Merge pull request CZ-NIC#117 from its-dirg/py3

Python 3 compatible.

.gitignore

@@ -10,6 +10,7 @@ build
 dist
 *.egg-info
 *.egg
+*.eggs
 
 # Compiled files
 *.pyc
@@ -20,10 +21,12 @@ dist
 
 # Tox testing
 .tox
+private/
 
 # Dynamically created doc folders
 doc/_build
 keys
+!tests/data/keys
 static
 
 # Remaining stuff

.travis.yml

@@ -9,12 +9,16 @@ addons:
     - libsasl2-dev
     - libldap2-dev
 
-env:
-  - TOX_ENV=py27
+matrix:
+  include:
+    - python: 3.4.3
+      env: TOXENV=py34
+    - python: 2.7
+      env: TOXENV=py27
+
 
 install:
   - pip install -U tox
 
 script:
-  - tox -e $TOX_ENV
-
+  - tox

oidc_example/op1/oc_server.py

@@ -594,7 +594,7 @@ def new_trace_log(self, key):
 
     try:
         jwks = keyjar_init(OAS, config.keys)
-    except Exception, err:
+    except Exception as err:
         LOGGER.error("Key setup failed: %s" % err)
         OAS.key_setup("static", sig={"format": "jwk", "alg": "rsa"})
     else:
@@ -626,7 +626,7 @@ def new_trace_log(self, key):
                                                      config.CERT_CHAIN)
 
     LOGGER.info("OC server starting listening on port:%s" % args.port)
-    print "OC server starting listening on port:%s" % args.port
+    print ("OC server starting listening on port:%s" % args.port)
     try:
         SRV.start()
     except KeyboardInterrupt:

oidc_example/op2/server.py

@@ -5,13 +5,8 @@
 import os
 import traceback
 
-from exceptions import KeyError
-from exceptions import Exception
-from exceptions import OSError
-from exceptions import IndexError
-from exceptions import AttributeError
-from exceptions import KeyboardInterrupt
-from urlparse import parse_qs
+from six.moves.urllib.parse import parse_qs
+from jwkest import as_unicode
 from oic.utils import shelve_wrapper
 from oic.utils.authn.javascript_login import JavascriptFormMako
 
@@ -376,7 +371,8 @@ def application(environ, start_response):
     import importlib
 
     from cherrypy import wsgiserver
-    from cherrypy.wsgiserver import ssl_pyopenssl
+    from cherrypy.wsgiserver.ssl_builtin import BuiltinSSLAdapter
+    # from cherrypy.wsgiserver import ssl_pyopenssl
 
     from oic.utils.sdb import SessionDB
 
@@ -583,12 +579,17 @@ def application(environ, start_response):
 
     try:
         jwks = keyjar_init(OAS, config.keys, kid_template="op%d")
-    except Exception, err:
+    except Exception as err:
         LOGGER.error("Key setup failed: %s" % err)
         OAS.key_setup("static", sig={"format": "jwk", "alg": "rsa"})
     else:
         new_name = "static/jwks.json"
         f = open(new_name, "w")
+
+        for key in jwks["keys"]:
+            for k in key.keys():
+                key[k] = as_unicode(key[k])
+
         f.write(json.dumps(jwks))
         f.close()
         OAS.jwks_uri.append("%s%s" % (OAS.baseurl, new_name))
@@ -602,12 +603,13 @@ def application(environ, start_response):
     https = ""
     if config.SERVICE_URL.startswith("https"):
         https = "using HTTPS"
-        SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
-            config.SERVER_CERT, config.SERVER_KEY, config.CERT_CHAIN)
+        # SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
+        #     config.SERVER_CERT, config.SERVER_KEY, config.CERT_CHAIN)
+        SRV.ssl_adapter = BuiltinSSLAdapter(config.SERVER_CERT, config.SERVER_KEY, config.CERT_CHAIN)
 
     LOGGER.info("OC server starting listening on port:%s %s" % (args.port,
                                                                 https))
-    print "OC server starting listening on port:%s %s" % (args.port, https)
+    print ("OC server starting listening on port:%s %s" % (args.port, https))
     try:
         SRV.start()
     except KeyboardInterrupt:

oidc_example/rp2/htdocs/acrvalue.mako

@@ -1,7 +1,6 @@
 <!DOCTYPE html>
 
 <%!
-    import htmlentitydefs
     import re, string
 
     def createResult(acrvalues):

oidc_example/rp2/htdocs/opresult.mako

@@ -1,8 +1,9 @@
 <!DOCTYPE html>
 
 <%!
-    import htmlentitydefs
-    import re, string
+##     import htmlentitydefs
+    from html import entities as htmlentitydefs
+    import re
 
