conf'] = dict([(k, v[0]) for k, v in qs.items()])
self.session_conf[sh['sid']] = sh
return tester.display_test_list()
elif path == '' or path == 'config':
sid = rndstr(24)
sh['sid'] = sid
try:
args = sh['test_conf']
except:
args = {}
return tester.do_config(sid, **args)
elif path in self.kwargs['flows'].keys(): # Run flow
try:
_ = tester.sh['test_conf']
except KeyError:
resp = SeeOther('/')
return resp(environ, start_response)
try:
_sid = tester.sh['sid']
except KeyError:
_sid = rndstr(24)
tester.sh['sid'] = _sid
self.session_conf[_sid] = sh
resp = tester.run(path, sid=_sid, **self.kwargs)
if isinstance(resp, requests.Response):
loc = resp.headers['location']
#tester.conv.events.store('Cookie', resp.headers['set-cookie'])
if loc.startswith(tester.base_url):
path = loc[len(tester.base_url):]
else:
return resp
elif resp is True or resp is False or resp is None:
return tester.display_test_list()
else:
return resp(environ, start_response)
elif path == 'display':
return inut.flow_list()
elif path == "opresult":
resp = SeeOther("/display#{}".format(
self.pick_grp(sh['conv'].test_id)))
return resp(environ, start_response)
elif path.startswith("test_info"):
p = path.split("/")
try:
return inut.test_info(p[1])
except KeyError:
return inut.not_found()
elif path == 'all':
for test_id in sh['flow_names']:
resp = tester.run(test_id, **self.kwargs)
if resp is True or resp is False:
continue
elif resp:
return resp(environ, start_response)
else:
resp = ServiceError('Unkown service error')
return resp(environ, start_response)
return tester.display_test_list()
# Whatever gets here should be of the form <session_id>/<path>
try:
sid, _path = path.split('/', 1)
except ValueError:
pass
else:
if _path.startswith("static/"):
return static_mime(_path, environ, start_response)
try:
_sh = self.session_conf[sid]
except KeyError:
resp = ServiceError("Unknown session")
return resp(environ, start_response)
tester.sh = _sh
if 'HTTP_AUTHORIZATION' in environ:
_sh['conv'].events.store('HTTP_AUTHORIZATION',
environ['HTTP_AUTHORIZATION'])
_p = _path.split('?')
if _p[0] in _sh['conv'].entity.endpoints():
resp = self.handle(environ, tester, sid, *_p)
self.session_conf[sid] = tester.sh
return resp(environ, start_response)
for endpoint, service in self.endpoints.items():
if _path == endpoint:
logger.info("service: {}".format(service))
try:
resp = self.handle(environ, tester, sid, service)
return resp(environ, start_response)
except Exception as err:
print("%s" % err)
message = traceback.format_exception(*sys.exc_info())
print(message)
logger.exception("%s" % err)
resp = ServiceError("%s" % err)
return resp(environ)
logger.debug("unknown side: %s" % path)
resp = NotFound("Couldn't find the side you asked for!")
