def basic_entity_configuration(self, io):
q = parse_qs(io.environ.get('QUERY_STRING'))
# construct profile
profile = to_profile(q)
_ent_conf = create_model(profile, ent_info_path=self.ent_info)
state = {}
if not do_discovery(profile):
_ent_conf['client']['provider_info']['issuer'] = q['iss'][0]
if not do_registration(profile):
# need to create a redirect_uri, means I need to register a port
_port = self.assigned_ports.register_port(q['iss'][0], q['tag'][0])
_ent_conf['client']['registration_response'][
'redirect_uris'] = '{}:{}/authz_cb'.format(
self.test_tool_base[:-1], _port)
_ent_conf['tool']['tag'] = q['tag'][0]
_ent_conf['tool']['issuer'] = q['iss'][0]
_ent_conf['tool']['profile'] = profile
_qiss = quote_plus(q['iss'][0])
_qtag = quote_plus(q['tag'][0])
io.rest.write(_qiss, _qtag, _ent_conf)
return '{}form/update/{}/{}'.format(self.baseurl, _qiss, _qtag)
def basic_entity_configuration(self, io):
q = parse_qs(io.environ.get('QUERY_STRING'))
# construct profile
profile = to_profile(q)
_ent_conf = create_model(profile, ent_info_path=self.ent_info)
state = {}
if not do_discovery(profile):
_ent_conf['client']['provider_info']['issuer'] = q['iss'][0]
if not do_registration(profile):
# need to create a redirect_uri, means I need to register a port
_port = self.assigned_ports.register_port(q['iss'][0], q['tag'][0])
_ent_conf['client']['registration_response'][
'redirect_uris'] = '{}:{}/authz_cb'.format(
self.test_tool_base[:-1], _port)
_ent_conf['tool']['tag'] = q['tag'][0]
_ent_conf['tool']['issuer'] = q['iss'][0]
_ent_conf['tool']['profile'] = profile
_qiss = quote_plus(q['iss'][0])
_qtag = quote_plus(q['tag'][0])
io.rest.write(_qiss, _qtag, _ent_conf)
return '{}form/update/{}/{}'.format(self.baseurl, _qiss, _qtag)
def restart_instance(self, app, part):
_iss = unquote_plus(part[0])
_tag = unquote_plus(part[1])
url = app.run_test_instance(quote_plus(_iss), quote_plus(_tag))
if isinstance(url, Response):
return url(self.environ, self.start_response)
resp = Response(mako_template='message.mako',
template_lookup=self.lookup,
headers=[])
if url:
args = {
'title':
"Action performed",
'base':
self.baseurl,
'note':
'Your test instance "{iss}:{tag}" has been '
'restarted as <a href="{url}">{url}</a>'.format(iss=_iss,
tag=_tag,
url=url)
}
else:
args = {
'title': "Action Failed",
'base': self.baseurl,
'note': 'Could not restart your test instance'
}
return resp(self.environ, self.start_response, **args)
def test_construct(self, client):
cis = AccessTokenRequest(code="foo", redirect_uri="http://example.com")
csb = ClientSecretBasic(client)
http_args = csb.construct(cis)
cred = '{}:{}'.format(quote_plus("A"), quote_plus("boarding pass"))
assert http_args == {"headers": {"Authorization": "Basic {}".format(
base64.b64encode(cred.encode("utf-8")).decode("utf-8"))}}
def test_basic_authn_authenticate_as():
pwd_database = {'Diana': 'Piano player', 'NonAscii': '€&+%#@äää'}
ba = BasicAuthn(None, pwd=pwd_database)
for user, passwd in pwd_database.items():
credentials = "{}:{}".format(quote_plus(user), quote_plus(passwd))
authz = base64.b64encode(credentials.encode("utf-8")).decode("utf-8")
authorization_string = "Basic {}".format(authz)
uid, when = ba.authenticated_as(authorization=authorization_string)
assert uid == {'uid': user}
def test_construct(self, client):
cis = AccessTokenRequest(code="foo", redirect_uri="http://example.com")
csb = ClientSecretBasic(client)
http_args = csb.construct(cis)
cred = '{}:{}'.format(quote_plus("A"), quote_plus("boarding pass"))
assert http_args == {
"headers": {
"Authorization":
"Basic {}".format(
base64.b64encode(cred.encode("utf-8")).decode("utf-8"))
}
}
def get_pid(self, parts):
lp = [unquote_plus(p) for p in parts]
qp = [quote_plus(p) for p in lp]
try:
return self.running_processes[self.key(*qp)]
except KeyError:
return 0
def get_pid(self, parts):
lp = [unquote_plus(p) for p in parts]
qp = [quote_plus(p) for p in lp]
try:
return self.running_processes[self.key(*qp)]
except KeyError:
return 0
def log_path(self, **kwargs):
_conv = self.session["conv"]
try:
iss = _conv.entity.provider_info["issuer"]
except (TypeError, KeyError):
return ""
else:
qiss = quote_plus(iss)
path = with_or_without_slash(os.path.join("log", qiss))
if path is None:
path = os.path.join("log", qiss)
prof = ".".join(self.to_profile())
if not os.path.isdir("{}/{}".format(path, prof)):
os.makedirs("{}/{}".format(path, prof))
if 'test_id' not in kwargs:
_test_id = self.session["testid"]
else:
_test_id = kwargs['test_id']
return "{}/{}/{}".format(path, prof, _test_id)
def set_profile(self, info):
try:
old = from_profile(self.sh.profile)
new = from_profile(to_profile(info))
for attr in ['enc', 'extra', 'none', 'return_type', 'sig', 'form_post']:
old[attr] = new[attr]
# Store new configuration
try:
rest = self.sh.extra['rest']
except KeyError:
self.conv.tool_conf.update(compress_profile(old))
else:
qp = [quote_plus(p) for p in [self.sh.iss, self.sh.tag]]
_, _conf = rest.read_conf(*qp)
_conf['tool'].update(compress_profile(old))
rest.store(qp[0], qp[1], _conf)
# This will fail if no test has been run before the conf
# is changed
try:
self.conv.tool_conf = _conf['tool']
except AttributeError:
pass
# reset all test flows
self.flows.test_info = {}
self.flows.complete = {}
self.sh.reset_session(profile=old['profile'])
# Back to test list
return self.inut.flow_list()
except Exception as err:
return self.inut.err_response("profile", err)
def test_basic_authn_authenticate_as():
pwd_database = {
'Diana': 'Piano player',
'NonAscii': '€&+%#@äää'
}
ba = BasicAuthn(None, pwd=pwd_database)
