def test_get_metadata_statement():
jb = JWKSBundle('')
for iss in ['https://example.org/', 'https://example.com/']:
jb[iss] = build_keyjar(KEYDEFS)[1]
self_signer = InternalSigningService(keyjar=jb['https://example.com/'],
iss='https://example.com/')
op = Operator(self_signer=self_signer, iss='https://example.com/')
req = MetadataStatement(foo='bar')
sms = op.pack_metadata_statement(req, sign_alg='RS256')
sms_dir = {'https://example.com': sms}
req['metadata_statements'] = Message(**sms_dir)
ent = FederationEntity(None, fo_bundle=public_jwks_bundle(jb))
loe = ent.get_metadata_statement(req)
assert loe
def test_pack_metadata_statement_other_alg():
_keyjar = build_keyjar(KEYDEFS)[1]
self_signer = InternalSigningService('https://example.com/op',
keyjar=_keyjar)
op = Operator(self_signer=self_signer, iss=self_signer.iss)
req = MetadataStatement(issuer='https://example.org/op')
sms = op.pack_metadata_statement(req, sign_alg='ES256')
assert sms # Should be a signed JWT
_jwt = factory(sms)
_body = json.loads(as_unicode(_jwt.jwt.part[1]))
assert _body['iss'] == self_signer.iss
# verify signature
_kj = public_keys_keyjar(_keyjar, '', None, op.iss)
r = _jwt.verify_compact(sms, _kj.get_signing_key(owner=op.iss))
assert r
def test_construct_with_receiver(self):
_srv = self.service['registration']
_srv.service_context.federation_entity.metadata_statements[
'registration'] = {}
make_signing_sequence([FOODLE.iss, UNINETT.iss, FEIDE.iss],
FEDENT,
context='registration')
_req = _srv.construct(receiver='https://example.com/op')
assert isinstance(_req, MetadataStatement)
assert len(_req) == 2
assert set(_req['metadata_statements'].keys()) == {FEIDE.iss}
op = Operator(jwks_bundle=fo_keybundle)
r = op.unpack_metadata_statement(_req)
assert r
l = op.evaluate_metadata_statement(r.result)
assert l
assert len(l) == 1
assert set(l[0].le.keys()) == {'redirect_uris'}
def test_pack_and_unpack_ms_lev0():
cms = ClientMetadataStatement(signing_keys=FOP.signing_keys_as_jwks_json(),
contacts=['*****@*****.**'],
scope=['openid'])
_jwt = FOP.pack_metadata_statement(cms, sign_alg='RS256')
assert _jwt
json_ms = unfurl(_jwt)
# print(json_ms.keys())
assert set(json_ms.keys()) == {
'signing_keys', 'iss', 'iat', 'exp', 'kid', 'scope', 'contacts', 'aud'
}
# Unpack what you have packed
_kj = KeyJar().import_jwks(FOP.signing_keys_as_jwks(), '')
op = Operator(_kj, jwks_bundle=public_jwks_bundle(FOP.jwks_bundle))
pr = op.unpack_metadata_statement(jwt_ms=_jwt)
assert pr.result
def fo_member(*args):
"""
Anonymous member of a set of federations.
Used to parse compounded metadata statements.
:param args: The federations
:return: An Operator instance
"""
_jb = JWKSBundle('https://sunet.se/op')
for fo in args:
_jb[fo.iss] = fo.signing_keys_as_jwks()
return Operator(jwks_bundle=_jb)
def __init__(self,
srv,
iss='',
signer=None,
self_signer=None,
fo_bundle=None,
context='',
entity_id='',
fo_priority=None,
verify_ssl=True):
"""
:param srv: A Client or Provider instance
:param iss: A identifier assigned to this entity by the operator
:param self_signer: Signer this entity can use to sign things
:param signer: A signer to use for signing documents
(client registration requests/provide info response) this
entity produces.
:param fo_bundle: A bundle of keys that can be used to verify
the root signature of a compounded metadata statement.
:param fo_priority:
:param verify_ssl: Whether SSL certificates should be verified
"""
Operator.__init__(self,
self_signer=self_signer,
iss=iss,
httpcli=srv,
jwks_bundle=fo_bundle,
verify_ssl=verify_ssl)
# Who can sign request from this entity
self.signer = signer
self.federation = None
self.context = context
self.entity_id = entity_id
self.fo_priority = fo_priority or []
self.provider_federations = None
self.registration_federations = None
def test_pack_metadata_statement():
jb = FSJWKSBundle('', None, 'fo_jwks',
key_conv={'to': quote_plus, 'from': unquote_plus})
_keyjar = build_keyjar(KEYDEFS)[1]
self_signer = InternalSigningService('https://example.com/op',
keyjar=_keyjar)
op = Operator(self_signer=self_signer, jwks_bundle=jb,
iss='https://example.com/op')
req = MetadataStatement(issuer='https://example.org/op')
sms = op.pack_metadata_statement(req)
assert sms # Should be a signed JWT
_jwt = factory(sms)
assert _jwt
assert _jwt.jwt.headers['alg'] == 'RS256'
_body = json.loads(as_unicode(_jwt.jwt.part[1]))
assert _body['iss'] == op.iss
assert _body['issuer'] == 'https://example.org/op'
# verify signature
_kj = public_keys_keyjar(_keyjar, '', None, op.iss)
r = _jwt.verify_compact(sms, _kj.get_signing_key(owner=op.iss))
assert r