def main(config_file, args):
logging.basicConfig(level=logging.DEBUG)
config = create_from_config_file(Configuration,
entity_conf=[{
"class": OPConfiguration,
"attr": "op",
"path": ["op", "server_info"]
}],
filename=config_file,
base_path=dir_path)
app = oidc_provider_init_app(config.op, 'oidc_op')
app.logger = config.logger
web_conf = config.webserver
context = create_context(dir_path, web_conf)
if args.display:
print(
json.dumps(app.endpoint_context.provider_info,
indent=4,
sort_keys=True))
exit(0)
kwargs = {}
if context:
kwargs["ssl_context"] = context
# kwargs["request_handler"] = PeerCertWSGIRequestHandler
app.run(host=web_conf['domain'],
port=web_conf['port'],
debug=web_conf['debug'],
**kwargs)
def main(config_file, args):
logging.basicConfig(level=logging.DEBUG)
config = create_from_config_file(Configuration,
entity_conf=[{
"class": FedOpConfiguration,
"attr": "op",
"path": ["op", "server_info"]
}],
filename=config_file)
app = oidc_provider_init_app(config)
web_conf = config.webserver
context = create_context(dir_path, web_conf)
kwargs = {}
_srv_context = app.server.server_get("endpoint_context")
if args.display:
print(json.dumps(_srv_context.provider_info, indent=4, sort_keys=True))
exit(0)
if args.insecure:
_srv_context.federation_entity.collector.insecure = True
_cert = os.path.join(dir_path, lower_or_upper(web_conf, "server_cert"))
_srv_context.federation_entity.collector.web_cert_path = _cert
app.run(host=web_conf['domain'],
port=web_conf['port'],
debug=web_conf['debug'],
ssl_context=context,
**kwargs)
def test_explicit_registration(self):
config = create_from_config_file(
Configuration,
entity_conf=[{
"class": FedRPConfiguration,
"attr": "rp"
}],
filename=full_path('conf_foodle.uninett.no.yaml'),
base_path=BASE_PATH)
config.rp.federation.web_cert_path = "{}/{}".format(
dir_path, lower_or_upper(config.web_conf, "server_cert"))
rph = init_oidc_rp_handler(config.rp, BASE_PATH)
rp = rph.init_client('ntnu')
rp.client_get(
"service_context").federation_entity.collector = DummyCollector(
httpd=Publisher(ROOT_DIR),
trusted_roots=ANCHOR,
root_dir=ROOT_DIR)
_service = rp.client_get("service", 'provider_info')
args = self.provider_endpoint.process_request()
info = self.provider_endpoint.do_response(**args)
_resp = _service.parse_response(info["response"])
with responses.RequestsMock() as rsps:
_jwks = open(
os.path.join(BASE_PATH, 'base_data', 'ntnu.no', 'op.ntnu.no',
'jwks.json')).read()
rsps.add("GET",
"https://op.ntnu.no/static/jwks.json",
body=_jwks,
adding_headers={"Content-Type": "application/json"},
status=200)
_service.update_service_context(_resp)
# Do the client registration request
# First let the client construct the client registration request
_service = rp.client_get("service", 'registration')
_request_args = _service.get_request_parameters()
# send it to the provider
args = self.registration_endpoint.process_request(
_request_args["body"])
response_args = self.provider_endpoint.do_response(**args)
# Let the client deal with the response from the provider
_resp = _service.parse_response(response_args["response"],
request=_request_args["body"])
_service.update_service_context(_resp)
# and we're done
reg_resp = _service.client_get("service_context").get(
"registration_response")
assert reg_resp["token_endpoint_auth_method"] == "private_key_jwt"
def test_server_configure():
configuration = create_from_config_file(
Configuration,
entity_conf=[{
"class": OPConfiguration,
"attr": "op",
"path": ["op", "server_info"]
}],
filename=full_path("srv_config.yaml"),
base_path=BASEDIR,
)
assert configuration
assert "logger" in configuration
assert "op" in configuration
op_conf = configuration["op"]
assert "add_on" in op_conf
authz = op_conf["authz"]
assert set(authz.keys()) == {"kwargs", "class"}
id_token_conf = op_conf.get("id_token", {})
assert set(id_token_conf.keys()) == {"kwargs", "class"}
with pytest.raises(KeyError):
_ = configuration["add_on"]
assert configuration.get("add_on", {}) == {}
userinfo_conf = op_conf.get("userinfo")
assert userinfo_conf["kwargs"]["db_file"].startswith(BASEDIR)
