From 01da77f564ddeee45f0ee6b6fde974aff68d4679 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Tue, 14 Aug 2018 14:48:21 +0200
Subject: [PATCH] settings loaders: provide A2_IDP_OIDC_JWKSET to authentic
 (#25686)

---
 hobo/multitenant/settings_loaders.py | 7 +++++++
 tests_authentic/test_hobo_deploy.py  | 9 ++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/hobo/multitenant/settings_loaders.py b/hobo/multitenant/settings_loaders.py
index f74acad..fdd0e94 100644
--- a/hobo/multitenant/settings_loaders.py
+++ b/hobo/multitenant/settings_loaders.py
@@ -214,6 +214,13 @@ class Authentic(FileBaseSettingsLoader):
             tenant_settings.A2_IDP_SAML2_ENABLE = True
             tenant_settings.A2_IDP_SAML2_SIGNATURE_PUBLIC_KEY = open(saml_crt).read()
             tenant_settings.A2_IDP_SAML2_SIGNATURE_PRIVATE_KEY = open(saml_key).read()
+            if not getattr(tenant_settings, 'A2_IDP_OIDC_JWKSET', None):
+                from jwcrypto import jwk
+                jwkkey = jwk.JWK.from_pem(
+                        tenant_settings.A2_IDP_SAML2_SIGNATURE_PRIVATE_KEY)
+                jwkset = jwk.JWKSet()
+                jwkset['keys'].add(jwkkey)
+                tenant_settings.A2_IDP_OIDC_JWKSET = jwkset.export()
         else:
             tenant_settings.A2_IDP_SAML2_ENABLE = False
 
diff --git a/tests_authentic/test_hobo_deploy.py b/tests_authentic/test_hobo_deploy.py
index 4b2f96b..47bb535 100644
--- a/tests_authentic/test_hobo_deploy.py
+++ b/tests_authentic/test_hobo_deploy.py
@@ -19,8 +19,9 @@ def skeleton_dir(request, settings):
     return settings.HOBO_SKELETONS_DIR
 
 
-def test_hobo_deploy(tenant_base, settings, mocker, skeleton_dir):
+def test_hobo_deploy(tenant_base, mocker, skeleton_dir):
     from django.core.management import call_command
+    from django.conf import settings
 
     # Create skeleton roles.json
     os.makedirs(os.path.join(skeleton_dir, 'commune', 'wcs'))
@@ -341,6 +342,12 @@ def test_hobo_deploy(tenant_base, settings, mocker, skeleton_dir):
         for at in Attribute.all_objects.all():
             assert [field for field in env['profile']['fields']
                     if field['name'] == at.name]
+
+        # OIDC checks
+        from authentic2_idp_oidc.utils import get_jwkset
+        assert get_jwkset()
+
+        # SAML checks
         from authentic2.saml.models import (SPOptionsIdPPolicy,
                                             LibertyProvider,
                                             LibertyServiceProvider)