Skip to content
Permalink
Browse files

Damn ! Forgot to update the tests.

  • Loading branch information...
rohe committed Feb 20, 2017
1 parent f6bdce4 commit f3d69628716d589664a1a4ffd3e6006e0709b2aa
@@ -1 +1 @@
{"keys": [{"e": "AQAB", "n": "0y10VGls2zpFDrZAL2WvocMQhZnKNJdE9PGyZwF-NlHob9DbXDSwWq6S54yxmcRxgkaz_tkehCWKwZJ-hLd1TXHTNyNevDAvAQXI_ZRk2mDEFgQ8t5dLvTV4KIAYdv_JqF-lcu_8koBiQm8z0jvwFc3JpovN7BwotGL5PqgDlGc8lf8yeHIdQlmNo7LkuCW4rJvNhKyJhv9q4E8SfML9-eoGW2MgSyFSywkUx1rjpQ5QRBhjq4QX3OEGxnQt5-YIw5yQJmf9uHPykyVtLHyJ9k72MpwdSmyfzd6zfwV31LDoM1jHsIg4ATK9ycDw_pKx1txBaSrypq7RywVzBolPDw", "kty": "RSA", "use": "enc", "kid": "op0"}, {"e": "AQAB", "n": "0i-lnHsKwbx1_BVOepxpV52O20lw108vf_2BtZPwFfaml8i1H2j1jioqUUmKio-UcdFenp2-9BQVfEUdnVhb87NZmMI2xjpcrFEO3T2WLSlRWpjkggrIuNichYEZWaAlt9zVZ2OlhoJ7RzNLA6QZXRfoT-7qxfYm7n2ZjZ3I03lWSS7h1uwg3yFh8WO_xNhZEjK4o42cKWCzRlqCpZ0gdN16J2n-YtWHtO1YT171EKrI8b3alrVivfQONN_HVB7WSWfzugtj-Bd5E3xntHnrEBXCbGSyvHX907OxPJRCbeeNU2d18VWfYRexoaM-MRRljEZpkIQXEQJtIbGOx0jubw", "kty": "RSA", "use": "sig", "kid": "op1"}, {"kty": "EC", "crv": "P-256", "x": "Yl9u7oQAjbbNw8USkTFCE_Zz3m97I16UFLUQg1otvxI", "use": "sig", "y": "YmCbJDFf-5ItarRANY8ptUthamgtNyImJUPQJyCtk0Q", "kid": "op2"}, {"kty": "EC", "crv": "P-256", "x": "05bmYj_iRBFOObpm9aIWAumKtICUAJZ2oGkbxlwLsFs", "use": "enc", "y": "CpHb3QX8KuETzrqPVRw4UNcBJ9wUFUfgpWOSd7gHh3Q", "kid": "op3"}]}
{"keys": [{"n": "uHF4mM-HxKw3YCPvfQ7zn8hOjdNMrrApYgwY0GR9bHDlYy8CMuEPFvglJJwthFLZ2KdzE3mtdMHezJD9XAaLMKaF3H5ww4kDuoE-KpsxIoO7YycPnkG_B9iWby7Wvq5blD9rKnADCRpDh_Y15VKahuvjelr08_HykU-6MQTdG8EiTxYkJsSDKo2b9orIyKXlqQBp4T_2yMApJn44oAZ8K0sZUlh4MCkS_jN4bwCA8varRkxD2AU9db1aol8V6d_J6d0D7_7Yd_SuvxLn0wtHwlxhXOGVXr3LVmXZy245Wel8r60Kny46bBA8thByIajoMEOf7Nft3CRHB5iESKQkCw", "kid": "op0", "use": "enc", "e": "AQAB", "kty": "RSA"}, {"n": "7UCz5QXfSphZIXs8505wY-NjIkWPorYViP7JX1ceoZQE_dEDt4aZz1eCs2kS-kWB6DbyLn55JaBQAD-ob52fw0QdTflZVnrMDlCOpyIyrWvlnOYb4xFwoTFQumHlpg_TJaiT7eOx1Idd1KF9GaqQICLbP-gmHgmo_aN_4ejF3fGRsHXaEqlufiYTZZoi89lUTn1c9p3RqNoETxUeEIDW1DQe_W42bfJAs9XOLPTfnss9ibsM0alR06MfGikJGtGbNBe_snC9Ke6eUX1xFR_xfBVd9z1MEmXekkjJslxAj6QFfoE2dCk3CB2DBLAqs3flgWyJiNolOpix9p43lVgurw", "kid": "op1", "use": "sig", "e": "AQAB", "kty": "RSA"}, {"kty": "EC", "use": "sig", "crv": "P-256", "y": "PA5o0Ez59IMBQASdTaSEW53LwMhlioZr9VNqX0drfdM", "x": "vUkH4hq2Ch0Zgmi5w9lz_tc6JxiVNOEbO5VMKaiEd0Q", "kid": "op2"}, {"kty": "EC", "use": "enc", "crv": "P-256", "y": "ngTyoBn8KCJu-eLxDtLs6a0ApEEwepWTSsv5drfcFTw", "x": "cStCKoKZPT1fX93a7M0SrOYqVMM38kxJm3781ar0OOE", "kid": "op3"}]}
@@ -0,0 +1,114 @@
from oic import rndstr
from oic.extension.single import SingleClient
from oic.extension.single import SingleService
from oic.oauth2.message import AccessTokenResponse
from oic.oauth2.message import Message
from oic.oauth2.message import SINGLE_OPTIONAL_INT
from oic.oauth2.message import SINGLE_OPTIONAL_STRING
from oic.oauth2.message import SINGLE_REQUIRED_STRING
from oic.utils.time_util import time_sans_frac