return resp(environ, start_response)
def application(self, environ, start_response):
logger.info("Connection from: %s" % environ["REMOTE_ADDR"])
path = environ.get('PATH_INFO', '').lstrip('/')
logger.info("path: %s" % path)
_io = IO(rest=self.rest,
environ=environ,
start_response=start_response,
lookup=self.lookup,
baseurl=self.baseurl)
if path == "robots.txt":
return _io.static("static/robots.txt")
elif path == "favicon.ico":
return _io.static("static/favicon.ico")
elif path.startswith("static/"):
return _io.static(path)
elif path.startswith("export/"):
return _io.static(path)
if path == '':
return _io.main()
if path == 'new':
return _io.new_iss()
if path == 'entity':
return _io.list_iss()
elif path.startswith('entity/'):
p = path.split('/')
while p[-1] == '':
p = p[:-1]
if len(p) == 2:
return _io.list_tag(p[1])
elif len(p) == 3:
return _io.show_tag(p)
elif len(p) == 4:
_com = p[-1]
if _com == 'action':
_qs = parse_qs(environ.get('QUERY_STRING'))
try:
_act = _qs['action'][0]
except KeyError:
resp = BadRequest('missing query parameter')
return resp(environ, start_response)
if _act == 'delete':
return _io.delete_instance(p[1:3],
pid=self.get_pid(p[1:3]),
app=self)
elif _act == 'restart':
return _io.restart_instance(self, p[1:3])
elif _act == 'configure':
return _io.update_instance(*p[1:3])
else:
resp = BadRequest('Unknown action')
return resp(environ, start_response)
elif path.startswith('form/'):
return self.form_handling(path, _io)
elif path == 'create':
loc = self.basic_entity_configuration(_io)
resp = SeeOther(loc)
return resp(_io.environ, _io.start_response)
elif path.startswith('run/'):
_iss, _tag = get_iss_and_tag(path)
if _iss == '' or _tag == '':
resp = BadRequest('Path must be of the form /run/<iss>/<tag>')
return resp(environ, start_response)
_qiss = quote_plus(_iss)
_qtag = quote_plus(_tag)
_info = parse_qs(get_post(environ))
ent_conf = expand_dict(_info)
if not verify_config(ent_conf):
resp = BadRequest('Incorrect configuration')
else:
self.rest.write(_qiss, _qtag, ent_conf)
resp = self.run_test_instance(_qiss, _qtag)
if not isinstance(resp, Response):
resp = SeeOther(resp)
return resp(_io.environ, _io.start_response)
elif path.startswith('model/'):
p = path.split('/')
prof = p[1]
if verify_profile(prof):
info = create_model(prof)
if info:
res = Response(json.dumps(info), content='applicaton/json')
else:
res = ServiceError()
else:
res = BadRequest('Syntax error in profile specification')
return res(environ, start_response)
elif path.startswith('register/'):
_iss, _tag = get_iss_and_tag(path)
_qiss = quote_plus(_iss)
_qtag = quote_plus(_tag)
_met = environ.get('REQUEST_METHOD')
if _met == 'GET':
return self.assigned_ports.register_port(_qiss, _qtag)
elif _met == 'DELETE':
return self.return_port(_qiss, _qtag)
else:
# check if this a REST request
_iss, _tag = get_iss_and_tag(path)
_qiss = quote_plus(_iss)
_qtag = quote_plus(_tag)
_path = '/{}/{}'.format(_qiss, _qtag)
_met = environ.get('REQUEST_METHOD')
if _met == 'GET':
resp = self.rest.read(_qiss, _qtag, _path)
elif _met == 'POST':
resp = self.rest.replace(_qiss, _qtag, get_post(environ),
_path)
elif _met == 'PUT':
resp = self.rest.store(_qiss, _qtag, get_post(environ))
elif _met == 'DELETE':
resp = self.rest.delete(_qiss, _qtag)
else:
resp = BadRequest('Unsupported request method')
return resp(environ, start_response)
elif path == "resource_set":
query = parse_qs(environ["QUERY_STRING"])
uid = query["user"][0]
res = AUTHZSRV.resource_sets_by_user(uid)
resp = Response(json.dumps([r.to_dict() for r in res]))
elif path == "perm_reg":
query = parse_qs(environ["QUERY_STRING"])
for key, val in query.items():
if key in ["requestor", "resource_id", "user"]:
query[key] = val[0]
pre_trace("-->AS", "store_permission", query=query)
try:
AUTHZSRV.store_permission(**query)
except Exception, err:
post_trace("<--AS", exception="%s" % err)
resp = ServiceError("%s" % err)
else:
post_trace("<--AS", status="OK")
resp = Response("OK")
elif path.startswith("access/info"):
query = parse_qs(environ["QUERY_STRING"])
path = path[len("access/"):]
pre_trace("C-->", "Access info", query=query, path=path)
try:
resp = CLIENT.get_info(query["requester"][0], path)
except Exception, err:
post_trace("C<--", exception="%s" % err)
resp = ServiceError("%s" % err)
else:
post_trace("C<--", **repack_response(resp))
else:
def application(self, environ, start_response):
"""
:param environ: The HTTP application environment
:param start_response: The application to run when the handling of the
request is done
:return: The response as a list of lines
"""
path = environ.get('PATH_INFO', '').lstrip('/')
response_encoder = ResponseEncoder(environ=environ,
start_response=start_response)
parameters = parse_qs(environ["QUERY_STRING"])
session_info = {
"addr": get_client_address(environ),
'cookie': environ.get("HTTP_COOKIE", ''),
'path': path,
'parameters': parameters
}
jlog = JLog(LOGGER, session_info['addr'])
jlog.info(session_info)
if path == "robots.txt":
return static(environ, start_response, "static/robots.txt")
if path.startswith("static/"):
return static(environ, start_response, path)
elif path.startswith("tar/"):
return static(environ, start_response, path)
elif path.startswith("log"):
return display_log(path, environ, start_response, lookup=LOOKUP)
elif path.startswith('clear/'):
return clear_log(path, environ, start_response, lookup=LOOKUP)
elif path.startswith('mktar/'):
return make_tar(path, environ, start_response, lookup=LOOKUP)
elif path.startswith("_static/"):
return static(environ, start_response, path)
elif path.startswith("jwks.json"):
try:
mode, endpoint = extract_mode(self.op_args["baseurl"])
events = Events()
events.store('Init',
'===========================================')
op, path, jlog.id = self.op_setup(environ, mode, events,
self.test_conf, endpoint)
jwks = op.generate_jwks(mode)
resp = Response(jwks,
headers=[('Content-Type', 'application/json')])
return resp(environ, start_response)
except KeyError:
# Try to load from static file
return static(environ, start_response, "static/jwks.json")
events = Events()
events.store('Init', '===========================================')
if path == "test_list":
return rp_test_list(environ, start_response)
elif path == "":
return registration(environ, start_response)
elif path == "generate_client_credentials":
client_id, client_secret = generate_static_client_credentials(
parameters)
return response_encoder.return_json(
json.dumps({"client_id": client_id,
"client_secret": client_secret}))
elif path == "3rd_party_init_login":
return rp_support_3rd_party_init_login(environ, start_response)
# path should be <oper_id>/<test_id>/<endpoint>
try:
mode = parse_path(path)
except ValueError:
resp = BadRequest('Illegal path')
return resp(environ, start_response)
try:
endpoint = mode['endpoint']
except KeyError:
_info = {'error': 'No endpoint', 'mode': mode}
events.store(EV_FAULT, _info)
jlog.error(_info)
resp = BadRequest('Illegal path')
return resp(environ, start_response)
if endpoint == ".well-known/webfinger":
session_info['endpoint'] = endpoint
try:
_p = urlparse(parameters["resource"][0])
except KeyError:
events.store(EV_FAULT,
FailedOperation('webfinger',
'No resource defined'))
jlog.error({'reason': 'No resource defined'})
resp = ServiceError("No resource defined")
return resp(environ, start_response)
if _p.scheme in ["http", "https"]:
events.store(EV_REQUEST,
Operation(name='webfinger', type='url',
path=_p.path))
mode = parse_path(_p.path)
elif _p.scheme == "acct":
_l, _ = _p.path.split('@')
_a = _l.split('.')
if len(_a) == 2:
_oper_id = _a[0]
_test_id = _a[1]
elif len(_a) > 2:
_oper_id = ".".join(_a[:-1])
_test_id = _a[-1]
else:
_oper_id = _a[0]
_test_id = 'default'
mode.update({'oper_id': _oper_id, 'test_id': _test_id})
events.store(EV_REQUEST,
Operation(name='webfinger', type='acct',
oper_id=_oper_id, test_id=_test_id))
else:
_msg = "Unknown scheme: {}".format(_p.scheme)
events.events(EV_FAULT, FailedOperation('webfinger', _msg))
jlog.error({'reason': _msg})
resp = ServiceError(_msg)
return resp(environ, start_response)
elif endpoint == "claim":
authz = environ["HTTP_AUTHORIZATION"]
_ev = Operation('claim')
try:
assert authz.startswith("Bearer")
except AssertionError:
resp = BadRequest()
else:
_ev.authz = authz
events.store(EV_REQUEST, _ev)
tok = authz[7:]
# mode, endpoint = extract_mode(self.op_args["baseurl"])
_op, _, sid = self.op_setup(environ, mode, events,