     # this pattern matches substrings of reserved and non-ASCII characters
     pattern = re.compile(r"[&<>\"\x80-\xff]+")
@@ -14,11 +15,11 @@
         entity_map[chr(i)] = "&#%d;" % i
 
     for entity, char in htmlentitydefs.entitydefs.items():
-        if entity_map.has_key(char):
+        if char in entity_map:
             entity_map[char] = "&%s;" % entity
 
     def escape_entity(m, get=entity_map.get):
-        return string.join(map(get, m.group()), "")
+        return "".join(map(get, m.group()))
 
     def escape(string):
         return pattern.sub(escape_entity, string)
@@ -70,8 +71,8 @@
             pass
         for key, value in result[1].items():
             element += "<div class='row'>"
-            element += "<div class='col-md-3'>" +  escape(unicode(key).encode("utf-8")) + "</div>"
-            element += "<div class='col-md-7'>" + escape(unicode(value).encode("utf-8")) + "</div>"
+            element += "<div class='col-md-3'>" +  escape(str(key)) + "</div>"
+            element += "<div class='col-md-7'>" + escape(str(value)) + "</div>"
             element += "</div>"
       else:
         element += "<p>You have failed to connect to the designated OP with the message:</p><p> " + result[1] + "</p>"

oidc_example/rp2/oidc.py

@@ -189,7 +189,7 @@ def create_authnrequest(self, environ, server_env, start_response, session,
                     request_args["nonce"] = rndstr(16)
                     session.setNonce(request_args["nonce"])
 
-            logger.info("client args: %s" % client.__dict__.items(), )
+            logger.info("client args: %s" % list(client.__dict__.items()), )
             logger.info("request_args: %s" % (request_args,))
             # User info claims
         except Exception:
@@ -231,7 +231,7 @@ def create_authnrequest(self, environ, server_env, start_response, session,
 
     def get_accesstoken(self, client, authresp):
         if self.srv_discovery_url:
-            issuer = client.provider_info.keys()[0]
+            issuer = list(client.provider_info.keys())[0]
             #logger.debug("state: %s (%s)" % (client.state, msg["state"]))
             key = client.keyjar.get_verify_key(owner=issuer)
             kwargs = {"key": key}
@@ -285,7 +285,7 @@ def phaseN(self, environ, query, server_env, session):
             # get the access token
             try:
                 tokenresp = self.get_accesstoken(client, authresp)
-            except Exception, err:
+            except Exception as err:
                 logger.error("%s" % err)
                 raise
 

oidc_example/rp2/rp2.py

@@ -8,7 +8,7 @@
 from beaker.middleware import SessionMiddleware
 from cherrypy import wsgiserver
 from mako.lookup import TemplateLookup
-from urlparse import parse_qs
+from six.moves.urllib.parse import parse_qs
 
 from oic.utils.http_util import NotFound, Response, ServiceError, Redirect
 from oidc import OpenIDConnect
@@ -233,8 +233,8 @@ def application(environ, start_response):
 
             RP.srv_discovery_url = link
             md5 = hashlib.md5()
-            md5.update(link)
-            opkey = base64.b16encode(md5.digest())
+            md5.update(link.encode("utf-8"))
+            opkey = base64.b16encode(md5.digest()).decode("utf-8")
             session.setCallback(True)
             func = getattr(RP, "begin")
             return func(environ, SERVER_ENV, start_response, session, opkey)
@@ -261,13 +261,12 @@ def application(environ, start_response):
                                                           session_opts))
 
     if conf.BASE.startswith("https"):
-        from cherrypy.wsgiserver import ssl_pyopenssl
+        from cherrypy.wsgiserver.ssl_builtin import BuiltinSSLAdapter
 
-        SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
-            conf.SERVER_CERT, conf.SERVER_KEY, conf.CA_BUNDLE)
+        SRV.ssl_adapter = BuiltinSSLAdapter(conf.SERVER_CERT, conf.SERVER_KEY, conf.CA_BUNDLE)
 
     LOGGER.info("RP server starting listening on port:%s" % conf.PORT)
-    print "RP server starting listening on port:%s" % conf.PORT
+    print ("RP server starting listening on port:%s" % conf.PORT)
     try:
         SRV.start()
     except KeyboardInterrupt:

oidc_example/rp3/htdocs/opresult.mako

@@ -1,8 +1,8 @@
 <!DOCTYPE html>
 
 <%!
-    import htmlentitydefs
-    import re, string
+    from html import entities as htmlentitydefs
+    import re
 
