Updated to work with oidcmsg 0.5.0

Author: rohe

chrp/rp.py

@@ -7,7 +7,7 @@
 
 import cherrypy
 
-from oidcmsg.key_jar import build_keyjar
+from oidcmsg.key_jar import build_keyjar, init_key_jar
 from oidcmsg.key_jar import KeyJar
 
 from oidcrp import RPHandler
@@ -25,29 +25,6 @@
 SIGKEY_NAME = 'sigkey.jwks'
 
 
-def get_jwks(private_path, keydefs, public_path):
-    if os.path.isfile(private_path):
-        _jwks = open(private_path, 'r').read()
-        _kj = KeyJar()
-        _kj.import_jwks(json.loads(_jwks), '')
-    else:
-        _kj = build_keyjar(keydefs)[1]
-        jwks = _kj.export_jwks(private=True)
-        head, tail = os.path.split(private_path)
-        if not os.path.isdir(head):
-            os.makedirs(head)
-        fp = open(private_path, 'w')
-        fp.write(json.dumps(jwks))
-        fp.close()
-
-    jwks = _kj.export_jwks()  # public part
-    fp = open(public_path, 'w')
-    fp.write(json.dumps(jwks))
-    fp.close()
-
-    return _kj
-
-
 if __name__ == '__main__':
     import argparse
 
@@ -103,8 +80,9 @@ def get_jwks(private_path, keydefs, public_path):
 
     _base_url = config.BASEURL
 
-    _kj = get_jwks(config.PRIVATE_JWKS_PATH, config.KEYDEFS,
-                   config.PUBLIC_JWKS_PATH)
+    _kj = init_key_jar(public_path=config.PUBLIC_JWKS_PATH,
+                       private_path=config.PRIVATE_JWKS_PATH,
+                       key_defs=config.KEYDEFS)
 
     if args.insecure:
         _kj.verify_ssl = False

setup.py

@@ -65,8 +65,8 @@ def run_tests(self):
         "Topic :: Software Development :: Libraries :: Python Modules"],
     install_requires=[
         'cryptojwt>=0.3.1',
-        'oidcservice>=0.5.10',
-        'oidcmsg>=0.3.5'
+        'oidcservice>=0.5.12',
+        'oidcmsg>=0.5.0'
     ],
     tests_require=[
         'pytest',

src/oidcrp/oauth2/__init__.py

@@ -10,6 +10,7 @@
 from oidcservice.service import SUCCESSFUL
 from oidcservice.service import build_services
 from oidcservice.service_context import ServiceContext
+from oidcservice.state_interface import StateInterface
 
 from oidcrp.http import HTTPLib
 from oidcrp.util import get_deserialization_method
@@ -59,7 +60,7 @@ def __init__(self, state_db, ca_certs=None, client_authn_factory=None,
         :return: Client instance
         """
 
-        self.state_db = state_db
+        self.session_interface = StateInterface(state_db)
         self.http = httplib or HTTPLib(ca_certs=ca_certs,
                                        verify_ssl=verify_ssl,
                                        client_cert=client_cert,

tests/test_11_oauth2.py

@@ -6,22 +6,22 @@
 from cryptojwt.jwk import rsa_load
 
 from oidcmsg.key_bundle import KeyBundle
-from oidcmsg.oauth2 import AccessTokenRequest, AuthorizationResponse
+from oidcmsg.oauth2 import AccessTokenRequest
 from oidcmsg.oauth2 import AccessTokenResponse
 from oidcmsg.oauth2 import AuthorizationRequest
+from oidcmsg.oauth2 import AuthorizationResponse
 from oidcmsg.oauth2 import RefreshAccessTokenRequest
 from oidcmsg.oidc import IdToken
 from oidcmsg.time_util import utc_time_sans_frac
 
-from oidcservice.client_auth import CLIENT_AUTHN_METHOD
 from oidcservice.state_interface import State
 
 from oidcrp.oauth2 import Client
 
 sys.path.insert(0, '.')
 
