def __init__(self, entity_id, trusted_roots, authority_hints=None, default_lifetime=86400, httpd=None, priority=None, entity_type='', opponent_entity_type='', registration_type='', cwd='', httpc_params=None, config=None): OidcContext.__init__(self, config, entity_id=entity_id) self.collector = Collector(trust_anchors=trusted_roots, http_cli=httpd, cwd=cwd, httpc_params=httpc_params, db_conf=self.db_conf) self.entity_id = entity_id self.entity_type = entity_type self.opponent_entity_type = opponent_entity_type for iss, jwks in trusted_roots.items(): self.keyjar.import_jwks(jwks, iss) self.authority_hints = authority_hints self.default_lifetime = default_lifetime self.tr_priority = priority or sorted(set(trusted_roots.keys())) self.registration_type = registration_type
def __init__(self, entity_id="", trusted_roots=None, authority_hints=None, default_lifetime=86400, httpd=None, priority=None, entity_type='', opponent_entity_type='', registration_type='', cwd='', httpc_params=None, config=None): if config is None: config = {} self.entity_id = entity_id or config["entity_id"] OidcContext.__init__(self, config, entity_id=self.entity_id) self.entity_type = entity_type or config.get("entity_type") self.opponent_entity_type = opponent_entity_type or config.get( "opponent_entity_type", "") self.registration_type = registration_type or config.get( "registration_type", "") self.default_lifetime = default_lifetime or config.get( "default_lifetime", 0) self.httpc_params = httpc_params or config.get("httpc_params", {}) if not trusted_roots: trusted_roots = json.loads(open(config["trusted_roots"]).read()) self.collector = Collector(trust_anchors=trusted_roots, http_cli=httpd, cwd=cwd, httpc_params=self.httpc_params) for iss, jwks in trusted_roots.items(): self.keyjar.import_jwks(jwks, iss) if authority_hints is not None: self.authority_hints = authority_hints elif "authority_hints" in config: self.authority_hints = json.loads( open(config["authority_hints"]).read()) else: raise ConfigurationError("Missing authority_hints specification") if priority: self.tr_priority = priority elif 'priority' in config: self.tr_priority = config["priority"] else: self.tr_priority = sorted(set(trusted_roots.keys()))
def __init__(self, config: Union[dict, Configuration], entity_id: str = "", server_get: Callable = None, keyjar: Optional[KeyJar] = None, authority_hints: Optional[Union[List[str], str]] = None, default_lifetime: Optional[int] = 86400, priority: Optional[List[str]] = None, entity_type: Optional[str] = '', opponent_entity_type: Optional[str] = '', registration_type: Optional[str] = '', trust_marks: Optional[List[str]] = None): self.config = config self.server_get = server_get self.entity_id = entity_id or config.get("entity_id") OidcContext.__init__(self, config, keyjar, entity_id=self.entity_id) self.entity_type = entity_type or config.get("entity_type") self.opponent_entity_type = opponent_entity_type or config.get( "opponent_entity_type", "") self.registration_type = registration_type or config.get( "registration_type", "") self.default_lifetime = default_lifetime or config.get( "default_lifetime", 0) self.trust_mark_issuer = None self.signed_trust_marks = [] self.trust_marks = trust_marks or config.get("trust_marks", []) _trusted_roots = config.get("trusted_roots") if _trusted_roots is None: # Must be trust anchor then self.trusted_roots = {} elif isinstance(_trusted_roots, str): self.trusted_roots = json.loads(open(_trusted_roots).read()) else: self.trusted_roots = _trusted_roots # Store own keys in the key jar under the entity's ID self.keyjar.import_jwks(self.keyjar.export_jwks(private=True), issuer_id=self.entity_id) for iss, jwks in self.trusted_roots.items(): self.keyjar.import_jwks(jwks, iss) if authority_hints is not None: self.authority_hints = authority_hints else: _hints = config.get("authority_hints") if _hints is None: print(f"{_hints}, {self.trusted_roots}") # if self.trusted_roots != {}: # raise ConfigurationError("Missing authority_hints specification") self.authority_hints = [] elif isinstance(_hints, str): self.authority_hints = json.loads(open(_hints).read()) else: self.authority_hints = _hints if priority: self.tr_priority = priority elif 'priority' in config: self.tr_priority = config["priority"] else: self.tr_priority = sorted(set(self.trusted_roots.keys())) _sstm = config.get("self_signed_trust_marks") if _sstm: self.signed_trust_marks = create_self_signed_trust_marks( entity_id=self.entity_id, keyjar=self.keyjar, spec=_sstm)
