2012-05-15 14:29:18 +02:00
|
|
|
#!/usr/bin/env python
|
2014-06-20 13:08:32 +02:00
|
|
|
from jwkest.jwk import SYMKey
|
2013-09-23 12:08:42 +02:00
|
|
|
from mako.runtime import UNDEFINED
|
|
|
|
from oic.utils.authn.authn_context import AuthnBroker
|
2013-03-31 17:41:22 +02:00
|
|
|
from oic.utils.claims import ClaimsMode
|
|
|
|
from oic.utils.sdb import SessionDB
|
2013-05-01 09:08:21 +02:00
|
|
|
from oic.utils.authn.client import verify_client
|
|
|
|
from oic.utils.authn.user import UserAuthnMethod
|
2013-03-31 17:41:22 +02:00
|
|
|
from oic.utils.authz import AuthzHandling
|
|
|
|
from oic.utils.userinfo import UserInfo
|
2014-10-17 11:12:39 +02:00
|
|
|
from pinit import BASE_PATH, KEYJAR
|
2013-03-31 17:41:22 +02:00
|
|
|
|
2012-03-19 15:45:38 +01:00
|
|
|
__author__ = 'rohe0002'
|
|
|
|
|
|
|
|
import sys
|
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
from oic.oic.message import OpenIDSchema
|
2013-03-14 15:14:38 +01:00
|
|
|
from oic.utils.keyio import keybundle_from_local_file
|
2012-03-19 15:45:38 +01:00
|
|
|
|
2012-11-02 16:21:38 +01:00
|
|
|
from oic.oic.claims_provider import ClaimsClient
|
|
|
|
from oic.oic.claims_provider import UserClaimsResponse
|
|
|
|
from oic.oic.claims_provider import UserClaimsRequest
|
2012-03-19 15:45:38 +01:00
|
|
|
from oic.oic.claims_provider import ClaimsServer
|
|
|
|
|
2014-11-24 23:18:29 +01:00
|
|
|
from utils_for_tests import _eq
|
2013-03-14 15:14:38 +01:00
|
|
|
|
2012-03-19 15:45:38 +01:00
|
|
|
#noinspection PyUnusedLocal
|
2014-05-13 19:48:40 +02:00
|
|
|
def user_info(oicsrv, userdb, sub, client_id="", user_info_claims=None):
|
2012-03-19 15:45:38 +01:00
|
|
|
#print >> sys.stderr, "claims: %s" % user_info_claims
|
2014-05-13 19:48:40 +02:00
|
|
|
identity = userdb[sub]
|
2012-11-02 16:21:38 +01:00
|
|
|
if user_info_claims:
|
2012-03-19 15:45:38 +01:00
|
|
|
result = {}
|
2012-11-02 16:21:38 +01:00
|
|
|
for key, restr in user_info_claims["claims"].items():
|
2012-03-19 15:45:38 +01:00
|
|
|
try:
|
|
|
|
result[key] = identity[key]
|
|
|
|
except KeyError:
|
2012-05-29 16:19:43 +02:00
|
|
|
if restr == {"essential": True}:
|
2012-03-19 15:45:38 +01:00
|
|
|
raise Exception("Missing property '%s'" % key)
|
|
|
|
else:
|
|
|
|
result = identity
|
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
return OpenIDSchema(**result)
|
2012-03-19 15:45:38 +01:00
|
|
|
|
2013-03-14 15:14:38 +01:00
|
|
|
|
2012-03-19 15:45:38 +01:00
|
|
|
class LOG():
|
|
|
|
def info(self, txt):
|
|
|
|
print >> sys.stdout, "INFO: %s" % txt
|
|
|
|
|
|
|
|
def error(self, txt):
|
|
|
