311 lines
13 KiB
Python
311 lines
13 KiB
Python
# -*- coding: utf-8 -*-
|
|
__author__ = 'rohe0002'
|
|
|
|
import json
|
|
|
|
from oic.oic.message import ProviderConfigurationResponse, RegistrationResponse, AuthorizationRequest
|
|
from oic.oic.message import msg_ser
|
|
from oic.oic.message import claims_ser
|
|
from oic.oic.message import RegistrationRequest
|
|
from oic.oic.message import claims_deser
|
|
from oic.oic.message import AddressClaim
|
|
from oic.oic.message import address_deser
|
|
from oic.oic.message import Claims
|
|
|
|
from utils_for_tests import _eq
|
|
|
|
|
|
def test_ProviderConfigurationResponse():
|
|
resp = {
|
|
"authorization_endpoint": "https://server.example.com/connect/authorize",
|
|
"issuer": "https://server.example.com",
|
|
"token_endpoint": "https://server.example.com/connect/token",
|
|
"token_endpoint_auth_methods_supported": ["client_secret_basic",
|
|
"private_key_jwt"],
|
|
"userinfo_endpoint": "https://server.example.com/connect/user",
|
|
"check_id_endpoint": "https://server.example.com/connect/check_id",
|
|
"refresh_session_endpoint": "https://server.example.com/connect/refresh_session",
|
|
"end_session_endpoint": "https://server.example.com/connect/end_session",
|
|
"jwk_url": "https://server.example.com/jwk.json",
|
|
"registration_endpoint": "https://server.example.com/connect/register",
|
|
"scopes_supported": ["openid", "profile", "email", "address", "phone"],
|
|
"response_types_supported": ["code", "code id_token", "token id_token"],
|
|
"acrs_supported": ["1", "2", "http://id.incommon.org/assurance/bronze"],
|
|
"user_id_types_supported": ["public", "pairwise"],
|
|
"userinfo_algs_supported": ["HS256", "RS256", "A128CBC", "A128KW",
|
|
"RSA1_5"],
|
|
"id_token_algs_supported": ["HS256", "RS256", "A128CBC", "A128KW",
|
|
"RSA1_5"],
|
|
"request_object_algs_supported": ["HS256", "RS256", "A128CBC", "A128KW",
|
|
"RSA1_5"]
|
|
}
|
|
|
|
pcr = ProviderConfigurationResponse().deserialize(json.dumps(resp), "json")
|
|
|
|
assert _eq(pcr["user_id_types_supported"], ["public", "pairwise"])
|
|
assert _eq(pcr["acrs_supported"],
|
|
["1", "2", "http://id.incommon.org/assurance/bronze"])
|
|
|
|
|
|
def test_example_response():
|
|
resp = {
|
|
"version": "3.0",
|
|
"issuer": "https://server.example.com",
|
|
"authorization_endpoint":
|
|
"https://server.example.com/connect/authorize",
|
|
"token_endpoint": "https://server.example.com/connect/token",
|
|
"token_endpoint_auth_methods_supported": ["client_secret_basic",
|
|
"private_key_jwt"],
|
|
"token_endpoint_alg_values_supported": ["RS256", "ES256"],
|
|
"userinfo_endpoint": "https://server.example.com/connect/userinfo",
|
|
"check_session_iframe":
|
|
"https://server.example.com/connect/check_session",
|
|
"end_session_endpoint":
|
|
"https://server.example.com/connect/end_session",
|
|
"jwks_uri": "https://server.example.com/jwks.json",
|
|
"registration_endpoint": "https://server.example.com/connect/register",
|
|
"scopes_supported": ["openid", "profile", "email", "address",