self.test_conf, endpoint)
try:
_claims = _op.claim_access_token[tok]
except KeyError:
resp = BadRequest()
else:
del _op.claim_access_token[tok]
_info = Message(**_claims)
jwt_key = _op.keyjar.get_signing_key()
resp = Response(_info.to_jwt(key=jwt_key,
algorithm="RS256"),
content='application/jwt')
return resp(environ, start_response)
if mode:
session_info.update(mode)
jlog.id = mode['oper_id']
try:
_op, path, jlog.id = self.op_setup(environ, mode, events,
self.test_conf,
endpoint)
except UnknownTestID as err:
resp = BadRequest('Unknown test ID: {}'.format(err.args[0]))
return resp(environ, start_response)
session_info["op"] = _op
session_info["path"] = path
session_info['test_conf'] = self.test_conf[session_info['test_id']]
for regex, callback in URLS:
match = re.search(regex, endpoint)
if match is not None:
_op = HTTPRequest(endpoint=endpoint,
method=environ["REQUEST_METHOD"])
try:
_op.authz = environ["HTTP_AUTHORIZATION"]
except KeyError:
pass
events.store(EV_HTTP_REQUEST, _op)
try:
environ['oic.url_args'] = match.groups()[0]
except IndexError:
environ['oic.url_args'] = endpoint
jlog.info({'callback': callback.__name__})
try:
return callback(environ, start_response, session_info,
events, op_arg=self.op_args, jlog=jlog)
except Exception as err:
print("%s" % err)
message = traceback.format_exception(*sys.exc_info())
print(message)
events.store(EV_EXCEPTION, err)
LOGGER.exception("%s" % err)
resp = ServiceError("%s" % err)
return resp(environ, start_response)
LOGGER.debug("unknown page: '{}'".format(endpoint))
events.store(EV_FAULT, 'No such page: {}'.format(endpoint))
resp = NotFound("Couldn't find the side you asked for!")
return resp(environ, start_response)
def application(environ, start_response):
session = environ['beaker.session']
path = environ.get('PATH_INFO', '').lstrip('/')
try:
_cli = session["client"]
except KeyError:
_cli = session["client"] = Client(
client_authn_method=CLIENT_AUTHN_METHOD, keyjar=KEYJAR)
_cli.kid = KIDD
#_cli.allow["issuer_mismatch"] = True
_cli.jwks_uri = JWKS_URI
for arg, val in CONF.CLIENT_INFO.items():
setattr(_cli, arg, val)
session["done"] = []
if path == "robots.txt":
return static(environ, start_response, LOGGER, "static/robots.txt")
elif path.startswith("static/"):
return static(environ, start_response, LOGGER, path)
elif path.startswith("export/"):
return static(environ, start_response, LOGGER, path)
if path == "": # list
return flow_list(environ, start_response, FLOWS.FLOWS, session["done"])
elif path in FLOWS.FLOWS.keys():
session["flow"] = FLOWS.FLOWS[path]
session["index"] = 0
session["item"] = path
session["test_id"] = path
try:
resp = run_flow(_cli, session["index"], session, path)
except Exception as err:
resp = ServiceError("%s" % err)
return resp(environ, start_response)
else:
if resp:
return resp(environ, start_response)
else:
return flow_list(environ, start_response, FLOWS.FLOWS,
session["done"])
elif path in ["authz_cb", "authz_post"]:
if path != "authz_post":
args = session["flow"]["flow"][session["index"] - 1]["args"]
if args["response_type"] != ["code"]:
return opresult_fragment(environ, start_response)
# Got a real Authn response
ctype = "urlencoded"
if path == "authz_post":
query = parse_qs(get_post(environ))
info = query["fragment"][0]
else:
info = environ["QUERY_STRING"]
LOGGER.info("Response: %s" % info)
try:
_cli = session["client"]
response = _cli.parse_response(AuthorizationResponse,
info,
ctype,
session["state"],
keyjar=_cli.keyjar)
except ResponseError as err:
LOGGER.error("%s" % err)
resp = ServiceError("%s" % err)
return resp(environ, start_response)
except Exception as err:
_spec = session["flow"]["flow"][session["index"] - 1]
try:
assert isinstance(err, _spec["error"])
except KeyError:
raise
else:
pass
try:
resp = run_flow(_cli, session["index"], session,
session["test_id"])
except Exception as err:
LOGGER.error("%s" % err)
resp = ServiceError("%s" % err)
return resp(environ, start_response)
else:
if resp:
return resp(environ, start_response)
else:
return flow_list(environ, start_response, FLOWS.FLOWS,
session["done"])
else:
LOGGER.debug("unknown side: %s" % path)
resp = NotFound("Couldn't find the side you asked for!")