for user, passwd in pwd_database.items():
credentials = "{}:{}".format(quote_plus(user),
quote_plus(passwd))
authz = base64.b64encode(credentials.encode("utf-8")).decode("utf-8")
authorization_string = "Basic {}".format(authz)
uid, when = ba.authenticated_as(authorization=authorization_string)
assert uid == {'uid': user}
def log_path(self, **kwargs):
_conv = self.session["conv"]
try:
iss = _conv.entity.provider_info["issuer"]
except (TypeError, KeyError):
return ""
else:
qiss = quote_plus(iss)
path = with_or_without_slash(os.path.join("log", qiss))
if path is None:
path = os.path.join("log", qiss)
prof = ".".join(self.to_profile())
if not os.path.isdir("{}/{}".format(path, prof)):
os.makedirs("{}/{}".format(path, prof))
if 'test_id' not in kwargs:
_test_id = self.session["testid"]
else:
_test_id = kwargs['test_id']
return "{}/{}/{}".format(path, prof, _test_id)
def delete_instance(self, parts, pid=0, app=None):
lp = [unquote_plus(p) for p in parts]
qp = [quote_plus(p) for p in lp]
_key = app.assigned_ports.make_key(*lp)
if pid:
kill_process(pid)
del app.running_processes[_key]
os.unlink(os.path.join(self.entpath, *qp))
# Remove issuer if out of tags
if not os.listdir(os.path.join(self.entpath, qp[0])):
os.rmdir(os.path.join(self.entpath, qp[0]))
del app.assigned_ports[_key]
resp = Response(mako_template='message.mako',
template_lookup=self.lookup,
headers=[])
args = {
'title':
"Action performed",
'base':
self.baseurl,
'note':
'Your test tool instance <em>{} {}</em> has been '
'removed'.format(*lp)
}
return resp(self.environ, self.start_response, **args)
def delete_instance(self, parts, pid=0, app=None):
lp = [unquote_plus(p) for p in parts]
qp = [quote_plus(p) for p in lp]
_key = app.assigned_ports.make_key(*lp)
if pid:
kill_process(pid)
del app.running_processes[_key]
os.unlink(os.path.join(self.entpath, *qp))
# Remove issuer if out of tags
if not os.listdir(os.path.join(self.entpath, qp[0])):
os.rmdir(os.path.join(self.entpath, qp[0]))
del app.assigned_ports[_key]
resp = Response(mako_template='message.mako',
template_lookup=self.lookup,
headers=[])
args = {'title': "Action performed", 'base': self.baseurl,
'note':
'Your test tool instance <em>{} {}</em> has been '
'removed'.format(*lp)}
return resp(self.environ, self.start_response, **args)
def construct(self, cis, request_args=None, http_args=None, **kwargs):
"""
:param cis: Request class instance
:param request_args: Request arguments
:param http_args: HTTP arguments
:return: dictionary of HTTP arguments
"""
if http_args is None:
http_args = {}
try:
passwd = kwargs["password"]
except KeyError:
try:
passwd = http_args["password"]
except KeyError:
try:
passwd = cis["client_secret"]
except KeyError:
passwd = self.cli.client_secret
try:
user = kwargs["user"]
except KeyError:
user = self.cli.client_id
if "headers" not in http_args:
http_args["headers"] = {}
credentials = "{}:{}".format(quote_plus(user), quote_plus(passwd))
authz = base64.b64encode(credentials.encode("utf-8")).decode("utf-8")
http_args["headers"]["Authorization"] = "Basic {}".format(authz)
try:
del cis["client_secret"]
except KeyError:
pass
if (("client_id" not in cis.c_param.keys())
or cis.c_param["client_id"][VREQUIRED]) is False:
try:
del cis["client_id"]
except KeyError:
pass
return http_args
def construct(self, cis, request_args=None, http_args=None, **kwargs):
"""
:param cis: Request class instance
:param request_args: Request arguments
:param http_args: HTTP arguments
:return: dictionary of HTTP arguments
"""
if http_args is None:
http_args = {}
try:
passwd = kwargs["password"]
except KeyError:
try:
passwd = http_args["password"]
except KeyError:
try:
passwd = cis["client_secret"]
except KeyError:
passwd = self.cli.client_secret
try:
user = kwargs["user"]
except KeyError:
user = self.cli.client_id
if "headers" not in http_args:
http_args["headers"] = {}
credentials = "{}:{}".format(quote_plus(user), quote_plus(passwd))
authz = base64.b64encode(credentials.encode("utf-8")).decode("utf-8")
http_args["headers"]["Authorization"] = "Basic {}".format(authz)
try:
del cis["client_secret"]
except KeyError:
pass
if (("client_id" not in cis.c_param.keys()) or
cis.c_param["client_id"][VREQUIRED]) is False:
try:
del cis["client_id"]
except KeyError:
pass
return http_args
def populate_jwks_dir(fos):
# Populate the FO jwks directory
if not os.path.exists(JWKS_DIR):
os.mkdir(JWKS_DIR)
for op in fos:
fname = os.path.join(JWKS_DIR, quote_plus(op.iss))
fp = open(fname, 'w')
fp.write(json.dumps(op.keyjar.export_jwks()))
fp.close()
def test_mdx_single_sign_on_service():
entity_id = "http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php"
url = "http://mdx.example.com/entities/{}".format(
quote_plus(MetaDataMDX.sha1_entity_transform(entity_id)))
responses.add(responses.GET, url, body=TEST_METADATA_STRING, status=200,
content_type=SAML_METADATA_CONTENT_TYPE)
mdx = MetaDataMDX("http://mdx.example.com")
sso_loc = mdx.single_sign_on_service(entity_id, BINDING_HTTP_REDIRECT)
assert sso_loc[0]["location"] == "http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php"
def populate_sms_dir(spec):
# populate the signed metadata statements directory
signer, sms = create_compound_metadata_statement(spec)
if not os.path.exists(SMD_DIR):
os.mkdir(SMD_DIR)
fname = os.path.join(SMD_DIR, quote_plus(signer))
fp = open(fname, 'w')
fp.write(sms)
fp.close()
def update_instance(self, *parts):
resp = Response(mako_template="instance.mako",
template_lookup=self.lookup,
headers=[])
lp = [unquote_plus(p) for p in parts]
qp = [quote_plus(p) for p in lp]
