def __call__(self):
res = {}
for ent,item in self.metad.items():
if "spsso_descriptor" not in item:
continue
for sp in item["spsso_descriptor"]:
if "extensions" not in sp:
continue
for elem in sp["extensions"]["extension_elements"]:
if elem["__class__"] == ENTITY_ATTR:
for attr in elem["attribute"]:
if attr["name"] == ATTR_NAME:
for val in attr["attribute_value"]:
try:
socialsecrets = json.loads(decrypt(val["text"],
self.dkeys,
"private"))
if "entityId" in socialsecrets and ent in socialsecrets["entityId"]:
if "secret" in socialsecrets:
res[ent] = socialsecrets["secret"]
except Exception as exp:
logger.warning('The secrets in the metadata cannot med used for the sp: ' + ent,
exc_info=True)
self._ava.update(res)
def from_jwt(self, txt, key=None, verify=True, keyjar=None, **kwargs):
"""
Given a signed and/or encrypted JWT, verify its correctness and then
create a class instance from the content.
:param txt: The JWT
:param key: keys that might be used to decrypt and/or verify the
signature of the JWT
:param verify: Whether the signature should be verified or not
:return: A class instance
"""
if key is None and keyjar is not None:
key = keyjar.get_verify_key(owner="")
elif key is None:
key = {}
header = json.loads(b64d(str(txt.split(".")[0])))
try:
htype = header["typ"]
except KeyError:
htype = None
jso = None
if htype == "JWE" or ("alg" in header and "enc" in header): # encrypted
if keyjar:
dkeys = keyjar.get_decrypt_key(owner="")
else:
dkeys = {}
txt = jwe.decrypt(txt, dkeys, "private")
try:
jso = json.loads(txt)
except Exception:
pass
# assume htype == 'JWS'
if not jso:
try:
jso = jwkest.unpack(txt)[1]
if isinstance(jso, basestring):
jso = json.loads(jso)
if verify:
if keyjar:
for ent in ["iss", "aud", "client_id"]:
if ent not in jso:
continue
if ent == "aud":
for _e in jso[ent]:
self._add_key(keyjar, _e, key)
else:
self._add_key(keyjar, jso[ent], key)
jws.verify(txt, key)
except Exception:
raise
return self.from_dict(jso)
def from_jwe(self, msg, keys):
"""
Decrypt an encrypted JWT and load the JSON object that was the body of the JWT into this object.
:param msg: An encrypted JWT
:param keys: Dictionary, keys are key type and key is the value or simple list.
:return: The decrypted message. If decryption failed an exception will be raised.
"""
if isinstance(keys, dict):
keys = keyitems2keyreps(keys)
jwe = JWE()
_res = jwe.decrypt(msg, keys)
return self.from_json(_res.decode())
def from_jwe(self, msg, keys):
"""
Decrypt an encrypted JWT and load the JSON object that was the body
of the JWT into this object.
:param msg: An encrypted JWT
:param keys: Dictionary, keys are key type and key is the value or
simple list.
:return: The decrypted message. If decryption failed an exception
will be raised.
"""
if isinstance(keys, dict):
keys = keyitems2keyreps(keys)
jwe = JWE()
_res = jwe.decrypt(msg, keys)
return self.from_json(_res.decode())
def _func(self, conv):
client = conv.client
for instance, msg in conv.protocol_response:
if isinstance(instance, message.AccessTokenResponse):
_dic = json.loads(msg)
header = json.loads(b64d(str(_dic["id_token"].split(".")[0])))
try:
assert header["alg"].startswith("RSA")
except AssertionError:
self._status = self.status
break
dkeys = client.keyjar.get_decrypt_key(owner="")
txt = decrypt(_dic["id_token"], dkeys, "private")
_tmp = unpack(txt)[0]
try:
assert _tmp["alg"] == "RS256"
except AssertionError:
self._status = self.status
break
return {}
def from_jwe(self, msg, keys):
krs = keyitems2keyreps(keys)
jwe = JWE()
_res = jwe.decrypt(msg, krs)
return self.from_json(_res[0].decode())
print >> sys.stderr, "Missing private key to decrypt with"
exit()
elif args.jwk_file:
keys = assign(load_jwks(open(args.jwk_file).read()))
if args.mode == "private":
print >> sys.stderr, "Missing private key to decrypt with"
exit()
elif args.x509_url:
keys = assign(load_x509_cert(lrequest, args.x509_url))
if args.mode == "private":
print >> sys.stderr, "Missing private key to decrypt with"
exit()
elif args.x509_file:
keys = {"rsa": [x509_rsa_loads(open(args.x509_file).read())]}
if args.mode == "private":
print >> sys.stderr, "Missing private key to decrypt with"
exit()
elif args.rsa_file:
keys = {"rsa": [rsa_load(args.rsa_file)]}
else:
print >> sys.stderr, "Needs encryption key"
exit()
if args.file:
msg = open(args.file).read()
msg = msg.strip("\n\r")
else:
msg = args.message
print decrypt(msg, keys, args.mode, debug=args.debug)
def from_jwe(self, msg, keys):
krs = keyitems2keyreps(keys)
jwe = JWE()
_res = jwe.decrypt(msg, krs)
return self.from_json(_res[0].decode())