return resp(environ, start_response)
start_response, trace, index)
except Exception, err:
return err_response(environ, start_response, session,
"run_sequence", err)
elif path in ["authz_cb", "authz_post"]:
if path != "authz_post":
if session["response_type"] and not \
session["response_type"] == ["code"]:
return opresult_fragment(environ, start_response)
try:
sequence_info = session["seq_info"]
index = session["index"]
ots = session["ots"]
conv = session["conv"]
except KeyError as err:
resp = ServiceError(str(err))
return resp(environ, start_response)
req_c, resp_c = sequence_info["sequence"][index]
if resp_c: # None in cases where no OIDC response is expected
_ctype = resp_c.ctype
# parse the response
if path == "authz_post":
query = parse_qs(get_post(environ))
info = query["fragment"][0]
_ctype = "urlencoded"
elif resp_c.where == "url":
info = environ["QUERY_STRING"]
_ctype = "urlencoded"
else: # resp_c.where == "body"
def application(environ, start_response):
session = Session(environ['beaker.session'])
path = environ.get('PATH_INFO', '').lstrip('/')
if path == "robots.txt":
return static(environ, start_response, LOGGER, "static/robots.txt")
if path.startswith("static/"):
return static(environ, start_response, LOGGER, path)
query = parse_qs(environ["QUERY_STRING"])
if path == "logout":
try:
logoutUrl = session.getClient().endsession_endpoint
logoutUrl += "?" + urllib.urlencode(
{"post_logout_redirect_uri": SERVER_ENV["base_url"]})
try:
logoutUrl += "&" + urllib.urlencode({
"id_token_hint": id_token_as_signed_jwt(
session.getClient(), "HS256")})
except:
pass
session.clearSession()
resp = Redirect(str(logoutUrl))
return resp(environ, start_response)
except:
pass
if session.getCallback():
_uri = "%s%s" % (conf.BASE, path)
for _cli in SERVER_ENV["OIC_CLIENT"].values():
if _uri in _cli.redirect_uris:
session.setCallback(False)
func = getattr(RP, "callback")
return func(environ, SERVER_ENV, start_response, query, session)
if path == "rpAcr":
return choose_acr_value(environ, start_response, session)
if path == "rpAuth":
# Only called if multiple arc_values (that is authentications) exists.
if "acr" in query and query["acr"][0] in session.get_acr_values():
func = getattr(RP, "create_authnrequest")
return func(environ, SERVER_ENV, start_response, session,
query["acr"][0])
if session.getClient() is not None:
session.setCallback(True)
func = getattr(RP, "begin")
return func(environ, SERVER_ENV, start_response, session, "")
if path == "rp":
if "uid" in query:
try:
link = RP.find_srv_discovery_url(resource=query["uid"][0])
except requests.ConnectionError:
resp = ServiceError("Webfinger lookup failed, connection error")
return resp(environ, start_response)
RP.srv_discovery_url = link
md5 = hashlib.md5()
md5.update(link)
opkey = base64.b16encode(md5.digest())
session.setCallback(True)
func = getattr(RP, "begin")
return func(environ, SERVER_ENV, start_response, session, opkey)
return opbyuid(environ, start_response)
def application(environ, start_response):
session = Session(environ['beaker.session'])
path = environ.get('PATH_INFO', '').lstrip('/')
if path == "robots.txt":
return static(environ, start_response, LOGGER, "static/robots.txt")
if path.startswith("static/"):
return static(environ, start_response, LOGGER, path)
query = parse_qs(environ["QUERY_STRING"])
if path == "logout":
try:
logoutUrl = session['client'].end_session_endpoint
plru = "{}post_logout".format(SERVER_ENV["base_url"])
logoutUrl += "?" + urlencode({"post_logout_redirect_uri": plru})
try:
logoutUrl += "&" + urlencode({
"id_token_hint":
id_token_as_signed_jwt(session['client'], "HS256")
})
except AttributeError as err:
pass
session.clear()
resp = SeeOther(str(logoutUrl))
return resp(environ, start_response)
except Exception as err:
LOGGER.exception("Failed to handle logout")
if path == "post_logout":
return post_logout(environ, start_response)
if session['callback']:
_uri = "%s%s" % (conf.BASE, path)
for _cli in SERVER_ENV["OIC_CLIENT"].values():
if _uri in _cli.redirect_uris:
session['callback'] = False
func = getattr(RP, "callback")
return func(environ, SERVER_ENV, start_response, query,
session)
if path == "rpAcr":
return choose_acr_value(environ, start_response, session)
if path == "rpAuth":
