def create_provider(self):
self.provider = SWSProvider("pyoicserv",
SessionDB(OP_ISSUER),
CDB,
AUTHN_BROKER,
None,
AUTHZ,
verify_client,
SYMKEY,
trusted_domains=[SOFTWARE_API_PUBLISHER_URL],
urlmap=None,
keyjar=KEYJAR)
# "template_args": {"form_post": {"action": "form_post"}}
}
# Should I care about verifying the certificates used by other entities
if ARGS.insecure:
KWARGS["verify_ssl"] = False
else:
KWARGS["verify_ssl"] = True
if ARGS.capabilities:
KWARGS["capabilities"] = json.loads(open(ARGS.capabilities).read())
else:
pass
OAS = SWSProvider(CONFIG.ISSUER, SessionDB(CONFIG.BASEURL), CDB, AC, None,
AUTHZ, verify_client, CONFIG.SYM_KEY, CONFIG.TRUSTED_CERT_DOMAINS,
verify_signer_ssl=CONFIG.VERIFY_SIGNER_SSL, **KWARGS)
OAS.baseurl = CONFIG.ISSUER
for authn in AC:
authn.srv = OAS
if CONFIG.USERINFO == "SIMPLE":
# User info is a simple dictionary in this case statically defined in
# the configuration file
OAS.userinfo = UserInfo(CONFIG.USERDB)
elif CONFIG.USERINFO == "SAML":
OAS.userinfo = UserInfo(CONFIG.SAML)
elif CONFIG.USERINFO == "AA":
OAS.userinfo = AaUserInfo(CONFIG.SP_CONFIG, CONFIG.ISSUER, CONFIG.SAML)
class TestProvider:
@pytest.fixture(autouse=True)
def create_provider(self):
self.provider = SWSProvider("pyoicserv",
SessionDB(OP_ISSUER),
CDB,
AUTHN_BROKER,
None,
AUTHZ,
verify_client,
SYMKEY,
trusted_domains=[SOFTWARE_API_PUBLISHER_URL],
urlmap=None,
keyjar=KEYJAR)
def generate_sws_request_info(self, sws_content=None):
sws_jwts, _ = generate_signed_sws(sws_content=sws_content)
unpacked_request = create_unpacked_reg_request_dict(CLIENT_ID,
request={"software_statement": str(
sws_jwts)})
sws_message, _ = self.provider._retrieve_software_statement(unpacked_request)
return sws_message, unpacked_request
@staticmethod
def set_software_api_publisher_response():
responses.add(responses.GET,
SOFTWARE_API_PUBLISHER_URL,
body=KC_RSA.jwks(),
status=200,
content_type='application/json')
def test_set_sws_chache(self):
sws_id = "sws_id"
sws_message, unpacked_request = self.generate_sws_request_info()
self.provider.update_registered_data(sws_id, sws_message, unpacked_request)
assert self.provider.cdb[CLIENT_ID][SWS_CACHE_KEY] == sws_id
@pytest.mark.parametrize("sws_data", ["client_id",
"client_secret",
"registration_access_token",
"registration_client_uri",
"client_secret_expires_at",
"client_id_issued_at"])
def test_should_not_overwrite_reg_attributes_with_sws_attributes(self, sws_data):
sws_value = "SWS_VALUE"
sws_message, unpacked_request = self.generate_sws_request_info(
sws_content={sws_data: sws_value})
self.provider.update_registered_data(None, sws_message, unpacked_request)
database_info = self.provider.cdb[CLIENT_ID][sws_data]
assert database_info != sws_value
def test_client_secret_is_persistent_after_multiple_update_registered_data(self):
sws_message, unpacked_request = self.generate_sws_request_info()
self.provider.update_registered_data(None, sws_message, unpacked_request)
client_secret_1 = self.provider.cdb[CLIENT_ID]['client_secret']
self.provider.update_registered_data(None, sws_message, unpacked_request)
client_secret_2 = self.provider.cdb[CLIENT_ID]['client_secret']
assert client_secret_1 == client_secret_2
@responses.activate
def test_sws_as_client_id_authorization_end_point(self):
self.set_software_api_publisher_response()
software_statement, sws_content = generate_signed_sws()
state = "id-6da9ca0cc23959f5f33e8becd9b08cae"
authorization_request = {"scope": ["openid"],
"state": state,
"redirect_uri": SOFTWARE_API_PUBLISHER_URL,
"response_type": ["code"],
"client_id": str(software_statement),
"nonce": "Nonce"}
unpacked_request = create_unpacked_reg_request_dict(client_id=str(software_statement),
request={"software_statement": str(
software_statement)})
assert not self.provider.is_in_cache(unpacked_request)
response = self.provider.authorization_endpoint(request=json.dumps(authorization_request))
assert self.provider.is_in_cache(unpacked_request)
parsed_response = parse_qs(urlparse(response.message).query)
assert parsed_response["state"][0] == state
@responses.activate
def test_if_sws_is_added_to_cache_in_registration_endpoint(self):
self.set_software_api_publisher_response()
sws_message, sws_content = generate_signed_sws()
request = json.dumps({"software_statement": str(sws_message)})
resp = self.provider.registration_endpoint(request)
client_id = json.loads(resp.message)['client_id']
registration_request = create_unpacked_reg_request_dict(client_id, request)
assert self.provider.is_in_cache(registration_request)
@responses.activate
def test_check_if_unknown_registration_request_is_in_cache(self):
software_statement, sws_content = generate_signed_sws()
request = {"software_statement": str(software_statement)}
registration_request = create_unpacked_reg_request_dict(client_id="UNKNOWN_CLIENT_ID",
request=json.dumps(request))
assert not self.provider.is_in_cache(registration_request)
def test_missing_software_statement_at_registration_request(self):
with pytest.raises(MissingRequiredAttribute):
self.provider.registration_endpoint('{"application_type": "web"}')
@responses.activate
def test_retrieve_software_statement_with_valid_signature(self):
self.set_software_api_publisher_response()
software_statement, sws_content = generate_signed_sws()
sws_message = self.provider.parse_software_statement_as_jwt(software_statement)
assert SWSMessage(**sws_content) == sws_message
@responses.activate
def test_retrieve_software_statement_with_invalid_signature(self):
self.set_software_api_publisher_response()
software_statement, _ = generate_signed_sws(key_file="private_2.key")
with pytest.raises(BadSignature):
self.provider.parse_software_statement_as_jwt(software_statement)
@responses.activate
@patch("oic.oic.provider.Provider.registration_endpoint")
def test_unpack_sws_and_overwrite_registration_request_info(self,
super_registration_endpoint_mock):
self.set_software_api_publisher_response()
software_statement, sws_content = generate_signed_sws()
url_to_overwrite = "https://localhost"
request = {"redirect_uris": [url_to_overwrite],
"application_type": "web",
"software_statement": str(software_statement)}
self.provider.registration_endpoint(json.dumps(request))
# Get argument which the super class where called with
unpacked_registration_request = super_registration_endpoint_mock.mock_calls[0][1][0]
assert url_to_overwrite != sws_content['redirect_uris']
assert unpacked_registration_request['redirect_uris'] == sws_content['redirect_uris']
