164 lines
4.5 KiB
Python
164 lines
4.5 KiB
Python
#!/usr/bin/env python
|
|
from jwkest.jwk import SYMKey
|
|
from mako.runtime import UNDEFINED
|
|
from oic.utils.authn.authn_context import AuthnBroker
|
|
from oic.utils.claims import ClaimsMode
|
|
from oic.utils.sdb import SessionDB
|
|
from oic.utils.authn.client import verify_client
|
|
from oic.utils.authn.user import UserAuthnMethod
|
|
from oic.utils.authz import AuthzHandling
|
|
from oic.utils.userinfo import UserInfo
|
|
from pinit import BASE_PATH, KEYJAR
|
|
|
|
__author__ = 'rohe0002'
|
|
|
|
import sys
|
|
|
|
from oic.oic.message import OpenIDSchema
|
|
from oic.utils.keyio import keybundle_from_local_file
|
|
|
|
from oic.oic.claims_provider import ClaimsClient
|
|
from oic.oic.claims_provider import UserClaimsResponse
|
|
from oic.oic.claims_provider import UserClaimsRequest
|
|
from oic.oic.claims_provider import ClaimsServer
|
|
|
|
from utils_for_tests import _eq
|
|
|
|
#noinspection PyUnusedLocal
|
|
def user_info(oicsrv, userdb, sub, client_id="", user_info_claims=None):
|
|
#print >> sys.stderr, "claims: %s" % user_info_claims
|
|
identity = userdb[sub]
|
|
if user_info_claims:
|
|
result = {}
|
|
for key, restr in user_info_claims["claims"].items():
|
|
try:
|
|
result[key] = identity[key]
|
|
except KeyError:
|
|
if restr == {"essential": True}:
|
|
raise Exception("Missing property '%s'" % key)
|
|
else:
|
|
result = identity
|
|
|
|
return OpenIDSchema(**result)
|
|
|
|
|
|
class LOG():
|
|
def info(self, txt):
|
|
print >> sys.stdout, "INFO: %s" % txt
|
|
|
|
def error(self, txt):
|
|
print >> sys.stdout, "ERROR: %s" % txt
|
|
|
|
def debug(self, txt):
|
|
print >> sys.stdout, "DEBUG: %s" % txt
|
|
|
|
|
|
#noinspection PyUnusedLocal
|
|
def start_response(status, headers=None):
|
|
return
|
|
|
|
USERDB = {
|
|
"diana": {
|
|
"birthdate": "02/14/2012",
|
|
"gender": "female"
|
|
}
|
|
}
|
|
|
|
USERINFO = UserInfo(USERDB)
|
|
|
|
CDB = {
|
|
"client_1": {"client_secret": "hemlig"}
|
|
}
|
|
|
|
|
|
class DummyAuthn(UserAuthnMethod):
|
|
def __init__(self, srv, user):
|
|
UserAuthnMethod.__init__(self, srv)
|
|
self.user = user
|
|
|
|
def authenticated_as(self, **kwargs):
|
|
return {"uid": self.user}
|
|
|
|
AUTHN_BROKER = AuthnBroker()
|
|
AUTHN_BROKER.add(UNDEFINED, DummyAuthn(None, "username"))
|
|
|
|
# dealing with authorization
|
|
AUTHZ = AuthzHandling()
|
|
SYMKEY = "symmetric key used to encrypt cookie info"
|
|
|
|
USER2MODE = {"diana": "aggregate",
|
|
"upper": "distribute",
|
|
"babs": "aggregate"}
|
|
|
|
# ============================================================================
|
|
|
|
|
|
def test_1():
|
|
cc = ClaimsClient(client_id="client_1")
|
|
cc.client_secret = "hemlig"
|
|
|
|
req = cc.construct_UserClaimsRequest(request_args={"sub": "norah",
|
|
"claims_names": ["gender",
|
|
"birthdate"]})
|
|
|
|
print req
|
|
assert req.type() == "UserClaimsRequest"
|
|
assert _eq(req.keys(), ['client_secret', 'claims_names', 'sub',
|
|
'client_id'])
|
|
assert req["sub"] == "norah"
|
|
assert req["client_id"] == "client_1"
|
|
|
|
|
|
def test_c2():
|
|
cc = ClaimsClient(client_id="client_1")
|
|
cc.client_secret = "hemlig"
|
|
cc.userclaims_endpoint = "https://example.com/claims"
|
|
request = UserClaimsRequest
|
|
method = "POST"
|
|
request_args = {"sub": "norah", "claims_names": ["gender", "birthdate"]}
|
|
|
|
cc.request_info(request, method=method, request_args=request_args)
|
|
|
|
|
|
def test_srv1():
|
|
|
|
info = user_info(None, USERDB, "diana")
|
|
|
|
keys = [SYMKey(key="hemlig")]
|
|
cresp = UserClaimsResponse(jwt=info.to_jwt(key=keys, algorithm="HS256"),
|
|
claims_names=info.keys())
|
|
|
|
print cresp
|
|
assert _eq(cresp.keys(), ["jwt", "claims_names"])
|
|
assert _eq(cresp["claims_names"], ['gender', 'birthdate'])
|
|
assert "jwt" in cresp
|
|
|
|
|
|
def test_srv2():
|
|
cc = ClaimsClient(client_id="client_1")
|
|
cc.client_secret = "hemlig"
|
|
|
|
req = cc.construct_UserClaimsRequest(
|
|
request_args={"sub": "diana", "claims_names": ["gender", "birthdate"]})
|
|
|
|
srv = ClaimsServer("pyoicserv", SessionDB("https://example.com"), CDB,
|
|
USERINFO, verify_client,
|
|
keyjar=KEYJAR, dist_claims_mode=ClaimsMode(USER2MODE))
|
|
|
|
srv.keyjar[""] = keybundle_from_local_file("%s/rsa.key" % BASE_PATH, "rsa", ["ver", "sig"])
|
|
|
|
assert srv
|
|
|
|
resp = srv.claims_endpoint(req.to_urlencoded(), "")
|
|
|
|
print resp.message
|
|
|
|
ucr = UserClaimsResponse().deserialize(resp.message, "json")
|
|
ucr.verify(keyjar=srv.keyjar)
|
|
|
|
print ucr
|
|
assert _eq(ucr["claims_names"], ["gender", "birthdate"])
|
|
assert "jwt" in ucr
|
|
|
|
if __name__ == "__main__":
|
|
test_srv1() |