format, _conf = self.rest.read_conf(qp[0], qp[1])
# provider_info and registration_response
dicts = {'tool': _conf['tool']}
for item in tool_conf:
if item not in dicts['tool']:
dicts['tool'][item] = ''
for typ in ['provider_info', 'registration_response']:
try:
dicts[typ] = _conf['client'][typ]
except KeyError:
try:
dicts[typ] = update(typ, _conf[typ])
except KeyError:
pass
state = {'immutable': {}, 'required': {}}
if 'registration_response' in dicts:
state['registration_response'] = {
'immutable': ['redirect_uris'],
'required': ['client_id', 'client_secret']
}
if 'provider_info':
state['provider_info'] = {
'immutable': ['issuer'],
'required': [
'authorization_endpoint', 'jwks_uri',
'response_types_supported', 'subject_types_supported',
'id_token_signing_alg_values_supported'
]
}
if return_type(_conf['tool']['profile']) not in ['I', 'IT']:
state['provider_info']['required'].append('token_endpoint')
arg = {
'base': '',
'iss': qp[0],
'tag': qp[1],
'dicts': dicts,
'state': state
}
return resp(self.environ, self.start_response, **arg)
def basic_entity_configuration(self, io):
q = parse_qs(io.environ.get('QUERY_STRING'))
# construct profile
ppiece = [q['return_type'][0]]
for p in ['webfinger', 'discovery', 'registration']:
if p in q:
ppiece.append('T')
else:
ppiece.append('F')
profile = '.'.join(ppiece)
_ent_conf = create_model(profile, ent_info_path=self.ent_info)
_ent_conf['tool']['tag'] = q['tag'][0]
_ent_conf['tool']['issuer'] = q['iss'][0]
_ent_conf['tool']['profile'] = profile
_qiss = quote_plus(q['iss'][0])
_qtag = quote_plus(q['tag'][0])
io.rest.write(_qiss, _qtag, _ent_conf)
return '{}form/update/{}/{}'.format(self.baseurl, _qiss, _qtag)
def update_instance(self, iss, tag):
resp = Response(mako_template="instance.mako",
template_lookup=self.lookup,
headers=[])
qiss = quote_plus(iss)
qtag = quote_plus(tag)
_conf = self.rest.read_conf(qiss, qtag)
# provider_info and registration_response
dicts = {'tool': _conf['tool']}
for item in tool_conf:
if item not in dicts['tool']:
dicts['tool'][item] = ''
for typ in ['provider_info', 'registration_response']:
try:
dicts[typ] = _conf['client'][typ]
except KeyError:
pass
arg = {'base': '', 'iss': qiss, 'tag': qtag, 'dicts': dicts}
return resp(self.environ, self.start_response, **arg)
def restart_instance(self, app, part):
_iss = unquote_plus(part[0])
_tag = unquote_plus(part[1])
url = app.run_test_instance(quote_plus(_iss), quote_plus(_tag))
if isinstance(url, Response):
return url(self.environ, self.start_response)
resp = Response(mako_template='message.mako',
template_lookup=self.lookup,
headers=[])
if url:
args = {
'title': "Action performed", 'base': self.baseurl,
'note': 'Your test instance "{iss}:{tag}" has been '
'restarted as <a href="{url}">{url}</a>'.format(
iss=_iss, tag=_tag, url=url)}
else:
args = {
'title': "Action Failed", 'base': self.baseurl,
'note': 'Could not restart your test instance'}
return resp(self.environ, self.start_response, **args)
def list_tag(self, iss):
resp = Response(mako_template="list_tag.mako",
template_lookup=self.lookup,
headers=[])
_iss = unquote_plus(iss)
qiss = quote_plus(_iss)
fils = os.listdir(os.path.join(self.entpath, qiss))
active = dict([(fil, isrunning(_iss, fil)) for fil in fils])
args = {'base': self.baseurl, 'items': fils,
"qiss": qiss, "iss": _iss, 'active': active}
return resp(self.environ, self.start_response, **args)
def test_mdx_single_sign_on_service():
entity_id = "http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php"
url = "http://mdx.example.com/entities/{}".format(
quote_plus(MetaDataMDX.sha1_entity_transform(entity_id)))
responses.add(responses.GET,
url,
body=TEST_METADATA_STRING,
status=200,
content_type=SAML_METADATA_CONTENT_TYPE)
mdx = MetaDataMDX("http://mdx.example.com")
sso_loc = mdx.single_sign_on_service(entity_id, BINDING_HTTP_REDIRECT)
assert sso_loc[0][
"location"] == "http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php"
def update_instance(self, *parts):
resp = Response(mako_template="instance.mako",
template_lookup=self.lookup,
headers=[])
lp = [unquote_plus(p) for p in parts]
qp = [quote_plus(p) for p in lp]
format, _conf = self.rest.read_conf(qp[0], qp[1])
# provider_info and registration_response
dicts = {'tool': _conf['tool']}
for item in tool_conf:
if item not in dicts['tool']:
dicts['tool'][item] = ''
for typ in ['provider_info', 'registration_response']:
try:
dicts[typ] = _conf['client'][typ]
except KeyError:
try:
dicts[typ] = update(typ, _conf[typ])
except KeyError:
pass
state = {'immutable': {}, 'required': {}}
if 'registration_response' in dicts:
state['registration_response'] = {
'immutable': ['redirect_uris'],
'required': ['client_id', 'client_secret']}
if 'provider_info':
state['provider_info'] = {
'immutable': ['issuer'],
'required': ['authorization_endpoint', 'jwks_uri',
'response_types_supported',
'subject_types_supported',
'id_token_signing_alg_values_supported']
}
if return_type(_conf['tool']['profile']) not in ['I', 'IT']:
state['provider_info']['required'].append('token_endpoint')
arg = {'base': '',
'iss': qp[0],
'tag': qp[1],
'dicts': dicts,
'state': state}
return resp(self.environ, self.start_response, **arg)
def make_bundle(tool_iss, fo_iss, sign_keyjar, keydefs, base_path=''):
_operator = {}
for entity in fo_iss:
fname = quote_plus(os.path.join(base_path, "{}.key".format(entity)))
_keydef = keydefs[:]
_keydef[0]['key'] = fname
_jwks, _keyjar, _kidd = build_keyjar(_keydef)
_operator[entity] = _jwks
jb = JWKSBundle(tool_iss, sign_keyjar)
for iss, jwks in _operator.items():
jb[iss] = jwks