# Only called if multiple arc_values (that is authentications) exists.
if "acr" in query and query["acr"][0] in session['acr_values']:
func = getattr(RP, "create_authnrequest")
return func(environ, SERVER_ENV, start_response, session,
query["acr"][0])
if session["client"] is not None:
session['callback'] = True
func = getattr(RP, "begin")
return func(environ, SERVER_ENV, start_response, session, "")
if path == "rp":
if "uid" in query:
try:
link = RP.find_srv_discovery_url(resource=query["uid"][0])
except requests.ConnectionError:
resp = ServiceError(
"Webfinger lookup failed, connection error")
return resp(environ, start_response)
RP.srv_discovery_url = link
h = hashlib.sha256()
h.update(link.encode("utf-8"))
opkey = base64.b16encode(h.digest()).decode("utf-8")
session['callback'] = True
func = getattr(RP, "begin")
return func(environ, SERVER_ENV, start_response, session, opkey)
return opbyuid(environ, start_response)
def application(environ, start_response):
"""
:param environ: The HTTP application environment
:param start_response: The application to run when the handling of the
request is done
:return: The response as a list of lines
"""
global OAS
session = environ['beaker.session']
path = environ.get('PATH_INFO', '').lstrip('/')
response_encoder = ResponseEncoder(environ=environ,
start_response=start_response)
parameters = parse_qs(environ["QUERY_STRING"])
if path == "robots.txt":
return static(environ, start_response, "static/robots.txt")
if path.startswith("static/"):
return static(environ, start_response, path)
elif path.startswith("log"):
return display_log(environ, start_response)
elif path.startswith("_static/"):
return static(environ, start_response, path)
trace = Trace()
if path == "test_list":
return rp_test_list(environ, start_response)
elif path == "":
return registration(environ, start_response)
elif path == "generate_client_credentials":
client_id, client_secret = generate_static_client_credentials(parameters)
return response_encoder.return_json(
json.dumps({"client_id": client_id,
"client_secret": client_secret}))
elif path == "claim":
_oas = session["op"]
authz = environ["HTTP_AUTHORIZATION"]
try:
assert authz.startswith("Bearer")
except AssertionError:
resp = BadRequest()
else:
tok = authz[7:]
try:
_claims = _oas.claim_access_token[tok]
except KeyError:
resp = BadRequest()
else:
del _oas.claim_access_token[tok]
resp = Response(json.dumps(_claims), content='application/json')
return resp(environ, start_response)
mode, endpoint = extract_mode(path)
if endpoint == ".well-known/webfinger":
_p = urlparse(parameters["resource"][0])
if _p.scheme in ["http", "https"]:
mode = {"test_id": _p.path[1:]}
elif _p.scheme == "acct":
_l, _ = _p.path.split('@')
mode = {"test_id": _l}
else:
resp = ServiceError("Unknown scheme: {}".format(_p.scheme))
return resp(environ, start_response)
if mode:
session["test_id"] = mode["test_id"]
if "op" not in session:
session["op"] = setup_op(mode, COM_ARGS, OP_ARG)
session["mode_path"] = mode2path(mode)
else: # may be a new mode
_path = mode2path(mode)
if session["mode_path"] != _path:
session["op"] = setup_op(mode, COM_ARGS, OP_ARG)
session["mode_path"] = _path
for regex, callback in URLS:
match = re.search(regex, endpoint)
if match is not None:
trace.request("PATH: %s" % endpoint)
trace.request("METHOD: %s" % environ["REQUEST_METHOD"])
try:
trace.request(
"HTTP_AUTHORIZATION: %s" % environ["HTTP_AUTHORIZATION"])
except KeyError:
pass
try:
environ['oic.url_args'] = match.groups()[0]
except IndexError:
environ['oic.url_args'] = endpoint
LOGGER.info("callback: %s" % callback)
try:
return callback(environ, start_response, session, trace)
except Exception as err:
print >> sys.stderr, "%s" % err
message = traceback.format_exception(*sys.exc_info())
print >> sys.stderr, message
LOGGER.exception("%s" % err)
resp = ServiceError("%s" % err)
return resp(environ, start_response)
LOGGER.debug("unknown side: %s" % endpoint)
resp = NotFound("Couldn't find the side you asked for!")