|
|
"phone", "offline_access"],
|
|
"response_types_supported": ["code", "code id_token", "id_token",
|
|
"token id_token"],
|
|
"acr_values_supported": ["urn:mace:incommon:iap:silver",
|
|
"urn:mace:incommon:iap:bronze"],
|
|
"subject_types_supported": ["public", "pairwise"],
|
|
"userinfo_signing_alg_values_supported": ["RS256", "ES256", "HS256"],
|
|
"userinfo_encryption_alg_values_supported": ["RSA1_5", "A128KW"],
|
|
"userinfo_encryption_enc_values_supported": ["A128CBC+HS256",
|
|
"A128GCM"],
|
|
"id_token_signing_alg_values_supported": ["RS256", "ES256", "HS256"],
|
|
"id_token_encryption_alg_values_supported": ["RSA1_5", "A128KW"],
|
|
"id_token_encryption_enc_values_supported": ["A128CBC+HS256",
|
|
"A128GCM"],
|
|
"request_object_signing_alg_values_supported": ["none", "RS256",
|
|
"ES256"],
|
|
"display_values_supported": ["page", "popup"],
|
|
"claim_types_supported": ["normal", "distributed"],
|
|
"claims_supported": ["sub", "iss", "auth_time", "acr", "name",
|
|
"given_name", "family_name", "nickname", "profile",
|
|
"picture", "website", "email", "email_verified",
|
|
"locale", "zoneinfo",
|
|
"http://example.info/claims/groups"],
|
|
"claims_parameter_supported": True,
|
|
"service_documentation":
|
|
"http://server.example.com/connect/service_documentation.html",
|
|
"ui_locales_supported": ["en-US", "en-GB", "en-CA", "fr-FR", "fr-CA"]
|
|
}
|
|
|
|
pcr = ProviderConfigurationResponse().deserialize(json.dumps(resp), "json")
|
|
rk = resp.keys()
|
|
# parameters with default value if missing
|
|
rk.extend(["grant_types_supported", "request_parameter_supported",
|
|
"request_uri_parameter_supported",
|
|
"require_request_uri_registration"])
|
|
rk.sort()
|
|
pk = pcr.keys()
|
|
pk.sort()
|
|
print rk
|
|
print pk
|
|
assert _eq(pk, rk)
|
|
|
|
|
|
def test_client_registration():
|
|
msg = {
|
|
"application_type": "web",
|
|
"redirect_uris": ["https://client.example.org/callback",
|
|
"https://client.example.org/callback2"],
|
|
"client_name": "My Example",
|
|
"client_name#ja-Jpan-JP": "クライアント名",
|
|
"logo_uri": "https://client.example.org/logo.png",
|
|
"subject_type": "pairwise",
|
|
"sector_identifier_uri":
|
|
"https://other.example.net/file_of_redirect_uris.json",
|
|
"token_endpoint_auth_method": "client_secret_basic",
|
|
"jwks_uri": "https://client.example.org/my_public_keys.jwks",
|
|
"userinfo_encrypted_response_alg": "RSA1_5",
|
|
"userinfo_encrypted_response_enc": "A128CBC+HS256",
|
|
"contacts": ["ve7jtb@example.org", "mary@example.org"],
|
|
"request_uris": [
|
|
"https://client.example.org/rf.txt#qpXaRLh_n93TTR9F252ValdatUQvQiJi5BDub2BeznA"]
|
|
}
|
|
|
|
reg = RegistrationRequest().deserialize(json.dumps(msg), "json")
|
|
|
|
assert _eq(msg.keys(), reg.keys())
|
|
|
|
|
|
def test_client_response():
|
|
msg = {
|
|
"client_id": "s6BhdRkqt3",
|
|
"client_secret": "ZJYCqe3GGRvdrudKyZS0XhGv_Z45DuKhCUk0gBR1vZk",
|
|
"client_secret_expires_at": 1577858400,
|
|
"registration_access_token": "this.is.an.access.token.value.ffx83",
|
|