     # this pattern matches substrings of reserved and non-ASCII characters
     pattern = re.compile(r"[&<>\"\x80-\xff]+")
@@ -14,11 +14,11 @@
         entity_map[chr(i)] = "&#%d;" % i
 
     for entity, char in htmlentitydefs.entitydefs.items():
-        if entity_map.has_key(char):
+        if char in entity_map:
             entity_map[char] = "&%s;" % entity
 
     def escape_entity(m, get=entity_map.get):
-        return string.join(map(get, m.group()), "")
+        return "".join(map(get, m.group()))
 
     def escape(string):
         return pattern.sub(escape_entity, string)
@@ -31,8 +31,8 @@
 
         for key, value in userinfo.items():
             element += "<div class='row'>"
-            element += "<div class='col-md-3'>" +  escape(unicode(key).encode("utf-8")) + "</div>"
-            element += "<div class='col-md-7'>" + escape(unicode(value).encode("utf-8")) + "</div>"
+            element += "<div class='col-md-3'>" +  escape(str(key)) + "</div>"
+            element += "<div class='col-md-7'>" + escape(str(value)) + "</div>"
             element += "</div>"
         return element
 %>

oidc_example/rp3/oidc.py

@@ -152,7 +152,7 @@ def create_client(self, userid="", **kwargs):
         :return: client instance
         """
 
-        _key_set = set(kwargs.keys())
+        _key_set = set(list(kwargs.keys()))
         args = {}
         for param in ["verify_ssl"]:
             try:
@@ -255,4 +255,4 @@ def __getitem__(self, item):
             return self.dynamic_client(item)
 
     def keys(self):
-        return self.client.keys()
+        return list(self.client.keys())

oidc_example/rp3/rp3.py

@@ -1,11 +1,10 @@
 #!/usr/bin/env python
 import importlib
 import argparse
-import urllib
-import urlparse
 from jwkest.jws import alg2keytype
 from mako.lookup import TemplateLookup
-from urlparse import parse_qs
+from six.moves.urllib import parse as urlparse
+import six
 import logging
 
 from oic.utils.http_util import NotFound
@@ -64,7 +63,7 @@ def opchoice(environ, start_response, clients):
                     template_lookup=LOOKUP,
                     headers=[])
     argv = {
-        "op_list": clients.keys()
+        "op_list": list(clients.keys())
     }
     return resp(environ, start_response, **argv)
 
@@ -113,7 +112,7 @@ def application(environ, start_response):
     if path.startswith("static/"):
         return static(environ, start_response, LOGGER, path)
 
-    query = parse_qs(environ["QUERY_STRING"])
+    query = urlparse.parse_qs(environ["QUERY_STRING"])
 
     if path == "rp":  # After having chosen which OP to authenticate at
         if "uid" in query:
@@ -162,7 +161,7 @@ def application(environ, start_response):
             # Specify to which URL the OP should return the user after
             # log out. That URL must be registered with the OP at client
             # registration.
-            logout_url += "?" + urllib.urlencode(
+            logout_url += "?" + urlparse.urlencode(
                 {"post_logout_redirect_uri": client.registration_response[
                     "post_logout_redirect_uris"][0]})
         except KeyError:
@@ -171,11 +170,11 @@ def application(environ, start_response):
             # If there is an ID token send it along as a id_token_hint
             _idtoken = get_id_token(client, session)
             if _idtoken:
-                logout_url += "&" + urllib.urlencode({
+                logout_url += "&" + urlparse.urlencode({
                     "id_token_hint": id_token_as_signed_jwt(client, _idtoken,
                                                             "HS256")})
             # Also append the ACR values
-            logout_url += "&" + urllib.urlencode({"acr_values": ACR_VALUES},
+            logout_url += "&" + urlparse.urlencode({"acr_values": ACR_VALUES},
                                                  True)
 
         LOGGER.debug("Logout URL: %s" % str(logout_url))
@@ -234,7 +233,7 @@ def application(environ, start_response):
                                             in conf.ME[
             "post_logout_redirect_uris"]]
 
-    for client, client_conf in conf.CLIENTS.iteritems():
+    for client, client_conf in six.iteritems(conf.CLIENTS):
         if "client_registration" in client_conf:
             client_reg = client_conf["client_registration"]
             client_reg["redirect_uris"] = [url.format(base=conf.BASE) for url in
@@ -265,7 +264,7 @@ def application(environ, start_response):
             conf.SERVER_CERT, conf.SERVER_KEY, conf.CA_BUNDLE)
 
     LOGGER.info("RP server starting listening on port:%s" % args.port)
-    print "RP server starting listening on port:%s" % args.port
+    print ("RP server starting listening on port:%s" % args.port)
     try:
         SRV.start()
     except KeyboardInterrupt: