def gen_certificate(self, email, ua_pub_key):
ttl = time() + self.app.config.get('auth.cert_ttl_in_secs', 86400)
certificate_info = {
'exp': ttl,
'iss': self.app.config.get('auth.issuer', 'UNDEFINED'),
'moz-vep-id': email,
'moz-vep-purpose': self.app.config.get('auth.purpose', ''),
'moz-vep-publicKey': ua_pub_key
}
jws = JWS(config = self.app.config)
return jws.sign(certificate_info)
def verify(self, request, **kw):
""" Verify an IAR.
"""
body = ''
jws = JWS(config = self.app.config)
(content_type, template) = self.get_template_from_request(request)
if not jws.verify(request.params.get('iar', '')):
body = template.render(
request = request,
config = self.app.config,
error = self.error_codes.get('INVALID'))
else:
body = template.render(request = request,
config = self.app.config)
return Response(str(body), content_type = content_type)
def refresh_certificate(self, request, **kw):
""" Refresh a given's certificate """
jws = JWS(config = self.app.config)
error = None
response = None
(content_type, template) = self.get_template_from_request(request)
uid = self.get_session_uid(request)
pub_key = request.params.get('pubkey')
if pub_key is None:
logger.warn("Request missing pubkey argument")
raise HTTPBadRequest()
try:
cert_info = jws.parse(request.params.get('certificate', None))
if cert_info is None:
logger.error('Certificat information missing from request')
raise HTTPBadRequest()
except JWSException, ex:
logger.error('Could not parse JWS object: %s ' % str(ex))
raise HTTPBadRequest()
class TestJWS(unittest.TestCase):
# Please use valid credentials and targets
good_credentials = {'email': '*****@*****.**',
'password': '******'}
default_params = {'sid': '123abc',
'output': 'json',
'audience': 'test.example.com'}
user_info = {'uid': 'test_api_1',
'pemail': '*****@*****.**',
'emails': {'*****@*****.**': {'state': 'verified'},
'*****@*****.**': {'state': 'pending'}}
}
config = {
'oidstorage.backend': 'oidserver.storage.memory.MemoryStorage',
'oid.host': 'http://*****:*****@example.org',
'oid.reply_to': '*****@*****.**',
'oid.admin_page': True,
'test.nomail': True,
'global.debug_page': '__debug__',
'jws.rsa_key_path': 'oidserver/tests/keys/test_rsa'
}
payload = {'a':1, 'b':2}
# TO GENERATE A PUBLIC KEY:
test_rsa_public = None;
fake_sbs = 'test_string'
## API Entry points:
# get_certificate x
# refresh_certificate x
# validate/....
#
## Admin entry points
# verify_address
#
## beaker is being stupid and overwriting session information
beaker_is_being_stupid = True
extra_environ = {'beaker.session': {'uid': 'test_api_1'}}
session = {}
def setUp(self, **kw):
# use a default 'dummy' config file.
self.app = TestApp(make_app(self.config))
self.app.reset()
self.jws = JWS(config = self.config)
def test_sign_HS256(self):
alg = 'HS256'
header = self.jws.header(alg)
sbs = "%s.%s" % (base64.urlsafe_b64encode(cjson.encode(header)),
self.fake_sbs)
signed = self.jws._sign_HS(alg, header, sbs)
(header_str, payload_str, sig_str) = signed.split('.')
self.failUnless(self.jws._verify_HS(alg,
base64.urlsafe_b64decode(header_str),
"%s.%s" % (header_str, payload_str),
sig_str))
def test_sign_RS256(self):
alg = 'RS256'
#jku = URL to public keys.
rsa = RSA.load_key(self.config.get('jws.rsa_key_path'))
#testKey = {'e': int(rsa.e.encode('hex'), 16),
# 'n': int(rsa.n.encode('hex'), 16)}
testKey = {'e': rsa.e, 'n': rsa.n}
## Don't store the public key, Needs to be "fetched" from a known
## location
header = self.jws.header(alg = alg)
sbs = "%s.%s" % (base64.urlsafe_b64encode(cjson.encode(header)),
self.fake_sbs)
signed = self.jws._sign_RS(alg, header, sbs)
# trim off the fake "sbs"
(sbs, sig_str) = signed.rsplit('.',1)
self.failUnless(self.jws._verify_RS(alg, header,
sbs,
sig_str,
testKey = testKey))
def setUp(self, **kw):
# use a default 'dummy' config file.
self.app = TestApp(make_app(self.config))
self.app.reset()
self.jws = JWS(config = self.config)