class AuthorizationRequest(Message):
c_param = {
'response_type': SINGLE_REQUIRED_STRING,
'client_id': SINGLE_REQUIRED_STRING,
'scope': SINGLE_OPTIONAL_STRING,
}


class AuthorizationResponse(Message):
c_param = {
'device_code': SINGLE_REQUIRED_STRING,
'user_code': SINGLE_REQUIRED_STRING,
'verification_uri': SINGLE_REQUIRED_STRING,
'expires_in': SINGLE_OPTIONAL_INT,
'interval': SINGLE_OPTIONAL_INT,
}


class TokenRequest(Message):
c_param = {
'grant_type': SINGLE_REQUIRED_STRING,
'device_code': SINGLE_REQUIRED_STRING,
'client_id': SINGLE_REQUIRED_STRING,
}


class DeviceFlowServer(SingleService):
def __init__(self, host):
SingleService.__init__(self, host)
self.host = host
# map between device_code and user_code
self.client_id2device = {}
self.device2user = {}
self.user_auth = {}
self.device_code_expire_at = {}
self.device_code_life_time = 900 # 15 minutes

def device_endpoint(self, request, authn=None):

_req = AuthorizationRequest(**request)
device_code = rndstr(10)
user_code = rndstr(6)

self.device2user[device_code] = user_code
self.user_auth[user_code] = False
self.client_id2device[_req['client_id']] = device_code
# in_a_while(minutes=15)
self.device_code_expire_at[
device_code] = time_sans_frac() + self.device_code_life_time

def token_endpoint(self, request, authn=None):
_req = TokenRequest(**request)
_dc = _req['device_code']

if time_sans_frac() > self.device_code_expire_at[_dc]:
return self.host.error_code(error='expired_token')

_uc = self.device2user[_dc]

if self.user_auth[_uc]: # User is authenticated
pass
else:
return self.host.error_code(error='authorization_pending')

def device_auth(self, user_code):
self.user_auth[user_code] = True


class DeviceFlowClient(SingleClient):
def __init__(self, host):
SingleClient.__init__(self, host)
self.requests = {'authorization': self.authorization_request,
'token': self.authorization_request}

def authorization_request(self, scope=''):
req = AuthorizationRequest(client_id=self.host.client_id,
response_type='device_code')
if scope:
req['scope'] = scope

http_response = self.host.http_request(
self.host.provider_info['device_endpoint'], 'POST',
req.to_urlencoded())

response = self.host.parse_request_response(AuthorizationResponse,
http_response, 'json')

return response

def token_request(self, device_code=''):
req = TokenRequest(
grant_type="urn:ietf:params:oauth:grant-type:device_code",
device_code=device_code, client_id=self.host.client_id)

http_response = self.host.http_request(
self.host.provider_info['token_endpoint'], 'POST',
req.to_urlencoded())

response = self.host.parse_request_response(AccessTokenResponse,
http_response, 'json')

return response

@@ -0,0 +1,9 @@
class SingleService(object):
def __init__(self, host):
self.host = host
self.endpoints = {}

class SingleClient(object):
def __init__(self, host):
self.host = host
self.requests = {}
@@ -33,17 +33,20 @@ def __setitem__(self, key, value):
kj.import_jwks(value, issuer=key)
value = kj
else:
_iss = list(value.keys())
_val = value.copy()
_iss = list(_val.keys())
if _iss == ['']:
value.issuer_keys[key] = value.issuer_keys['']
del value.issuer_keys['']
_val.issuer_keys[key] = _val.issuer_keys['']
del _val.issuer_keys['']
elif len(_iss) == 1:
if _iss[0] != key:
value.issuer_keys[key] = value.issuer_keys[_iss[0]]
del value.issuer_keys[_iss[0]]
_val.issuer_keys[key] = _val.issuer_keys[_iss[0]]
del _val.issuer_keys[_iss[0]]
else:
raise ValueError('KeyJar contains to many issuers')

value = _val

self.bundle[key] = value

def __getitem__(self, item):
@@ -0,0 +1,32 @@
from oic.extension.device_flow import AuthorizationRequest
from oic.extension.device_flow import DeviceFlowClient
from oic.extension.device_flow import DeviceFlowServer
from oic.extension.device_flow import TokenRequest
from oic.oauth2 import Client, Server


def test_device_flow():
_client = Client()
cli = DeviceFlowClient(_client)

