def sign_compact(self, keys=None): """ Produce a JWS using the JWS Compact Serialization :param keys: A dictionary of keys :return: """ try: _alg = self["alg"] except KeyError: self["alg"] = _alg = "none" else: if not _alg: self["alg"] = _alg = "none" if keys: keys = self._pick_keys(keys, use="sig", alg=_alg) else: keys = self._pick_keys(self._get_keys(), use="sig", alg=_alg) xargs = {"alg": _alg} if keys: key = keys[0] if key.kid: xargs["kid"] = key.kid elif not _alg or _alg.lower() == "none": key = None else: if "kid" in self: raise NoSuitableSigningKeys( "No key for algorithm: %s with kid: %s" % (_alg, self["kid"])) else: raise NoSuitableSigningKeys("No key for algorithm: %s" % _alg) jwt = JWSig(**xargs) if _alg == "none": return jwt.pack(parts=[self.msg, ""]) # All other cases try: _signer = SIGNER_ALGS[_alg] except KeyError: raise UnknownAlgorithm(_alg) _input = b".".join([b64encode_item(xargs), b64encode_item(self.msg)]) sig = _signer.sign(_input, key.get_key(alg=_alg, private=True)) logger.debug("Signed message using key with kid=%s" % key.kid) return jwt.pack(parts=[self.msg, sig])
def sign_compact(self, keys=None, protected=None): """ Produce a JWS using the JWS Compact Serialization :param keys: A dictionary of keys :param protected: The protected headers (a dictionary) :return: """ key, xargs, _alg = self.alg_keys(keys, 'sig', protected) if "typ" in self: xargs["typ"] = self["typ"] jwt = JWSig(**xargs) if _alg == "none": return jwt.pack(parts=[self.msg, ""]) # All other cases try: _signer = SIGNER_ALGS[_alg] except KeyError: raise UnknownAlgorithm(_alg) _input = jwt.pack(parts=[self.msg]) sig = _signer.sign(_input.encode("utf-8"), key.get_key(alg=_alg, private=True)) logger.debug("Signed message using key with kid=%s" % key.kid) return ".".join([_input, b64encode_item(sig).decode("utf-8")])
def prepare_access_token_body(self, client_key=None, tamper_message=False, expiration_datetime=None, issue_datetime=None, nonce=None, issuer=None): """ Prepares a provider access token response. Note: We only override this method to force the JWS class to use the HS256 algorithm. """ body = {'access_token': 'foobar', 'token_type': 'bearer'} client_key = client_key or self.client_key now = datetime.datetime.utcnow() expiration_datetime = expiration_datetime or ( now + datetime.timedelta(seconds=30)) issue_datetime = issue_datetime or now nonce = nonce or 'a-nonce' issuer = issuer or self.issuer id_token = self.get_id_token( client_key, timegm(expiration_datetime.utctimetuple()), timegm(issue_datetime.utctimetuple()), nonce, issuer) body['id_token'] = JWS(id_token, jwk=self.key, alg='HS256').sign_compact() if tamper_message: header, msg, sig = body['id_token'].split('.') id_token['sub'] = '1235' msg = b64encode_item(id_token).decode('utf-8') body['id_token'] = '.'.join([header, msg, sig]) return json.dumps(body)
def prepare_access_token_body(self, client_key=None, tamper_message=False, expiration_datetime=None, issue_datetime=None, nonce=None, issuer=None): body = {'access_token': 'foobar', 'token_type': 'bearer'} client_key = client_key or self.client_key now = datetime.datetime.utcnow() expiration_datetime = expiration_datetime or ( now + datetime.timedelta(seconds=30)) issue_datetime = issue_datetime or now id_token = self.get_id_token( client_key, timegm(expiration_datetime.utctimetuple()), timegm(issue_datetime.utctimetuple())) key = SYMKey(key=self.jwt_secret, alg='HS256') body['access_token'] = JWS(id_token, jwk=key, alg='HS256').sign_compact() if tamper_message: header, msg, sig = body['id_token'].split('.') id_token['sub'] = '1235' msg = b64encode_item(id_token).decode('utf-8') body['access_token'] = '.'.join([header, msg, sig]) return json.dumps(body)
def prepare_access_token_body(self, client_key=None, tamper_message=False, expiration_datetime=None, issue_datetime=None, nonce=None, issuer=None): """ Prepares a provider access token response. Arguments: client_id -- (str) OAuth ID for the client that requested authentication. expiration_time -- (datetime) Date and time after which the response should be considered invalid. """ body = {'access_token': 'foobar', 'token_type': 'bearer'} client_key = client_key or self.client_key now = datetime.datetime.utcnow() expiration_datetime = expiration_datetime or \ (now + datetime.timedelta(seconds=30)) issue_datetime = issue_datetime or now nonce = nonce or 'a-nonce' issuer = issuer or self.issuer id_token = self.get_id_token( client_key, timegm(expiration_datetime.utctimetuple()), timegm(issue_datetime.utctimetuple()), nonce, issuer) body['id_token'] = JWS(id_token, jwk=self.key, alg='RS256').sign_compact() if tamper_message: header, msg, sig = body['id_token'].split('.') id_token['sub'] = '1235' msg = b64encode_item(id_token).decode('utf-8') body['id_token'] = '.'.join([header, msg, sig]) return json.dumps(body)
def prepare_access_token_body(self, client_key=None, tamper_message=False, expiration_datetime=None, issue_datetime=None, nonce=None, issuer=None): body = {'access_token': 'foobar', 'token_type': 'bearer'} client_key = client_key or self.client_key now = datetime.datetime.utcnow() expiration_datetime = expiration_datetime or (now + datetime.timedelta(seconds=30)) issue_datetime = issue_datetime or now id_token = self.get_id_token( client_key, timegm(expiration_datetime.utctimetuple()), timegm(issue_datetime.utctimetuple()) ) key = SYMKey(key=self.jwt_secret, alg='HS256') body['access_token'] = JWS(id_token, jwk=key, alg='HS256').sign_compact() if tamper_message: header, msg, sig = body['id_token'].split('.') id_token['sub'] = '1235' msg = b64encode_item(id_token).decode('utf-8') body['access_token'] = '.'.join([header, msg, sig]) return json.dumps(body)
def b64_encode_header(self): return b64encode_item(self.headers)