return jb
def show_tag(self, part):
resp = Response(mako_template="action.mako",
template_lookup=self.lookup,
headers=[])
lp = [unquote_plus(p) for p in part[1:]]
if find_test_instance(*lp):
active = True
else:
active = False
qp = [quote_plus(p) for p in lp]
info = open(os.path.join(self.entpath, *qp), 'r').read()
args = {'base': self.baseurl, 'info': json.loads(info),
"qargs": qp, "largs": lp, 'active': active}
return resp(self.environ, self.start_response, **args)
def test_port():
pmin = 60000
pmax = 60004
app = Application('',
None,
'',
'',
None,
path2port='path2port.csv',
port_min=pmin,
port_max=pmax)
_port1 = app.get_port(quote_plus('https://example.com'), 'one')
assert _port1 == pmin
_port2 = app.get_port(quote_plus('https://example.com'), 'two')
assert _port2 != _port1
assert pmin < _port2 <= pmax
_port3 = app.get_port(quote_plus('https://example.com'), 'three')
assert _port3 not in [_port1, _port2]
assert pmin < _port3 <= pmax
_port4 = app.get_port(quote_plus('https://example.com'), 'four')
assert _port4 not in [_port1, _port2, _port3]
assert pmin < _port4 <= pmax
_port5 = app.get_port(quote_plus('https://example.com'), 'five')
assert _port5 not in [_port1, _port2, _port3, _port4]
assert pmin < _port4 <= pmax
try:
_ = app.get_port(quote_plus('https://example.com'), 'six')
except OutOfRange:
assert True
else:
assert False
app.return_port(quote_plus('https://example.com'), 'three')
_port6 = app.get_port(quote_plus('https://example.com'), 'six')
assert _port6 not in [_port1, _port2, _port4, _port5]
assert pmin < _port4 <= pmax
def list_tag(self, iss):
resp = Response(mako_template="list_tag.mako",
template_lookup=self.lookup,
headers=[])
_iss = unquote_plus(iss)
qiss = quote_plus(_iss)
fils = os.listdir(os.path.join(self.entpath, qiss))
active = dict([(fil, isrunning(_iss, fil)) for fil in fils])
args = {
'base': self.baseurl,
'items': fils,
"qiss": qiss,
"iss": _iss,
'active': active
}
return resp(self.environ, self.start_response, **args)
def urlhandler_log(self, webio):
if path == "log" or path == "log/":
_cc = webio.conf.CLIENT
try:
_iss = _cc["srv_discovery_url"]
except KeyError:
_iss = _cc["provider_info"]["issuer"]
parts = [quote_plus(_iss)]
else:
parts = []
while path != "log":
head, tail = os.path.split(path)
# tail = tail.replace(":", "%3A")
# if tail.endswith("%2F"):
# tail = tail[:-3]
parts.insert(0, tail)
path = head
return webio.display_log("log", *parts)
def make_kodi_url(self):
d_original = OrderedDict(
sorted(self.__dict__.items(), key=lambda x: x[0]))
d = d_original.copy()
for key, value in d_original.items():
if not value:
d.pop(key)
continue
if isinstance(value, str):
d[key] = unicodedata.normalize('NFKD', value).encode(
'ascii', 'ignore').decode('utf-8')
url = ''
for key in d.keys():
if isinstance(d[key], (str, bytes)):
val = quote_plus(d[key])
else:
val = d[key]
url += '&{0}={1}'.format(key, val)
url += '&addon_version={0}'.format(utils.get_addon_version())
return url
def show_tag(self, part):
resp = Response(mako_template="action.mako",
template_lookup=self.lookup,
headers=[])
lp = [unquote_plus(p) for p in part[1:]]
if find_test_instance(*lp):
active = True
else:
active = False
qp = [quote_plus(p) for p in lp]
info = open(os.path.join(self.entpath, *qp), 'r').read()
args = {
'base': self.baseurl,
'info': json.loads(info),
"qargs": qp,
"largs": lp,
'active': active
}
return resp(self.environ, self.start_response, **args)
def test_port():
pmin = 60000
pmax = 60004
app = Application('', None, '', '', None, path2port='path2port.csv',
port_min=pmin, port_max=pmax)
_port1 = app.get_port(quote_plus('https://example.com'), 'one')
assert _port1 == pmin
_port2 = app.get_port(quote_plus('https://example.com'), 'two')
assert _port2 != _port1
assert pmin < _port2 <= pmax
_port3 = app.get_port(quote_plus('https://example.com'), 'three')
assert _port3 not in [_port1, _port2]
assert pmin < _port3 <= pmax
_port4 = app.get_port(quote_plus('https://example.com'), 'four')
assert _port4 not in [_port1, _port2, _port3]
assert pmin < _port4 <= pmax
_port5 = app.get_port(quote_plus('https://example.com'), 'five')
assert _port5 not in [_port1, _port2, _port3, _port4]
assert pmin < _port4 <= pmax
try:
_ = app.get_port(quote_plus('https://example.com'), 'six')
except OutOfRange:
assert True
else:
assert False
app.return_port(quote_plus('https://example.com'), 'three')
_port6 = app.get_port(quote_plus('https://example.com'), 'six')
assert _port6 not in [_port1, _port2, _port4, _port5]
assert pmin < _port4 <= pmax
def log_path(self, test_id=None):
_conv = self.session["conv"]
try:
iss = _conv.entity_id
except (TypeError, KeyError, AttributeError):
return ""
else:
qiss = quote_plus(iss)
path = with_or_without_slash(os.path.join("log", qiss))
if path is None:
path = os.path.join("log", qiss)
prof = ".".join(self.to_profile())
if not os.path.isdir("{}/{}".format(path, prof)):
os.makedirs("{}/{}".format(path, prof))
if test_id is None:
test_id = self.session["testid"]
return "{}/{}/{}".format(path, prof, test_id)
def list_dir(self, dirname, qiss):
if not os.path.isdir(dirname):
if qiss.endswith('%2F'): # try to remove
qiss = qiss[:-3]
else: # else add
qiss += '%2F'
dirname = self.entity_file_name(qiss, '')
if not os.path.isdir(dirname):
raise NoSuchFile(dirname)
iss = unquote_plus(qiss)
res = ['<p>']
for file in os.listdir(dirname):
_url = '{}{}/{}'.format(self.base_url, qiss, quote_plus(file))
res.append('<a href="{}">{}</a><br>'.format(_url, file))
res.append('</p')
_html = [
'<html><head>List of tags for "{}"</head>'.format(iss), '<body>'