"registration_client_uri":
|
|
"https://server.example.com/connect/register?client_id=s6BhdRkqt3",
|
|
"token_endpoint_auth_method": "client_secret_basic",
|
|
"application_type": "web",
|
|
"redirect_uris": ["https://client.example.org/callback",
|
|
"https://client.example.org/callback2"],
|
|
"client_name": "My Example",
|
|
"client_name#ja-Jpan-JP": "クライアント名",
|
|
"logo_uri": "https://client.example.org/logo.png",
|
|
"subject_type": "pairwise",
|
|
"sector_identifier_uri":
|
|
"https://other.example.net/file_of_redirect_uris.json",
|
|
"jwks_uri": "https://client.example.org/my_public_keys.jwks",
|
|
"userinfo_encrypted_response_alg": "RSA1_5",
|
|
"userinfo_encrypted_response_enc": "A128CBC+HS256",
|
|
"contacts": ["ve7jtb@example.org", "mary@example.org"],
|
|
"request_uris": [
|
|
"https://client.example.org/rf.txt#qpXaRLh_n93TTR9F252ValdatUQvQiJi5BDub2BeznA"]
|
|
}
|
|
|
|
resp = RegistrationResponse().deserialize(json.dumps(msg), "json")
|
|
|
|
assert _eq(msg.keys(), resp.keys())
|
|
|
|
|
|
def test_authz_request():
|
|
example = "https://server.example.com/authorize?response_type=token%20id_token&client_id=0acf77d4-b486-4c99-bd76-074ed6a64ddf&redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb&scope=openid%20profile&state=af0ifjsldkj&nonce=n-0S6_WzA2Mj"
|
|
|
|
req = AuthorizationRequest().deserialize(example.split("?")[1],
|
|
"urlencoded")
|
|
|
|
print req.keys()
|
|
assert _eq(req.keys(), ['nonce', 'state', 'redirect_uri', 'response_type',
|
|
'client_id', 'scope'])
|
|
|
|
assert req["response_type"] == ["token", "id_token"]
|
|
assert req["scope"] == ["openid", "profile"]
|
|
|
|
|
|
# def test_idtokenclaim_deser():
|
|
# claims = Claims(weather={"acr": "2"})
|
|
# pre = IDTokenClaim(claims=claims, max_age=3600)
|
|
# idt = idtokenclaim_deser(pre.to_json(), sformat="json")
|
|
# assert _eq(idt.keys(), ['claims', "max_age"])
|
|
#
|
|
#
|
|
# def test_userinfo_deser():
|
|
# CLAIM = Claims(name={"essential": True}, nickname=None,
|
|
# email={"essential": True},
|
|
# email_verified={"essential": True}, picture=None)
|
|
#
|
|
# pre_uic = UserInfoClaim(claims=CLAIM, format="signed")
|
|
#
|
|
# uic = userinfo_deser(pre_uic.to_json(), sformat="json")
|
|
# assert _eq(uic.keys(), ["claims", "format"])
|
|
|
|
|
|
def test_claims_deser_0():
|
|
_dic = {
|
|
"userinfo": {
|
|
"given_name": {"essential": True},
|
|
"nickname": None,
|
|
"email": {"essential": True},
|
|
"email_verified": {"essential": True},
|
|
"picture": None,
|
|
"http://example.info/claims/groups": None
|
|
},
|
|
"id_token": {
|
|
"auth_time": {"essential": True},
|
|
"acr": {"values": ["urn:mace:incommon:iap:silver"]}
|
|
}
|
|
}
|
|
|
|
claims = claims_deser(json.dumps(_dic), sformat="json")
|
|
assert _eq(claims.keys(), ["userinfo", "id_token"])
|
|
|
|
|
|
def test_claims_deser():
|
|
pre = Claims(name={"essential": True}, nickname=None,
|
|
email={"essential": True},
|
|
email_verified={"essential": True}, picture=None)
|
|
|
|
claims = claims_deser(pre.to_json(), sformat="json")