 _dirname = os.path.dirname(os.path.abspath(__file__))
-BASE_PATH = os.path.join(_dirname, "data", "keys")
+BASE_PATH = os.path.join(_dirname, "keys")
 
 _key = rsa_load(os.path.join(BASE_PATH, "rsa.key"))
 KC_RSA = KeyBundle({"key": _key, "kty": "RSA", "use": "sig"})
@@ -60,7 +60,7 @@ def test_construct_authorization_request(self):
                     'redirect_uri': 'https://example.com/auth_cb',
                     'response_type': ['code']}
 
-        self.client.state_db.set('ABCDE', State(iss='issuer').to_json())
+        self.client.session_interface.create_state('issuer','ABCDE')
         msg = self.client.service['authorization'].construct(
             request_args=req_args)
         assert isinstance(msg, AuthorizationRequest)
@@ -75,10 +75,12 @@ def test_construct_accesstoken_request(self):
             redirect_uri='https://example.com/cli/authz_cb',
             state='state'
         )
+        self.client.session_interface.store_item(auth_request, 'auth_request',
+                                                 'ABCDE')
+
         auth_response = AuthorizationResponse(code='access_code')
-        _state = State(auth_response=auth_response.to_json(),
-                       auth_request=auth_request.to_json())
-        self.client.state_db.set('ABCDE', _state.to_json())
+        self.client.session_interface.store_item(auth_response,'auth_response',
+                                                 'ABCDE')
 
         msg = self.client.service['accesstoken'].construct(
             request_args=req_args, state='ABCDE')
@@ -96,14 +98,16 @@ def test_construct_refresh_token_request(self):
             redirect_uri='https://example.com/cli/authz_cb',
             state='state'
         )
+        self.client.session_interface.store_item(auth_request, 'auth_request',
+                                                 'ABCDE')
         auth_response = AuthorizationResponse(code='access_code')
+        self.client.session_interface.store_item(auth_response,'auth_response',
+                                                 'ABCDE')
         token_response = AccessTokenResponse(refresh_token="refresh_with_me",
                                              access_token="access")
-        _state = State(auth_response=auth_response.to_json(),
-                       auth_request=auth_request.to_json(),
-                       token_response=token_response.to_json())
+        self.client.session_interface.store_item(token_response,
+                                                 'token_response', 'ABCDE')
 
-        self.client.state_db.set('ABCDE', _state.to_json())
         req_args = {}
         msg = self.client.service['refresh_token'].construct(
             request_args=req_args, state='ABCDE')

tests/test_14_oidc.py

@@ -6,22 +6,22 @@
 from cryptojwt.jwk import rsa_load
 
 from oidcmsg.key_bundle import KeyBundle
-from oidcmsg.oauth2 import AccessTokenRequest, AuthorizationResponse
+from oidcmsg.oauth2 import AccessTokenRequest
 from oidcmsg.oauth2 import AccessTokenResponse
 from oidcmsg.oauth2 import AuthorizationRequest
+from oidcmsg.oauth2 import AuthorizationResponse
 from oidcmsg.oauth2 import RefreshAccessTokenRequest
 from oidcmsg.oidc import IdToken
 from oidcmsg.time_util import utc_time_sans_frac
 
-from oidcservice.client_auth import CLIENT_AUTHN_METHOD
 from oidcservice.state_interface import State
 
 from oidcrp.oidc import RP
 
 sys.path.insert(0, '.')
 
 _dirname = os.path.dirname(os.path.abspath(__file__))
-BASE_PATH = os.path.join(_dirname, "data", "keys")
+BASE_PATH = os.path.join(_dirname, "keys")
 