]
_html.extend(res)
_html.append('</body></html>')
return 'html', '\n'.join(_html)
def log_path(session, test_id=None):
_conv = session["conv"]
try:
iss = _conv.entity.provider_info["issuer"]
except TypeError:
return ""
else:
qiss = quote_plus(iss)
path = with_or_without_slash(os.path.join("log", qiss))
if path is None:
path = os.path.join("log", qiss)
prof = ".".join(to_profile(session))
if not os.path.isdir("%s/%s" % (path, prof)):
os.makedirs("%s/%s" % (path, prof))
if test_id is None:
test_id = session["testid"]
return "%s/%s/%s" % (path, prof, test_id)
def log_path(session, test_id=None):
_conv = session["conv"]
try:
iss = _conv.entity.provider_info["issuer"]
except TypeError:
return ""
else:
qiss = quote_plus(iss)
path = with_or_without_slash(os.path.join("log", qiss))
if path is None:
path = os.path.join("log", qiss)
prof = ".".join(from_profile(session["profile"].split(".")))
if not os.path.isdir("%s/%s" % (path, prof)):
os.makedirs("%s/%s" % (path, prof))
if test_id is None:
test_id = session["testid"]
return "%s/%s/%s" % (path, prof, test_id)
def list_dir(self, dirname, qiss):
if not os.path.isdir(dirname):
if qiss.endswith('%2F'): # try to remove
qiss = qiss[:-3]
else: # else add
qiss += '%2F'
dirname = self.entity_file_name(qiss, '')
if not os.path.isdir(dirname):
raise NoSuchFile(dirname)
iss = unquote_plus(qiss)
res = ['<p>']
for file in os.listdir(dirname):
_url = '{}{}/{}'.format(self.base_url, qiss, quote_plus(file))
res.append('<a href="{}">{}</a><br>'.format(_url, file))
res.append('</p')
_html = [
'<html><head>List of tags for "{}"</head>'.format(iss),
'<body>'
]
_html.extend(res)
_html.append('</body></html>')
return 'html', '\n'.join(_html)
def set_profile(self, info):
try:
old = from_profile(self.sh.profile)
new = from_profile(to_profile(info))
for attr in [
'enc', 'extra', 'none', 'return_type', 'sig', 'form_post'
]:
old[attr] = new[attr]
# Store new configuration
try:
rest = self.sh.extra['rest']
except KeyError:
self.conv.tool_conf.update(compress_profile(old))
else:
qp = [quote_plus(p) for p in [self.sh.iss, self.sh.tag]]
_, _conf = rest.read_conf(*qp)
_conf['tool'].update(compress_profile(old))
rest.store(qp[0], qp[1], _conf)
# This will fail if no test has been run before the conf
# is changed
try:
self.conv.tool_conf = _conf['tool']
except AttributeError:
pass
# reset all test flows
self.flows.test_info = {}
self.flows.complete = {}
self.sh.reset_session(profile=old['profile'])
# Back to test list
return self.inut.flow_list()
except Exception as err:
return self.inut.err_response("profile", err)
def test_port():
pmin = 60000
pmax = 60004
# test_script, flowdir, rest, port_min, port_max,
# test_tool_base, test_tool_conf, prehtml,
app = AssignedPorts('assport', pmin, pmax)
_port1 = app.register_port(quote_plus('https://example.com'), 'one')
assert _port1 == pmin
_port2 = app.register_port(quote_plus('https://example.com'), 'two')
assert _port2 != _port1
assert pmin < _port2 <= pmax
_port3 = app.register_port(quote_plus('https://example.com'), 'three')
assert _port3 not in [_port1, _port2]
assert pmin < _port3 <= pmax
_port4 = app.register_port(quote_plus('https://example.com'), 'four')
assert _port4 not in [_port1, _port2, _port3]
assert pmin < _port4 <= pmax
_port5 = app.register_port(quote_plus('https://example.com'), 'five')
assert _port5 not in [_port1, _port2, _port3, _port4]
assert pmin < _port4 <= pmax
try:
_ = app.register_port(quote_plus('https://example.com'), 'six')
except OutOfRange:
assert True
else:
assert False
del app[app.make_key('https://example.com', 'three')]
_port6 = app.register_port(quote_plus('https://example.com'), 'six')
assert _port6 not in [_port1, _port2, _port4, _port5]
assert pmin < _port4 <= pmax
KEYDEFS = [{
"type": "RSA",
"key": '',
"use": ["sig"]
}, {
"type": "EC",
"crv": "P-256",
"use": ["sig"]
}]
KEYS = {}
ISSUER = {}
OPERATOR = {}
for entity in ['fo0', 'fo1', 'fo2', 'fo3', 'sig']:
fname = quote_plus(os.path.join(BASE_PATH, "{}.key".format(entity)))
_keydef = KEYDEFS[:]
_keydef[0]['key'] = fname
_jwks, _keyjar, _kidd = build_keyjar(_keydef)
KEYS[entity] = {'jwks': _jwks, 'keyjar': _keyjar, 'kidd': _kidd}
ISSUER[entity] = 'https://{}.example.org'.format(entity)
OPERATOR[entity] = Operator(keyjar=_keyjar, iss=ISSUER[entity])
SignKeyJar = OPERATOR['sig'].keyjar
del OPERATOR['sig']
def test_create():
jb = JWKSBundle('iss')
for iss, op in OPERATOR.items():
parser.add_argument('-L', dest='claims_locales')
parser.add_argument('-p', dest='profile', default='C.T.T.T')
parser.add_argument('-s', dest='sig', action='store_true')
parser.add_argument('-t', dest='tag')
parser.add_argument('-x', dest='extra', action='store_true')
parser.add_argument('-w', dest='webfinger_email')
parser.add_argument('-W', dest='webfinger_url')
args = parser.parse_args()
ent_info_path = '{}/entity_info'.format(args.entity_root)
rest = REST('', '{}/entities'.format(args.entity_root), ent_info_path)
cnf = create_model(args.profile, ent_info_path)
for item in ['sig', 'enc', 'extra']:
if getattr(args, item):
cnf['tool'][item] = True
for item in [
'acr_values', 'login_hint', 'ui_locales', 'claims_locales',
'webfinger_url', 'webfinger_email', 'issuer', 'profile', 'tag'
]:
v = getattr(args, item)
if v:
cnf['tool'][item] = v
qiss = quote_plus(cnf['tool']['issuer'])
qtag = cnf['tool']['tag']
rest.write(qiss, qtag, cnf)
parser.add_argument(dest="config")
args = parser.parse_args()
session_opts = {
'session.type': 'memory',
'session.cookie_expires': True,
'session.auto': True,
'session.timeout': 900
}
sys.path.insert(0, ".")