|
print >> sys.stdout, "ERROR: %s" % txt
|
|
|
|
|
|
|
|
def debug(self, txt):
|
|
|
|
print >> sys.stdout, "DEBUG: %s" % txt
|
|
|
|
|
2013-03-14 15:14:38 +01:00
|
|
|
|
2012-03-19 15:45:38 +01:00
|
|
|
#noinspection PyUnusedLocal
|
|
|
|
def start_response(status, headers=None):
|
|
|
|
return
|
|
|
|
|
|
|
|
USERDB = {
|
2013-03-31 17:41:22 +02:00
|
|
|
"diana": {
|
2012-03-19 15:45:38 +01:00
|
|
|
"birthdate": "02/14/2012",
|
|
|
|
"gender": "female"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-03-31 17:41:22 +02:00
|
|
|
USERINFO = UserInfo(USERDB)
|
2012-03-19 15:45:38 +01:00
|
|
|
|
|
|
|
CDB = {
|
2013-03-31 17:41:22 +02:00
|
|
|
"client_1": {"client_secret": "hemlig"}
|
2012-03-19 15:45:38 +01:00
|
|
|
}
|
|
|
|
|
2013-03-14 15:14:38 +01:00
|
|
|
|
2013-03-31 17:41:22 +02:00
|
|
|
class DummyAuthn(UserAuthnMethod):
|
|
|
|
def __init__(self, srv, user):
|
|
|
|
UserAuthnMethod.__init__(self, srv)
|
|
|
|
self.user = user
|
2012-03-19 15:45:38 +01:00
|
|
|
|
2013-05-01 09:08:21 +02:00
|
|
|
def authenticated_as(self, **kwargs):
|
2013-03-31 17:41:22 +02:00
|
|
|
return {"uid": self.user}
|
|
|
|
|
2013-09-23 12:08:42 +02:00
|
|
|
AUTHN_BROKER = AuthnBroker()
|
|
|
|
AUTHN_BROKER.add(UNDEFINED, DummyAuthn(None, "username"))
|
2013-03-31 17:41:22 +02:00
|
|
|
|
|
|
|
# dealing with authorization
|
|
|
|
AUTHZ = AuthzHandling()
|
|
|
|
SYMKEY = "symmetric key used to encrypt cookie info"
|
|
|
|
|
|
|
|
USER2MODE = {"diana": "aggregate",
|
|
|
|
"upper": "distribute",
|
|
|
|
"babs": "aggregate"}
|
2012-03-19 15:45:38 +01:00
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
2013-03-14 15:14:38 +01:00
|
|
|
|
2012-03-19 15:45:38 +01:00
|
|
|
def test_1():
|
|
|
|
cc = ClaimsClient(client_id="client_1")
|
2013-03-31 17:41:22 +02:00
|
|
|
cc.client_secret = "hemlig"
|
2012-03-19 15:45:38 +01:00
|
|
|
|
2013-01-01 16:51:52 +01:00
|
|
|
req = cc.construct_UserClaimsRequest(request_args={"sub": "norah",
|
2013-03-31 17:41:22 +02:00
|
|
|
"claims_names": ["gender",
|
|
|
|
"birthdate"]})
|
2012-03-19 15:45:38 +01:00
|
|
|
|
|
|
|
print req
|
|
|
|
assert req.type() == "UserClaimsRequest"
|
2013-03-31 17:41:22 +02:00
|
|
|
assert _eq(req.keys(), ['client_secret', 'claims_names', 'sub',
|
|
|
|
'client_id'])
|
2013-01-01 16:51:52 +01:00
|
|
|
assert req["sub"] == "norah"
|
2012-03-19 15:45:38 +01:00
|
|
|
assert req["client_id"] == "client_1"
|
|
|
|
|
2013-03-14 15:14:38 +01:00
|
|
|
|
2012-03-19 15:45:38 +01:00
|
|
|
def test_c2():
|
|
|
|
cc = ClaimsClient(client_id="client_1")
|
2013-03-31 17:41:22 +02:00
|
|
|