return resp(environ, start_response)
def application(self, environ, start_response):
session = environ['beaker.session']
jlog = JLog(logger, session.id)
path = environ.get('PATH_INFO', '').lstrip('/')
jlog.info({"remote_addr": environ["REMOTE_ADDR"], "path": path})
# self.events.store(EV_REQUEST, path)
try:
sh = session['session_info']
except KeyError:
sh = SessionHandler(**self.kwargs)
#sh.session_init()
session['session_info'] = sh
info = WebIh(session=sh, **self.kwargs)
info.environ = environ
info.start_response = start_response
tester = WebTester(info, sh, **self.kwargs)
if 'path' in self.kwargs and path.startswith(self.kwargs['path']):
_path = path[len(kwargs['path']) + 1:]
else:
_path = path
if _path == "robots.txt":
return static_mime("static/robots.txt", environ, start_response)
elif _path.startswith("static/"):
return static_mime(_path, environ, start_response)
if _path == "list":
try:
qs = parse_qs(get_or_post(environ))
except Exception as err:
jlog.error({'message': err})
qs = {}
else:
if qs:
sh['test_conf'] = dict([(k, v[0]) for k, v in qs.items()])
# self.session_conf[sh['sid']] = sh
else:
return self.init_session(tester, sh)
logger.info('test_conf: {}'.format(sh['test_conf']))
if 'start_page' not in sh['test_conf']:
resp = BadRequest('You MUST provide a start_page')
return resp(environ, start_response)
info.profile = tester.sh.profile = qs['response_type'][0]
sh.session_init()
if 'test_id' in qs:
(res, _path) = self.run_test(tester, qs['test_id'][0],
sh['sid'], environ,
start_response)
if res:
return res
else:
res = tester.display_test_list()
return res
elif _path == '' or _path == 'config':
return self.init_session(tester, sh)
elif _path in self.kwargs['flows'].keys(): # Run flow
# Will use the same test configuration
try:
_ = tester.sh['test_conf']
except KeyError:
return self.init_session(tester, sh)
try:
_sid = tester.sh['sid']
except KeyError:
_sid = self.store_session_handler(sh)
# First time around this should not be set
try:
_ = self.session_conf[_sid]['flow']
except KeyError:
pass
else:
return self.init_session(tester, sh, _path)
(res, _path) = self.run_test(tester, _path, _sid, environ,
start_response)
if res:
return res
elif _path == 'display':
return info.flow_list()
elif _path == "opresult":
try:
_display_path = '/{}/display'.format(self.kwargs['path'])
except KeyError:
_display_path = '/display'
resp = SeeOther("{}#{}".format(_display_path,
self.pick_grp(sh['conv'].test_id)))
return resp(environ, start_response)
elif _path.startswith("test_info"):
p = _path.split("/")
try:
return info.test_info(p[1])
except KeyError:
return info.not_found()
elif _path == 'all':
for test_id in sh['flow_names']:
resp = tester.run(test_id, **self.kwargs)
if resp is True or resp is False:
continue
elif resp:
return resp(environ, start_response)
else:
resp = ServiceError('Unkown service error')
return resp(environ, start_response)
return tester.display_test_list()
# Whatever gets here should be of the form <session_id>/<path>
try:
sid, _path = _path.split('/', 1)
except ValueError:
pass
else:
if _path.startswith("static/"):
return static_mime(_path, environ, start_response)
try:
_sh = self.session_conf[sid]
except KeyError:
resp = ServiceError("Unknown session")
return resp(environ, start_response)
tester.sh = _sh
if 'HTTP_AUTHORIZATION' in environ:
_sh['conv'].events.store('HTTP_AUTHORIZATION',
environ['HTTP_AUTHORIZATION'])
_p = _path.split('?')