CONF = importlib.import_module(args.config)
rest = REST(None, CONF.ENT_PATH, CONF.ENT_INFO)
if args.tag:
qtag = quote_plus(args.tag)
else:
qtag = 'default'
ent_conf = None
try:
ent_conf = rest.construct_config(quote_plus(args.issuer), qtag)
except Exception as err:
print('iss:{}, tag:{}'.format(quote_plus(args.issuer), qtag))
for m in traceback.format_exception(*sys.exc_info()):
print(m)
exit()
setup_logging("%s/rp_%s.log" % (SERVER_LOG_FOLDER, args.port), logger)
logger.info('construct_app_args')
def urlquote_plus(url, safe=''):
"""
A legacy compatibility wrapper to Python's urllib.parse.quote_plus()
function. (was used for unicode handling on Python 2)
"""
return quote_plus(url, safe)
def application(self, environ, start_response):
logger.info("Connection from: %s" % environ["REMOTE_ADDR"])
path = environ.get('PATH_INFO', '').lstrip('/')
logger.info("path: %s" % path)
_io = IO(rest=self.rest,
environ=environ,
start_response=start_response,
lookup=self.lookup)
if path == "robots.txt":
return _io.static("static/robots.txt")
elif path == "favicon.ico":
return _io.static("static/favicon.ico")
elif path.startswith("static/"):
return _io.static(path)
elif path.startswith("export/"):
return _io.static(path)
if path == '':
return _io.get_iss()
elif path.startswith('form/'):
return self.form_handling(path, _io)
elif path == 'create':
loc = self.basic_entity_configuration(_io)
resp = SeeOther(loc)
return resp(_io.environ, _io.start_response)
elif path.startswith('run/'):
_iss, _tag = get_iss_and_tag(path)
if _iss == '' or _tag == '':
resp = BadRequest('Path must be of the form /run/<iss>/<tag>')
return resp(environ, start_response)
_qiss = quote_plus(_iss)
_qtag = quote_plus(_tag)
_info = parse_qs(get_post(environ))
ent_conf = expand_dict(_info)
self.rest.write(_qiss, _qtag, ent_conf)
resp = self.run_test_instance(_qiss, _qtag)
if not isinstance(resp, Response):
resp = SeeOther(resp)
return resp(_io.environ, _io.start_response)
elif path.startswith('model/'):
p = path.split('/')
prof = p[1]
if verify_profile(prof):
info = create_model(prof)
if info:
res = Response(json.dumps(info), content='applicaton/json')
else:
res = ServiceError()
else:
res = BadRequest('Syntax error in profile specification')
return res(environ, start_response)
else:
# check if this a REST request
_iss, _tag = get_iss_and_tag(path)
_qiss = quote_plus(_iss)
_qtag = quote_plus(_tag)
_path = '/{}/{}'.format(_qiss, _qtag)
_met = environ.get('REQUEST_METHOD')
if _met == 'GET':
resp = self.rest.read(_qiss, _qtag, _path)
elif _met == 'POST':
resp = self.rest.replace(_qiss, _qtag, get_post(environ),
_path)
elif _met == 'PUT':
resp = self.rest.store(_qiss, _qtag, get_post(environ))
elif _met == 'DELETE':
resp = self.rest.delete(_qiss, _qtag)
else:
resp = BadRequest('Unsupported request method')
return resp(environ, start_response)
parser.add_argument(dest="config")
args = parser.parse_args()
session_opts = {
'session.type': 'memory',
'session.cookie_expires': True,
'session.auto': True,
'session.timeout': 900
}
sys.path.insert(0, ".")
