def run_test(test_id, tool_url, tester, rp_fed_ent, jb, sig):
_iss = "{}/{}/{}".format(tool_url, tester, test_id)
_url = "{}/{}".format(_iss, ".well-known/openid-configuration")
resp = requests.request('GET', _url, verify=False)
rp_fed_ent.jwks_bundle = fo_jb(jb, _flows[test_id])
rp = Client(federation_entity=rp_fed_ent, verify_ssl=False)
rp.redirect_uris = ['https://localhost:666/authz_cb']
rp.fo_priority = [
'https://swamid.sunet.se', 'https://edugain.com',
'https://www.feide.no'
]
rp_fed_ent.httpcli = rp
# Will raise an exception if there is no metadata statement I can use
try:
rp.handle_response(resp, _iss, rp.parse_federation_provider_info,
ProviderConfigurationResponse)
except (RegistrationError, ParameterError) as err:
print(test_id, "Exception: {}".format(err))
return
# If there are more the one metadata statement I can use
# provider_federations will be set and will contain a dictionary
# keyed on FO identifier
if rp.provider_federations:
print(test_id, [p.fo for p in rp.provider_federations])
else: # Otherwise there should be exactly one metadata statement I can use
print(test_id, rp.federation)
# Just pick a federation
rp.chose_provider_federation(_iss)
# Chose a signer of the registration request
# Now for registration
_sig = sig[rp.federation]
req = rp.create_registration_request()
_sms = _sig(req.to_dict())
rp_fed_ent.signer.metadata_statements['registration'][_sig.iss] = _sms
res = rp.register(rp.provider_info['registration_endpoint'],
redirect_uris=rp.redirect_uris)
print(res)
print(rp.federation)
def test_parse_pi():
# Sunet OP
sunet_op = 'https://sunet.se/op'
# _kj = build_keyjar(KEYDEFS)[1]
_kj = signer[EO['sunet.op']].signing_service.signing_keys
op_fed_ent = FederationEntity(None,
keyjar=_kj,
iss=sunet_op,
signer=signer['https://sunet.se'],
fo_bundle=fo_keybundle)
op = Provider(sunet_op,
None, {},
None, {},
None,
client_authn=None,
symkey=SYMKEY,
federation_entity=op_fed_ent,
response_metadata_statements=signer[
EO['sunet.op']].metadata_statements['response'])
op.baseurl = op.name
op.signer = signer[EO['sunet.op']]
# UNINETT RP
_kj = signer[EO['foodle.rp']].signing_service.signing_keys
rp_fed_ent = FederationEntity(None,
keyjar=_kj,
iss=EO['foodle.rp'],
signer=signer['https://uninett.no'],
fo_bundle=fo_keybundle)
rp = Client(federation_entity=rp_fed_ent, fo_priority=list(FO.values()))
pi = op.create_fed_providerinfo()
assert pi
rp.parse_federation_provider_info(pi, sunet_op)
assert len(rp.provider_federations) == 2
assert set([r.fo for r in rp.provider_federations
]) == {'https://swamid.sunet.se', 'https://www.feide.no'}
# Got two alternative FOs, one I can use the other not
req = rp.federated_client_registration_request(
redirect_uris='https://foodle.uninett.no/authz',
scope=['openid', 'email', 'phone'])
assert req
resp = op.registration_endpoint(req.to_dict())
assert isinstance(resp, Created)
rp.parse_federation_registration(json.loads(resp.message), '')
assert rp.federation == FO['feide']
assert rp.registration_response
def test_no_signing_federation():
# UNINETT RP
uninett_rp = 'https://foodle.uninett.no'
_path = os.path.join('ms', quote_plus(OA['sunet']))
signer = Signer(None, _path, 'register')
_kj = build_keyjar(KEYDEFS)[1]
rp_fed_ent = FederationEntity(None,
keyjar=_kj,
iss=uninett_rp,
signer=signer,
fo_bundle=fo_keybundle)
rp = Client(federation_entity=rp_fed_ent, fo_priority=list(FO.values()))
rp.federation = FO['swamid']
req = rp.federated_client_registration_request(
redirect_uris='https://foodle.uninett.no/authz',
scope=['openid', 'email', 'phone'])
assert set(req['metadata_statements'].keys()) == {FO['swamid']}