_sh['conv'].events.store(
'http request', '{} /{}'.format(environ['REQUEST_METHOD'],
_path))
if _p[0] in _sh['conv'].entity.endpoints():
resp = self.handle(environ, tester, sid, *_p)
self.session_conf[sid] = tester.sh
# The only redirect should be the one to the redirect_uri
if isinstance(resp, SeeOther):
if self.internal:
# res = self.see_other_to_get(resp, sh)
# res is probably a redirect
# send the user back to the test list page
return info.flow_list()
else:
return resp(environ, start_response)
elif isinstance(resp, Response):
return resp(environ, start_response)
else:
return resp
for endpoint, service in self.endpoints.items():
if _path == endpoint:
jlog.info({"service": service})
try:
resp = self.handle(environ, tester, sid, service)
return resp(environ, start_response)
except Exception as err:
print("%s" % err)
message = traceback.format_exception(*sys.exc_info())
print(message)
jlog.exception(err)
resp = ServiceError("%s" % err)
return resp(environ)
jlog.debug({"unknown side": path})
resp = NotFound("Couldn't find the side you asked for!")
return resp(environ, start_response)
def application(self, environ, start_response):
logger.info("Connection from: %s" % environ["REMOTE_ADDR"])
path = environ.get('PATH_INFO', '').lstrip('/')
logger.info("path: %s" % path)
_io = IO(rest=self.rest,
environ=environ,
start_response=start_response,
lookup=self.lookup)
if path == "robots.txt":
return _io.static("static/robots.txt")
elif path == "favicon.ico":
return _io.static("static/favicon.ico")
elif path.startswith("static/"):
return _io.static(path)
elif path.startswith("export/"):
return _io.static(path)
if path == '':
return _io.get_iss()
elif path.startswith('form/'):
return self.form_handling(path, _io)
elif path == 'create':
loc = self.basic_entity_configuration(_io)
resp = SeeOther(loc)
return resp(_io.environ, _io.start_response)
elif path.startswith('run/'):
_iss, _tag = get_iss_and_tag(path)
if _iss == '' or _tag == '':
resp = BadRequest('Path must be of the form /run/<iss>/<tag>')
return resp(environ, start_response)
_qiss = quote_plus(_iss)
_qtag = quote_plus(_tag)
_info = parse_qs(get_post(environ))
ent_conf = expand_dict(_info)
self.rest.write(_qiss, _qtag, ent_conf)
resp = self.run_test_instance(_qiss, _qtag)
if not isinstance(resp, Response):
resp = SeeOther(resp)
return resp(_io.environ, _io.start_response)
elif path.startswith('model/'):
p = path.split('/')
prof = p[1]
if verify_profile(prof):
info = create_model(prof)
if info:
res = Response(json.dumps(info), content='applicaton/json')
else:
res = ServiceError()
else:
res = BadRequest('Syntax error in profile specification')
return res(environ, start_response)
else:
# check if this a REST request
_iss, _tag = get_iss_and_tag(path)
_qiss = quote_plus(_iss)
_qtag = quote_plus(_tag)
_path = '/{}/{}'.format(_qiss, _qtag)
_met = environ.get('REQUEST_METHOD')
if _met == 'GET':
resp = self.rest.read(_qiss, _qtag, _path)
elif _met == 'POST':
resp = self.rest.replace(_qiss, _qtag, get_post(environ),
_path)
elif _met == 'PUT':
resp = self.rest.store(_qiss, _qtag, get_post(environ))
elif _met == 'DELETE':
resp = self.rest.delete(_qiss, _qtag)
else:
resp = BadRequest('Unsupported request method')
return resp(environ, start_response)
_trace = session["trace"] = Trace()
_cli = None
if not request: # Do response first
if client:
_cli = client
else:
_cli = SERVER_ENV["OIC_CLIENT"][session["opkey"]]
try:
_phase, _flow, resp = do_response(_phase, _cli, _trace, session,
flow, environ)
except FatalError:
return display_result(_trace)
except Exception:
message = traceback.format_exception(*sys.exc_info())
resp = ServiceError("%s" % message)
if resp:
return resp(environ, start_response)
if _phase is None: # end of a flow
resp = display_result(_trace)
return resp(environ, start_response)
# The request in a phase
if _cli:
client = _cli
if link:
kwargs = {"endpoint": link}
else:
kwargs = {}