cc.client_secret = "hemlig"
|
2012-03-19 15:45:38 +01:00
|
|
|
cc.userclaims_endpoint = "https://example.com/claims"
|
2013-03-31 17:41:22 +02:00
|
|
|
request = UserClaimsRequest
|
2012-03-19 15:45:38 +01:00
|
|
|
method = "POST"
|
2013-03-31 17:41:22 +02:00
|
|
|
request_args = {"sub": "norah", "claims_names": ["gender", "birthdate"]}
|
2012-03-19 15:45:38 +01:00
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
cc.request_info(request, method=method, request_args=request_args)
|
2012-03-19 15:45:38 +01:00
|
|
|
|
|
|
|
|
|
|
|
def test_srv1():
|
|
|
|
|
|
|
|
info = user_info(None, USERDB, "diana")
|
|
|
|
|
2014-06-20 13:08:32 +02:00
|
|
|
keys = [SYMKey(key="hemlig")]
|
|
|
|
cresp = UserClaimsResponse(jwt=info.to_jwt(key=keys, algorithm="HS256"),
|
2012-05-15 14:29:18 +02:00
|
|
|
claims_names=info.keys())
|
2012-03-19 15:45:38 +01:00
|
|
|
|
|
|
|
print cresp
|
|
|
|
assert _eq(cresp.keys(), ["jwt", "claims_names"])
|
|
|
|
assert _eq(cresp["claims_names"], ['gender', 'birthdate'])
|
|
|
|
assert "jwt" in cresp
|
|
|
|
|
2013-03-14 15:14:38 +01:00
|
|
|
|
2012-03-19 15:45:38 +01:00
|
|
|
def test_srv2():
|
|
|
|
cc = ClaimsClient(client_id="client_1")
|
2013-03-31 17:41:22 +02:00
|
|
|
cc.client_secret = "hemlig"
|
2012-03-19 15:45:38 +01:00
|
|
|
|
2013-03-14 15:14:38 +01:00
|
|
|
req = cc.construct_UserClaimsRequest(
|
2013-03-31 17:41:22 +02:00
|
|
|
request_args={"sub": "diana", "claims_names": ["gender", "birthdate"]})
|
2012-03-19 15:45:38 +01:00
|
|
|
|
2014-11-24 10:48:53 +01:00
|
|
|
srv = ClaimsServer("pyoicserv", SessionDB("https://example.com"), CDB,
|
|
|
|
USERINFO, verify_client,
|
2013-03-31 17:41:22 +02:00
|
|
|
keyjar=KEYJAR, dist_claims_mode=ClaimsMode(USER2MODE))
|
2012-03-19 15:45:38 +01:00
|
|
|
|
2014-10-17 11:12:39 +02:00
|
|
|
srv.keyjar[""] = keybundle_from_local_file("%s/rsa.key" % BASE_PATH, "rsa", ["ver", "sig"])
|
2013-03-14 15:14:38 +01:00
|
|
|
|
2012-03-19 15:45:38 +01:00
|
|
|
assert srv
|
|
|
|
|
2013-03-31 17:41:22 +02:00
|
|
|
resp = srv.claims_endpoint(req.to_urlencoded(), "")
|
2012-03-19 15:45:38 +01:00
|
|
|
|
2013-03-31 17:41:22 +02:00
|
|
|
print resp.message
|
2012-03-19 15:45:38 +01:00
|
|
|
|
2013-03-31 17:41:22 +02:00
|
|
|
ucr = UserClaimsResponse().deserialize(resp.message, "json")
|
|
|
|
ucr.verify(keyjar=srv.keyjar)
|
2012-03-19 15:45:38 +01:00
|
|
|
|
|
|
|
print ucr
|
|
|
|
assert _eq(ucr["claims_names"], ["gender", "birthdate"])
|
|
|
|
assert "jwt" in ucr
|
2013-09-23 12:08:42 +02:00
|
|
|
|
|
|
|
if __name__ == "__main__":
|
2014-06-20 13:08:32 +02:00
|
|
|
test_srv1()
|