def __init__( self, conf: Union[dict, OPConfiguration], keyjar: Optional[KeyJar] = None, cwd: Optional[str] = "", cookie_handler: Optional[Any] = None, httpc: Optional[Any] = None, ): OidcContext.__init__(self, conf, keyjar, entity_id=conf.get("issuer", "")) self.conf = conf # For my Dev environment self.cdb = {} self.jti_db = {} self.registration_access_token = {} # self.session_db = {} self.cwd = cwd # Default values, to be changed below depending on configuration # arguments for endpoints add-ons self.args = {} self.authn_broker = None self.authz = None self.cookie_handler = cookie_handler self.endpoint_to_authn_method = {} self.httpc = httpc or requests self.idtoken = None self.issuer = "" self.jwks_uri = None self.login_hint_lookup = None self.login_hint2acrs = None self.par_db = {} self.provider_info = {} self.scope2claims = SCOPE2CLAIMS self.session_manager = None self.sso_ttl = 14400 # 4h self.symkey = rndstr(24) self.template_handler = None self.token_args_methods = [] self.userinfo = None for param in [ "issuer", "sso_ttl", "symkey", "client_authn", # "id_token_schema", ]: try: setattr(self, param, conf[param]) except KeyError: pass self.th_args = get_token_handler_args(conf) # session db self._sub_func = {} self.do_sub_func() _handler = conf.get("template_handler") if _handler: self.template_handler = _handler else: _loader = conf.get("template_loader") if _loader is None: _template_dir = conf.get("template_dir") if _template_dir: _loader = Environment(loader=FileSystemLoader(_template_dir), autoescape=True) if _loader: self.template_handler = Jinja2TemplateHandler(_loader) # self.setup = {} _keys_conf = conf.get("keys") if _keys_conf: jwks_uri_path = _keys_conf["uri_path"] if self.issuer.endswith("/"): self.jwks_uri = "{}{}".format(self.issuer, jwks_uri_path) else: self.jwks_uri = "{}/{}".format(self.issuer, jwks_uri_path) for item in [ "cookie_handler", "authentication", "id_token", "scope2claims", ]: _func = getattr(self, "do_{}".format(item), None) if _func: _func() for item in ["login_hint2acrs"]: _func = getattr(self, "do_{}".format(item), None) if _func: _func() # which signing/encryption algorithms to use in what context self.jwx_def = {} # The HTTP clients request arguments _cnf = conf.get("httpc_params") if _cnf: self.httpc_params = get_http_params(_cnf) else: # Backward compatibility self.httpc_params = {"verify": conf.get("verify_ssl", True)} self.set_scopes_handler() self.dev_auth_db = None self.claims_interface = None
def __init__(self, base_url="", keyjar=None, config=None, state=None, **kwargs): if config is None: config = {} self.config = config OidcContext.__init__(self, config, keyjar, entity_id=config.get('client_id', '')) self.state = state or StateInterface() self.kid = {"sig": {}, "enc": {}} self.base_url = base_url # Below so my IDE won't complain self.allow = {} self.client_preferences = {} self.args = {} self.add_on = {} self.hash2issuer = {} self.httpc_params = {} self.issuer = "" self.client_id = "" self.client_secret = "" self.client_secret_expires_at = 0 self.behaviour = {} self.provider_info = {} self.post_logout_redirect_uris = [] self.redirect_uris = [] self.register_args = {} self.registration_response = {} self.requests_dir = '' _def_value = copy.deepcopy(DEFAULT_VALUE) # Dynamic information for param in ['client_secret', 'client_id', 'redirect_uris', 'provider_info', 'behaviour', 'callback', 'issuer']: _val = config.get(param, _def_value[param]) self.set(param, _val) if param == 'client_secret' and _val: self.keyjar.add_symmetric('', _val) if not self.issuer: self.issuer = self.provider_info.get("issuer", "") try: self.clock_skew = config['clock_skew'] except KeyError: self.clock_skew = 15 _seed = config.get("hash_seed") if _seed: self.hash_seed = as_bytes(_seed) else: self.hash_seed = as_bytes(rndstr(32)) for key, val in kwargs.items(): setattr(self, key, val) for attr in ['base_url', 'requests_dir', 'allow', 'client_preferences', 'verify_args']: try: setattr(self, attr, config[attr]) except KeyError: pass for attr in RegistrationRequest.c_param: try: self.register_args[attr] = config[attr] except KeyError: pass if self.requests_dir: # make sure the path exists. If not, then make it. if not os.path.isdir(self.requests_dir): os.makedirs(self.requests_dir) # The name of the attribute used to be keys. Is not key_conf _key_conf = config.get('keys', config.get('key_conf')) if _key_conf: self.import_keys(_key_conf)