CONF = importlib.import_module(args.config)
rest = REST(None, CONF.ENT_PATH, CONF.ENT_INFO)
if args.tag:
qtag = quote_plus(args.tag)
else:
qtag = 'default'
ent_conf = None
try:
ent_conf = rest.construct_config(quote_plus(args.issuer), qtag)
except Exception as err:
print('iss:{}, tag:{}'.format(quote_plus(args.issuer), qtag))
for m in traceback.format_exception(*sys.exc_info()):
print(m)
exit()
setup_logging("%s/rp_%s.log" % (SERVER_LOG_FOLDER, args.port), logger)
logger.info('construct_app_args')
def application(self, environ, start_response):
logger.info("Connection from: %s" % environ["REMOTE_ADDR"])
path = environ.get('PATH_INFO', '').lstrip('/')
logger.info("path: %s" % path)
_io = IO(rest=self.rest, environ=environ, start_response=start_response,
lookup=self.lookup, baseurl=self.baseurl)
if path == "robots.txt":
return _io.static("static/robots.txt")
elif path == "favicon.ico":
return _io.static("static/favicon.ico")
elif path.startswith("static/"):
return _io.static(path)
elif path.startswith("export/"):
return _io.static(path)
if path == '':
return _io.main()
if path == 'new':
return _io.new_iss()
if path == 'entity':
return _io.list_iss()
elif path.startswith('entity/'):
p = path.split('/')
while p[-1] == '':
p = p[:-1]
if len(p) == 2:
return _io.list_tag(p[1])
elif len(p) == 3:
return _io.show_tag(p)
elif len(p) == 4:
_com = p[-1]
if _com == 'action':
_qs = parse_qs(environ.get('QUERY_STRING'))
try:
_act = _qs['action'][0]
except KeyError:
resp = BadRequest('missing query parameter')
return resp(environ, start_response)
if _act == 'delete':
return _io.delete_instance(p[1:3],
pid=self.get_pid(p[1:3]),
app=self)
elif _act == 'restart':
return _io.restart_instance(self, p[1:3])
elif _act == 'configure':
return _io.update_instance(*p[1:3])
else:
resp = BadRequest('Unknown action')
return resp(environ, start_response)
elif path.startswith('form/'):
return self.form_handling(path, _io)
elif path == 'create':
loc = self.basic_entity_configuration(_io)
resp = SeeOther(loc)
return resp(_io.environ, _io.start_response)
elif path.startswith('run/'):
_iss, _tag = get_iss_and_tag(path)
if _iss == '' or _tag == '':
resp = BadRequest('Path must be of the form /run/<iss>/<tag>')
return resp(environ, start_response)
_qiss = quote_plus(_iss)
_qtag = quote_plus(_tag)
_info = parse_qs(get_post(environ))
ent_conf = expand_dict(_info)
if not verify_config(ent_conf):
resp = BadRequest('Incorrect configuration')
else:
self.rest.write(_qiss, _qtag, ent_conf)
resp = self.run_test_instance(_qiss, _qtag)
if not isinstance(resp, Response):
resp = SeeOther(resp)
return resp(_io.environ, _io.start_response)
elif path.startswith('model/'):
p = path.split('/')
prof = p[1]
if verify_profile(prof):
info = create_model(prof)
if info:
res = Response(json.dumps(info), content='applicaton/json')
else:
res = ServiceError()
else:
res = BadRequest('Syntax error in profile specification')
return res(environ, start_response)
elif path.startswith('register/'):
_iss, _tag = get_iss_and_tag(path)
_qiss = quote_plus(_iss)
_qtag = quote_plus(_tag)
_met = environ.get('REQUEST_METHOD')
if _met == 'GET':
return self.assigned_ports.register_port(_qiss, _qtag)
elif _met == 'DELETE':
return self.return_port(_qiss, _qtag)
else:
# check if this a REST request
_iss, _tag = get_iss_and_tag(path)
_qiss = quote_plus(_iss)
_qtag = quote_plus(_tag)
_path = '/{}/{}'.format(_qiss, _qtag)
_met = environ.get('REQUEST_METHOD')
if _met == 'GET':
resp = self.rest.read(_qiss, _qtag, _path)
elif _met == 'POST':
resp = self.rest.replace(_qiss, _qtag, get_post(environ), _path)
elif _met == 'PUT':
resp = self.rest.store(_qiss, _qtag, get_post(environ))
elif _met == 'DELETE':
resp = self.rest.delete(_qiss, _qtag)
else:
resp = BadRequest('Unsupported request method')
return resp(environ, start_response)
def application(self, environ, start_response):
LOGGER.info("Connection from: %s" % environ["REMOTE_ADDR"])
session = environ['beaker.session']
path = environ.get('PATH_INFO', '').lstrip('/')
LOGGER.info("path: %s" % path)
try:
sh = session['session_info']
except KeyError:
sh = SessionHandler(**self.webenv)
sh.session_init()
session['session_info'] = sh
webio = WebIO(session=sh, **self.webenv)
webio.environ = environ
webio.start_response = start_response
tester = Tester(webio, sh, **self.webenv)
if path == "robots.txt":
return webio.static("static/robots.txt")
elif path == "favicon.ico":
return webio.static("static/favicon.ico")
elif path.startswith('acs/site/static'):
path = path[4:]
return webio.static(path)
elif path.startswith("site/static/") or path.startswith('static/'):
return webio.static(path)
elif path.startswith("export/"):
return webio.static(path)
if path == "" or path == "/": # list
return tester.display_test_list()
elif "flow_names" not in sh:
sh.session_init()
if path == "logs":
return webio.display_log("log", issuer="", profile="", testid="")
elif path.startswith("log"):
if path == "log" or path == "log/":
_cc = webio.conf.CLIENT
try:
_iss = _cc["srv_discovery_url"]
except KeyError:
_iss = _cc["provider_info"]["issuer"]
parts = [quote_plus(_iss)]
else:
parts = []
while path != "log":
head, tail = os.path.split(path)
# tail = tail.replace(":", "%3A")
# if tail.endswith("%2F"):
# tail = tail[:-3]
parts.insert(0, tail)
path = head
return webio.display_log("log", *parts)
elif path.startswith("tar"):
path = path.replace(":", "%3A")
return webio.static(path)
elif path.startswith("test_info"):
p = path.split("/")
try:
return webio.test_info(p[1])
except KeyError:
return webio.not_found()
elif path == "continue":
return tester.cont(environ, self.webenv)
elif path == 'reset':
for param in ['flow', 'flow_names', 'index', 'node', 'profile',