def test_init_rp():
config = create_from_config_file(
Configuration,
entity_conf=[{
"class": FedRPConfiguration,
"attr": "rp"
}],
filename=full_path('conf_foodle.uninett.no.yaml'),
base_path=BASE_PATH)
rph = init_oidc_rp_handler(config.rp, BASE_PATH)
rp = rph.init_client('ntnu')
assert rp
def create_rph(self):
_file = os.path.join(BASE_PATH, "conf_rp_auto.yaml")
# automatic means no implicit registration
config = create_from_config_file(RPConfiguration,
entity_conf=[
{"class": FedEntityConfiguration,
"attr": "federation",
"path": ["federation"]}],
filename=_file,
base_path=BASE_PATH,
file_attributes=DEFAULT_FILE_ATTRIBUTE_NAMES)
self.rph1 = init_rp_handler(config)
self.rph2 = init_rp_handler(config)
self.subject = 'https://op.ntnu.no'
self.intermediate = 'https://ntnu.no'
self.fedop1 = 'https://feide.no'
self.fedop2 = 'https://swamid.se'
def test_op_configure_from_file():
configuration = create_from_config_file(
OPConfiguration,
filename=full_path("op_config.json"),
base_path=BASEDIR,
domain="127.0.0.1",
port=443,
)
assert configuration
assert "add_on" in configuration
authz_conf = configuration["authz"]
assert set(authz_conf.keys()) == {"kwargs", "class"}
id_token_conf = configuration.get("id_token")
assert set(id_token_conf.keys()) == {"kwargs", "class"}
with pytest.raises(KeyError):
_ = configuration["foobar"]
assert configuration.get("foobar", {}) == {}
userinfo_conf = configuration.get("userinfo")
assert userinfo_conf["kwargs"]["db_file"].startswith(BASEDIR)
def test_op_configure_default_from_file():
configuration = create_from_config_file(
OPConfiguration,
filename=full_path("op_config.json"),
base_path=BASEDIR,
domain="127.0.0.1",
port=443,
)
assert configuration
assert "add_on" in configuration
authz = configuration["authz"]
assert set(authz.keys()) == {"kwargs", "class"}
id_token_conf = configuration.get("id_token", {})
assert set(id_token_conf.keys()) == {"kwargs", "class"}
assert id_token_conf["kwargs"] == {
"base_claims": {
"email": {
"essential": True
},
"email_verified": {
"essential": True
},
}
}
def test_automatic_registration(self):
config = create_from_config_file(
Configuration,
entity_conf=[{
"class": FedRPConfiguration,
"attr": "rp"
}],
filename=full_path('conf_foodle.uninett.no.yaml'),
base_path=BASE_PATH)
rph = init_oidc_rp_handler(config.rp, BASE_PATH)
rp = rph.init_client('ntnu')
rp.client_get(
"service_context").federation_entity.collector = DummyCollector(
httpd=Publisher(ROOT_DIR),
trusted_roots=ANCHOR,
root_dir=ROOT_DIR)
_service = rp.client_get("service", 'provider_info')
# don't need to parse the request since there is none
args = self.provider_endpoint.process_request()
info = self.provider_endpoint.do_response(**args)
_resp = _service.parse_response(info["response"])
with responses.RequestsMock() as rsps:
_jwks = open(
os.path.join(BASE_PATH, 'base_data', 'ntnu.no', 'op.ntnu.no',
'jwks.json')).read()
rsps.add("GET",
"https://op.ntnu.no/static/jwks.json",
body=_jwks,
adding_headers={"Content-Type": "application/json"},
status=200)
_service.update_service_context(_resp)
# Do the client authorization request
# First let the client construct the authorization request
_service = rp.client_get("service", 'authorization')
_request_args = _service.get_request_parameters()
# send it to the provider
_req_args = parse_qs(_request_args['url'].split('?')[1])
with responses.RequestsMock() as rsps:
_jwks = open(os.path.join(BASE_PATH,
'static/jwks_auto.json')).read()
_url = 'https://foodle.uninett.no/jwks.json'
rsps.add("GET",
_url,
body=_jwks,
adding_headers={"Content-Type": "application/json"},
status=200)
_req_args = self.authorization_endpoint.parse_request(
compact(_req_args))
# need to register a user session info
args = self.authorization_endpoint.process_request(_req_args)
response_args = self.authorization_endpoint.do_response(**args)
# Let the client deal with the response from the provider
_resp = _service.parse_response(response_args["response"],
request=compact(_req_args))
_service.update_service_context(_resp)
# and we're done
assert 'trust_anchor_id' in _resp