_server = Server()
srv = DeviceFlowServer(_server)

# init
req = AuthorizationRequest(client_id=cli.host.client_id,
response_type='device_code')

resp = srv.device_endpoint(req)

# Polling

req = TokenRequest(
grant_type="urn:ietf:params:oauth:grant-type:device_code",
device_code=resp['device_dode'], client_id=cli.host.client_id)

resp = srv.token_endpoint(req)

# Authorization Pending

# Do Authorization

@@ -27,7 +27,7 @@
_jwks, _keyjar, _kidd = build_keyjar(_keydef)
KEYS[entity] = {'jwks': _jwks, 'keyjar': _keyjar, 'kidd': _kidd}
ISSUER[entity] = 'https://{}.example.org'.format(entity)
OPERATOR[entity] = Operator(keyjar=_keyjar, iss=ISSUER[entity], jwks=_jwks)
OPERATOR[entity] = Operator(keyjar=_keyjar, iss=ISSUER[entity])

SignKeyJar = OPERATOR['sig'].keyjar
del OPERATOR['sig']
@@ -38,12 +38,16 @@
_jwks, _keyjar, _kidd = build_keyjar(_keydef)
KEYS[entity] = {'jwks': _jwks, 'keyjar': _keyjar, 'kidd': _kidd}
ISSUER[entity] = 'https://{}.example.org'.format(entity)
OPERATOR[entity] = Operator(keyjar=_keyjar, iss=ISSUER[entity], jwks=_jwks)
OPERATOR[entity] = Operator(keyjar=_keyjar, iss=ISSUER[entity])

FOP = OPERATOR['fo']
FOP.fo_keyjar = FOP.keyjar
FOP.jwks_bundle = JWKSBundle(FOP.iss)
FOP.jwks_bundle[FOP.iss] = FOP.keyjar

FO1P = OPERATOR['fo1']
FO1P.fo_keyjar = FO1P.keyjar
FO1P.jwks_bundle = JWKSBundle(FO1P.iss)
FO1P.jwks_bundle[FO1P.iss] = FO1P.keyjar

ORGOP = OPERATOR['org']
ADMINOP = OPERATOR['admin']
INTEROP = OPERATOR['inter']
@@ -52,11 +56,11 @@


def fo_member(*args):
_kj = KeyJar()
_jb = JWKSBundle('https://sunet.se/op')
for fo in args:
_kj.issuer_keys[fo.iss] = fo.keyjar.issuer_keys['']
_jb[fo.iss] = fo.signing_keys_as_jwks()

return Operator(fo_keyjar=_kj)
return Operator(jwks_bundle=_jb)


def test_create_metadata_statement_simple():
@@ -3,27 +3,23 @@
import shutil
from time import time
from future.backports.urllib.parse import quote_plus

from oic.federation.bundle import JWKSBundle
from oic.federation.entity import FederationEntity

import pytest
from jwkest.jwk import rsa_load

from oic import rndstr

from oic.federation import ClientMetadataStatement
from oic.federation.operator import Operator

from oic.oic import DEF_SIGN_ALG
from oic.oic.message import RegistrationResponse
from oic.utils.authn.authn_context import AuthnBroker
from oic.utils.authn.client import CLIENT_AUTHN_METHOD
from oic.utils.authn.client import verify_client
from oic.utils.authn.user import UserAuthnMethod
from oic.utils.authz import AuthzHandling
from oic.utils.keyio import KeyBundle
from oic.utils.keyio import KeyJar
from oic.utils.keyio import build_keyjar
from oic.utils.sdb import SessionDB
from oic.utils.userinfo import UserInfo

BASE_PATH = os.path.abspath(
@@ -116,7 +112,7 @@ def authenticated_as(self, cookie=None, **kwargs):
_jwks, _keyjar, _kidd = build_keyjar(_keydef)
KEYS[entity] = {'jwks': _jwks, 'keyjar': _keyjar, 'kidd': _kidd}
ISSUER[entity] = 'https://{}.example.org'.format(entity)
OPERATOR[entity] = Operator(keyjar=_keyjar, iss=ISSUER[entity], jwks=_jwks)
OPERATOR[entity] = Operator(keyjar=_keyjar, iss=ISSUER[entity])

FOP = OPERATOR['fo']
FOP.fo_keyjar = FOP.keyjar
@@ -129,15 +125,12 @@ def authenticated_as(self, cookie=None, **kwargs):
OPOP = OPERATOR['op']


def fo_keyjar(*args):
_kj = KeyJar()
def fo_member(*args):
_jb = JWKSBundle('')
for fo in args:
_kj.import_jwks(fo.jwks, fo.iss)
return _kj
_jb[fo.iss] = fo.keyjar.issuer_keys['']


def fo_member(*args):
return Operator(fo_keyjar=fo_keyjar(*args))
return Operator(jwks_bundle=_jb)


def create_compound_metadata_statement(spec):

0 comments on commit f3d6962

Please sign in to comment.
You can’t perform that action at this time.