|
|
assert _eq(claims.keys(), ['name', 'nickname', 'email', 'email_verified',
|
|
'picture'])
|
|
|
|
claims = claims_deser(pre.to_dict(), sformat="dict")
|
|
assert _eq(claims.keys(), ['name', 'nickname', 'email', 'email_verified',
|
|
'picture'])
|
|
|
|
|
|
def test_address_deser():
|
|
pre = AddressClaim(street_address="Kasamark 114", locality="Umea",
|
|
country="Sweden")
|
|
|
|
adc = address_deser(pre.to_json(), sformat="json")
|
|
assert _eq(adc.keys(), ['street_address', 'locality', 'country'])
|
|
|
|
adc = address_deser(pre.to_dict(), sformat="json")
|
|
assert _eq(adc.keys(), ['street_address', 'locality', 'country'])
|
|
|
|
|
|
def test_msg_ser_json():
|
|
pre = AddressClaim(street_address="Kasamark 114", locality="Umea",
|
|
country="Sweden")
|
|
|
|
ser = msg_ser(pre, "json")
|
|
|
|
adc = address_deser(ser, "json")
|
|
assert _eq(adc.keys(), ['street_address', 'locality', 'country'])
|
|
|
|
|
|
def test_msg_ser_urlencoded():
|
|
pre = AddressClaim(street_address="Kasamark 114", locality="Umea",
|
|
country="Sweden")
|
|
|
|
ser = msg_ser(pre, "urlencoded")
|
|
|
|
adc = address_deser(ser, "urlencoded")
|
|
assert _eq(adc.keys(), ['street_address', 'locality', 'country'])
|
|
|
|
|
|
def test_msg_ser_dict():
|
|
pre = AddressClaim(street_address="Kasamark 114", locality="Umea",
|
|
country="Sweden")
|
|
|
|
ser = msg_ser(pre, "dict")
|
|
|
|
adc = address_deser(ser, "dict")
|
|
assert _eq(adc.keys(), ['street_address', 'locality', 'country'])
|
|
|
|
|
|
def test_msg_ser_dictionary():
|
|
pre = {"street_address": "Kasamark 114", "locality": "Umea",
|
|
"country": "Sweden"}
|
|
|
|
ser = msg_ser(pre, "dict")
|
|
|
|
adc = address_deser(ser, "dict")
|
|
assert _eq(adc.keys(), ['street_address', 'locality', 'country'])
|
|
|
|
|
|
CLAIMS = Claims(name={"essential": True}, nickname=None,
|
|
email={"essential": True},
|
|
email_verified={"essential": True}, picture=None)
|
|
|
|
|
|
def test_claims_ser_json():
|
|
claims = claims_deser(claims_ser(CLAIMS, "json"), sformat="json")
|
|
assert _eq(claims.keys(), ['name', 'nickname', 'email', 'email_verified',
|
|
'picture'])
|
|
|
|
|
|
def test_registration_request():
|
|
req = RegistrationRequest(operation="register", default_max_age=10,
|
|
require_auth_time=True, default_acr="foo",
|
|
application_type="web",
|
|
redirect_uris=["https://example.com/authz_cb"])
|
|
js = req.to_json()
|
|
js_obj = json.loads(js)
|
|
expected_js_obj = {"redirect_uris": ["https://example.com/authz_cb"], "application_type": "web", "default_acr": "foo", "require_auth_time": True, "operation": "register", "default_max_age": 10}
|
|
assert js_obj == expected_js_obj
|
|
ue = req.to_urlencoded()
|
|
ue_splits = ue.split('&')
|
|
expected_ue_splits = 'redirect_uris=https%3A%2F%2Fexample.com%2Fauthz_cb&application_type=web&default_acr=foo&require_auth_time=True&operation=register&default_max_age=10'.split('&')
|
|
assert _eq(ue_splits, expected_ue_splits)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
test_claims_deser_0() |