search

rohe / fedservice

Implementation of the service layer using the new OIDC federation draft.
Apache License 2.0
6 stars 6 forks source link

minor change in example entities #5

Closed peppelinux closed 4 years ago

peppelinux commented 4 years ago

These changes let me start the example entitites. Bytheway the unit tests still fails, here the log

================================================================================ FAILURES ================================================================================
______________________________________________________________________________ test_collect ______________________________________________________________________________

    def test_collect():
        jwks = open(os.path.join(BASE_PATH, 'base_data', 'feide.no', 'feide.no', 'jwks.json')).read()

        ANCHOR = {'https://feide.no': json.loads(jwks)}

        KEYJAR = KeyJar()
        KEYJAR.import_jwks_as_json(jwks, 'https://feide.no')

        chain = []
        _collector = Collector(trust_anchors=ANCHOR)
        subject = "foodle.uninett.no"
        with responses.RequestsMock() as rsps:
>           _msg = open(os.path.join(BASE_PATH, 'base_data', subject, subject, 'jws')).read()
E           FileNotFoundError: [Errno 2] No such file or directory: '/home/wert/DEV/OIDC-Project/fedservice/tests/base_data/foodle.uninett.no/foodle.uninett.no/jws'

tests/test_05_constraints_and_collect.py:29: FileNotFoundError
___________________________________________________________________ TestRpService.test_parse_response ____________________________________________________________________

self = <tests.test_09_rp_service.TestRpService object at 0x7f9f8b40a990>

    def test_parse_response(self):
        _dserv = self.service['discovery']
        _info = _dserv.get_request_parameters(iss='https://op.ntnu.no')
>       http_response = self.federation_entity.collector.http_cli('GET', _info['url'])

tests/test_09_rp_service.py:101: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.utils.Publisher object at 0x7f9f8b414990>, method = 'GET', url = 'https://op.ntnu.no/.well-known/openid-federation?iss=https%3A%2F%2Fop.ntnu.no'
kwargs = {}, p = ParseResult(scheme='https', netloc='op.ntnu.no', path='/.well-known/openid-federation', params='', query='iss=https%3A%2F%2Fop.ntnu.no', fragment='')

    def __call__(self, method, url, **kwargs):
        p = urlparse(url)
        if p.path == '/.well-known/openid-federation':
>           _jws = open(os.path.join(self.dir, p.netloc, p.netloc, 'jws')).read().strip()
E           FileNotFoundError: [Errno 2] No such file or directory: '/home/wert/DEV/OIDC-Project/fedservice/tests/base_data/op.ntnu.no/op.ntnu.no/jws'

tests/utils.py:111: FileNotFoundError
___________________________________________________________________ TestRpService.test_create_request ____________________________________________________________________

self = <tests.test_09_rp_service.TestRpService object at 0x7f9f8b3ba150>

    def test_create_request(self):
        # get the entity statement from the OP
        _dserv = self.service['discovery']
        _info = _dserv.get_request_parameters(iss='https://op.ntnu.no')
>       http_response = self.federation_entity.collector.http_cli('GET', _info['url'])

tests/test_09_rp_service.py:116: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.utils.Publisher object at 0x7f9f8b3ba490>, method = 'GET', url = 'https://op.ntnu.no/.well-known/openid-federation?iss=https%3A%2F%2Fop.ntnu.no'
kwargs = {}, p = ParseResult(scheme='https', netloc='op.ntnu.no', path='/.well-known/openid-federation', params='', query='iss=https%3A%2F%2Fop.ntnu.no', fragment='')

    def __call__(self, method, url, **kwargs):
        p = urlparse(url)
        if p.path == '/.well-known/openid-federation':
>           _jws = open(os.path.join(self.dir, p.netloc, p.netloc, 'jws')).read().strip()
E           FileNotFoundError: [Errno 2] No such file or directory: '/home/wert/DEV/OIDC-Project/fedservice/tests/base_data/op.ntnu.no/op.ntnu.no/jws'

tests/utils.py:111: FileNotFoundError
________________________________________________________________ TestEndpoint.test_explicit_registration _________________________________________________________________

self = <tests.test_12_registration.TestEndpoint object at 0x7f9f8b32a790>

    def test_explicit_registration(self):
        # This is cheating. Getting the OP provider info
        _fe = self.service['registration'].service_context.federation_entity
        statement = Statement()
        statement.metadata = self.registration_endpoint.endpoint_context.provider_info
        statement.fo = "https://feide.no"
        _fe.op_statements = [statement]
        # and the OP's federation keys
        self.rp_federation_entity.key_jar.import_jwks(
            read_info(os.path.join(ROOT_DIR, 'op.ntnu.no'), 'op.ntnu.no', 'jwks'),
            issuer=self.registration_endpoint.endpoint_context.provider_info['issuer'])

