def init_keyjar():
# Keys that are kept by the AS
kb = KeyBundle()
kb.do_keys(JWKS["keys"])
keyjar = KeyJar()
keyjar.add_kb('', kb)
return keyjar
def init_keyjar():
# Keys that are kept by the AS
kb = KeyBundle()
kb.do_keys(JWKS["keys"])
keyjar = KeyJar()
keyjar.add_kb('', kb)
return keyjar
def store_key(self, key):
kb = KeyBundle()
kb.do_keys([key])
# Store key with thumbprint as key
key_thumbprint = b64e(kb.keys()[0].thumbprint("SHA-256")).decode("utf8")
self.thumbprint2key[key_thumbprint] = key
return key_thumbprint
def store_key(self, key):
kb = KeyBundle()
kb.do_keys([key])
# Store key with thumbprint as key
key_thumbprint = b64e(kb.keys()[0].thumbprint('SHA-256')).decode(
'utf8')
self.thumbprint2key[key_thumbprint] = key
return key_thumbprint
def test_reload():
"""Emulate what happens if you fetch keys from a remote site and you get back the same JWKS as the last time."""
_jwks = JWK0
kb = KeyBundle()
kb.imp_jwks = _jwks
kb.do_keys(kb.imp_jwks["keys"])
assert len(kb) == 1
kb.do_keys(kb.imp_jwks["keys"])
assert len(kb) == 1
def test_reload():
"""
Emulates what happens if you fetch keys from a remote site and
you get back the same JWKS as the last time.
"""
_jwks = JWK0
kb = KeyBundle()
kb.imp_jwks = _jwks
kb.do_keys(kb.imp_jwks['keys'])
assert len(kb) == 1
kb.do_keys(kb.imp_jwks['keys'])
assert len(kb) == 1
def add_software_statement(oper, arg):
argkeys = list(arg.keys())
kwargs = {}
tre = oper.conf.TRUSTED_REGISTRATION_ENTITY
iss = tre['iss']
kb = KeyBundle()
kb.imp_jwks = json.load(open(tre['jwks']))
kb.do_keys(kb.imp_jwks['keys'])
oper.conv.entity.keyjar.add_kb(iss, kb)
if arg['redirect_uris'] is None:
kwargs['redirect_uris'] = oper.conv.entity.redirect_uris
else:
kwargs['redirect_uris'] = arg['redirect_uris']
argkeys.remove('redirect_uris')
if 'jwks_uri' in argkeys:
if arg['jwks_uri'] is None:
kwargs['jwks_uri'] = oper.conv.entity.jwks_uri
else:
kwargs['jwks_uri'] = arg['jwks_uri']
argkeys.remove('jwks_uri')
elif 'jwks' in argkeys:
if arg['jwks'] is None:
kwargs['jwks'] = {
"keys": oper.conv.entity.keyjar.dump_issuer_keys("")
}
else:
kwargs['jwks'] = arg['jwks']
argkeys.remove('jwks')
for a in argkeys:
kwargs[a] = arg[a]
oper.req_args['software_statement'] = make_software_statement(
oper.conv.entity.keyjar, iss=iss, owner=iss, **kwargs)
def add_software_statement(oper, arg):
argkeys = list(arg.keys())
kwargs = {}
tre = oper.conf.TRUSTED_REGISTRATION_ENTITY
iss = tre['iss']
kb = KeyBundle()
kb.imp_jwks = json.load(open(tre['jwks']))
kb.do_keys(kb.imp_jwks['keys'])
oper.conv.entity.keyjar.add_kb(iss, kb)
if arg['redirect_uris'] is None:
kwargs['redirect_uris'] = oper.conv.entity.redirect_uris
else:
kwargs['redirect_uris'] = arg['redirect_uris']
argkeys.remove('redirect_uris')
if 'jwks_uri' in argkeys:
if arg['jwks_uri'] is None:
kwargs['jwks_uri'] = oper.conv.entity.jwks_uri
else:
kwargs['jwks_uri'] = arg['jwks_uri']
argkeys.remove('jwks_uri')
elif 'jwks' in argkeys:
if arg['jwks'] is None:
kwargs['jwks'] = {
"keys": oper.conv.entity.keyjar.dump_issuer_keys("")}
else:
kwargs['jwks'] = arg['jwks']
argkeys.remove('jwks')
for a in argkeys:
kwargs[a] = arg[a]
oper.req_args['software_statement'] = make_software_statement(
oper.conv.entity.keyjar, iss=iss, owner=iss, **kwargs)
OAS.baseurl = "%s:%d" % (config.baseurl, args.port)
if not OAS.baseurl.endswith("/"):
OAS.baseurl += "/"
# load extra keys
try:
extern = config.TRUSTED_REGISTRATION_ENTITIES
except AttributeError:
pass
else:
for ent in extern:
iss = ent['iss']
kb = KeyBundle()
kb.imp_jwks = json.load(open(ent['jwks']))
kb.do_keys(kb.imp_jwks['keys'])
OAS.keyjar.add_kb(iss, kb)
LOGGER.debug("URLS: '%s" % (URLS,))
# Initiate the web server
SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', args.port), application)
https = ""
if config.SERVICE_URL.startswith("https"):
https = " using HTTPS"
# SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
# config.SERVER_CERT, config.SERVER_KEY, config.CERT_CHAIN)
SRV.ssl_adapter = BuiltinSSLAdapter(config.SERVER_CERT,
config.SERVER_KEY,
config.CERT_CHAIN)
oas.baseurl = "%s:%d" % (config.baseurl, args.port)
if not oas.baseurl.endswith("/"):
oas.baseurl += "/"
# load extra keys
try:
extern = config.TRUSTED_REGISTRATION_ENTITIES
except AttributeError:
pass
else:
for ent in extern:
iss = ent['iss']
kb = KeyBundle()
kb.imp_jwks = json.load(open(ent['jwks']))
kb.do_keys(kb.imp_jwks['keys'])
oas.keyjar.add_kb(iss, kb)
_app = Application(oas)
# Initiate the web server
SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', args.port),
_app.application)
https = ""
if config.SERVICE_URL.startswith("https"):
https = " using HTTPS"
# SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
# config.SERVER_CERT, config.SERVER_KEY, config.CERT_CHAIN)
SRV.ssl_adapter = BuiltinSSLAdapter(config.SERVER_CERT,
config.SERVER_KEY,
config.CERT_CHAIN)
