pyoidc-ozwillo/tests/test_x_claims.py

#!/usr/bin/env python
from jwkest.jwk import SYMKey
from mako.runtime import UNDEFINED
from oic.utils.authn.authn_context import AuthnBroker
from oic.utils.claims import ClaimsMode
from oic.utils.sdb import SessionDB
from oic.utils.authn.client import verify_client
from oic.utils.authn.user import UserAuthnMethod
from oic.utils.authz import AuthzHandling
from oic.utils.userinfo import UserInfo
from pinit import BASE_PATH, KEYJAR

__author__ = 'rohe0002'

import sys

from oic.oic.message import OpenIDSchema
from oic.utils.keyio import keybundle_from_local_file

from oic.oic.claims_provider import ClaimsClient
from oic.oic.claims_provider import UserClaimsResponse
from oic.oic.claims_provider import UserClaimsRequest
from oic.oic.claims_provider import ClaimsServer

from utils_for_tests import _eq

#noinspection PyUnusedLocal
def user_info(oicsrv, userdb, sub, client_id="", user_info_claims=None):
    #print >> sys.stderr, "claims: %s" % user_info_claims
    identity = userdb[sub]
    if user_info_claims:
        result = {}
        for key, restr in user_info_claims["claims"].items():
            try:
                result[key] = identity[key]
            except KeyError:
                if restr == {"essential": True}:
                    raise Exception("Missing property '%s'" % key)
    else:
        result = identity

    return OpenIDSchema(**result)


class LOG():
    def info(self, txt):
        print >> sys.stdout, "INFO: %s" % txt

    def error(self, txt):
        print >> sys.stdout, "ERROR: %s" % txt

    def debug(self, txt):
        print >> sys.stdout, "DEBUG: %s" % txt


#noinspection PyUnusedLocal
def start_response(status, headers=None):
    return

USERDB = {
    "diana": {
        "birthdate": "02/14/2012",
        "gender": "female"
    }
}

USERINFO = UserInfo(USERDB)

CDB = {
    "client_1": {"client_secret": "hemlig"}
}


class DummyAuthn(UserAuthnMethod):
    def __init__(self, srv, user):
        UserAuthnMethod.__init__(self, srv)
        self.user = user

    def authenticated_as(self, **kwargs):
        return {"uid": self.user}

AUTHN_BROKER = AuthnBroker()
AUTHN_BROKER.add(UNDEFINED, DummyAuthn(None, "username"))

# dealing with authorization
AUTHZ = AuthzHandling()
SYMKEY = "symmetric key used to encrypt cookie info"

USER2MODE = {"diana": "aggregate",
             "upper": "distribute",
             "babs": "aggregate"}

# ============================================================================


def test_1():
    cc = ClaimsClient(client_id="client_1")
    cc.client_secret = "hemlig"

    req = cc.construct_UserClaimsRequest(request_args={"sub": "norah",
                                         "claims_names": ["gender",
                                                          "birthdate"]})

    print req
    assert req.type() == "UserClaimsRequest"
    assert _eq(req.keys(), ['client_secret', 'claims_names', 'sub',
                            'client_id'])
    assert req["sub"] == "norah"
    assert req["client_id"] == "client_1"


def test_c2():
    cc = ClaimsClient(client_id="client_1")
    cc.client_secret = "hemlig"
    cc.userclaims_endpoint = "https://example.com/claims"
    request = UserClaimsRequest
    method = "POST"
    request_args = {"sub": "norah", "claims_names": ["gender", "birthdate"]}

    cc.request_info(request, method=method, request_args=request_args)


def test_srv1():

    info = user_info(None, USERDB, "diana")

    keys = [SYMKey(key="hemlig")]
    cresp = UserClaimsResponse(jwt=info.to_jwt(key=keys, algorithm="HS256"),
                               claims_names=info.keys())

    print cresp
    assert _eq(cresp.keys(), ["jwt", "claims_names"])
    assert _eq(cresp["claims_names"], ['gender', 'birthdate'])
    assert "jwt" in cresp


def test_srv2():
    cc = ClaimsClient(client_id="client_1")
    cc.client_secret = "hemlig"

    req = cc.construct_UserClaimsRequest(
        request_args={"sub": "diana", "claims_names": ["gender", "birthdate"]})

    srv = ClaimsServer("pyoicserv", SessionDB("https://example.com"), CDB,
                       USERINFO, verify_client,
                       keyjar=KEYJAR, dist_claims_mode=ClaimsMode(USER2MODE))

    srv.keyjar[""] = keybundle_from_local_file("%s/rsa.key" % BASE_PATH, "rsa", ["ver", "sig"])

    assert srv

    resp = srv.claims_endpoint(req.to_urlencoded(), "")

    print resp.message

    ucr = UserClaimsResponse().deserialize(resp.message, "json")
    ucr.verify(keyjar=srv.keyjar)

    print ucr
    assert _eq(ucr["claims_names"], ["gender", "birthdate"])
    assert "jwt" in ucr

if __name__ == "__main__":
    test_srv1()