        # construct the client registration request
        req_args = {
            'entity_id': self.rp_federation_entity.entity_id,
            'redirect_uris': ['https://foodle.uninett.no/cb']
        }
        self.rp_federation_entity.proposed_authority_hints = ['https://ntnu.no']

        self.service['registration'].service_context.provider_info[
            'registration'] = "https://op.ntnu.no/fedreg"
        jws = self.service['registration'].construct(request_args=req_args)
        assert jws

        # THe OP handles the registration request
        res = self.registration_endpoint.process_request(jws)
        assert res
        reg_resp = self.registration_endpoint.do_response(**res)
        assert set(reg_resp.keys()) == {'response', 'http_headers', 'cookie'}

        # The RP parses the OP's response
>       args = self.service['registration'].parse_response(reg_resp['response'], request_body=jws)

tests/test_12_registration.py:185: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../env/lib/python3.7/site-packages/fedservice/rp/registration.py:59: in parse_response
    resp = self.parse_federation_registration_response(info, **kwargs)
../env/lib/python3.7/site-packages/fedservice/rp/registration.py:107: in parse_federation_registration_response
    policy_chains_tup = [eval_policy_chain(c, _fe.key_jar, _fe.entity_type) for c in chains]
../env/lib/python3.7/site-packages/fedservice/rp/registration.py:107: in <listcomp>
    policy_chains_tup = [eval_policy_chain(c, _fe.key_jar, _fe.entity_type) for c in chains]
../env/lib/python3.7/site-packages/fedservice/entity_statement/verify.py:69: in eval_policy_chain
    ves = verify_trust_chain(chain, key_jar)
../env/lib/python3.7/site-packages/fedservice/entity_statement/verify.py:26: in verify_trust_chain
    res = _jwt.verify_compact(keys=keys)
../env/lib/python3.7/site-packages/cryptojwt/jws/jws.py:159: in verify_compact
    return self.verify_compact_verbose(jws, keys, allow_none, sigalg)['msg']
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <cryptojwt.jws.jws.JWS object at 0x7f9f8b34fa90>, jws = None, keys = [], allow_none = False, sigalg = None

    def verify_compact_verbose(self, jws=None, keys=None, allow_none=False,
                               sigalg=None):
        """
        Verify a JWT signature and return dict with validation results

        :param jws: A signed JSON Web Token
        :param keys: A list of keys that can possibly be used to verify the
            signature
        :param allow_none: If signature algorithm 'none' is allowed
        :param sigalg: Expected sigalg
        :return: Dictionary with 2 keys 'msg' required, 'key' optional.
            The value of 'msg' is the unpacked and verified message.
            The value of 'key' is the key used to verify the message
        """
        if jws:
            jwt = JWSig().unpack(jws)
            if len(jwt) != 3:
                raise WrongNumberOfParts(len(jwt))

            self.jwt = jwt
        elif not self.jwt:
            raise ValueError('Missing singed JWT')
        else:
            jwt = self.jwt

        try:
            _alg = jwt.headers["alg"]
        except KeyError:
            _alg = None
        else:
            if _alg is None or _alg.lower() == "none":
                if allow_none:
                    self.msg = jwt.payload()
                    return {'msg': self.msg}
                else:
                    raise SignerAlgError("none not allowed")

        if "alg" in self and self['alg'] and _alg:
            if isinstance(self['alg'], list):
                if _alg not in self["alg"] :
                    raise SignerAlgError(
                        "Wrong signing algorithm, expected {} got {}".format(
                            self['alg'], _alg))
            elif _alg != self['alg']:
                raise SignerAlgError(
                    "Wrong signing algorithm, expected {} got {}".format(
                        self['alg'], _alg))

        if sigalg and sigalg != _alg:
            raise SignerAlgError("Expected {0} got {1}".format(
                sigalg, jwt.headers["alg"]))

        self["alg"] = _alg

        if keys:
            _keys = self.pick_keys(keys)
        else:
            _keys = self.pick_keys(self._get_keys())

        if not _keys:
            if "kid" in self:
                raise NoSuitableSigningKeys(
                    "No key with kid: %s" % (self["kid"]))
            elif "kid" in self.jwt.headers:
                raise NoSuitableSigningKeys(
>                   "No key with kid: %s" % (self.jwt.headers["kid"]))
E               cryptojwt.jws.exception.NoSuitableSigningKeys: No key with kid: UzVDZVZneVVvWWlYM0tSN0tpQ08xUmw1N3dCdnlTLUxTWm40X0pZQU9tOA

../env/lib/python3.7/site-packages/cryptojwt/jws/jws.py:226: NoSuitableSigningKeys
--------------------------------------------------------------------------- Captured log call ----------------------------------------------------------------------------
ERROR    cryptojwt.key_jar:key_jar.py:489 Issuer "https://ntnu.no" not in keyjar
===================================================================== 4 failed, 49 passed in 15.63s ======================================================================
rohe commented 4 years ago

My last push should fix the tests.

peppelinux commented 4 years ago

My last push should fix the tests.

Not yet mister