 _key = rsa_load(os.path.join(BASE_PATH, "rsa.key"))
 KC_RSA = KeyBundle({"key": _key, "kty": "RSA", "use": "sig"})
@@ -52,14 +52,16 @@ def create_client(self):
             'redirect_uris': ['https://example.com/cli/authz_cb'],
             'client_id': 'client_1',
             'client_secret': 'abcdefghijklmnop',
-        }
+            }
         self.client = RP(DB(), config=conf)
-        self.client.state_db.set('ABCDE', State(iss='issuer').to_json())
+        self.client.session_interface.create_state('issuer', 'ABCDE')
 
     def test_construct_authorization_request(self):
-        req_args = {'state': 'ABCDE',
-                    'redirect_uri': 'https://example.com/auth_cb',
-                    'response_type': ['code']}
+        req_args = {
+            'state': 'ABCDE',
+            'redirect_uri': 'https://example.com/auth_cb',
+            'response_type': ['code']
+        }
         msg = self.client.service['authorization'].construct(
             request_args=req_args)
         assert isinstance(msg, AuthorizationRequest)
@@ -69,11 +71,14 @@ def test_construct_accesstoken_request(self):
         auth_request = AuthorizationRequest(
             redirect_uri='https://example.com/cli/authz_cb',
             state='state'
-        )
+            )
+        self.client.session_interface.store_item(auth_request, 'auth_request',
+                                                 'ABCDE')
+
         auth_response = AuthorizationResponse(code='access_code')
-        _state = State(auth_response=auth_response.to_json(),
-                       auth_request=auth_request.to_json())
-        self.client.state_db.set('ABCDE', _state.to_json())
+        self.client.session_interface.store_item(auth_response, 'auth_response',
+                                                 'ABCDE')
+
         # Bind access code to state
         req_args = {}
         msg = self.client.service['accesstoken'].construct(
@@ -84,44 +89,52 @@ def test_construct_accesstoken_request(self):
             'client_secret': 'abcdefghijklmnop',
             'grant_type': 'authorization_code',
             'redirect_uri': 'https://example.com/cli/authz_cb',
-            'state': 'state'}
+            'state': 'state'
+        }
 
     def test_construct_refresh_token_request(self):
         auth_request = AuthorizationRequest(
             redirect_uri='https://example.com/cli/authz_cb',
             state='state'
-        )
+            )
+        self.client.session_interface.store_item(auth_request, 'auth_request',
+                                                 'ABCDE')
         auth_response = AuthorizationResponse(code='access_code')
+        self.client.session_interface.store_item(auth_response, 'auth_response',
+                                                 'ABCDE')
         token_response = AccessTokenResponse(refresh_token="refresh_with_me",
                                              access_token="access")
-        _state = State(auth_response=auth_response.to_json(),
-                       auth_request=auth_request.to_json(),
-                       token_response=token_response.to_json())
-
-        self.client.state_db.set('ABCDE', _state.to_json())
+        self.client.session_interface.store_item(token_response,
+                                                 'token_response', 'ABCDE')
 
         req_args = {}
         msg = self.client.service['refresh_token'].construct(
             request_args=req_args, state='ABCDE')
         assert isinstance(msg, RefreshAccessTokenRequest)
-        assert msg.to_dict() == {'client_id': 'client_1',
-                                 'client_secret': 'abcdefghijklmnop',
-                                 'grant_type': 'refresh_token',
-                                 'refresh_token': 'refresh_with_me'}
+        assert msg.to_dict() == {
+            'client_id': 'client_1',
+            'client_secret': 'abcdefghijklmnop',
+            'grant_type': 'refresh_token',
+            'refresh_token': 'refresh_with_me'
+        }
 
     def test_do_userinfo_request_init(self):
         auth_request = AuthorizationRequest(
             redirect_uri='https://example.com/cli/authz_cb',
             state='state'
-        )
+            )
+        self.client.session_interface.store_item(auth_request, 'auth_request',
+                                                 'ABCDE')
         auth_response = AuthorizationResponse(code='access_code')
+
+        self.client.session_interface.store_item(auth_response, 'auth_response',
+                                                 'ABCDE')
+
         token_response = AccessTokenResponse(refresh_token="refresh_with_me",
                                              access_token="access")
-        _state = State(auth_response=auth_response.to_json(),
-                       auth_request=auth_request.to_json(),
-                       token_response=token_response.to_json())
-
-        self.client.state_db.set('ABCDE', _state.to_json())
+        self.client.session_interface.store_item(token_response,
+                                                 'token_response',
+                                                 'ABCDE')
 
         _srv = self.client.service['userinfo']
         _srv.endpoint = "https://example.com/userinfo"