'sequence', 'test_info', 'test_id', 'tests']:
del sh[param]
return tester.display_test_list()
elif path == "opresult":
if tester.conv is None:
return webio.sorry_response("", "No result to report")
return webio.opresult(tester.conv, sh)
# expected path format: /<testid>[/<endpoint>]
elif path in sh["flow_names"]:
resp = tester.run(path, **self.webenv)
store_test_state(sh, sh['conv'].events)
filename = self.webenv['profile_handler'](sh).log_path(path)
if isinstance(resp, Response):
res = Result(sh, self.webenv['profile_handler'])
res.store_test_info()
res.print_info(path, tester.fname(path))
return webio.respond(resp)
else:
return webio.flow_list(filename)
elif path == "acs/post":
qs = get_post(environ).decode('utf8')
resp = dict([(k, v[0]) for k, v in parse_qs(qs).items()])
filename = self.webenv['profile_handler'](sh).log_path(tester.conv.test_id)
return do_next(tester, resp, sh, webio, filename, path)
elif path == "acs/redirect":
qs = environ['QUERY_STRING']
resp = dict([(k, v[0]) for k, v in parse_qs(qs).items()])
filename = self.webenv['profile_handler'](sh).log_path(tester.conv.test_id)
return do_next(tester, resp, sh, webio, filename, path)
elif path == "acs/artifact":
pass
elif path == "ecp":
pass
elif path == "disco":
pass
elif path == "slo":
pass
else:
resp = BadRequest()
return resp(environ, start_response)
def application(self, environ, start_response):
logger.info("Connection from: %s" % environ["REMOTE_ADDR"])
path = environ.get('PATH_INFO', '').lstrip('/')
logger.info("path: %s" % path)
_io = IO(rest=self.rest,
environ=environ,
start_response=start_response,
lookup=self.lookup,
baseurl=self.baseurl)
if path == "robots.txt":
return _io.static("static/robots.txt")
elif path == "favicon.ico":
return _io.static("static/favicon.ico")
elif path.startswith("static/"):
return _io.static(path)
elif path.startswith("export/"):
return _io.static(path)
if path == '':
return _io.main()
if path == 'new':
return _io.new_iss()
if path == 'entity':
return _io.list_iss()
elif path.startswith('entity/'):
p = path.split('/')
while p[-1] == '':
p = p[:-1]
if len(p) == 2:
return _io.list_tag(p[1])
elif len(p) == 3:
return _io.show_tag(p)
elif len(p) == 4:
_com = p[-1]
if _com == 'action':
_qs = parse_qs(environ.get('QUERY_STRING'))
try:
_act = _qs['action'][0]
except KeyError:
resp = BadRequest('missing query parameter')
return resp(environ, start_response)
if _act == 'delete':
return _io.delete_instance(p[1:3],
pid=self.get_pid(p[1:3]),
app=self)
elif _act == 'restart':
return _io.restart_instance(self, p[1:3])
elif _act == 'configure':
return _io.update_instance(*p[1:3])
else:
resp = BadRequest('Unknown action')
return resp(environ, start_response)
elif path.startswith('form/'):
return self.form_handling(path, _io)
elif path == 'create':
loc = self.basic_entity_configuration(_io)
resp = SeeOther(loc)
return resp(_io.environ, _io.start_response)
elif path.startswith('run/'):
_iss, _tag = get_iss_and_tag(path)
if _iss == '' or _tag == '':
resp = BadRequest('Path must be of the form /run/<iss>/<tag>')
return resp(environ, start_response)
_qiss = quote_plus(_iss)
_qtag = quote_plus(_tag)
_info = parse_qs(get_post(environ))
ent_conf = expand_dict(_info)
if not verify_config(ent_conf):
resp = BadRequest('Incorrect configuration')
else:
self.rest.write(_qiss, _qtag, ent_conf)
resp = self.run_test_instance(_qiss, _qtag)
if not isinstance(resp, Response):
resp = SeeOther(resp)
return resp(_io.environ, _io.start_response)
elif path.startswith('model/'):
p = path.split('/')
prof = p[1]
if verify_profile(prof):
info = create_model(prof)
if info:
res = Response(json.dumps(info), content='applicaton/json')
else:
res = ServiceError()
else:
res = BadRequest('Syntax error in profile specification')
return res(environ, start_response)
elif path.startswith('register/'):
_iss, _tag = get_iss_and_tag(path)
_qiss = quote_plus(_iss)
_qtag = quote_plus(_tag)
_met = environ.get('REQUEST_METHOD')
if _met == 'GET':
return self.assigned_ports.register_port(_qiss, _qtag)
elif _met == 'DELETE':
return self.return_port(_qiss, _qtag)
else:
# check if this a REST request
_iss, _tag = get_iss_and_tag(path)
_qiss = quote_plus(_iss)
_qtag = quote_plus(_tag)
_path = '/{}/{}'.format(_qiss, _qtag)
_met = environ.get('REQUEST_METHOD')
if _met == 'GET':
resp = self.rest.read(_qiss, _qtag, _path)
elif _met == 'POST':
resp = self.rest.replace(_qiss, _qtag, get_post(environ),
_path)
elif _met == 'PUT':
resp = self.rest.store(_qiss, _qtag, get_post(environ))
elif _met == 'DELETE':
resp = self.rest.delete(_qiss, _qtag)
else:
resp = BadRequest('Unsupported request method')
return resp(environ, start_response)
parser.add_argument('-i', dest='issuer')
parser.add_argument('-l', dest='ui_locales')
parser.add_argument('-L', dest='claims_locales')
parser.add_argument('-p', dest='profile', default='C.T.T.T')
parser.add_argument('-s', dest='sig', action='store_true')
parser.add_argument('-t', dest='tag')
parser.add_argument('-x', dest='extra', action='store_true')
parser.add_argument('-w', dest='webfinger_email')
parser.add_argument('-W', dest='webfinger_url')
args = parser.parse_args()
ent_info_path='{}/entity_info'.format(args.entity_root)
rest = REST('', '{}/entities'.format(args.entity_root), ent_info_path)
cnf = create_model(args.profile, ent_info_path)
for item in ['sig', 'enc', 'extra']:
if getattr(args, item):
cnf['tool'][item] = True
for item in ['acr_values', 'login_hint', 'ui_locales', 'claims_locales',
'webfinger_url', 'webfinger_email', 'issuer', 'profile', 'tag']:
v = getattr(args, item)
if v:
cnf['tool'][item] = v
qiss = quote_plus(cnf['tool']['issuer'])
qtag = cnf['tool']['tag']
rest.write(qiss, qtag, cnf)
